When social networking goes feral
Feb. 17th, 2010 07:58 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
livFrom the time when Dreamwidth was just a cool idea, one of the things that was talked about was the ability to read posts from other LJ-based sites on your own reading list (DW terminology for "friends page"). Not a half-arsed RSS feed of public posts, actual posts that would respect access ("friends lock") settings and cut tags and allow you to join in the comment discussion. This project, which I'm love with, kept being stalled because it's a difficult problem socially and ethically; it needs to be done in a way that will not irreversibly freak out either LJ management or individual users. But finally this week, Dreamwidth announced that the feature is under active development.
...
...
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!
I think this is the first feature that gives DW a real edge over LJ. Yes, split trust and reading are nice, and I like the better interoperability (straightforward import from LJ-based sites, better support for OpenID, the cross-poster). But those are pretty much frills that don't affect the basic experience of using the site enough for it to be worth most people's while switching, unless like me they're doing so on principle. In contrast, being able to read posts from other sites seamlessly in one place is a huge deal.
I think it's also a major step on the way to the federated, NNTP-like utopia that some of you have been talking about (pw201 and ewx, in particular). I mean, it's not quite there yet, but it's a lot better than RSS for paving the way to the possibility where you can run your own LJ-like install on your own server, not needing to trust anything to any commercial outfit, but still reading posts and interacting with your less geeky friends who prefer to use a hosted service rather than roll their own.
Of course, this also brings a potential problem: if any DW-based site can access your locked content from LJ, this may include all kinds of dodgy outfits. Personally, I trust DW a lot more than I trust LJ at this point; if LJ is displaying adverts that attempt to install malware, just how far do you think you can rely on your friends-lock? And no, LJ isn't doing this deliberately, but they're also not doing nearly enough to police the problem, IMO. But that doesn't mean anyone else should trust DW, you have to make your own decision on that. Besides, even if you trust them not to be evil, that doesn't mean you can trust them not to be incompetent. Furthermore, anyone can set up a site using any modified version of the DW code; that's the whole point of Open Source.
I've asked in the news post how the DW devs intend to handle the password issue, and I do expect that they're already thought this through and will give me a satisfactory answer. The problem is that the announcement is getting a bit swamped by people who are horrified and appalled about the prospect of people reading their posts in a different format. I do think this objection is based on a pretty fundamental misunderstanding of how the internet works, mixed in with knee-jerk anti-Dreamwidth sentiment. As far as I can see, this is about equivalent to objecting that people might choose to view your journal in their own style, and therefore not see yourillegible er, carefully crafted graphical layout.
However, I do appreciate that there can be a difference between stuff that is in theory available to the public, and actually actively broadcasting and aggregating that material. In this particular case, what Dreamwidth is proposing does not make any practical difference. As it is, when you post a friends-locked post on LJ, people to whom you have granted access can already do pretty much anything with that post, ranging from perfectly reasonable things like importing it into a mobile phone or desktop client, to actively evil things like screen-scraping and reposting the entire text on a site designed to mock you. As far as I'm concerned, choosing to view the post on your DW reading list is far more like the former than the latter!
Plus, I really like the sound of the implementation details, the fact that the post will be visible only to the journal owner and not anyone else who looks at their reading page (even if the second person is perfectly entitled to view the entry). Any interaction such as commenting or memorifying takes place on the originating site (this is one of the aspects that makes the proposal vastly superior to RSS; without anyone having to put any thought into it, all the comments end up in one place instead of being split over multiple sites.
The big question in my mind is whether it will ever be possible to do things the other way round, ie read Dreamwidth originating posts on your LJ friends page. Just think, you could keep up with your friends who have moved house without needing to get any Dreamwidth cooties on you at all! (OK, that's not strictly true, you would have to have an account or an OpenID on Dreamwidth so that people can add you to their access lists, but that's a one-time thing.) But of course I have no idea whether LJ will implement this; they could very well lift Dreamwidth's Open Source code if they want to, and it seems to me like an obviously sound business proposition; after all, if Dreamwidth lets you read posts from LJ (and InsaneJournal and JournalFen and DeadJournal and $random_self_hosted_journal) all in one place, while LJ restricts you to stuff that was originally created on LJ plus barely functional RSS, that gives DW a huge advantage. Anyway, we'll see.
While I'm on my soap-box, let me talk briefly about why the Google Buzz debâcle is not the same thing. The problem there was not people being angry when stuff that was already public became more obviously public (though it did get confounded by elements of that), but that Google chose to reveal to the whole world, by default, your most frequently emailed contacts. Webmail has been around for multiple decades now, and it's always been the expectation that while it's not highly secure (it goes over http, duh) against a determined hacker, it's not actually public to anyone with an internet browser, let alone deliberately broadcasted to other people you email. And yes, Google have now fixed this so that the list of frequently emailed people are only suggested rather than automatically trusted by default, but it's too late, once the information is out there the genie won't go back in the bottle. Not to mention that lots and lots of Gmail users are not all tech-savvy and won't have been following all the internet discussion about how bad the Buzz roll-out was.
Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls. Also I feel nervous about next time Google decides to randomly broadcast private information, and I would rather get a notification than be blissfully unaware. I then discovered that if you edit your Gmail contacts at all, they are automatically shifted to "My contacts", which is by default the highest level trust filter for the Buzz. So when I edited an address book entry with a note saying, "out-of-date address, don't use", that long defunct Hotmail address was suddenly on the list of people who get a notification whenever I update my Gtalk status or post a photo to Picasa. And whoever now has that recycled address could probably deduce quite a lot of information about whom I know. So I spent a couple of hours going through my 500-member contact list, deleting every entry that is obsolete or belongs to some random customer service rep I emailed once or random Scandinavian who happens to be on the same Jewish mailing lists as me.
I'm not actually worried personally; I decided long ago that I wasn't going to use my primary email for web activities. I made this decision not because I'm prescient but because I wanted to minimize spam and quasi-spam in my main inbox. But now I'm really glad that I did, because Google knows nothing about my social networking presences, they're not linked to my main email address or real name. The trouble is that because of Google's extremely clumsy attempt to bypass the network effect and set up a service that was already populated, if I'm not strict about locking everything down, I could compromise my friends who may be more security / privacy conscious than I am (not to mention those people whom I sometimes email who are not my friends but are, for example, teenagers attending my bar mitzvah classes).
I thought people were being melodramatic about Buzz when it first appeared, because after all it's fairly easy to opt out, but the more I think about it, the more I'm annoyed.
[Cross-posting to LiveJournal because I think both the DW news and the Buzz stuff are important for LJ peeps to know.]
...
...
EEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!
I think this is the first feature that gives DW a real edge over LJ. Yes, split trust and reading are nice, and I like the better interoperability (straightforward import from LJ-based sites, better support for OpenID, the cross-poster). But those are pretty much frills that don't affect the basic experience of using the site enough for it to be worth most people's while switching, unless like me they're doing so on principle. In contrast, being able to read posts from other sites seamlessly in one place is a huge deal.
I think it's also a major step on the way to the federated, NNTP-like utopia that some of you have been talking about (
pw201 and ewx, in particular). I mean, it's not quite there yet, but it's a lot better than RSS for paving the way to the possibility where you can run your own LJ-like install on your own server, not needing to trust anything to any commercial outfit, but still reading posts and interacting with your less geeky friends who prefer to use a hosted service rather than roll their own. Of course, this also brings a potential problem: if any DW-based site can access your locked content from LJ, this may include all kinds of dodgy outfits. Personally, I trust DW a lot more than I trust LJ at this point; if LJ is displaying adverts that attempt to install malware, just how far do you think you can rely on your friends-lock? And no, LJ isn't doing this deliberately, but they're also not doing nearly enough to police the problem, IMO. But that doesn't mean anyone else should trust DW, you have to make your own decision on that. Besides, even if you trust them not to be evil, that doesn't mean you can trust them not to be incompetent. Furthermore, anyone can set up a site using any modified version of the DW code; that's the whole point of Open Source.
I've asked in the news post how the DW devs intend to handle the password issue, and I do expect that they're already thought this through and will give me a satisfactory answer. The problem is that the announcement is getting a bit swamped by people who are horrified and appalled about the prospect of people reading their posts in a different format. I do think this objection is based on a pretty fundamental misunderstanding of how the internet works, mixed in with knee-jerk anti-Dreamwidth sentiment. As far as I can see, this is about equivalent to objecting that people might choose to view your journal in their own style, and therefore not see your
However, I do appreciate that there can be a difference between stuff that is in theory available to the public, and actually actively broadcasting and aggregating that material. In this particular case, what Dreamwidth is proposing does not make any practical difference. As it is, when you post a friends-locked post on LJ, people to whom you have granted access can already do pretty much anything with that post, ranging from perfectly reasonable things like importing it into a mobile phone or desktop client, to actively evil things like screen-scraping and reposting the entire text on a site designed to mock you. As far as I'm concerned, choosing to view the post on your DW reading list is far more like the former than the latter!
Plus, I really like the sound of the implementation details, the fact that the post will be visible only to the journal owner and not anyone else who looks at their reading page (even if the second person is perfectly entitled to view the entry). Any interaction such as commenting or memorifying takes place on the originating site (this is one of the aspects that makes the proposal vastly superior to RSS; without anyone having to put any thought into it, all the comments end up in one place instead of being split over multiple sites.
The big question in my mind is whether it will ever be possible to do things the other way round, ie read Dreamwidth originating posts on your LJ friends page. Just think, you could keep up with your friends who have moved house without needing to get any Dreamwidth cooties on you at all! (OK, that's not strictly true, you would have to have an account or an OpenID on Dreamwidth so that people can add you to their access lists, but that's a one-time thing.) But of course I have no idea whether LJ will implement this; they could very well lift Dreamwidth's Open Source code if they want to, and it seems to me like an obviously sound business proposition; after all, if Dreamwidth lets you read posts from LJ (and InsaneJournal and JournalFen and DeadJournal and $random_self_hosted_journal) all in one place, while LJ restricts you to stuff that was originally created on LJ plus barely functional RSS, that gives DW a huge advantage. Anyway, we'll see.
While I'm on my soap-box, let me talk briefly about why the Google Buzz debâcle is not the same thing. The problem there was not people being angry when stuff that was already public became more obviously public (though it did get confounded by elements of that), but that Google chose to reveal to the whole world, by default, your most frequently emailed contacts. Webmail has been around for multiple decades now, and it's always been the expectation that while it's not highly secure (it goes over http, duh) against a determined hacker, it's not actually public to anyone with an internet browser, let alone deliberately broadcasted to other people you email. And yes, Google have now fixed this so that the list of frequently emailed people are only suggested rather than automatically trusted by default, but it's too late, once the information is out there the genie won't go back in the bottle. Not to mention that lots and lots of Gmail users are not all tech-savvy and won't have been following all the internet discussion about how bad the Buzz roll-out was.
Me, I straight away went in and locked down the system as much as I could (I don't dare delete my profile and switch off Buzz altogether, because one of the many bugs seems to be that if you don't opt in, you can't get at any of the privacy controls. Also I feel nervous about next time Google decides to randomly broadcast private information, and I would rather get a notification than be blissfully unaware. I then discovered that if you edit your Gmail contacts at all, they are automatically shifted to "My contacts", which is by default the highest level trust filter for the Buzz. So when I edited an address book entry with a note saying, "out-of-date address, don't use", that long defunct Hotmail address was suddenly on the list of people who get a notification whenever I update my Gtalk status or post a photo to Picasa. And whoever now has that recycled address could probably deduce quite a lot of information about whom I know. So I spent a couple of hours going through my 500-member contact list, deleting every entry that is obsolete or belongs to some random customer service rep I emailed once or random Scandinavian who happens to be on the same Jewish mailing lists as me.
I'm not actually worried personally; I decided long ago that I wasn't going to use my primary email for web activities. I made this decision not because I'm prescient but because I wanted to minimize spam and quasi-spam in my main inbox. But now I'm really glad that I did, because Google knows nothing about my social networking presences, they're not linked to my main email address or real name. The trouble is that because of Google's extremely clumsy attempt to bypass the network effect and set up a service that was already populated, if I'm not strict about locking everything down, I could compromise my friends who may be more security / privacy conscious than I am (not to mention those people whom I sometimes email who are not my friends but are, for example, teenagers attending my bar mitzvah classes).
I thought people were being melodramatic about Buzz when it first appeared, because after all it's fairly easy to opt out, but the more I think about it, the more I'm annoyed.
[Cross-posting to LiveJournal because I think both the DW news and the Buzz stuff are important for LJ peeps to know.]
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2010-02-19 04:23 am (UTC)Sorry... I posted it anonymous by accident. Can one just create their own DW accounts nowadays, or are invites still necessary?
(no subject)
Date: 2010-02-21 09:36 pm (UTC)Don't worry about the anon post! You still do need an invite code for DW now, but these days there's a huge excess of codes available instead of them being in short supply. So let me know if you'd like one and I can send it to you.