When social networking goes feral
Feb. 17th, 2010 07:58 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
livFrom the time when Dreamwidth was just a cool idea, one of the things that was talked about was the ability to read posts from other LJ-based sites on your own reading list (DW terminology for "friends page"). Not a half-arsed RSS feed of public posts, actual posts that would respect access ("friends lock") settings and cut tags and allow you to join in the comment discussion. This project, which I'm love with, kept being stalled because it's a difficult problem socially and ethically; it needs to be done in a way that will not irreversibly freak out either LJ management or individual users. But finally this week, Dreamwidth announced that the feature is under active development.
...
...
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!
I think this is the first feature that gives DW a real edge over LJ. Yes, split trust and reading are nice, and I like the better interoperability (straightforward import from LJ-based sites, better support for OpenID, the cross-poster). But those are pretty much frills that don't affect the basic experience of using the site enough for it to be worth most people's while switching, unless like me they're doing so on principle. In contrast, being able to read posts from other sites seamlessly in one place is a huge deal.
I think it's also a major step on the way to the federated, NNTP-like utopia that some of you have been talking about (pw201 and ewx, in particular). I mean, it's not quite there yet, but it's a lot better than RSS for paving the way to the possibility where you can run your own LJ-like install on your own server, not needing to trust anything to any commercial outfit, but still reading posts and interacting with your less geeky friends who prefer to use a hosted service rather than roll their own.
Of course, this also brings a potential problem: if any DW-based site can access your locked content from LJ, this may include all kinds of dodgy outfits. Personally, I trust DW a lot more than I trust LJ at this point; if LJ is displaying adverts that attempt to install malware, just how far do you think you can rely on your friends-lock? And no, LJ isn't doing this deliberately, but they're also not doing nearly enough to police the problem, IMO. But that doesn't mean anyone else should trust DW, you have to make your own decision on that. Besides, even if you trust them not to be evil, that doesn't mean you can trust them not to be incompetent. Furthermore, anyone can set up a site using any modified version of the DW code; that's the whole point of Open Source.
I've asked in the news post how the DW devs intend to handle the password issue, and I do expect that they're already thought this through and will give me a satisfactory answer. The problem is that the announcement is getting a bit swamped by people who are horrified and appalled about the prospect of people reading their posts in a different format. I do think this objection is based on a pretty fundamental misunderstanding of how the internet works, mixed in with knee-jerk anti-Dreamwidth sentiment. As far as I can see, this is about equivalent to objecting that people might choose to view your journal in their own style, and therefore not see yourillegible er, carefully crafted graphical layout.
However, I do appreciate that there can be a difference between stuff that is in theory available to the public, and actually actively broadcasting and aggregating that material. In this particular case, what Dreamwidth is proposing does not make any practical difference. As it is, when you post a friends-locked post on LJ, people to whom you have granted access can already do pretty much anything with that post, ranging from perfectly reasonable things like importing it into a mobile phone or desktop client, to actively evil things like screen-scraping and reposting the entire text on a site designed to mock you. As far as I'm concerned, choosing to view the post on your DW reading list is far more like the former than the latter!
Plus, I really like the sound of the implementation details, the fact that the post will be visible only to the journal owner and not anyone else who looks at their reading page (even if the second person is perfectly entitled to view the entry). Any interaction such as commenting or memorifying takes place on the originating site (this is one of the aspects that makes the proposal vastly superior to RSS; without anyone having to put any thought into it, all the comments end up in one place instead of being split over multiple sites.
The big question in my mind is whether it will ever be possible to do things the other way round, ie read Dreamwidth originating posts on your LJ friends page. Just think, you could keep up with your friends who have moved house without needing to get any Dreamwidth cooties on you at all! (OK, that's not strictly true, you would have to have an account or an OpenID on Dreamwidth so that people can add you to their access lists, but that's a one-time thing.) But of course I have no idea whether LJ will implement this; they could very well lift Dreamwidth's Open Source code if they want to, and it seems to me like an obviously sound business proposition; after all, if Dreamwidth lets you read posts from LJ (and InsaneJournal and JournalFen and DeadJournal and $random_self_hosted_journal) all in one place, while LJ restricts you to stuff that was originally created on LJ plus barely functional RSS, that gives DW a huge advantage. Anyway, we'll see.
While I'm on my soap-box, let me talk briefly about why the Google Buzz debâcle is not the same thing. The problem there was not people being angry when stuff that was already public became more obviously public (though it did get confounded by elements of that), but that Google chose to reveal to the whole world, by default, your most frequently emailed contacts. Webmail has been around for multiple decades now, and it's always been the expectation that while it's not highly secure (it goes over http, duh) against a determined hacker, it's not actually public to anyone with an internet browser, let alone deliberately broadcasted to other people you email. And yes, Google have now fixed this so that the list of frequently emailed people are only suggested rather than automatically trusted by default, but it's too late, once the information is out there the genie won't go back in the bottle. Not to mention that lots and lots of Gmail users are not all tech-savvy and won't have been following all the internet discussion about how bad the Buzz roll-out was.
Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls. Also I feel nervous about next time Google decides to randomly broadcast private information, and I would rather get a notification than be blissfully unaware. I then discovered that if you edit your Gmail contacts at all, they are automatically shifted to "My contacts", which is by default the highest level trust filter for the Buzz. So when I edited an address book entry with a note saying, "out-of-date address, don't use", that long defunct Hotmail address was suddenly on the list of people who get a notification whenever I update my Gtalk status or post a photo to Picasa. And whoever now has that recycled address could probably deduce quite a lot of information about whom I know. So I spent a couple of hours going through my 500-member contact list, deleting every entry that is obsolete or belongs to some random customer service rep I emailed once or random Scandinavian who happens to be on the same Jewish mailing lists as me.
I'm not actually worried personally; I decided long ago that I wasn't going to use my primary email for web activities. I made this decision not because I'm prescient but because I wanted to minimize spam and quasi-spam in my main inbox. But now I'm really glad that I did, because Google knows nothing about my social networking presences, they're not linked to my main email address or real name. The trouble is that because of Google's extremely clumsy attempt to bypass the network effect and set up a service that was already populated, if I'm not strict about locking everything down, I could compromise my friends who may be more security / privacy conscious than I am (not to mention those people whom I sometimes email who are not my friends but are, for example, teenagers attending my bar mitzvah classes).
I thought people were being melodramatic about Buzz when it first appeared, because after all it's fairly easy to opt out, but the more I think about it, the more I'm annoyed.
[Cross-posting to LiveJournal because I think both the DW news and the Buzz stuff are important for LJ peeps to know.]
...
...
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!
I think this is the first feature that gives DW a real edge over LJ. Yes, split trust and reading are nice, and I like the better interoperability (straightforward import from LJ-based sites, better support for OpenID, the cross-poster). But those are pretty much frills that don't affect the basic experience of using the site enough for it to be worth most people's while switching, unless like me they're doing so on principle. In contrast, being able to read posts from other sites seamlessly in one place is a huge deal.
I think it's also a major step on the way to the federated, NNTP-like utopia that some of you have been talking about (
pw201 and ewx, in particular). I mean, it's not quite there yet, but it's a lot better than RSS for paving the way to the possibility where you can run your own LJ-like install on your own server, not needing to trust anything to any commercial outfit, but still reading posts and interacting with your less geeky friends who prefer to use a hosted service rather than roll their own. Of course, this also brings a potential problem: if any DW-based site can access your locked content from LJ, this may include all kinds of dodgy outfits. Personally, I trust DW a lot more than I trust LJ at this point; if LJ is displaying adverts that attempt to install malware, just how far do you think you can rely on your friends-lock? And no, LJ isn't doing this deliberately, but they're also not doing nearly enough to police the problem, IMO. But that doesn't mean anyone else should trust DW, you have to make your own decision on that. Besides, even if you trust them not to be evil, that doesn't mean you can trust them not to be incompetent. Furthermore, anyone can set up a site using any modified version of the DW code; that's the whole point of Open Source.
I've asked in the news post how the DW devs intend to handle the password issue, and I do expect that they're already thought this through and will give me a satisfactory answer. The problem is that the announcement is getting a bit swamped by people who are horrified and appalled about the prospect of people reading their posts in a different format. I do think this objection is based on a pretty fundamental misunderstanding of how the internet works, mixed in with knee-jerk anti-Dreamwidth sentiment. As far as I can see, this is about equivalent to objecting that people might choose to view your journal in their own style, and therefore not see your
However, I do appreciate that there can be a difference between stuff that is in theory available to the public, and actually actively broadcasting and aggregating that material. In this particular case, what Dreamwidth is proposing does not make any practical difference. As it is, when you post a friends-locked post on LJ, people to whom you have granted access can already do pretty much anything with that post, ranging from perfectly reasonable things like importing it into a mobile phone or desktop client, to actively evil things like screen-scraping and reposting the entire text on a site designed to mock you. As far as I'm concerned, choosing to view the post on your DW reading list is far more like the former than the latter!
Plus, I really like the sound of the implementation details, the fact that the post will be visible only to the journal owner and not anyone else who looks at their reading page (even if the second person is perfectly entitled to view the entry). Any interaction such as commenting or memorifying takes place on the originating site (this is one of the aspects that makes the proposal vastly superior to RSS; without anyone having to put any thought into it, all the comments end up in one place instead of being split over multiple sites.
The big question in my mind is whether it will ever be possible to do things the other way round, ie read Dreamwidth originating posts on your LJ friends page. Just think, you could keep up with your friends who have moved house without needing to get any Dreamwidth cooties on you at all! (OK, that's not strictly true, you would have to have an account or an OpenID on Dreamwidth so that people can add you to their access lists, but that's a one-time thing.) But of course I have no idea whether LJ will implement this; they could very well lift Dreamwidth's Open Source code if they want to, and it seems to me like an obviously sound business proposition; after all, if Dreamwidth lets you read posts from LJ (and InsaneJournal and JournalFen and DeadJournal and $random_self_hosted_journal) all in one place, while LJ restricts you to stuff that was originally created on LJ plus barely functional RSS, that gives DW a huge advantage. Anyway, we'll see.
While I'm on my soap-box, let me talk briefly about why the Google Buzz debâcle is not the same thing. The problem there was not people being angry when stuff that was already public became more obviously public (though it did get confounded by elements of that), but that Google chose to reveal to the whole world, by default, your most frequently emailed contacts. Webmail has been around for multiple decades now, and it's always been the expectation that while it's not highly secure (it goes over http, duh) against a determined hacker, it's not actually public to anyone with an internet browser, let alone deliberately broadcasted to other people you email. And yes, Google have now fixed this so that the list of frequently emailed people are only suggested rather than automatically trusted by default, but it's too late, once the information is out there the genie won't go back in the bottle. Not to mention that lots and lots of Gmail users are not all tech-savvy and won't have been following all the internet discussion about how bad the Buzz roll-out was.
Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls. Also I feel nervous about next time Google decides to randomly broadcast private information, and I would rather get a notification than be blissfully unaware. I then discovered that if you edit your Gmail contacts at all, they are automatically shifted to "My contacts", which is by default the highest level trust filter for the Buzz. So when I edited an address book entry with a note saying, "out-of-date address, don't use", that long defunct Hotmail address was suddenly on the list of people who get a notification whenever I update my Gtalk status or post a photo to Picasa. And whoever now has that recycled address could probably deduce quite a lot of information about whom I know. So I spent a couple of hours going through my 500-member contact list, deleting every entry that is obsolete or belongs to some random customer service rep I emailed once or random Scandinavian who happens to be on the same Jewish mailing lists as me.
I'm not actually worried personally; I decided long ago that I wasn't going to use my primary email for web activities. I made this decision not because I'm prescient but because I wanted to minimize spam and quasi-spam in my main inbox. But now I'm really glad that I did, because Google knows nothing about my social networking presences, they're not linked to my main email address or real name. The trouble is that because of Google's extremely clumsy attempt to bypass the network effect and set up a service that was already populated, if I'm not strict about locking everything down, I could compromise my friends who may be more security / privacy conscious than I am (not to mention those people whom I sometimes email who are not my friends but are, for example, teenagers attending my bar mitzvah classes).
I thought people were being melodramatic about Buzz when it first appeared, because after all it's fairly easy to opt out, but the more I think about it, the more I'm annoyed.
[Cross-posting to LiveJournal because I think both the DW news and the Buzz stuff are important for LJ peeps to know.]
Re: Aggregation is Aggression
Date: 2010-02-18 10:39 pm (UTC)I know we've come close to quarrelling about Dreamwidth in the past, because I love it very much and you are skeptical (last time it was about splitting subscription from access, which I thought was a minor upgrade to the UI and you thought was breaking LJ's whole network model). The reasons I love Dreamwidth are not at all because I look down on people who have weighed the options and decided to stay with LJ. I love it because for me, LJ has been a chore and a source of anxiety for a couple of years now, and DW has given me back the old pleasure. And because I really, really like being able to talk about whatever controversial or awkward or personal topics I like without any connection to or influence from adverts. (And because they're teaching me to program, but that's just me, and irrelevant to the merits or otherwise of the site in general.)
But the point is that I really don't want to fight with you over this; I like you, and I would like to continue getting to know you (though obviously you don't owe me anything, I hope I'm not sounding entitled here.) I just honestly don't understand the vehemence of your objection. Would you be willing to explain to me why this proposed feature is so much worse than reading your journal via an RSS reader, or reading it over wifi or from public computers?
In the end you have to make your own decision about security; I am not going to try to influence you to do something that you consider compromising. As it is, given just how sensitive your situation is, I almost expect you to be using a completely locked up, firewalled server that you control and only interacting with people you know well enough to have seen their birth certificate. Of course, if you did that I would never have met you in the first place.
I think of myself as being reasonably good about watching other people's security, for a layman. I never give my email password to Facebook, even though I know perfectly well I'm sticking my finger in the dyke while everyone else is cheerfully attacking it with explosives. I take great care not to connect people's LJ handles to RL identities in even the vaguest way. I make a careful note of which posts are locked (I've fiddled my journal styles so it's visually obvious) and never repeat anything I read there, even in offline conversations. I have been checking Buzz every couple of days to make triply sure that nobody, not even my bestest friends with whom I share everything up to and including body fluids could possibly use it to extract the information that I've emailed you a couple of times. I just can't see how reading your posts on the same page as my friends from DW is compromising your security in any way beyond the inherent insecurity of the internet.