What does the Microsoft "partnership" with Facebook mean for users?
October 26th, 2007 by Doc Searls
Here's the key fact: Facebook's users are not its customers. They're the targets to which Facebook's customers aim advertising. In old media this was no big deal. But Facebook isn't just a "medium". It's a vast walled garden where the social activity of members and visitors constantly improves the ability of advertisers to "target" both.
This is a Good Thing only if it works for everybody — including both those targeted as well as those doing the targeting. And if users are actually involved, they have some important questions:
- What happens to my identity-related information?
- How is it used, and by whom?
- How much control do I have over my data (or data about myself) — including what Facebook "partners" do with that data?
Jeremiah Owyang visits these questions in his latest post, How Microsoft got their Passport after all. He begins,
A few hundred million is a steal for your identity, they've got plenty of money.
Microsoft and Facebook are in partnership, but what's at stake? Three things:
- Facebook knows who you are: your name, your gender, where you live, your martial and political status, sexual preference, age, where you work, the list goes on. The funny thing is, you've voluntarily given that information up.
- They also know who you connect to, who you talk to, and what you say to them (you don't own those private message ya know).
- Sure, up to one third of all profile information is bogus, but what about those unsaid gestures: What people do is more important than what they say. What apps you use, how frequent, what and who you click on.
Great, but why does it matter? Because the new partner likely will have access to this very precious data.
[We once rejected Microsoft's Passport identity campaign, but we’ve potentially and unknowingly just handed it over]
Two thoughts.
First, Microsoft had a very instructive failure with Passport, and the "Hailstorm" effort of which it was a part. One guy leading that instruction is Kim Cameron, primary author of the Seven Laws of Identity and creator of the Identity Metasystem concept (among other things), all which we made a cover story in the September 2005 issue of Linux Journal. To the best of my knowledge, that was the first time a Microsoft effort made the cover of the magazine — and it deserved to.
In brief, the Seven Laws are:
- User Control and Consent
- Minimal Disclosure for a Constrained Use
- Justifiable Parties
- Directed Identity
- Pluralism of operators and technologies
- Human integration
- Consistent experience across contexts
Second, many independent developers at companies and organizations large and small (including many individuals their own) have joined together (guided to a significant degree by Kim and his Laws) as in informal Identity Gang (now a working group of Identity Commons) with the shared purpose of empowering individuals to control their own identity-related information in the networked world. "User-centric identity" is still new, and we're all still in the early stages of Whatever This Will Be; but already much technical progress has been made, most of it in the form of open source development.
The Gang gathers at informal but highly productive Internet Identity Workshops (IIWs) — twice per year at the current rate. In fact, I'm one of the organizers. The next one is December 3-5 in Mountain View. Here's my open invitation for Facebook folks to come help the rest of us work on applying the Laws of Identity in the social contexts they're pioneering.
There is much work to be done. We'd love to have Facebook help us do it.
__________________________
Doc Searls is Senior Editor of Linux Journal
Special Magazine Offer -- 2 Free Trial Issues!
Receive 2 free trial issues of Linux Journal as well as instant online access to current and past issues. There's NO RISK and NO OBLIGATION to buy. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Sorry, offer available in the US only. International orders, click here.
Delicious
Digg
Reddit
Newsvine
TechnoratiSubscribe now!
Recently Popular
| Linux HOWTO: Video Editing Magic with ffmpeg | Jul-23-08 |
| Google Gadgets for Linux | Jul-21-08 |
| Building a Call Center with LTSP and Soft Phones | Aug-25-05 |
| Man vs. Myth: Greg Kroah-Hartman and the Kernel Driver Project | Jul-21-08 |
| Review: HP 2133 Mini-Note | Jul-16-08 |
| Boot with GRUB | May-01-01 |
Featured Videos
Non-linear video editing tools are great, but they're not always the best tool for the job. This is where a powerful tool like ffmpeg becomes useful. This tutorial by Elliot Isaacson covers the basics of transcoding video, as well as more advanced tricks like creating animations, screen captures, and slow motion effects.
Shawn Powers reviews the HP Mini-Note portable computer.
Thanks to our sponsor: Silicon Mechanics
Silicon Mechanics is a leading manufacturer of rackmount servers, storage, and high performance computing hardware. The best warranty offerings available are backed by experts dedicated to customer satisfaction.
From the Magazine
August 2008, #172
There's nuttin like a Cool Project to give you some relief from the summer heat, so get out your parka cuz we got a bunch of em. First up is the BUG, not a bug, The BUG. It's got a GPS, camera and more, in a hand-sized package that's user programmable. The BUG does everything. It's both a floor wax and a dessert topping. Get one now. Need a software version of a Swiss Army knife? Take a look at Billix, and don't leave home without it. Then, chew on this one, an X server on a Gumstix device driving an E-Ink display. Need more storage? How about 16 Terabytes? Can do.
And, of course, we have the usual cast of characters: Marcel, Reuven, Dave, Kyle, Doc, plus the new kid on the block Shawn Powers. But it doesn't stop there: build a MythTV box on a budget, build your own GIS system, set up the tools to monitor your enterprise and more. Finally, remember The War of the Worlds? Now you can play too.
Cameron spreads FUD about SSL
On November 7th, 2007 Burz (not verified) says:
http://www.boingboing.net/2007/10/07/canadas-privacy-comm.html
(see the exchange in the comments section)
Microsoft is trying to move authentication and privacy apparatus out of the browser and into the OS. The kind of effort the article refers to IMO results in MS Active Directory becoming a must-have even for LAMP servers... another unworkable monopolist "de-facto" standard pops into existence because of tying with the Windows client.
Required reading from Jeremy Alison of the Samba project:
http://samba.org/samba/news/articles/low_point/column01.html
''Currently if you want to put your Windows clients and server into a "single-sign-on" environment (and let's face it, who wouldn't), your only real choice is Microsoft Active Directory. Why is this ? Well, the main obstacle is that Windows client won't log on in "Domain" mode without it, and Windows servers use information held in Active Directory to make authorization decisions for Windows clients. Enough of the protocols that the Windows clients and servers use to do this are not documented by Microsoft to make creating an inter-operable server a risky business for any commercial entity. Few have tried; Sun, with their "PC-Netlink" product was cut off from access to the Windows 2000 source code when their supplier AT&T abruptly had their contract to port the Windows source code terminated by Microsoft (thus instigating the EU case).''
It is easy to imagine all those hosting services nervously adopting AD as their standard identity server, lest they risk their ebusiness grinding to a halt because of possible glitches in CardSpace-Samba interoperability.
The same fear and uncertainty that end-users experience when contemplating non-Windows alternatives could be forced onto web admins in this way. If you can make a server product that defacto owns the web authentication market, then your product also wins the hosting market for most of the web.
( Yet another possible wrinkle is whether the CardSpace-type identity schemes require implmentation with keys undisclosed to the user -- like DRM keys only hidden in TPM hardware -- which would automatically disqualify GPL3 products like Samba. )
Steve Ballmer himself just indicated that he wants FOSS projects like PHP to 'innovate on Windows instead', using legal threats if necessary. See PJ's assessment of this at Groklaw.
...though I am sure the more garden variety of MS monopoly pressures will also be brought to bear, like warning people that they are trying to login to a "possibly insecure" https session.
Also, does MS have an easy and secure way to migrate one's CardSpace-encapsulated identity to another operating system? Or is this yet another way in which Windows will hold people hostage?
Final thoughts: If authorities and the tech community are unwilling to teach people a couple semantic rules for secure browsing, then either SSL won't get used properly and the current level of spoofing and phishing will remain, or else the Internet will turn into an authoritarian regime locking out non-monopoly technology and non-conglomerate business and opinion.
The need for semantic verification (looking at the domain name in context) by the user is irreducible when independent parties securely interact. The flashing of pretty trademarks to click on doesn't work for veracity because users cannot identify icons down to the last bit the way they can with alphanumeric information. This is why SSL certificates are keyed against domain names.
After a user checks for the lock icon along with the domain in the address bar, the only decisions left (indeed the only ones that CAN be made WRT security) are: A) is the domain spelled properly? B) do I trust them with my data? C) do I trust the Certificate Authority? Anything beyond that is like having a telephone system that tries to steer people away from dialing certain phone numbers because you might have mis-dialed in an attempt to reach a mainstream bank or chat line. All the user can do is check the number they dialed, and all the 'system' can do honestly is check that they reached the certified holder of that number.
People who use Facebook are
On November 2nd, 2007 Anonymous (not verified) says:
People who use Facebook are nuts imo. Why give advertisers and governments and think tanks information about you? So they can target you better? I prefer my anonymity thanks.
I agree
On November 13th, 2007 RH (not verified) says:
Why do people use Facebook? Just watch this and you will want to delete your profile...
http://albumoftheday.com/facebook/
That's true
On November 13th, 2007 Didier Vardet (not verified) says:
Microsoft is putting hand on private data. Given its dedication to the society of control, I find this really frightening. Nevertheless, how worse is facebook in this than hotmail ...
--
Didier Vardet
http://www.freewebs.com/dangervaccins/
Facebook vs. Anonymity
On November 4th, 2007 dsearls (not verified) says:
I don't think Facebook set out to pull the veil of anonymity from the lives of 50 million users, but that seems to be, to some degree, what they've done.