Face Book and the Creepy Ex-CoWorker + Yahoo and PDF Adds!!!

Columnist Cory Doctorow describes how Facebook and other social networks have built-in self-destructs: They make it easy for you to be found by the people you’re looking to avoid.
…..ON Information Week

From SlashDot

A new channel (is being) opening up between advertisers and our eyeballs: PDFs with context-sensitive text ads. The service is called “Ads for Adobe PDF Powered by Yahoo” and it goes into public beta today. The “ad-enabled” PDFs are served off of Adobe’s servers. The article mentions viewing them in Acrobat or Reader but doesn’t mention what happens when a non-Adobe PDF reader is used.

To both of you I say…

Scientists must give up privacy rights

I just found this in SlashDot – quite disturbing…

“Wired is reporting that all NASA JPL scientists must ‘voluntarily’ (or be fired) sign a document giving the government the right to investigate their personal lives and history ‘without limit’. According to the Union of Concerned Scientists this includes snooping into sexual orientation, mental & physical health as well as credit history and ‘personality conflict’. 28 senior NASA scientists and engineers, including Mars Rover team members, refused to sign by the deadline and are now subject to being fired despite a decade or more of exemplary service. None of them even work on anything classified or defense related. They are suing the government and documenting their fight for their jobs and right to personal privacy.”

Monday isn’t just for ‘newbies’

Just to clarify – monday at IIW is “not just for newbies”. All are welcome to the introductory track – I am sure you will learn something about the projects in the community and have a chance to ask questions about those one pagers that are all online.

At 4PM we are all together – the whole community – everyone to get IIW rolling. We have some good thought provoking activities planned. Please be there and join us for dinner.

If you are in an existing working group and have been to IIW before and you want to get some work done while folks are listening to the ‘laws of identity and such’ you are welcome to just let us know you want to have a meeting or add yourself to the wiki.

Giddy about IIW & Monday is Free

I am Giddy with excitement about IIW. Really – I have been bouncing off the walls all day. Almost* all my ‘identity’ friends are coming together and some new friends are showing up to meet you all. New people I don’t know will be there and adding to the mix.

We are experimenting with a new way to do monday with our introductory track being lead and choreographed by Phil. Each of the working groups/ major projects will have one-pagers for everyone to get a clear picture of the different activities. (BTW you still have time to get your one pagers to me).

Monday’s Introductory Track is going to be Free for folks who want to ‘check it out’ to come by. If they want to stay for dinner they are welcome if they chip in. If they want to stay for the conference they can register for it.

Joseph has written a great post about ‘why’ IIW has been really valuable to him and Plaxo.

Sean Ammirati has a great post just posted on Read/Write Web highlights why user-centric identity is important and how it fits into some of the themes discussed on RWW.

I hope we do get ‘slammed’ because it would be great to have more people who really want to engage. As a producer I get really worried about this because we ordered food for 150 people. So I will take a deep breath and hope it all works out.

So…The MC ‘position’ for the Untalent Show is open. If you would be interested in doing this let me know (Eve Maler who has been the MC before is not going to be at this IIW). Prepare your talents’ it could be anything – really. We are a friendly bunch….You can also do hybrid creations – we often have a few verses from a popular song – reauthored to reflect the community’s unique perspective on things.

IIW is a Community event and there is basically “no staff” (There are some students who are there to help ‘extra’ but that is not staff.)
This year my goal is to actually have enough ‘space’ to attend 50% of sessions (I only really attended one last time). So we are going to have a volunteer sign up opportunity so many people can do a few small things to make our event go well. So look for this if you would like to help. ALSO each person taking responsibility and doing the little things like putting your lunch plate in the trash helps make our space nice.

Oh and this IIW we are going to do compostables. So all of our plates, knives, forks, clear cups for juice will go to compost. (The coffee cups are brought by Rich and as far as I know are not compostable)

If you want to BRING YOUR OWN COFFEE MUG you could be trash free for IIW.

I can’t wait – it is going to be great!

* Bob Blakley is not going to be at IIW – some important other thing he has to do for us all.

Neflix anonymous data De-anonymization

Wow! This is a different kind of data breach.

In October last year, Netflix released over 100 million movie ratings made by 500,000 subscribers to their online DVD rental service. The company then offered a prize of $1million to anyone who could better the company’s system of DVD recommendation by 10 per cent or more.

Of course, Netflix assured everybody that the data had been anonymized by removing any personal details.

That turns out to have been a tad optimistic. Arvind Narayanan and Vitaly Shmatikov at the the University of Texas at Austin have just de-anonymized it.

They go on to explain how they did it.

As one of the comments highlights the part they gloss over is that they can only find out who you are if you had an account on Netflix and IMDB.

What have we answered? Reflections on Identity

We have come a long way since our first identity gang meetings. One of the things the design committee came up with was to do an inquiry into the questions we are no longer asking ourselves.

Johannes and I are working on pulling together the answers to this question. along with what are the current questions and what will be the future questions. You can answer on your own blog (link back to us or just e-mail us so we know you answered) OR you can fill out the survey. If you could do this before Friday that would be great.

Thinking back to the first Identity Gang meetings 3 years ago and the first IIW 2 years ago in Berkeley, IIW a year ago….

What are the questions we are no longer asking ourselves.
* maybe we figured out the answer,
* maybe we figured out we couldn’t answer it,
* maybe we figured out it was a question we asked to soon and will surface again.

– would anybody think this is useful? [question in the past, not any more]

What are the questions we are asking ourselves now?
– how do identity providers make money? [question now]

What will be be thinking about 6-18 months from now?

– how to aggregate claims from multiple identity sources? [question 12 months from now]

Data Interop: an open letter from the largest nonprofit vendor

Recently a report from a know tech publication was at a conference I was leading. She asked me
“what is interesting that is happening right now.”
I said “the nonprofit technology session.”
She said – “well I cover business issues.”
I shared with her that one of the largest vendor of nonprofit technology Kintera was a publicly traded company AND that there was big business opportunities for providing technology solutions in that sector. She looked at me surprised as if it had never occurred to her that you could make money in this sector. Recently the two other large vendors in the space merged – Get Active and Convio. They became just Convio and are now the largest vendor in the sector.

This month’s theme for NTEN’s Newsletter is Data Interoperability. This is the open Letter the published there.

Gene Austin, Chief Executive Officer, Convio and Tom Krackeler, VP, Product Management, Convio

It is incumbent on all software vendors serving the nonprofit sector to open opportunities for nonprofits to have greater choice and flexibility in pursuing their missions.

To meet the expectations of nonprofits today — and five years from now — software vendors need to facilitate interoperability between systems and enable integration between offline and online data and the new Web. And they should do so with one clear purpose in mind: to open the possibilities for nonprofits to find and engage constituents to support their missions.

The NTEN community has been leading the charge for openness. With Salesforce and Facebook, Convio has embraced openness as a way of doing business.

Software vendors should:

1. provide nonprofit organizations of all sizes and in any stage of Internet adoption the flexibility to integrate with other web or database applications to exchange constituent and campaign data.
2. make their Open APIs available to clients, partners, and a broad developer community.
3. expose Open APIs as part of their core product functionality.
4. proactively use APIs provided by other companies in additional to providing their own.
5. make their API documentation publicly available and provide a forum for sharing and discussing best practices and exchanging code examples.
6. publish a roadmap for their API development and encourage participation in the development of that roadmap.
7. make their APIs accessible to nonprofits at a level that does not require extensive technical expertise to leverage those APIs.

Social Networks are Portable for who?

You know I appreciate the spirit and enthusiasm of the ‘bootstrapping’ way. I also personally don’t think it is going to work for the vast majority of web users. The reason FOAF and XFN have not taken off is that they don’t really deal with privacy and personal preferences of the people in those networks.

I like most women can’t be in the skype directory.
REALLY? you ask.
Yes this is true.
Because we get skype stalkers. Our personal information being available in very public places well makes us vulnerable.

I appreciate the young male hacker bootstrapers who believe we can just put it all in ‘simple’ microformats and have it “work”. I think they are being naive and overly simplistic about the complexity of me and my persona’s and my contexts and the nature of the social links I have with my ‘friends.’

I hope we can talk about ways to achieve some of the goals I think we all share but don’t expose me and my friends in ways I don’t want to be at IIW the first week of December.

While I agree with your concerns, I believe that if and when this picks up properly, most people will probably end up setting up a linked-in type of system where you decide how much information you want to share with who. This should enable you to protect your information from the anonymous world of the net, and it would enable your real and virtual friends to benefit from microformats, openID and whatever else is around and yet to come. Anything else would be worrying indeed.

Thanks Matthias,
I think we are agreeing. To my knowledge there is no way with simple microformats to decide how much information you want to share with who. It is all just out there in HTML and if someone has you in their network and they export it in that format – where ever they take it well
1)you don’t know where it went
2) you don’t know who they are sharing it with
3) Their terms of service etc.
When someone can explain to me these functionalities working in a scaleable way across social network contexts I will ‘believe’ until then I just don’t see it working.

I have been a fan of XRI/XDI from early on because they are more complex open standards that could allow me to state clearly who can have access to what information about me with in the protocol. They are actually in use by a network of women highly concerned about who has access to their data and under what terms. La Leache League International (this it the breast feeding mothers of the world) is using them to have SSO and data sharing throughout its network.

Hmm, of all the formats for specifying relationships (there aren’t
that many) XFN is probably the one most widely deployed. However,
that’s besides the point.

The format that represents the relationship should not control access,
and so you’re actually talking about two orthogonal issues. For
example, the photos that you store in a webpage using the img tag
don’t specify who can see them; that’s a higher order issue that is
done with server-level controls.

I think XFN is definitely part of the solution, along with OAuth —
which can sheer off parts of your identity profile and list of
relationships for different parties, putting it completely under your
control what data is shared with whom.

As it is now, there are few applications that actually support what
you’re talking about in terms of giving you fine grained control over
your relationship lists… It’s something that I hope is coming down
the pipe but is not something that has to do with the format; instead
it’s all about consistent citizen-centric access controls over their


He explains on his blog more about XRI / XDI and how they work to solve the problem of information sharing and portability.


I often wonder: “Is life better when people refuse to share their
myriad faces?”

I understand why we do it, but I am not convinced that the answer is yes.

Asymmetry is a problem, but I want to understand more about the
stalkers, accountability, and changing concepts of justice, before I
commit myself one way or the other.

I use my real name in all places online. When we have better
technologies of search and aggregation, I will be distrustful of
people with blank spots in their online presence. Is this good or
bad? I don’t know.

“You want the truth? You can’t handle the truth.” Well, maybe we
will grow, as a planet. I am open to that.

See also: Say Everything

UK Data Loss

In case you are not paying attention this week in identity news – The UK lost massive amounts of PII for its citizens.

Here are two good articles – Christian Science Monitor:
Computer files on 7.25 million families – everyone with children under 16 – have been missing ever since they were sent on two compact discs through the domestic mail system a month ago by Her Majesty’s Revenue and Customs.

SFGate – SF Chronicle
This one is a summary of a range of coverage of the incident.

Kim calls it an Identity Chernobyl.

Kim Cameron that has more context about reports written earlier about the risks of centralizing information about children big databases.

Ben Laurie who lives in the UK has comments on the scans of correspondence by the National Audit Office about the lost data.

Bob has article up on Forum One

Bob Blakley had a great “live” interview on Forum One.
It builds on the interview that I had a few weeks ago with them. The format is quite interesting – many people ask questions by typing them and you type your answers at the time of the interview.

Bob highlighted – The most serious question we’re facing – and really it trumps all the others – is “how do identity providers make money”?

Johannes picks up on this serious problem and explains why they pulled back from their public OpenID provision.

Bob is asked what is the biggest threat to identity?

That’s a really interesting question. In the past, we had the sense that our identities arose from our status as human persons. I think the biggest threat to our identities today is that as a society we might fall into the trap of reversing this relationship, and come to believe (or at least act as if we believe) that our status as persons derives from possessing an electronic “identity” – that is, a record in a database.

If this happened we’d be in danger of becoming “unpersons” whenever someone erased our identity record in the database.

I worry about this happening. I have since first really experiencing being an entry in a database when I was a student at UC Berkeley.

Identity Direct “Personal E-mails from Santa”

I saw this add at the bottom of I Can Has Cheezburger – (for those of you who don’t know it is the ‘home’ of the LOL (Laugh Out Loud) Cats Genera of internet humor.)

So I clicked on it and found this

Now your child can write to Santa and receive a reply! Print out this personalized letter from Santa. Imagine the excitement when they read just how much Santa knows about them.

All you need to do is fill out the details below (the more information the better the letter) and we will instantly email you a letter from Santa. All you need to do is open the attachments and print using the best quality color you have available. The graphics are great and worthy of high quality color. To get the best results, For Present, please put a sentence to proceed the question “What could it be?” For example “A bike?” or “The doll house you love?”

Looking below the only fields that are required are your e-mail address your child’s name and your child’s birthday. I suspect this is so they can ping you before your child’s next birthday and remind you to buy something.

I just look and wonder at anyone who wants to know my birthday – and giving away my child’s birthday. Who knows where the information will go.

Diving into the site I find you can get books printed with your child playing a role in the story. Just in case your kids were not narcissistic enough already.

Links on the Web this week

This is a fun little video/song rant … “Thou shalt not” related to pop culture and life of the young. It ends making an interesting contrasting commentary on the leadership of the united states of america.

A good transition is this stunning and depressing set of photos of Iraqi Children.

Which 100 Blogs should you read?
They figured it out using formulas for figuring out where to put detectors in water pipe systems to detect disease outbreak.

Which side of the Brain do you use?

THE Right Brain vs Left Brain test … do you see the dancer turning clockwise or anti-clockwise? (I saw it clockwise).

If clockwise, then you use more of the right side of the brain and vice versa.

Most of us would see the dancer turning anti-clockwise though you can try to focus and change the direction; see if you can do it.

uses logic
detail oriented
facts rule
words and language
present and past
math and science
can comprehend
order/pattern perception
knows object name
reality based
forms strategies

uses feeling
“big picture” oriented
imagination rules
symbols and images
present and future
philosophy & religion
can “get it” (i.e. meaning)
spatial perception
knows object function
fantasy based
presents possibilities
risk taking

US government Official says ‘no more anonymity’

From Slashdot:

Privacy no longer can mean anonymity, says Donald Kerr, a deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguards people’s private communications and financial information. “Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that,” said Kerr. Kurt Opsahl of the EFF said Kerr ignores the distinction between sacrificing protection from an intrusive government and voluntarily disclosing information in exchange for a service. “There is something fundamentally different from the government having information about you than private parties. We shouldn’t have to give people the choice between taking advantage of modern communication tools and sacrificing their privacy.” Kerr’s comments come as Congress is taking a second look at the Foreign Surveillance Intelligence Act, requiring a court order for surveillance on U.S. soil. The White House argued that the law was obstructing intelligence gathering.

bill to tie financial Aid to ‘anti-piracy measures’

mm…big brother continues to creep into college.

“The MPAA is applauding top Democratic politicians for introducing an anti-piracy bill that threatens the nation’s colleges with the loss of a $100B a year in federal financial aid should they fail to have a technology plan to combat illegal file sharing. The proposal, which is embedded in a 747-page bill, has alarmed university officials. ‘Such an extraordinarily inappropriate and punitive outcome would result in all students on that campus losing their federal financial aid — including Pell grants and student loans that are essential to their ability to attend college, advance their education, and acquire the skills necessary to compete in the 21st-century economy,’ said university officials in a letter to Congress. ‘Lower-income students, those most in need of federal financial aid, would be harmed most under the entertainment industry’s proposal.'”

Facebook SocialAd’s & Privacy

From Slashdot:

“Facebook recently announced a new advertising scheme called ‘Social Ads.’ Instead of using celebrities to hawk products, it will use pictures of Facebook users. Facebook might be entering into another privacy debacle. The site assumes that if people rate products highly or write good things about a product then they consent to being used in an advertisement for it. Facebook doesn’t understand that privacy amounts to much more than keeping secrets — it involves controlling accessibility to personal data. ‘The use of a person’s name or image in an advertisement without that person’s consent might constitute a violation of the appropriation of name or likeness tort. According to the Restatement (Second) of Torts 652C: “One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.”‘”

Twitter and emerging currency

Some of you may know that I have roots in a community called Planetwork that has had an interest in ‘alternative’ currency and the role that digital identity could play a role in a emergent currency systems.

So, today my interest was peaked by this e-mail from Biz Stone at Twitter talking about an interesting new application being built on twitter.

Do You Owe Someone A Beer?

Foamee.com is a fun IOU system built on Twitter that helps you track who you owe beers to (and vice versa). All you have to do is follow the account “ioubeer” and then send it @replies. So, say you owe me a beer for helping you change a flat tire, this is what you’d send to Twitter:

@ioubeer @biz for helping me change that flat tire

Then, your IOU will show up on the front page at foamee.com. There’s even a way to tell it when that beer has been redeemed. I think a root beer version is in the works. Maybe even a latte version? Those are foamy too. Dan Cederholm of SimpleBits design is the mastermind behind this fanciful creation. We think it’s really cool. Thanks Dan, we owe you a frosty one!

Visit: http://foamee.com
Follow: http://twitter.com/ioubeer
More: http://simplebits.com

The Up’s and Down of electronic surveillance litigation

Creapy Creapy from Slashdot:

The US government is seeking unprecedented access to private communications between citizens. ‘On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government’s request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. … the position that the United States government is taking if accepted, may mean that the government can read anybody’s email at any time without a warrant.

On the ‘up side’ from the Washington Post:

The AT&T whistle blower Mark Klein is

in Washington this week to share his story in the hope that it will persuade lawmakers not to grant legal immunity to telecommunications firms that helped the government in its anti-terrorism efforts.

“If they’ve done something massively illegal and unconstitutional — well, they should suffer the consequences,” Klein said. “It’s not my place to feel bad for them. They made their bed, they have to lie in it. The ones who did [anything wrong], you can be sure, are high up in the company. Not the average Joes, who I enjoyed working with.”

His story as articulated by the post is as follows:

The job entailed building a “secret room” in an AT&T office 10 blocks away, he said. By coincidence, in October 2003, Klein was transferred to that office and assigned to the Internet room. He asked a technician there about the secret room on the 6th floor, and the technician told him it was connected to the Internet room a floor above. The technician, who was about to retire, handed him some wiring diagrams.

“That was my ‘aha!’ moment,” Klein said. “They’re sending the entire Internet to the secret room.”

The diagram showed splitters, glass prisms that split signals from each network into two identical copies. One fed into the secret room, the other proceeded to its destination, he said.

“This splitter was sweeping up everything, vacuum-cleaner-style,” he said. “The NSA is getting everything. These are major pipes that carry not just AT&T’s customers but everybody’s.”

One of Klein’s documents listed links to 16 entities, including Global Crossing, a large provider of voice and data services in the United States and abroad; UUNet, a large Internet provider in Northern Virginia now owned by Verizon; Level 3 Communications, which provides local, long-distance and data transmission in the United States and overseas; and more familiar names such as Sprint and Qwest. It also included data exchanges MAE-West and PAIX, or Palo Alto Internet Exchange, facilities where telecom carriers hand off Internet traffic to each other.

“I flipped out,” he said. “They’re copying the whole Internet. There’s no selection going on here. Maybe they select out later, but at the point of handoff to the government, they get everything.”

Qwest has not been sued because of media reports last year that said the company declined to participate in an NSA program to build a database of domestic phone-call records out of concern about its legality. What the documents show, Klein contends, is that the NSA apparently was collecting several carriers’ communications, probably without their consent.

Another document showed that the NSA installed in the room a semantic traffic analyzer made by Narus, which Klein said indicated that the NSA was doing content analysis.