Quote
"I can’t think of anything that demonstrates the sovereign nature of the self better than a blog.” - Doc Searls
About the Author
Stowe Boyd is a well-known media subversive,
and an internationally recognized authority on real-time, collaborative
and social technologies. His new blog is Message.
|
« Dave Pollard on Surowiecki's The Wisdom Of Crowds |
Main
| Jas Dhillon re: Zero Degrees Email Policy »
August 22, 2004
The Ten Commandments of Social Networking
Posted by Stowe Boyd
Clay reprises my recent comments about Multiply and its email invitations, and does a very good job of making my argument more clear than I did, I think.
Clay Shirky
Stowe, reading my earlier Multiply rant, responds saying Multiply isn’t spam, and says that we need a statement of purpose for social networks to adhere to.
I’m more pessimistic than he; I believe that Multiply join messages are spam. Now spam has the “I know it when I see it” problem, so to talk carefully about it requires a specified definition. Here’s mine — spam is unsolicited mail, sent without regard to the particular identity of the recipient, and outside the context of an existing relationship.
Anyone sending me mail because I am on a list I haven’t asked to be on; without having a reason to think that I, in particular, would want this mail; and without us already knowing one another, is spamming me. In particular, ads sent to me as a member of a category, no matter how targeted, count, in this definition, as spam. You could be advertising a new brand of gin specially brewed for Brooklyn-dwelling Python hackers who like bagpipe music and that mail would still be spam.
If you adopt this definition, even just for the sake of argument, it’s pretty clear that Multiply fails the first and second tests. I did not ask for mail from them, and they are not sending me mail because they know me — they simply have my address on a list furnished by my friends. [...] I think where Stowe and I may disagree is in point #3: do I have an existing relationship with the sender of the mail?
This is, I admit, a judgement call, and to re-phrase what I think Stowe is saying, Multiply is operating in good faith as a proxy for its users. My friends have furnished my address to Multiply, and authorized the service to contact me on their behalf. Thus the incessant messages from Multiply should be thought of as coming from my friends, and not from Multiply itself.
I hope I have characterized Stowe’s view correctly; in any case, I think Multiply fails this test as well, because I think they are engaged in a new form of targeted marketing. Jon Lebkowsky’s farewell to Multiply message includes this observation: “…next thing you know, Multiply was spamming all my Orkut contacts with a brainless marketing letter supposedly written by yours truly, only I didn’t see it until someone said no, no way, and noted the cheerful Muzak inanity of the message sent in my name.”
Clay has exactly defined the boundary cases in the ethical quagmire we are struggling with here:
- I have assumed that the individual adding me to their contact list at Multiply (or elsewhere) is actually an individual known to me, and therefore I would not be surprised at getting an email invitation from them. Alternatively, if the invitation is coming from a party "outside the context of an existing relationship" it *should* be considered spam. But such an activity would be spamming on the part of that party (individual or group), and not necessarily on the part of the service. For example, someone could join LinkedIn for the purpose of spamming, which would not be the fault of LinkedIn, per se.
- If a SNA coopts the contact list of its users and sends unknown, uneditable, and unannounced email invitations or (even worse) unsolicited advertisements for its or other services, that should be considered spam. This is what seems to have happened in Jon Lebowsky's case, when he used the Multiply feature to invite his Orkut contacts... or so he thought. (I found that at least one of the Orkut or Friendster invitation features was not working yesterday when I was fiddling at Multiply -- maybe they are revamping while this debate rages?)
I am totally opposed to parties spamming through SNAs as in case #1, and just as opposed to SNAs that meet case #2. I stated that SNAs try to make legitimate invitation of known contacts by email easy, to increase the acceptability of use. Clay argues that social connectedness should come at a slower rate, at a higher cost:
I think the growth of Friendster, one user at a time, undermines this notion, but however hard it makes it, that is a good amount of hard. Getting rapid growth one user at a time is difficult because it is supposed to be difficult. Social systems are, by definition, inefficient, and attempts to make them high throughput end up destroying them.
This last comment can be interpreted almost as a condemnation of the teflon slick feel of social networking applications, across the board, and I think gets into the guts of the problem: when social networking applications are targeted toward supporting human scale (not mass database) social networking for appropriate (non spam) purposes within the context of existing social (not commercial) relationships, things are fine. When you stray outside of any of those modifiers, it's immoral, wrong, and possibly illegal under the CAN Spam Act.
Finally, Clay doesn't hold with my push for a code of ethics that all should accord with (along the lines of what Duncan Work at LinkedIn recently pushed in his "Bill of Rights"), arguing for a more Darwinian solution, where the malefactors will just die off. I don't know; I think the idea has legs, so I am going to try to boil down a short list of "do's and don'ts" for SNAs, and promulgate it as the Ten Commandments of SNAs.
For example, Clay suggests that every email invitation from an SNA should include an explicit and easily discovered opt-out button. I strongly agree. The SNAs may want to qualify it in various ways (opt-out only for invitations from the specific sender; for a specific period of time; or for all invitations, ever), but there should be a way to opt-out, both at the SNA's website and in every email invitation or other communication.
The Ten Commandments of Social Networking Applications (Part 1):
- Social networking applications shall provide explicit and easily used opt-out features; specifically, every message sent by a social networking application on behalf of users, as marketing, or for whatever purpose shall provide a mechanism for complete opt-out, as well as a means to opt-out by email and at the SNA website.
- SNAs shall not send messages to any user's contacts without the explicit consent of the user, and without first displaying both the list of contacts to which the message is to be directed, as well as the complete content of the message.
- SNAs shall not expose any user's contact information or the information associated with the user's contacts to anyone other than the user without the explicit permission of the user.
- SNAs shall prohibit unsolicited commercial messages through their systems, and should bar or block users that try to send such messages.
- SNAs shall provide means so that users can block messages from specific users.
- SNAs shall provide users an "unlisted" capability, so that their use of the system can be undiscoverable if they wish.
Well, that's a start. Other recommendations are cheerfully accepted.
Comments (4)
+ TrackBacks (0) | Category:
- RELATED ENTRIES
- › Reminder -- /Message
- › /Message - A New Blog
- › The Individual Is The New Group -- Part 1
- › 1000 Tags: Tag Advertising
- › Social Ethics And Technology Design
- › Nancy Hass on In Your Facebook.com
- › Black and White and Dead All Over: Is Newsprint Dead?
- › Anonymous Trolls, Beware: You Are Breaking Federal Laws
|
|
1. Mike on August 22, 2004 01:56 PM writes...
From your earlier reply to my post:
"The 'tapping' into other networks by Multiply is not wrong, per se,"
Again, no. Like I said before, the spam situation, while annoying and interesting in a different way now that it's in a Social Networking context, is not really the worse part of this Multiply business. Hopefully I can be clear in this post about why I think that.
I'm not totally sure that you (or other people posting about this Multiply business) is totally understanding what the real evil is here.
Multiply is not just 'tapping' into other SN networks (Orkut, Friendster)...they are *mining* them.
For example, when a new Multiply user "imports" their Orkut profile, they give up their username and passwd, and Multiply's servers log into Orkut as them. Let's skip right over the fact that that action is absolutely in violation of Orkut's Terms of Service, even *before* any messages are being sent.
The user is then presented whith their Orkut contacts, and given the option to invite them (i.e. send messages, via Orkut's messaging system, which a second violation of Orkut's ToS) or not. Let's say that I am one of those invitees. Multiply now knows the relationship that exist on ANOTHER and DIFFERENT social networking service, of me, and my soon-to-be ex-friend.
Why is this evil ? Because it doesn't matter whether or not those invitees actually sign up with Multiply. It doesn't even matter whether or not he chooses to invite ANY of his Orkut contacts...Multiply now knows that a relationship exists, between him and his Orkut contacts, without having a challenge-response mechanism that Orkut had to go through to make those relationships explicit. Not only *that*, but does anyone think that Multiply will just discard those Orkut contacts and (user IDs) that have been sucked out of Orkut ? I seriously doubt it. They now have the user IDs of Orkut users who have explicitly made their relationship/contact known to Orkut.
Re-read that last sentence again. The absolute number one information that Social Networking Services have is *not* the profile information, but the data on HOW THOSE PROFILES ARE CONNECTED.
Yes -- it is what they call the "family jewels" of social networking.
About the work that Multiply is not doing to earn their users: On Orkut, in normal Orkut fashion, someone on Orkut asks to be my friend. I have the choice to acknowledge that relationship or not. Multiply doesn't even GIVE me that option when Orkut contacts are imported.
Relationship/contact information is *private*, and is not private, if my friends give away my private information, and that information includes who I am friends with.
I'll end with an analogy that I think can help:
The Hollywood rolodex of a movie producer is valuable for 2 different reasons. One reason is the actual data that each rolodec entry contains; that is the beef that you are making here...it would make a hell of a great spam list, and I agree.
My point is the second reason, which is much more subtle, but I think much more important: one Hollywood rolodex won't just give you numbers of famous people....but
A) how MANY famous people, per rolodex
B) given enough (not that many) rolodexes, you could guess the contents of many more rolodexes without ever having to obtain them.
C) given enough rolodexes, the contact info becomes less important than the relationship between each rolodex, which is much much more exploitable.
In the network security world, Kevin Mitnick would recognize what Multiply is doing as getting pretty close to a hacking/cracking technique known as "social engineering". And he should know why that's bad.
Permalink to Comment2. Stowe Boyd on August 23, 2004 09:39 AM writes...
Response to various points you are making:
You wrote "For example, when a new Multiply user "imports" their Orkut profile, they give up their username and passwd, and Multiply's servers log into Orkut as them. Let's skip right over the fact that that action is absolutely in violation of Orkut's Terms of Service, even *before* any messages are being sent."
This is the analogy to using a Trillian or Gush 'multi-headed' IM client, which taps into the public IM services in violation of those networks terms of service. And I maintain, that, per se, acting as a proxy on my behalf, Trillian is not doing anything evil. Nor is Multiply... at least not yet.
You go on to argue (I think) that pulling that information from Orkut and placing it into Multiply automatically subverts an explicit agreement between the various contacts and... who, exactly? If I use Multiply to pull the information and then paste those contacts' information (email address, etc) into Multiply, who is breaking what agreement? Perhaps me, if I choose to do so?
Now, if Multiply uses that information for its own purposes -- like spamming people to join the service, or selling it to advertisers -- that is wrong, and I am opposed to it.
Perhaps the central issue in here is 'who owns information about a relationship?' Do both parties have to agree that a relationship exists, by explicitly agreeing that they are 'friends' or whatever? Certainly, I have stated that all SNAs should provide an opt-out at every step of every process, so that someone can assert 'while Stowe might have my email address, he is no friend of mine!' I also believe that SNAs should provide finegrained whitelisting and blacklisting for users, and complete opt-out for those who wish to be non-users, which should satisfy everyone;s concerns.
I understand your concern, which is this, I believe: Multiply crosses a line when it provides an easy mechanism for one party to copy contact information (degree of relationship, email address, etc.) from another SNA which was collected through the agreement of the other parties, and which was presumed to be used only in the context of that other SNA's safeguards and security provisions. Is that it?
This is -- by the way -- one of the arguments that the public IM providers level against the 'rogue' clients like Trillian, by the way. Being someone's 'buddy' means a specific set of safeguards in Yahoo, for example, which could be subverted through the use of a different client.
But the benefits of multi-headed clients are so great, and the reluctance of the public IM networks to move toward interoperability has been so egregious, that I have come to believe that the loss of safeguards is a small price to pay.
Ultimately, we will be confronted with similar issues in SNAland. Each SNA will have no incentive to allow interoperability (or export of profile, contact info, etc.) because it lowers the cost of moving to other services for the individual. But individuals will want to duplicate information entered in one service to another, even if it includes (or specifically in order to include) relationship information that what agreed to by other parties in the context of a specific service.
And just like the recent court decision that ruled that various peer-to-peer services were not guilty of copyright enfringement because their services enabled individuals to circumvent copyright of digital media, the same thinking should hold here. The individuals are to blame if they misuse the information, not the service. Note again, I agree with your objection to the service using the contact information for its own purposes -- that's spamming, plain and simple.
But people will want to be able to manage their networks as if it were one network not a dozen partitioned and closed networks.
Permalink to Comment3. Mike on August 23, 2004 01:08 PM writes...
Excellent insights, and I agree with all your points, even the issue of "blindness" with regards to the P2P analogy. Knives don't kill people, people kill people. :)
Also, I do agree and see that people would like a central management point of their social networking, as Marc Canter will remind every visitor to his blog, every day, till the end of time. (referring to FOAF) But until each of the Social Networking sites figure out a way to place quality or characteristics on a connection (work ? romantic ? family ?) then I don't see that consolidation happening anytime soon at all.
All that said, I'm not 100% sure that I've worded my concerns in the best way either, because I still feel as though a point I'm trying to make isn't really coming across very well. At this point I'm also feeling like I'm hogging this comment space, so I'll make this my last feeble attempt to word my concerns. :)
Ok, I think here's where I think that possibly the IM/Trillian analogy doesn't work. Anyone can IM someone else, and how those people are connected are not at all made explicit. It's like a telephone. Now of course one can look at the amount of communication between certain parties and infer some relationship, but it's not the same as Friendster or Orkut, where that is the whole premise of the six degrees deal.
Eurekster (and along with it, Friendster) uses that explicit connection information in an attempt to improve web search. It's not the contact or profile information at all, but the connection made between people, that is the most important property with Eurekster. On Friendster, a web search (done thru Eurekster) are not going to affect/improve the search of someone outside my network, only those *within* it.
Eurekster is just one of the first attempted applications that make the actual connection, and not the node, important and valuable. Having such a non-reductionist or holistic view of the social network is what I believe will become valuable in as SNs getter better at exploiting it. Another example is the application of whitelisting email based on your network of friends. Yet another example being looked at is a referral system based on explicit contacts for sales. Companies like Spoke are researching these sorts of applications that exploit not just the individual profiles of people, but the connections graph *between* them.
Indeed, in those situations, (Eurekster, spam-blocking, Spoke, etc.) the contents of user profiles aren't important whatsoever.
In graph/math terminology, it's not the nodes, it's the *edges*, that are important. This is what I oppose in Multiply...that Multiply is gaining not just the NODE, but also all of that node's EDGES, by importing from Orkut, and there is nothing I can see that prevents them from using that information to their advantage. Like you said, spamming would be an abuse of that, of course, and that would be bad/evil, etc. But think of the possibilities that could happen if they exploit the edges of that network, which can be completely INVISIBLE to the users, and without their permission ?
You are 100% correct that Multiply's servers only get Friendster info about a user's friends on a human-initiated request from a Multiply user.
I think that I'm just stressing the question that you posed, 'who owns information about a relationship?' but I want to point out that it can and should be thought of in the light of the connections themselves, not just the user's (email/contact info) data.
Ok, I'll stop now with the blathering. Thanks for giving up the bandwidth to serve up my comments. :)
Permalink to Comment4. Scott Allen on August 26, 2004 02:15 PM writes...
How about simply "SNAs shouldn't make it easy to do things that are a really bad idea -- socially inept, if not downright illegal."
For example, it's a really, really bad idea to send the exact same canned invitation to your entire contact list. SNAs think they're making it easier on their members to invite more people, but there's an unintended consequence of creating social ill-will both for their members who do that and for the sites themselves.
I contend it's a really, really bad idea to send almost ANY message -- commercial or otherwise -- to all your friends of friends.
I know some prefer the Darwinian approach -- those with poor practices will simply not succeed. The only problem is, there's no disincentive. There's little or no negative feedback for them, at least in most SNAs. They simply don't get results, and you have to hope that they eventually tire of a lack of results and leave. In the meantime, the rest of us have to wade through all that noise.
I tend to take a fairly libertarian approach -- let people do what they want -- minimal restrictions. You still don't hand them a loaded shotgun, e.g., the ability to send a generic mail to everyone they've ever met electronically. Bad idea.
On another note, Mike's point about quality/characteristics of relationships being a requirement for interoperability is right on. It will also have to have an indicator of relationship strength. For example, on Ecademy, you're "connected" with someone once you've had a bilateral exchange of private messages. That's very different than, say, the confirmed strong relationships many (not all) people use LinkedIn for.
I believe it's also a requirement to have granularity of exposure of that data, e.g., you may not choose to expose your personal relationships in a business context, and you may not want to show your real name or your employer in a social/romantic context. This is what danah boyd has written so much about regarding segmented identity.
Until that is addressed, interoperability isn't going to go mainstream. And FOAF (at least in its current incarnation) can't meet those needs.
- Scott -
Permalink to Comment