The Identity Report

Social network portability. Single signon. Digital identity. Keeping personal info private. These are all important things that both users and developers are concerned about. Me too and so I called Kaliya Hamlin, aka “Identity Woman.”

She knows EVERYONE who is working on dataportability or identity and is one of the people who really helped OpenID happen.

So, listening to her on these issues is important and she certainly made me smarter and invited me to a raft of interesting events coming soon.

This was split up into four parts, because BlogTalkRadio’s Cinch service only lets me record for about eight minutes at a clip.

Sorry that I’m so loud compared to her, gotta figure out a better way to do phone interviews (I was using an iPhone in my car).

Part I (the first few seconds are silent, so wait for the recording to start at about 40 seconds into it, these are all audio-only MP3s).
Part II.
Part III.
Part IV.

What did she teach me? What XRI is. That lets developers build features that will federate between social networks your email address, photos, and other personal identifying info. Right now it’s a real pain, because if you need to change something, like your email address, you’ve got to do it on all your services (and I’m on more than 20 so far).

Also discussed:

(Breast Feeding Moms)

Higgins: Open Source Community for Common Identity Framework

Two Identity + Semantic tools being developed – these kinds of things are critical to creating data sharing across context

Higgins OWL & XDI-RDF (drummond explaining it to Chris Mesina).

We talked about the state of dataportability and what she’s seeing developers trying to work on and the events that she recommends, in particular these two:

1. Identity Information Workshop. May 12-14 in Mountain View, CA
2. The Data Sharing Summit, May 15, in Mountain View, CA.

If you are working on this stuff and you aren’t following Identity Woman you really should.

The real roadblocks to data portability on social networks

I see that Yahoo has joined up with Google’s Open Social. That’s cool because it will let developers build gadgets, widgets, social networking applications, or whatever we’re calling these things that are like Facebook apps, twice, instead of dozens of times. Once for Facebook and once for everyone else. That’s really great, because it’ll encourage developers to build a bunch of new stuff and get the promise of a lot of reach. At least once the platform is done and it all works as advertised (devs tell me it’s not there yet, but coming along).

But I, and many of my friends, care much more about true data portability. Here’s a few things we want to do:

1. Many of us are on more than a dozen social networks. I’m on Flickr, YouTube, Facebook, MySpace, Orkut,, FriendFeed, SocialThing, Profilactic,, Twitter, Pownce,, Disqus, and many more. You didn’t think each of those is a social network, did you? They are. The problem? Well, this year I wanted to change my email from to Doing just that simple action is a pain in the behind. If we had true dataportability we’d just change it in one place and the change would ripple through all other social networks.

2. When a Facebook user friends you and gives you his/her email address it’d be nice to have that automatically placed into your favorite email client so you could actually use it without having to type it in again.

3. When a new social network comes along (say your company turns one on this morning) I’d love it if it noticed that 15 of my friends who join up there are also on Twitter, etc. Why is that important? Because if there were some way to bind these social networks together they could do a lot more for you. For instance, I know that Scott Beale is on almost all of my social networks listed above. Why don’t the systems know that? If they did, we wouldn’t have a need for FriendFeed, or Profilactic, or SocialThing (those systems are attempting to glue all those social networks together).

So, what’s the problem, beyond the politics of some of this stuff (will Facebook join the Who cares? Has the actually shipped anything yet beyond PR?)


It’s not easy to do any of this stuff. On Saturday I talked with Dave Morin, head of Facebook’s application platform.

He brought up use case after use case that I hadn’t really thought through.

For instance, what if a user wants to delete his or her info off of Facebook. Today that’s possible. But what about in a really data portable world? After all, in such a world Facebook might have sprayed your email and other data to other social networks. What if those other social networks don’t want to delete your data after you asked Facebook to?

Another case? How do you define spam? Based on my experiences lately lots of people define it differently. I don’t mind “noisy” systems, but some people really are bothered by that. So, if you’re over on Facebook and you give friends your email address and then that opens you up to “noisy” systems, how do you feel about Facebook?

Another case: you want your closest Facebook friends to know your birthday, but not everyone else. How do you make your social network data portable, but make sure that your privacy is secured?

Another case? Which of your data is yours? Which belongs to your friends? And, which belongs to the social network itself? For instance, we can say that my photos that I put on Facebook are mine and that they should also be shared with, say, Flickr or SmugMug, right? How about the comments under those photos? The tags? The privacy data that was entered about them? The voting data? And other stuff that other users might have put onto those photos? Is all of that stuff supposed to be portable? (I’d argue no, cause how would a comment left by a Facebook user on Facebook be good on Flickr?) So, if you argue no, where is the line? And, even if we can all agree on where the line is, how do we get both Facebook and Flickr to build the APIs needed to make that happen?

Another case? You go to Flickr. Change your email address. Then you go to Facebook and change your email address to a different one. Now you head over to Twitter and change it again to yet a third one. Which one is correct? How do these systems, not owned by the same companies, figure this out? Time stamp? What if you actually want the systems to use three separate email addresses?

And we went on and on.

So, the story is, doing the simplest of data portability (for instance, making all systems understand when I changed my email address) is going to take a lot of work and a lot of cooperation between all of the players). Doing the toughest stuff (like sharing of some of the social graph, or making things like photos and videos portable) will take a lot longer.

I’d be surprised if we see some real movement on data portability between a good number of systems by the end of the year.

Do you expect any better?