Life online – Page 4

Twitter hashtags for emergency coordination and disaster relief

I know I’ve been beating the drum about hashtags for a while. People are either lukewarm to them or are annoyed and hate them. I get it. I do. But for some stupid reason I just can’t leave them alone.

Anyway, today I think I saw a glimmer of the promise of the hashtag concept revealed.

For those of you who have no idea what I’m talking about, consider this status update:

You’ll notice that the update starts out with “#sandiegofire”. That’s a hashtag. The hash is the # symbol and the tag is sandiegofire. Pretty simple.

Why use them? Well, it’s like adding metadata to your updates in a simple and consistent way. They’re not the most beautiful things ever, but they’re pretty easy to use. They also follow Jaiku’s channel convention to some extent, but break it in that you can embed hashtags into your actual post, like so:

Following the principle of DRY, this simple design means that you can get more mileage out of your 140 characters than you might otherwise if you had to specify your tags separately or in addition to your content.

Anyway, you get the idea.

Hashtags become all the more useful now that Twitter supports the “track” feature. By simply sending ‘track [keyword]‘ to Twitter by IM or SMS, you’ll get real-time updates from across the Twitterverse. It’s actually super useful and highly informative.

Hashtags become even more useful in a time of crisis or emergency as groups can rally around a common term to facilitate tracking, as demonstrated today with the San Diego fires (in fact, it was similar situations around Bay Area earthquakes that lead me to propose hashtags in the first place, as I’d seen people Twittering about earthquakes and felt that we needed a better way to coordinate via Twitter).

Earlier today, my friend Nate Ritter started twittering about the San Diego fires, starting slowly and without any kind of uniformity to his posts. He eventually began prefixing his posts with “San Diego Fires”. Concerned that it would be challenging for folks to track “san diego fires” on Twitter because of inconsistency in using those words together, I wanted to apply hashtags as a mechanism for bringing people together around a common term (that Stowe Boyd incidently calls groupings).

I first checked Flickr’s Hot Tags to see what tag(s) people were already using to describe the fires:

I picked “sandiegofire” — the tag that I thought had the best chance to be widely adopted, and that would also be recognizable in a stream of updates. I pinged Nate and around 4pm with my suggestion, and he started using it. Meanwhile, Dan Tentler (a BarCamp San Diego co-organizer who I met at ETECH last year) was also twittering, blogging and shooting his experience, occasionally using #sandiegofire as his tag. Sometime later Adora (aka Lisa Brewster, another BarCamp San Diego co-organizer) posted a status using the #sandiegofire hashtag.

Had we had a method to disperse the information, we could have let people on Twitter know to track #sandiegofire and to append that hashtag to their updates in order to join in on the tracking stream (for example, KBPS News would have been easier to find had they been using the tag) (I should point out that the Twitter track feature actually ignores the hashmark; it’s useful primarily to denote the tag as metadata in addition to the update itself) .

Fortunately, Michael Calore from Wired picked up the story, but it might have come a little late for the audience that might have benefitted the most (that is, folks with Twitter SMS in or around affected areas).

In any case, hashtags are far from perfect. I have no illusions about this.

But they do represent what I think is a solid convention for coordinating ad-hoc groupings and giving people a way to organize their communications in a way that the tool (Twitter) does not currently afford. They also leave open the possibility for external application development and aggregation, since a Twitter user’s track terms are currently not made public (i.e. there is no way for me to know what other people are tracking across Twitter in the same way that I can see which tags have the most velocity across Flickr). So sure, they need work, but the example of #sandiegofire now should provide a very clear example of the problem I’d like to see solved. Hashtags are my best effort at working on this problem to date; I wonder what better ideas are out there waiting to be proposed?

And you wonder why people in America are afraid of the Internet

Ladies and gentlemen, I would like to present to you two exhibits.

Here is Exhibit A from today’s International Herald Tribune:

In contrast (Exhibit B) we have the same exact article, but with a completely different headline:

Now, for the life of me, I can’t figure out how the latter is a more accurate or more appropriate title for the article, which is ostensibly about Google’ acquisition of Jaiku.

But, for some reason, the editor of the NY Times piece decided that it would — what? — sell more papers? — to use a more incendiary and moreover misleading headline for the story.

Here’s why I take issue: I’m quoted in the article. And here’s where the difference is made. This is how the how the article ends:

“To date, many people still maintain their illusion of privacy,” he said in an e-mail message.

Adapting will take time.

“For iPhone users who use the Google Maps application, it’s already a pain to have to type in your current location,” he said. “‘Why doesn’t my phone just tell Google where I am?’ you invariably ask.”

When the time is right and frustrations like this are unpalatable enough, Mr. Messina said, “Google will have a ready answer to the problem.”

Consider the effect of reading that passage after being lead with a headline like “Google’s Purchase of Jaiku Raises New Privacy Issues” versus “Will Google take the mobile world of Jaiku onto the Web?” The latter clearly raises the specter of Google-as-Big-Brother while ignoring the fallacy that privacy, as people seem to understand it, continues to exist. Let’s face it: if you’re using a cell phone, the cell phone company knows where you are. It’s just a matter of time before you get an interface to that data and the illusion that somehow you gave Google (or any other third party) access to your whereabouts.

I for one do not understand how this kind of headline elevates or adds to the discourse, or how it helps people to better understand and come to gripes with the changing role and utility of their presence online. While I do like the notion that any well-engineered system can preserve one’s privacy while still being effective, I contend that it’s going to take a radical reinterpretation of what we think is and isn’t private to feel secure in who can and can’t see data about us.

So, to put it simply, there are no “new” privacy issues raised by Google’s acquisition of Jaiku; it’s simply the same old ones over and over again that we seem unable to deal with in any kind of open dialogue in the mainstream press.

Leaving TechMeme

It may seem obvious to some wiser than me, but every now and then I realize that I need to disrupt my habits, force-inject some new behaviors and shift-reload the inputs into my thinking.

Above you can see what the top left corner of WebKit looks like to me everyday. In a nutshell, it depicts the places I visit the most. You’ll notice that TechMeme comes second after the Ma.gnolia bookmarklet. That’s a pretty prime spot to occupy in terms of shaping (or warping) my perspective.

Don’t get me wrong: TechMeme is a very well executed news service; above all else, its presentation and hierarchy of information is excellent and serves my goal of consuming a lot of information in aggregate in a very short amount of time. It’s as good a zeitgeist as any when it comes to what certain people are thinking about.

And therein lies the rub.

TechMeme provides an interesting and compelling overview of what’s hot in conventional tech news. It is, however, overly self-referential, and, insomuch as it gives greater weight to certain “types” of people and posts, it ends up becoming necessarily echolalic more often than not. And on top of that, the pundits who are featured prominently on its pages (and who like to argue amongst each other who’s popular and who’s not (n.b. I avoided reading any of those posts during that maelstrom; I provide the link merely for context)) have certain priorities that, well, just don’t overlap so well with mine.

I mean, it’s good to know what’s up with Google and Yahoo and Microsoft, and what the latest startups are up to and so on. It’s also fun to see what the latest controversies are over net discrimination and the what arcane nonsense is being attempted to fasten down the semantic web… But I think I’ve had my fill of that for now. Frankly, It’s time to turn off the firehose.

Maybe it’s because I’m leaving for a week Oaxaca and I need a reset; or maybe it’s realizing that I’ve so much to do and I have to stop measuring myself by what everyone else is doing (or has already done). Or maybe it’s because I can feel the sentiment and motivations of the tech community changing ever-so-gradually and becoming increasingly corrupt. Or who knows, maybe nothing has changed except that I need to rearrange some furniture just for the sake of change.

Whatever the case, it’s time to bid adieu to the link that’s been occupying second position on my browser’s bookmark bar for the last umpteen months. I’m going to have to go back to piecing things together one by one on my own; digging up my own dirt, assembling my own theories instead of the ones advanced by crowd economics, leaving the punditry to be consumed by other more capable pundits. Maybe I’ll come back someday — in fact, I probably will. But, as a sheer exercise of will (or perhaps as a mere act of intention), as of today, I’m leaving TechMeme.

Announcing OAuth 1.0 Public Draft 1

Well, it’s been a long time coming, and if you’ve been following my Twitters at all, you’ll know that I’ve been working on an open, community-driven authorization protocol called OAuth for the past few months. Today we released the first Public Draft for review.

The idea started as a humble effort to accomplish two goals: first, to enable Ma.gnolia members who created their accounts with OpenIDs (and therefore don’t have traditional usernames and passwords) to be able to use Dashboard Widgets; and second, to enable Twitter to adopt OpenID when its current API requires a username and password to authorize access to protected status feeds.

In any case, both of these use cases were part of the same problem: the lack of a uniform and open protocol for what’s called “delegated authentication”. Another useful metaphor that I’ve come to like is what John Panzer and Eran Hammer-Lahav used before him, that of a valet key:

OAuth is like a valet key for all your web services. A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or limit the RPMs on your high end German automobile. In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.

Arguably the value of OAuth as a technological innovation goes beyond that. After all, anyone can implement their own valet key system that works in their own universe of vehicles. The harder part is actually the social and political work of getting everyone to buy in and follow the same design pattern, leading to interoperability between systems.

In fact that’s where we were before OAuth: Google had AuthSub, AOL had OpenAuth (OAuth’s former name, by the way), Yahoo had BBAuth and Flickr had FlickrAuth (not to mention Facebook Auth and Windows Live ID Web Authentication). Which meant that if you were an independent developer (like Matt Biddulph from Dopplr) you had to pick which auth system you wanted to support unless you had money and time coming out of your armpits, you’d code against all of them.

Of course, that’s not reality. And no one has the time or energy to maintain support for every protocol, so instead, most people take the easy way out and just ask for the veritable keys to all the different services you use:

Now, don’t get me wrong, this gets the job done. And it works. But it’s a really really really bad idea.

Not only are people being trained into thinking that it’s okay to fill in any form that looks like a Gmail login box on any old website (trusted or not) but it’s creating an untenable situation where, as a member of these various services, you have no way to control the access you’ve given away without changes your password — which in effect will disable every one of these sites that’s storing your credentials — forcing you to revisit every one of them and share with them your new username and password. What a crappy experience!

Fortunately, Flickr got it right a long time ago and set the bar for user experience. In their model, you can try out a bunch of tools that help you upload photos to the service or use off-site mashups that do cool things with your photos all without giving away your most valuable credentials: your username and password!

Instead, when you sign in to your account, Flickr will assign special keys called “tokens” to each application that wants to access your account. Flickr then lets you configure how much access you want to grant to each app and lets you revoke that access at any time. No changing your password, no running around to have to re-authenticate all the apps that you still want to use if you want to disable one of them.

OAuth takes that approach one step further and extracts the best practices from the popular authentication systems I mentioned above and turns it into one elegant, unified authentication protocol that anyone can implement. And, because it’s an open standard that we hope many people will adopt and replace their own proprietary authentication systems with, it should be a no-brainer for developers to use and to support, resulting in fewer sites that, with a straight face, continue to ask you for your username and password (oh, and yes, it is compatible with OpenID, with Google Accounts, with Yahoo Accounts and any other sign-in system — OAuth doesn’t dictate how you sign-in, only how you delegate authentication).

Even though we’re only releasing the first public draft today, we already have pledges from Ma.gnolia, Twitter, Pownce, Jaiku, Dopplr and others that they intend to implement the protocol.

If you want to get involved, join our mailing list, take a look at the OAuth libraries under development for PHP, Ruby, Python, C# and others. We plan to formally release the final version the OAuth Protocol v1.0 on Oct 1, so watch this space for more news until then.

Stop building social networks

I started writing this post August 8th. Now that Dave Recordon is at Six Apart and blogging about these things and Brad Fitzpatrick has moved on to Google, I thought I should finally finish this post.

I fortuitously ran into Tim O’Reilly, Brad Fitzpatrick and Dave Recordon in Philz yesterday as I was grabbing a cup of coffee. They were talking about some pretty heady ideas and strategies towards wrenching free one’s friends networks from the multiple social networks out there — and recombining them in such a way that it’d be very hard to launch a closed down social network again.

The idea isn’t new. It’s certainly been attempted numerous times, with few successful efforts to show for it to date. I think that Brad and Dave might be on to something with their approach, though, but it begs an important question: once you’ve got a portable social network, what do you do with it?

Fortunately, Brian Oberkirch has been doing a lot of thinking on this subject lately with his series on Portable Social Networks, starting with a post on designing portable social networks lead up to his most recent post offering some great tips on how to prepare your site for the day when your users come knocking for a list of their friends to populate their new favor hang.

In his kick-off post, Brian laid the problem of social network fatigue as stemming from the:

Creation of yet another login/password to manage

Need to re-enter profile information for new services

Need to search and re-add network contacts at each new service

Need to reset notification and privacy preferences for each new service

Inability to manage and add value to these networks from a central app/work flow

I think these are the fundamental drivers behind the current surge of progress in user-centric identity services, as opposed to the aging trend of network-centric web services. If Eric Schmidt thinks that Web 3.0 will be made up of small pieces loosely joined and “in the cloud”, my belief, going back to my time with Flock, is that having consistent identifiers for the same person across multiple networks, services or applications is going to be fundamental to getting the next evolution of the web right.

Tim made the point during our discussion that at one point in computing history, SQL databases embedded access permissions in the database itself. In modern times, access controls have been decoupled from the data and are managed, maintained and federated without regard to the data itself, affording a host of new functionality and stability simply by adjusting the architecture of the system.

If we decouple people and their identifiers from the networks that currently define them, we start moving towards greater granularity of privacy control through mechanisms like global social whitelists and buddy list blocklists. It also means that individuals can solicit services to be built that serve their unique social graph across any sites and domains (kind of like a fingerprint of your relationship connections), rather than being restrained to the limited freedom in locked down networks like Facebook. And ultimately, it enables cross-sharing content and media with anyone whom you choose, regardless of the network that they’re on (just like email today, where you can send someone on Yahoo.com email from Gmail.com or even Hotmail.com, and so on, but with finer contact controls). The result is that the crosscut of one’s social network could be as complete (or discreet) as one chose, and that rather than managing it in a social network-centric way, you’d manage it centrally, just as you do your IM buddy list, and it would follow you around on any site that you visit.

So it’s become something of a refrain in the advice that we’ve been giving out lately to our clients that they should think very critically about what social functionality they should (and shouldn’t) build directly into their sites. Rather than assuming that they should “build what Flickr has” or think about which features of Facebook they should absorb, the better question, I think, is to assume that in the next 6-8 months (for the early adopters at least) there’s going to be a shift to these portable networks. Where the basics will mostly be better covered by existing solutions and will not need to be rebuilt. Where each new site — especially those with specific functionality like TripIt (disclosure: we’ve consulted TripIt) — will need to focus less on building out its own social network and more on how social functionality can support their core competency.

We’re still in the early stages of recognizing and identifying the components of this problem. Thus far, the Microformats wiki says:

Why is it that every single social network community site makes you:

re-enter all your personal profile info (name, email, birthday, URL etc.)?

re-add all your friends?

In addition, why do you have to:

re-turn off notifications?

re-specify privacy preferences?

re-block negative people?

AKA “social network fatigue problem” and “social network update/maintenance problem”.

I’ve yet to be convinced that this is a problem that the “rest of the world” beyond social geeks is suffering, but I do think that the situation can be greatly improved, even for folks who are used to abandoning their profiles when they forget their passwords. For one thing, the world today is too network-centric, and not person-centric. While I do think people should be able to take on multiple personas online (professional, casual, hobby, family, and so on), I don’t think that that means that they should have those boundaries set for them by the networks they join. Instead, they should maintain their multiple personas as separate identifiers: email addresses, IM addresses and/or profile URLs (i.e. OpenIDs). This allows for handy separation based on the way people already materialize themselves online. Projects like NoseRub and even the smaller additions of offsite-identifiers on sites like Digg, Twitter and Pownce also acknowledge that members think of themselves as being more faceted than a single URL indicates.

This is a good thing. And this is where social computing needs to go.

We need to stop building independent spider webs of sticky siloed social activity. We need to stop fighting the nature of the web and embrace the design of uniform resource identifiers for people. We need to have a user agent that actually understands what it means to be a person online. A person with friends, with contacts, with enemies, with multiple personas and surfaces and ambitions and these user agents of the social web need to understand that, though we live in many distinct places on the web and interact with many different services, that we as people still have one unified viewport through which we understand the world.

Until social networks understand this reality and start to adapt to it, the problem that Dave is describing is only going to continue to get worse for more and more people until truly, the problem of social network fatigue will spread beyond social geeks and start cutting into the bottom lines of companies that rely on the regularity of “sticky eyeballs” showing up.

While I will always and continue to bet on the open web, we’re reaching an inflection point where some fundamental conceptions of the web (and social networks) need to change. Fortunately, if us geeks have our way, it’ll probably be for the general betterment of the whole thing.

A Bill of Righteous intent

Before the Bill of Rights for Users of the Social Web, there were various efforts at establishing clear policies or practices related to the ownership, scope and providence of so-called user data. While I can’t name them all, I might cite P3P, The Cyberspace Charter of Rights, the DigitalConsumer’s Bill of Rights and then Attention Trust afterwards. This is clearly not a new problem, but it has gained renewed prominence owing to the wide adoption and popularity of social networks.

As such, I want applaud the authors’ effort on pulling this together in a timely fashion, and offering it up to the world to discuss, improve upon, and ultimately see to its implementation.

Continue reading “A Bill of Righteous intent”

How do we take care of each other?

Strong: Kevin Burton reports that the fund raising drive has was a complete success. As a result, I’ve removed the PayPal links from this post. Thanks all who donated!

Kevin Burton IM’d me yesterday and asked if he could give me a call. “Y’know Greg Stein?” “Yeah,” I said, “I just finally met him at BarCampBlock. What’s up?” “I just heard that he was mugged on his way home yesterday.” “Is he okay?” I asked. “No.”

Apparently two guys jumped Greg (who happened to be on crutches), gave him a black eye and serious laceration that was bleeding profusely when the ambulance arrived.

All for a hundred bucks and a credit card.

Now, for those of you who don’t know, Greg is a great guy, and one who has done a tremendous amount of good for the open source world. He’s now at Google doing loads of good work open sourcing their innards while chairing and acting as director of the Apache Software Foundation, lead developer of Subversion, and all things WebDAV.

And it’s really too bad that terrible things happen to good people like Greg.

So Kevin decided he wanted to do something. And that’s why he IM’d and then called me. He’s collecting donations in order to buy flowers, buy dinner and generally prove that, even when shit like this happens, that there is still good people and humanity in the world. And that when you give so much of yourself away to others and expect nothing in return, you’re the best candidate to receive the support of the community you’ve helped for so long.

So as I talked to Kevin about what we could do for Greg, it become abundantly clear that in all the social networking and digital ephemera that we’ve wrapped ourselves in we’ve done a pretty shoddy job of creating simple or obvious ways to help each other out in meaningful and effective ways when we’re most in need. Our networks are self-healing; people are not. So what have we done to make it possible to immediately mobilize ourselves when things do go wrong in order to provide the most effective and helpful response? When it comes to taking care of one individual out of our hundreds of friends across these online networks, does the network confound or enhance our ability to pitch in and materially help out?

When I was an admin of Spread Firefox, we were able to pull in a staggering $220,000 in 10 days to put a two page ad in the New York Times. The community saw a need (a grandiose one, I might add) and responded.

When the Dean campaign needed money, they put a call out and thousands upon thousands of campaign supporters would offer up microdonations and fill up the fundraising bat every time, accruing millions.

When one of us takes a hit, how do we respond? How does the network help us give the best that we’ve got?

I’m not saying I have the answers here — I’m really confounded. When Kevin asked me to pitch in, I was ready to hit the ground running — but what the hell do we do first? And in what proportion so that the multiplying aspects of the network doesn’t overwhelm the rather mundane and essential goal of lending Greg a helping hand now, when he needs it?

Well, for lack of anything we better, we kept it simple. For donations, I suggested Donorge, ChipIn and Network for Good but Kevin ultimately just used a couple PayPal links to receive donations on his blog. He set up a Google Group to organize folks, coordinate good acts and answer questions. For flowers I suggested Podesta Baldocchi here in the city. And while I think these efforts will ultimately prove successful and bring Greg a degree of relief and a smidgeon of hope, I think it also in some way serves to illustrate our need for what Stephanie Trimble has called Giving 2.0 (and that she has currently put into action offering people who work for Web 2.0 companies [a way to] get together to volunteer for charitable organizations).

If the government’s response to Katrina proved anything, it’s that our safety and well-being is in each others’ hands. And that we have to figure out how to put these new networks into our employ, and to figure out how design them to serve our human needs in the most vital times. It’s ideas like Brian Caldwell’s Emergency Social-Repeater System or the recent thread on the coworking mailing list for P2P health care that suggest that we’re beginning the work to figure this stuff out for ourselves.

In the meantime, Kevin is just about half way through raising $2000 to send Greg out to Big Sur where he can relax and recuperate. Even though no one deserves to experience the kind of thing that Greg did on Friday, I think he’s more than earned the support of the community here. The systems of supporting ourselves and keeping each other safe certainly have a long way to go and deserve our attention; however, in the meantime, there is a more pressing need. For the moment we’ll make due, and do the best that we can, for each other.

Groups for Twitter; or A Proposal for Twitter Tag Channels

This is the post that I alluded to in my last one about Whispering Tweets. I’ll make a disclaimer right now that the title of this post is misleading and actually not about Groups for Twitter. In fact, I’m not at all convinced that groups (at least as they are commonly understood on sites like Flickr) are ultimately a good idea or a good fit for Twitter. But, I do think that there is certainly some merit to improving contextualization, content filtering and exploratory serendipity within Twitter. This is a rather messy proposal to that effect.
Continue reading “Groups for Twitter; or A Proposal for Twitter Tag Channels”

Whispering Tweets

As a preface to the post that I intend to write next, I wanted to quickly jot down an idea that I think would be useful for Twitter… it’s partly inspired by my own instinct towards openness and partly clarified by Lane Becker‘s comment about Twitter Groups (the topic of my next status):

Personally, I’m not particularly interested in being able to create groups of people I can send certain subsets of messages to. That kind of fine-grained privacy management stuff drives me crazy on sites like Vox. Maybe I’m old-skool, but it feels like people in that environment are all about what they’re hiding, not what they’re sharing, and I prefer sharing. Hiding inhibits usage and growth, and it’s lame like high school. Don’t do it.

Emphasis added.
So it’s interesting that Twitter went with a binary model of privacy — either you have it or you don’t. Sure, you can direct message folks, but in terms of your complete timeline, either the world knows what’s up with you or they don’t. This is certainly straightforward and easy to grok, but doesn’t really allow for a third option, which would be a form of conservative promiscuity: a very public timeline with support for statuses that can only be seen by your innermost circle (or even just yourself).

The first step would be to set up a “whisper circle” or “inner circle” that will receive your whispers. This leaves you free to maintain a public timeline while adding the ability to restrict at least some of what you’re doing to a small, and more intentional, audience.

N. B.: You would only get one “inner circle” to start. For real private messaging circles, you really should just use email or Pownce. As far as I’m concerned, use the best tool for the job. This proposal is being made with the knowledge that many people would be interested in having personal d-lists or buddy sets like Pownce, but I’m defying that out of concern that overloading Twitter with this kind of management functionality would turn Twitter into something it’s not and wasn’t intended to be — which is a replacement for email in 140 character chunks.

I propose a very simple syntax for these kinds of messages: just begin your message with a bang (!) and then type your message as usual (yes, I do realize the irony in using the exclamation point for whispering). An example:


!psst... I'm whispering...

This status will only show up in the timelines of those friends who have been added to your inner circle. It will not show up in any public timelines. To reply to a whisper with a whisper, one of my friends could use either:

!@factoryjoe I can hear you. or @factoryjoe !I can hear you.

In either case, the use of an @reply to my whisper should not betray my confidence and would guarantee that I’d get the response in my replies. Like private tweets, only my inner circle at the time that I sent the message would be able to see my “whisper stream”.

I should also note that the name “whisper” comes from IRC lingo. It will make sense why I’m using both this syntax and this name in my next status on Twitter Channels — and, as an old Dodgeball user, the use of the bang to preface a message has been done before.

For now I’m curious about your thoughts on the usefulness of this proposal. Again, it’s incomplete without my next post, but as a simple protocol and as a way to bring back some folks who have gone private to living in the sunlight again, I thought I would offer it up for feedback.