When social networking goes feral

[liv]

From the time when Dreamwidth was just a cool idea, one of the things that was talked about was the ability to read posts from other LJ-based sites on your own reading list (DW terminology for "friends page"). Not a half-arsed RSS feed of public posts, actual posts that would respect access ("friends lock") settings and cut tags and allow you to join in the comment discussion. This project, which I'm love with, kept being stalled because it's a difficult problem socially and ethically; it needs to be done in a way that will not irreversibly freak out either LJ management or individual users. But finally this week, Dreamwidth announced that the feature is under active development.

...

...

EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!


I think this is the first feature that gives DW a real edge over LJ. Yes, split trust and reading are nice, and I like the better interoperability (straightforward import from LJ-based sites, better support for OpenID, the cross-poster). But those are pretty much frills that don't affect the basic experience of using the site enough for it to be worth most people's while switching, unless like me they're doing so on principle. In contrast, being able to read posts from other sites seamlessly in one place is a huge deal.

I think it's also a major step on the way to the federated, NNTP-like utopia that some of you have been talking about (pw201 and ewx, in particular). I mean, it's not quite there yet, but it's a lot better than RSS for paving the way to the possibility where you can run your own LJ-like install on your own server, not needing to trust anything to any commercial outfit, but still reading posts and interacting with your less geeky friends who prefer to use a hosted service rather than roll their own.

Of course, this also brings a potential problem: if any DW-based site can access your locked content from LJ, this may include all kinds of dodgy outfits. Personally, I trust DW a lot more than I trust LJ at this point; if LJ is displaying adverts that attempt to install malware, just how far do you think you can rely on your friends-lock? And no, LJ isn't doing this deliberately, but they're also not doing nearly enough to police the problem, IMO. But that doesn't mean anyone else should trust DW, you have to make your own decision on that. Besides, even if you trust them not to be evil, that doesn't mean you can trust them not to be incompetent. Furthermore, anyone can set up a site using any modified version of the DW code; that's the whole point of Open Source.

I've asked in the news post how the DW devs intend to handle the password issue, and I do expect that they're already thought this through and will give me a satisfactory answer. The problem is that the announcement is getting a bit swamped by people who are horrified and appalled about the prospect of people reading their posts in a different format. I do think this objection is based on a pretty fundamental misunderstanding of how the internet works, mixed in with knee-jerk anti-Dreamwidth sentiment. As far as I can see, this is about equivalent to objecting that people might choose to view your journal in their own style, and therefore not see your illegible er, carefully crafted graphical layout.

However, I do appreciate that there can be a difference between stuff that is in theory available to the public, and actually actively broadcasting and aggregating that material. In this particular case, what Dreamwidth is proposing does not make any practical difference. As it is, when you post a friends-locked post on LJ, people to whom you have granted access can already do pretty much anything with that post, ranging from perfectly reasonable things like importing it into a mobile phone or desktop client, to actively evil things like screen-scraping and reposting the entire text on a site designed to mock you. As far as I'm concerned, choosing to view the post on your DW reading list is far more like the former than the latter!

Plus, I really like the sound of the implementation details, the fact that the post will be visible only to the journal owner and not anyone else who looks at their reading page (even if the second person is perfectly entitled to view the entry). Any interaction such as commenting or memorifying takes place on the originating site (this is one of the aspects that makes the proposal vastly superior to RSS; without anyone having to put any thought into it, all the comments end up in one place instead of being split over multiple sites.

The big question in my mind is whether it will ever be possible to do things the other way round, ie read Dreamwidth originating posts on your LJ friends page. Just think, you could keep up with your friends who have moved house without needing to get any Dreamwidth cooties on you at all! (OK, that's not strictly true, you would have to have an account or an OpenID on Dreamwidth so that people can add you to their access lists, but that's a one-time thing.) But of course I have no idea whether LJ will implement this; they could very well lift Dreamwidth's Open Source code if they want to, and it seems to me like an obviously sound business proposition; after all, if Dreamwidth lets you read posts from LJ (and InsaneJournal and JournalFen and DeadJournal and $random_self_hosted_journal) all in one place, while LJ restricts you to stuff that was originally created on LJ plus barely functional RSS, that gives DW a huge advantage. Anyway, we'll see.

While I'm on my soap-box, let me talk briefly about why the Google Buzz debâcle is not the same thing. The problem there was not people being angry when stuff that was already public became more obviously public (though it did get confounded by elements of that), but that Google chose to reveal to the whole world, by default, your most frequently emailed contacts. Webmail has been around for multiple decades now, and it's always been the expectation that while it's not highly secure (it goes over http, duh) against a determined hacker, it's not actually public to anyone with an internet browser, let alone deliberately broadcasted to other people you email. And yes, Google have now fixed this so that the list of frequently emailed people are only suggested rather than automatically trusted by default, but it's too late, once the information is out there the genie won't go back in the bottle. Not to mention that lots and lots of Gmail users are not all tech-savvy and won't have been following all the internet discussion about how bad the Buzz roll-out was.

Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls. Also I feel nervous about next time Google decides to randomly broadcast private information, and I would rather get a notification than be blissfully unaware. I then discovered that if you edit your Gmail contacts at all, they are automatically shifted to "My contacts", which is by default the highest level trust filter for the Buzz. So when I edited an address book entry with a note saying, "out-of-date address, don't use", that long defunct Hotmail address was suddenly on the list of people who get a notification whenever I update my Gtalk status or post a photo to Picasa. And whoever now has that recycled address could probably deduce quite a lot of information about whom I know. So I spent a couple of hours going through my 500-member contact list, deleting every entry that is obsolete or belongs to some random customer service rep I emailed once or random Scandinavian who happens to be on the same Jewish mailing lists as me.

I'm not actually worried personally; I decided long ago that I wasn't going to use my primary email for web activities. I made this decision not because I'm prescient but because I wanted to minimize spam and quasi-spam in my main inbox. But now I'm really glad that I did, because Google knows nothing about my social networking presences, they're not linked to my main email address or real name. The trouble is that because of Google's extremely clumsy attempt to bypass the network effect and set up a service that was already populated, if I'm not strict about locking everything down, I could compromise my friends who may be more security / privacy conscious than I am (not to mention those people whom I sometimes email who are not my friends but are, for example, teenagers attending my bar mitzvah classes).

I thought people were being melodramatic about Buzz when it first appeared, because after all it's fairly easy to opt out, but the more I think about it, the more I'm annoyed.

[Cross-posting to LiveJournal because I think both the DW news and the Buzz stuff are important for LJ peeps to know.]

Comments

[blue-mai.livejournal.com]

sounds promising.
i'm not part of the Google thing (at least, i don't think i am... i'd better check. i don't have Gmail but i do use Blogger and Google Sites and stuff, logging in with a different email address), but it sounds similar to what Yahoo and Myspace have done recently, ie. you log in to be confronted with what looks like Facebook and all sorts of things alerting you and other people the instant you touch anything. gah. i've mostly locked down Myspace so it doesn't alert every band i've ever added, when i look at or change anything. the default on Yahoo seemed to have gender, age and date of birth listed as public! Myspace i accept is a social networking site, but Yahoo was the first internet thing i ever signed up to, as an email service. it feels very wrong...

[liv]

I think the Google problem mainly applies to people who have Gmail accounts, yes, but I would check up your other Google-related stuff just to be extra sure, because they really are making a big land-grab in terms of trying to link everything together. I didn't know that about Yahoo; I possibly have some very ancient profiles kicking about but they're too old to have any useful information in them. As for Myspace, I'm not surprised that it's trying to be Facebook, since by now it's basically lost out to them in the competition. But yeah, alerting everyone about all your actions is really really annoying (actually I find it annoying when Facebook does it, but at least that was there from the beginning.)

[nameandnature]

It's not quite Usenet style, because they're not flooding: everyone pulls from LJ if they want someone's LJ postings, from IJ if they want someone's IJ postings, and so on, so you don't get the load balancing which andrewducker wanted for Twitter (I guess this was back when Ruby kept going off the Rails and taking the site down). In the case of friends-locked stuff, that's a good thing: if you wanted friends-locked stuff and flooding, you're into magical crypto fairy dust, and the boffins from down the road will take great delight in taking your system to bits.

I still think it's pretty likely there will be a dramafest about this. After all, many DW users, and their LJ friends, are LJ's keenest fandom members. I'm not sure whether there'll be enough of an uproar for LJ to block DW: I'd say not, it looks too much like an attempt to squash the competition.

As it happens, DW's proposal does make me a little uneasy. I previously criticised people for complaining about LJ's notification system on the grounds that it didn't do anything stalkers couldn't do already, so I'm not sure why this feels different, but it does. It may be my uncertainty that DW will survive is biasing me, but that's irrational of me: if DW go bust they probably won't decide to give away the keys to people's LJ accounts, say.

[liv]

OK, I see why it's not quite as distributed as Usenet was, thanks for that link.

I agree with you that drama is inevitable; Dreamwidth could fart rainbows and some people would complain that it was discriminating against the colourblind. What I'm trying to address is actual serious security concerns, which are a major issue to some of my friends who are not particularly fannish or drama-prone. I do see the point as far as sharing passwords between sites is a bad idea, and my only defence to that is that I trust DW more than I trust LJ. What I don't see is how the act of displaying posts on DW pages is evil.

I do not think LJ will block DW here, because a big part of why the feature has taken so long is because the higher-ups from both sites have been negotiating about a way to handle it that is acceptable and won't hammer the originating site too much. Of course, that doesn't deal with the problem of LJ staff turnover and some n00b with no knowledge of the careful negotiations blocking the site six months down the line, but by then they really would be shooting themselves in both feet.

Yes, the biggest risk with DW is that they will just go under, and who knows what evildoers will buy them out. In theory they were incorporated with protections against that, but I don't know how much legal weight those have in practice. I suppose my answer is that if DW is ever sold, I will delete my LJ password from their servers and straightaway change it.

News posts seem to alternate between "yay, we're doing better than projected financially" and "please give us money, we're desperate for funds", so I really don't know. The way to reconcile those is that DW's original business plan was to operate at a loss for a while, funded by the initial seed account sale, and they're now making less of a loss than they expected but still in the red. But that's a guess.

Aggregation is Aggression

[siderea]

Being a programmer who specializes in the server side of web2.0, I understand perfectly well how this feature works, thank you very much, and that is why I have just dropped you from all my access filters. No, I don't have to cooperate with you compromising my security.

Re: Aggregation is Aggression

[nanaya]

I'd be interested to know more about the security implications, if you don't mind. Please assume I know *nothing*.

Re: Aggregation is Aggression

[liv]

I'm sorry, Siderea. If you want to remove me from filters that's completely up to you, and thanks for letting me know.

I know we've come close to quarrelling about Dreamwidth in the past, because I love it very much and you are skeptical (last time it was about splitting subscription from access, which I thought was a minor upgrade to the UI and you thought was breaking LJ's whole network model). The reasons I love Dreamwidth are not at all because I look down on people who have weighed the options and decided to stay with LJ. I love it because for me, LJ has been a chore and a source of anxiety for a couple of years now, and DW has given me back the old pleasure. And because I really, really like being able to talk about whatever controversial or awkward or personal topics I like without any connection to or influence from adverts. (And because they're teaching me to program, but that's just me, and irrelevant to the merits or otherwise of the site in general.)

But the point is that I really don't want to fight with you over this; I like you, and I would like to continue getting to know you (though obviously you don't owe me anything, I hope I'm not sounding entitled here.) I just honestly don't understand the vehemence of your objection. Would you be willing to explain to me why this proposed feature is so much worse than reading your journal via an RSS reader, or reading it over wifi or from public computers?

In the end you have to make your own decision about security; I am not going to try to influence you to do something that you consider compromising. As it is, given just how sensitive your situation is, I almost expect you to be using a completely locked up, firewalled server that you control and only interacting with people you know well enough to have seen their birth certificate. Of course, if you did that I would never have met you in the first place.

I think of myself as being reasonably good about watching other people's security, for a layman. I never give my email password to Facebook, even though I know perfectly well I'm sticking my finger in the dyke while everyone else is cheerfully attacking it with explosives. I take great care not to connect people's LJ handles to RL identities in even the vaguest way. I make a careful note of which posts are locked (I've fiddled my journal styles so it's visually obvious) and never repeat anything I read there, even in offline conversations. I have been checking Buzz every couple of days to make triply sure that nobody, not even my bestest friends with whom I share everything up to and including body fluids could possibly use it to extract the information that I've emailed you a couple of times. I just can't see how reading your posts on the same page as my friends from DW is compromising your security in any way beyond the inherent insecurity of the internet.

[sammee42.livejournal.com]

Sorry if this is a basic question, but do you have any advice for keeping my information as private as possible in LJ and Google Buzz? I am kind of disturbed that anyone on DW can access my friends-locked posts that aren't meant for them, and I can't figure out how to hide my contacts list on Buzz. This is all getting nuts!!!!!

Wandering by across the networks, hoping that's okay

[rydra_wong]

I am kind of disturbed that anyone on DW can access my friends-locked posts that aren't meant for them

Nope, only people who are on your LJ friendslist will be able to see your friends-locked posts, same as before.

Nobody who couldn't see them before will be able to see them now. Dreamwidth are being very careful in how they set up the cross-site reading to ensure that there's no privacy violation.

[liv]

Ooh, nice to see you, internet-famous person! Have some tea. And thank you for explaining the privacy issues before I got to this discussion to comment!

[rydra_wong]

... I'm internet-famous?

*meeps*

[green_knight]

My understanding of DW is that only the people who are authorized to view your posts will get to see them. Otherwise it would be a LJ security failure - they should not give access to random people, however those people try to access LJ content (not logged in, logged in as unauthorized person, friends of friends list, RSS feed, whatever.)

[liv]

OK, regarding Dreamwidth: it is very much not the case that anyone can access your posts, not now and it's not planned for the future. Only people who are already on your LJ friends list can access your posts, which they could see anyway. The only difference is that these people will be able to see your posts interspersed with Dreamwidth posts on our DW friends pages, instead of having to open a new tab and navigate to LJ. Other people will never be able to see your posts, even if they go to my friends page, the posts will just be invisible to them (just as locked posts would be if they visited your journal).

If you are still bothered by this, what you can do about it is remove anyone who uses Dreamwidth from your LJ friends list. Then you will be completely safe. I realize that would mean defriending me, and I'd miss you, but if that's what it takes to feel comfortable, then you should do that.

Regarding Buzz: part of the problem was that when it was first launched, you had to go through an arcane ritual to be able to turn it off and hide your contacts list. However, Google, to give them credit, have responded to the outrage this caused, and now it's fairly easy. This is what you do:
*Log in to your Gmail account (on the internet, not using a mail program).
*Up in the top right corner, there's a "Settings" link. Choose that.
*Under settings, the very last link in the list is called "Buzz".
*When you open that tab, there is an option called "Display following lists"; switch that to "Do not show these lists on my public Google profile".
*If you want to kill Buzz altogether, choose "Disable Google Buzz", which is currently labelled in red with a little hazard triangle.

Does that make sense?

[sammee42.livejournal.com]

Yes! It makes perfect sense. Thanks so much for explaining it so well. I think I initially read your post and was a bit overwhelmed by your great handle of the technical issues that still elude me. As long as my filters are left in place and are not compromised, I am quite happy to have you read my posts via DW instead of LJ and it does not at all offend me. :) So I'm glad we can still do that :)

Sorry... I posted it anonymous by accident. Can one just create their own DW accounts nowadays, or are invites still necessary?

[liv]

OK, sorry for overwhelming you to start with, and I'm glad to know my explanation was helpful. And thanks for being willing to share your posts on my DW reading page.

Don't worry about the anon post! You still do need an invite code for DW now, but these days there's a huge excess of codes available instead of them being in short supply. So let me know if you'd like one and I can send it to you.

[ewx]

The kishenehn thread seems to be more worried about fragmentation of discussion than formatting issues (though it looks like their fears are substantially unfounded, given the comment link still points to the upstream version of the posting). Actual presentation issues have always been somewhat outside the control of the poster, at least unless they’re prepared to post everything as a big image, which as a rule LJ/DW users don’t appear to be. (Not that that stops people complaining about it, necessarily...)

[liv]

In a non-snarky way, I think kishenehn's problem is that zie doesn't approve of Dreamwidth, whether for rational reasons or not I don't know. And therefore she doesn't want any part of providing content which would make Dreamwidth a more attractive place. I can sympathize with that; I have deliberately chosen not to cross-post to LJ even though it would be more convenient for my friends, because any content of mine helps to make LJ more attractive and therefore makes a (minor!) financial contribution to advertisers I don't approve of.

So I can understand feeling a little peeved about your content appearing on a site you despise. But unlike kishenehn I pretty much accept that anything on the internet gets slurped around by all kinds of systems, legitimate and otherwise, that I have no control over. Also, if hypothetically all the interesting posts were on Dreamwidth, but people were using LJ friends lists to read them, eventually it would get to the point where they'd cut out the middle man!

[ewx]

As for adverts and malware: yes, sites carrying adverts ought to police their adverts adequately. But anyone who thinks that the logical reaction to "LJ's adverts carry malware" is "avoid LJ" is going to have to avoid the rest of the Internet too, since the malware is everywhere.

[403]

Indeed, even the NYTimes got burned by an unscrupulous advertiser not too long ago. (IIRC, November-ish of last year.)

Here via referrer logs...

[alisx]

The main difference I see between what happened at LJ and what happened at the NYT is that the NYT fessed up and apologised to their users for the incident.

AFAIK, LJ did nothing of the sort. And according to Google, malware is still being served up by LJ to its visitors over a month later (compare NYT).

Also, I have to say I'm not a fan of of the "but malware is everywhere lulz!" attitude. Because, a) it obviously isn't (q.v. DW), and b) even if it was, I still wouldn't want it to be being served up off the top of my content.

[liv]

The thing is, if I pick up some malware on, say, Facebook or Wired, which are both sites with much worse advertising than LJ, I don't expect the evildoers to have any interest in stealing my LJ password. They might, but in the scheme of things it's unlikely, they're probably more interested in my Facebook password or my credit card details. Whereas, if someone pays money to advertise on LJ with evil adverts, they could well have the specific aim of trying to steal LJ passwords. That's why I think malware originating from LJ is more of a threat to LJ security than malware in general. This is perhaps naive, but that's how it seems to me.

I'm not saying, don't use LJ because it has malware, I'm saying, if you do use LJ, which has malware, don't automatically trust that anything you post "locked" is actually safe.

[woodpijn.livejournal.com]

"Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls."

I've turned Buzz off, and AFAICT I don't have a public profile. Do you reckon that's not enough? Will Google still broadcast my details on Buzz even when I don't have Buzz enabled?

I've read blog posts on Google's own blog and elsewhere about Buzz, but still don't feel I understand. They seem to be written from the POV of assuming you want to use Buzz but limiting the damage. I don't want to use it at all.

[green_knight]

The problem with Buzz is that your profile was made public without your consent, so yes it appears you need to go and turn it off specifically. I don't know whether they've changed their default behaviour.

[ratcreature]

I did not have a public profile, and still don't, even though Buzz got enabled on me when I was logging into gmail. I clicked the button not to go to buzz, but that apparently still enabled it just skipped the intro. I did not notice at first, because the standard view would not load for me, so I was using email in basic html mode, which didn't even show me that it was turned on. But then when standard view worked again, that Buzz thing was there, and I had "followers" and such. But it did not auto-create a public google profile that I can find.

[ratcreature]

I'm in the same situation in that I never had a public profile and have disabled buzz, but don't fully understand the service. I logged into my Gmail when it automatically foisted this on you, even though I clicked on the "no don't go to buzz" button that had still turned buzz on, apparently the choice was only whether I got an introduction or not (later they changed that, I have another Gmail account, and when I logged in there and clicked the no buzz button it wasn't turned on). However as far as I can tell it did not create a public profile for me, as I checked and still have none. Even though buzz was enabled for a short while.

There were however random people who "following" me (I assume they somehow got automatically set up as such, because they emailed me once and turned on buzz, because it wasn't any name I recognized). I think you can only block them if you have buzz enabled, but I did not bother while I had it on, because I'm not posting updates or using googles picture service or share google reader items, anyway. My impression from the default settings was that people who follow you in buzz will get alerted to all kinds of public google activities you do (like uploading a public photo to their service or sharing a reader item) even if you don't use buzz to follow others yourself.

I have assumed it to be like the tracking on DW and LJ, where people can choose to be alerted when I post or upload a new userpic, now google users can get alerts whenever someone they follow does something on google. So I suspect that if you use any google service that produces public content, the default settings may be to broadcast these to buzz users (unless you block them specifically maybe), even if you opted to not receive buzz messages. But I could be wrong about that.

[alisx]

But I could be wrong about that.

You are. :P

Buzz only shares information between its "connected" accounts, which can be Google services or not; I link it to Twitter, for instance, and some of my blogs via RSS.

So if you do have Buzz, but you don't want it broadcasting your GReader shared items (or your Picasa uploads, or whatever), you just disconnect the service and it won't.

Buzz was originally set up to connect to other Google services automatically (e.g. GReader), but AFAIK now it doesn't do this, and you have to manually connect all services to it, whether they're Google's or not. If you don't connect any services to it, it's sort of like Twitter.

*from someone who uses and likes Buzz, but still thinks Google cocked-up the release*

[ratcreature]

Ah. I don't really use any google services besides the reader (though I don't share anything there) and Gmail, and I don't Twitter or Facebook or Myspace or whatever their model was either, and I found it really hard to guess what the thing was automatically set up to do (and the settings of buzz seem to have been quite fluid at first too). I mean, I've always thought of myself as fairly techsavy, but clearly the days are looming when I'll stare incomprehendingly at new technology...

[alisx]

I'm an unrepentant linkspammer and short-form blogger, so Buzz is pretty much exactly the sort of thing I'm into. So I'm really quite bummed they screwed up the deployment so badly; people are scared of it now, which is a real shame. It could've been awesome. :(

[liv]

Part of the problem is that Google have been changing things every few hours in response to the widespread outrage (not to mention quite a few high level lawsuits from EU privacy organizations and the like). So I think initially it was extremely difficult to turn Buzz off; you could click "turn off Buzz" in your Gmail, but that would only hide its interface elements from your webmail and it was still broadcasting.

Since then, Google has done the sensible thing and made an explicit setting that actually turns Buzz off properly, and removes all your followers. And with any luck you should not have a public profile unless you intentionally created one. To find this, choose "Buzz" from the Settings link and it should be pretty intuitive which options to pick. The annoying thing is that this wasn't the case a few days ago, it's only recently that they've fixed the lack of ability to get rid of their new shiny thing.