In response to a few bug reports and feature requests, I’ve updated Freedom. The new version should fix the “asking for your password at 5 minute intervals” affecting some users, and it now allows up to 6 hours of Freedom. To update Freedom, download the new version and drag it to your Applications folder.
Please also let me know if you run into any bugs. I was able to track down the bug in Freedom 0.1-2 to a problem described in an Apple Technical Note, so I’m feeling more confident.
This week has been an exciting one over at ClaimID. Working with two great companies – JanRain and Vidoop/Confident, we’ve introduced some new technologies that make the OpenID process simpler, and more secure. For us, it is a true win-win! Read more about both announcements at ReadWriteWeb and over at the ClaimID blog:
In case you’re wondering how things are going over at ClaimID (I realize I don’t promote it that much here at Unit Structures), we’re growing at a fast clip – about 10% each month. This has caused a few scaling headaches, but we’ve taken the growth in stride. In the past year, we haven’t vastly changed the product – we’re sticking to the mission we pledged: making OpenID friendly and easy, being a trustworthy provider, and embracing open technologies. The fact that the market embraces that approach is really rewarding.
Over the summer, we’ll be thinking of some ways to streamline ClaimID. We feel that ClaimID can be at the core of a useful, productive identity experience on the web, and we’re going to develop it in that direction. In 2005 when we were brainstorming the project, we knew adoption was a few years off; I’m glad we’ve persevered, as it seems there’s some really great stuff right around the corner. And we certainly look forward to serving you for the next three years (and more)!
On Friday, I released Freedom, software that fights the oppression of the internet. Incredibly, through the power of del.icio.us, Reddit, Twitter, blogs and endless Tumblr’s, Freedom has spread widely, with tens of thousands of views. Even more incredibly, I received a donation for my efforts, proving that Freedom is truly on the march. Here’s some of my favorite Freedom coverage:
And while most traffic to Freedom came in from the web or blogs, a substantial bit of Freedom’s traffic and buzz came from Twitter (which I was able to track via Tweetscan’s great, real-time analytics).
Techcrunch and I agree that smaller, more personal networks are the next wave. This has large implications for social (viral) content distribution. First a caveat: By volume, blogs are still king. However, compared to blogs, with their monolith long-post form, and invisible audience, these “closer” networks better fit social content. What do people want to do on the internet? They want to share links. Twitter and Tumblr are precisely tailored to link-based message passing (the fuel of viral traffic), aligning perfectly with our desires.
The real value of “close” networks, in my opinion, is knowledge of one’s audience. Being able to look at one’s Twitter followers and know who is reading you is incredibly powerful, if for no other reason than the milieu of sharing is pre-established. Ever notice how people on Twitter don’t adopt personas? Knowing one’s audience frees users to create as themselves, which is the ultimate sustainable model. The fact that viral content has moved into these close networks is very significant – and we’ll only see more of it going forward.
A few years ago, I used to judge the quality of a coffeeshop by the speed of its wireless network. Now that I’m working on my dissertation, I find myself desperately searching out places where I can be network-free. In this college town, it is difficult to find a work or study place where you can avoid clouds of wireless internet.
In an attempt to resist the encroachment of network into the spaces of productivity, 
I’ve created Freedom. Freedom is a Mac application that disables your computer’s networking capabilities for a selected time interval. Some of you may turn off your network when you need to be productive; I’ve done that, but always found myself popping the network on at my next break (and losing 20 minutes to YouTube/Wikipedia/etc). Freedom takes this approach a step further, locking you out of your network for your selected time interval; Freedom enforces freedom.
To download freedom, visit the project’s page. After you download, simply mount the disk, and drag Freedom.app to your application folder. To run Freedom, double-click the application, provide your password and time interval, and Freedom will do all the rest.
Once Freedom’s time interval completes, it will display a friendly message and enable your network interfaces. A reboot is the only circumvention of the time limits you choose. The hassle of rebooting means you’re less likely to cheat, and you’ll be more productive. Simply closing the application will not return your network interfaces. When first getting used to Freedom, I suggest using the software for short periods of time.
For those who may worry, Freedom is non-destructive. It uses simple POSIX functions for the management of network interfaces. Therefore, if you’re a sysadmin, you can circumvent Freedom. However, for the rest of us, Freedom is technical enough to enforce downtime. With Freedom, you can be network-free to write, code, design, arrange or just GTD.
NOTICE: For Freedom support, please go to Freedom’s new website, http://macfreedom.com
As someone who has started or run a few web projects, I’m used to the complaining blogger. And because of that, I try to stay away from being the complaining blogger. But I think that Twitter is about to drive me crazy with information overload, and I think I know how to solve the problem. So here’s a go.
Increasingly, Twitter has begin to feel like a collection of RSS feeds. My Twitter home screen is my personal newsreader. Unfortunately, it is completely dysfunctional. Some people I follow for personal reasons, some people I follow for work. Some people post often, some people once a week. I want to read every single message written by some people, and others can float by. Sort of like any other inbox, I guess.
If you’ve used Twitter, however, you know that all your messages go into the same place. Everyone is treated equal. There’s no method to deal with the information overload inherent in the system, there’s no way to mute over-Tweeters, there’s no way to have any control over the information space.
This may have worked in the early days of Twitter, where the interaction was supposed to be ephemeral – some messages you caught, some float by, who cares. Unfortunately, Twitter has grown up as it became more mainstream. People are saying “Did you see my Tweet” just as they would say “Did you get my email.”
We know how to deal with this: Folders, labels, mute buttons, regular expressions, etc. We need Tweetboxes, we need Tweetfolders to separate contexts, we need better strategies to deal with the information overload. And this is just in regards to incoming information – the multiple-audiences problem is another, more difficult problem.
Looking around at Twitter clients, I don’t see any that support such functionality. But I’m not really interested in using a Twitter client – I just want Twitter’s web interface to work. Let me create some folders, or tag my contact into a few different bins, so I could sort my incoming messages. A mute button would be nice as well, but right now folders (or labels, if you want to be Gmail-y) would really help. Look at the existing patterns that work with RSS and inboxes, and give us that. Because this current all-or-nothing isn’t the right answer.
Via Slashdot, news that the Facebook Platform is falling under increased scrutiny for questionable privacy practices. The issue at hand is developer access to profile information as shared via the API. I’ll see if I can provide a high-level overview.
When you add a Facebook application, you allow the application developers access to your profile. Your profile information is queryable via the Facebook platform API. This means that the data in your profile is passed to application developers via structured methods. An example of such a method is Users.getinfo. If you’ve added an application, the developer can make a Users.getinfo call with your Facebook ID. In response to that call Facebook sends the developer the information from your profile – your name, networks, favorite books and movies, etc. Other calls such as photos.get and friends.get make your photos or friends lists queryable by application developers.
Just so we’re clear, Facebook sends your information only to third parties that you’ve approved (you read the terms of service, right?). It is as if the third party was able to view and save your profile, photos or friends lists. To prevent problems, Facebook regulates third-party behavior through its developer terms of service. The terms of service states that only certain types of your profile data are storable; if the developer possesses (i.e. downloads) data that is not explicitly storable, they agree to delete this information within 24 hours. That is, the company must, under the terms of service agreement, expunge the data that is not storable within a day of collecting it.
Notably, the storable data is very limited. You may store a user ID, or a photo ID, but you may not store a name, favorite book or picture. The only mechanism that regulates this is the terms of service agreement; if a company decides to store the data longer than 24 hours, there’s no technical or DRM-type mechanisms that will enforce data destruction. The privacy equation relies only on good faith between Facebook and the third party.
Facebook has relied on this storage agreement since the beginning of the API. The reason we’re hearing of it today is due to a recent study that found that Facebook applications don’t need as much information as they’re being given. There are clearly larger questions, especially when one considers the scale of Facebook applications. The largest applications have over 2 million daily users. They almost certainly have install bases in the tens of millions. This means that theoretically, tens of millions of profiles could have been downloaded and stored, in violation of the terms of service.
What are the incentives for storing profile information? As a researcher, I can think of hundreds of reasons. Using a small set of 100,000 profiles from across the US (a small application), one could build a valuable marketing database. Even if personally identifiable data was removed from the set, I’d still be able to get great value from the set using probabilistic techniques.
The reality? Likely, most of the applications you’ve added haven’t stored your profile data in violation of the terms of service. Certainly, an app storing your data couldn’t do anything above-board with it (Facebook would quickly and successfully sue). But in reality? With backup tapes, less-than-ethical application developers, or even those who just fail to read the terms of service – yes, it’s likely that some data is stored somewhere. Just as your profile is probably in a browser cache somewhere, it’s likely an app or two has stored your info. Will it be used against you? Will you become part of a black-market database? Who knows.
Now that people are taking a look at the privacy assumptions of the Facebook platform, perhaps its time to start a dialogue around how to solve the problems of SNS API’s. OAuth is one heckuva step forward. However, with the power application developers exert in the Facebook ecosystem, I won’t hold my breath that the all-you-can-eat data stream is going to be turned off any time soon.
There’s big news from the OpenID foundation today: Google, IBM, Microsoft, VeriSign, and Yahoo! have joined the foundation’s board. This is obviously a major step forward for OpenID, but it’s also good for the entire open identity movement; the major players are seeing the value in consumer choice and control. At ClaimID, we’ve been advancing these themes since 2005, so it’s especially rewarding to see this news. From the OpenID foundation announcement:
By bringing on these companies and their resources, the OpenID Foundation will now be able to better serve the needs of the entire OpenID community. In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a World-wide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe. Awesome!
Congratulations goes out to OpenID foundation chairman Scott Kveton, and all others involved in the foundation who’ve worked on this initiative. Scott’s blogged the coverage of the announcment if you’d like some more insight. Again, congrats to the OpenID foundation for this huge achievement – today is a very big day for OpenID and open identity work.
Cross-posted to the ClaimID blog.
Fred Stutzman is a Postdoctoral Fellow at Carnegie Mellon University, where he studies privacy and social media. He is the designer of the productivity software Freedom and Anti-Social, and co-founder of the identity management service ClaimID.com.
