Liminal states

Other than the title, which doesn’t do it for me, Caroline McCarthy’s Social networking gets its geek on is an excellent short roundup of the activity in 2007 in the social networking space, with great links both in the story and the “2007 highlights” sidebar.

One thing that popped out at me: legal and political issues crop up in five of the ten paragraphs (the lawsuit related to Facebook’s origins, Digg and the DMCA takedown notice, the state attorneys general pressuring MySpace on sex offenders, MySpace and MTV’s “presidential dialogs”, and of course the Beacon brouhaha).  OK, the first one is fairly standard startup stuff, but the others clearly illustrate social networks’ increasingly important role in society.  So I though Caroline’s closing paragraph was particularly insightful, and applies much more broadly than the specific sites and issue:

Not surprisingly, privacy and safety issues remained on the horizon. Both Facebook and MySpace grappled with demands from state attorneys general who were concerned that young people could be exposing themselves to online threats through social networks. Their efforts didn’t do much to stall either site, but served as a continual reminder that even though Silicon Valley might tout a company as the future of communication, legal authorities might beg to differ.

Indeed.  With the McCain bill still lurking out there (it didn’t make it out of committee in 2007, but 2008’s an election year) and the Mcarthyesque “Violent radicalization and homegrown terrorism prevention act of 2007” having already passed the House, it’s clear that at least in the US,  the potential democratizing and empowering effects of social networks are leading to predictable backlash from entrenched interests.  The good news is that people are rapidly learning how to use social networks for activism, so any crackdown is likely to meet with a lot more resistance than expected.  I hope.

With a two-part series on TPM Cafe’s Table for One, an article in the Mercury News on Christmas Day, and the recent settlement of a suit on text messaging, Facebook continues to become a focus for discussion of privacy issues. To some extent this is a consequence of their size and success: they’re a high-profile target. Behind this, though, lurks a pattern of Facebook unilaterally making decisions that compromise user privacy, apologizing, addressing the most egregious aspects while leaving the rest in place — and then repeating.

The TPM Cafe piece is by Ari Melber of The Nation, and starts out

When one of America’s largest electronic surveillance systems was launched in Palo Alto a year ago, it sparked an immediate national uproar. The new system tracked roughly 9 million Americans, broadcasting their photographs and personal information on the Internet; 700,000 web-savvy young people organized online protests in just days. Time declared it “Gen Y’s first official revolution,” while a Nation blogger lauded students for taking privacy activism to “a mass scale.” Yet today, the activism has waned, and the surveillance continues largely unabated.

He goes on to discuss the Beacon fiasco in terms of Facebook’s past behavior, quotes some of my faves (danah boyd and a CMU study that I believe is by Alessandro Acquisti), and in his follow-on post ties Facebook — and web services more generally — to a national surveillance state. People familiar with the privacy space won’t see anything new here; what’s significant is that this is another example of Facebook privacy making the jump out of the tech ghetto to the national political scene: TPMCafe’s the extension of Joshua Micah Marshall’s Talking Points Memo, a DC-based progressive political blog that sees itself as a muckraker in the positive sense of the word and has been very active in helping uncover and publicize recent political scandals.

The lawsuit settlement specifically relates to Facebook continuing to send text messages to cellphone numbers after they had been recycled. Facebook didn’t admit any wrongdoing, but did agree to “make it easier for recipients of text messages to block future messages originating from the social network” and “work more closely with mobile phone carriers to monitor the lists of recycled numbers and reduce the frequency of unwanted text messages.” The fact that people had to resort to a lawsuit to get action on these basic business practices paints a rather unflattering picture of the company’s arrogant attitude towards its users — and to the non-users who got the recycled numbers and then were billed for the messages.

Elise Ackerman’s Facebook alarms privacy advocates again talks about a Facebook signup icon showing up on smartphones without the owners permission. This is privacy in the classic sense of “the right to be left alone”, not being tracked; and of course this is something that phone companies do routinely, viewing phones’ “screen real estate” as a spot for advertising and product placement … so “alarm” seems somewhat overstated. Still, given the pattern above, Jeffrey Chester (of the Center for Digital Democracy) sounds on-target to me when he says “It illustrates a basic problem over at Facebook, which is their need to fatten their bank account is confounding their need to protect the privacy of their members.”

And not to sound like a broken record or anything: this kind of attention augurs well for proposals like the national “do-not-track” mechanism — and increases the probabilities that populist-oriented politicians in any party will seize on privacy as a chance to differentiate themselves this upcoming election year.

Queen Elizabeth’s annual Christmas broadcast, along with about 20 other clips, are up on YouTube as the inital offerings of The Royal Channel.  George V started the tradition with a radio broadcast in 1932, and the queen took it to television in her 1957 broadcast, hoping that the new medium would give a more personal and direct connection.   Fifty years later, she’s making the jump to social networks.

The New York Times reports that the 1957 video’s the most popular so far, with 400,000 downloads; the current rating’s 4 1/2 stars.  Prince Charles visiting a school trails with 3,000 downloads (3 1/2 stars).   Sam Wollaston in the Guardian has some good advice for the royals:

You need to make it more fun, for the internet generation. Less stuffy guff from Palace press office, more jokes. Get Philip on there, going off about something that irritates him. And Harry killing something. And the dogs. That’s what the Royal Channel needs. Corgis. Making love.

Indeed.

Slashdot’s linked to a bunch of good stories on computer security recently. Squirrelmail repository poisoned has the catchiest title, and plus it’s about squirrels, so it goes first.

What happened was that an intruder got into the site where you download Squirrelmail, and introduced a very subtle change in the code that would allow somebody who know about it (the intruder or anybody he/she told or sold the secret to) to “an arbitrary code execution risk” aka “pwning” both of which are security speak for “doing whatever you want to on the system”.

YOW! Dreamhost, my ISP, provides a nice one-click install for Squirrelmail (“webmail for nuts!”) and I use it on a couple of my domains. Maybe somebody’s used this to hack in — and that’s why my colors keep intermittently changing from pink to blue! Hmm, well, probably not … although other than the unsatisfyingly generic “intermittent software bug” it’s the best explanation so far.

Imagine, though, that this was a political candidate’s blog; and that the hack gets exploited to delete a random 10% of mail from potential supporters and voters. This might not get noticed for a while … and if it went on long enough, it could easily lead to enough impact to swing a close election. Or suppose there’s a mass-mailing from the account to everybody in the district the day before the election: “This account has been hacked, can you really trust this bozo?” Hmm. Talk about your social engineering attacks.

It’s also another interesting example of the “security as a social science ” theme — and more specifically, the process issues for web services that came up in How’d that get through QA? Something that’s really encouraging here is that in both cases the software providers did exactly the right thing here, including being transparent about what had happened — Squirrelmail’s blog shows how quickly they reacted, announcing immediately and getting the fix out within a day.

James Grimmelmann has an excellent post over at the Laboratorium. His summary:

Another member of a professorial mailing list I’m on asked whether Facebook may have violated the Video Privacy Protection Act of 1988. Nicknamed the “Bork Bill” (a newspaper published his video rental records during his confirmation hearings), the VPPA protects your privacy in the videos you rent and buy. Well, guess what? One of Facebook’s Beacon partners was Blockbuster, so some of the items that wound up in people’s news feeds were the names of videos they’d bought. Oops.

I dug a bit into the legalities of the issue, and this is roughly what I came up with: Facebook and Blockbuster should hunker down and prepare for the lawsuits. Their recent move to allowing a global opt-out may cut them off from accruing further liability, but there’s probably an overhang of damages facing them from their past mistakes.

As usual with James, it’s a very detailed analysis; the discussion is also excellent.

Looking specifically at Blockbuster’s liability, there’s an interesting parallel to my as-yet-unanswered question in the thread about Beacon’s announcement of a global opt-out about whether Beacon caused advertisers to violate their privacy policies. In the web 2.0 world, the dependencies between software components mean that service providers (Facebook in this case) can put their customers (Blockbuster) at legal risk. As Google, Yahoo, Microsoft, Amazon, eBay, Facebook et. al. compete, it will be a major advantage to whoever first seizes the high ground by providing services and platforms that are noticeably less risky. In addition to the classic considerations like security and ability to deliver on service level agreements (SLAs), this will increasingly include considerations like well-thought-out policies — and getting and listening to a broad range of perspectives, including from privacy advocates, before launching new services.

There was a great article in the Seattle PI on Friday about Seattle Anti-Freeze and how their participative, theme-based gender-balanced parties are “finding a cure for the common cold”.

Gayle Laakmann, one of Anti-freeze’s founders, interned for me several years ago at Microsoft Research, and since this gave me an opportunity to get in on the ground floor for when she’s running the universe, I’ve made a point of staying in touch with her. Gayle’s posts like Evite vs. Facebook invites and Report card on Evite and its alternatives (looking at Renkoo, socializer, etc.) are not only incredibly useful in their own right, they also give a behind-the-scenes look at how an idea that started as a one-shot party took off on social networks. Now, other events and subgroups are starting up: an indoor soccer team, runners who “often break bread and enjoy some drinks after their runs”, ski and snowboard bums … no doubt more to follow.

Interestingly, both the article and Gayle’s recent A shout-out to other groups post highlight that this is part of a larger trend focusing on participative events. Why should burners have all the fun?

In any case, it’s a relief to know that once Gayle’s in charge of things, there’ll be good parties. It’s something for all potential future overlords* to keep in mind: everybody knows, fun rules.

* in the gender-neutral sense of the word, of course

A kerfuffle that recently went on in one of the online communities I hang out in is a nice illustration of some of the complex interaction between moderator privilege in discussion forums, power vectors and bullying.

Briefly, a poster engaged in a bunch of techniques such as using loaded and admittedly-pejorative terms in a theoretically-neutral discussion, lashing out at critics while claiming victim status, ignoring constructive suggestions, and trotting out the hoary “I’m privileged” chestnut of disclaiming responsibility while attempting to put the burden of making up for his ignorance on others (“I’m looking for some specific suggestions here” aka “I don’t think my mistakes is important enough to feel like doing the work myself”). While I don’t see the guy as a bully in general, this is classic bullying behavior.

What made this case particularly interesting is that the moderator took the bully’s side. As moderator, he could edit the discussions after the fact to rewrite history — and he did. For example, he deleted a post as “an off-topic flame” (later reposting it on his private friends-only blog). He deleted a thread of mine and then posted his response (quoting my original words, but now in a way that marginalizes them) in a thread he had started. And so on.

(The really funny thing is that my thread that he deleted specifically called him out for abusing his moderator privilege by deleting threads. I tell ya … you can’t make this stuff up.)

Those who have spent a lot of time online will recognize the dynamic. In this particular case the forum’s very new, and so it’s not a big deal: at some point soon, the moderator will either realize that if he wants people to work together he’ll have to stop bullying and start listening and learning … or everybody will get bored and drift away. Regardless of what happens here, the bully will either change his ways, leave the community, or become another “self-exile”, feeling excluded from the power structure and unable to understand why.

Still, it gives a very interesting and unusually clean snapshot into the kinds of power vectors that moderation — or other control over the discourse — inherently introduces.

Thoughts, similar experiences, discussions of how this plays out in other discussion media (wiks, email lists), etc.?

jon

and in the two minutes from when I signed up until I checked the blog’s summary page, its rank went from 4,446,976 to 3,053,157 — at this rate, I should be top 10 by dinner time!

Authority = 1 for now, but no doubt once everybody starts crosslinking and adding to their Technorati faves, it’ll no doubt soar.

The language they use — “claim your blog now” — is interesting. From a marketing perspective I can see that this is a great framing: they’re positioning themselves as helping me take better advantage of an asset I already have; and the analogy to frontier times and staking claims to land or mineral rights is a powerful one. There’s also a subtle implication that my ownership of the blog in some way requires their (or somebody’s) ratification or validation — and of course agreeing to their terms of service.

The interface is straightforward enough, and you get a nice tag cloud (although their index and hence the tag cloud doesn’t include any of my posts from the last three days).  Anyhow, it feels like a steep in becoming more real.  w00t.

I just made my first HTML comment here, at the end of the Lorelei experiment, pointing to its continuation with Leone (the theme not the director).  w00t w00t!

It’s not at all obvious but by default WordPress blogs are set up to allow HTML in comments. There’s no preview feature or WYSIWIG editor though so it’s a little nervewracking to post something with formatting in it … I think I’ve got the ability to edit comments so I can always clean things up if need be.

[This is by the way an excellent example of a technology-imposed power differentiation between the original poster and commenters.  While it’s not inherent in the blog format, and some systems avoid it (ezBoard and Joomla/Community Builder for example, using bbcode instead of HTML), it exists to a fairly large extent in most implementations:   Sharepoint by default has HTML disabled in the comments and a huge differential in font size — and doesn’t have preview; Blogger allows just a subset of HTML and doesn’t allow editing after the comments are submitted; etc.   But I digress.]

Of course once I had posted the comment I discovered that it wasn’t strictly-speaking necessary; WordPress had auto-generated a trackback from my continuation post, and even managed to extract a very useful summary.  Impressive.  What I really want is a combination of the two, both the explicitness of “story continued here” and the quick summary to be able to read in place and see whether to follow the link … that should be equally easy to generate automagically.

Looking closely at this reveals another power differential: links in posts get these kinds of trackbacks generated, but links in comments don’t.  I’m not saying that’s a bad thing [there are a lot more comments than posts, so autogenerating this for links in comments might overwhelm threads with these notifications — and the comment-spam problem would be magnified hugely] but there is an asymmetry.

Or as they say in the What Kind of Postmodernist Are you?  quiz: “Foucault.  It all starts with Foucault.”

I’m thinking through how to use categories and tags on this blog … I know I won’t get it completely right the first time so it’s worth starting from the beginning tracking the different experiments I do.  Usefully, WordPress allows multiple categories as well as multiple tags, so one way of thinking about this is that I’ve got two different dimensions to label things in.  On top of that, I can use conventions to have (potentially-fuzzy) subdimensions, for example tagging each post as one or more of “personal”, “political”, “professional”, “entertainment”, and “meta”.  Or would those be better as categories?

Hmm, not sure.  So let’s use this thread to discuss.  References and citations, pointers to good/bad examples, anecdotes about good/bad experiences — using this or other technologies (e.g., Mediawiki categories) are all welcome.

Mini does a great job of simultaneously conveying the disappointment I heard from a lot of people about how my Microsoft career ended, as well as the surreality of my multi-cameo at the company meeting, which we were laughing about at my goodbye parties. An excerpt:

A lot of Microsofties interested in changing Microsoft’s internal and external-facing culture rallied around Mr. Pincus, who has had quite the distinguished Microsoft career. He gets given crap sometimes for being different or a self-promoter, but I just have to wonder what kind of leader or change-agent isn’t.

Anyway, it’s a bit sad for me to reflect on Mr. Pincus going quickly from being up on the big-screen several times at our 2007 Company Meeting to being shown that there was no home for him – and his refreshingly different spirit – at Microsoft.

Quick clarification: I feel like there were several possible homes for me at Microsoft, and it was more a challenge of trying to come up with the right role, as well as differences of opinions as to how my skills should be leveled and contributions should be evaluated. Still, the net result is the same. [At least for now — who knows what the future may bring?]

Appropriately enough, given my long-running unhappiness at Microsoft over the last three years of being ranked in the bottom 10% of my peer group,* the bulk of the thread so far is an excellent discussion of Microsoft’s review system and “the curve”. I’ve always thought the review-related discussions are one of the highlights of the blog; the anonymous posters who describe their score, compensation action, and often their reactions are a hugely valuable resource to everybody at the company — and a great example of why anonymous speech is so important to protect. This thread is one of the best. Worth checking out, and I’d say that even if I weren’t mentioned 🙂

jon

* that’s 3.0/Limited/10% for those of you into ‘terms of art’ — see the thread on Mini for more details