Sunday, November 7, 2010

Too much social is not a good thing

I do agree, the three things that are doing to define the coming years are : social, location and mobile commerce. Increasingly we will look to our social graph for recommendations on restaurants to eat at, movie to see, or next electronic gadget to buy. Vendors will try to lure us by customized coupons pushed to our mobile phones based on our profile, and we will buy stuff or pay our bills by our phones.


Having said that, I still think that we are not a throughbred social animal. Agreed society is a big part of life, but we are not ready for it to become our life. Me for one am not willing to give up my privacy. Also, I refuse to create multiple “avatars”/profiles of myself to please the different vendors in order to get a deal, or to present a favorable image to impress my professional colleagues.


I do believe in power of social and location powering the mobile commerce to herald the next generation of web. I hope it is done right by respecting our online privacy. The trend that I find most troubling is Give me your passwd and we will import your friends etc to our site


Increasingly I run into sites online, or apps on my mobile phone and try to lure me into giving them my userid/passwd of of my existing accounts. They claim to do that to import my friends and contact information to help jumpstart my experience on their site/application. I get the dilemma these sites are in. A normal user uses may be 4-5 sites at most on a regular basis. Most users do not have a time or a need for yet another site to be part of their daily online experience. Thus, its a huge uphill battle for the startups & importing data is a huge help. I get this.


What irks me the most is the blatant way in which they ask us for our passwords. To me its like Maitre d’ asking me to hand over all my credit card statements so he/she can suggest the best dish for me. Today most online portals that I use, contain a ton of information about me, the list of friends is a very small portion of it. I do not want to give them access to everything. Plus, unless I immediately change my password, there is nothing for them from snooping around in future. e.g I Use a ton of Google services, gmail,gtalk, google voice, google checkout, google documents, google adsense, blogspot, youtube, appengine. They all share the same password. If I give a new site my Google password, and hope they will import my Google friend list and without snooping around with everything else, now or till such time that I change my password, I am being very naive. Storage is cheap, data about users is gold mine. I am sure they want to get as much information as they can. Even if they are pure in their intensions, I cant trust the folks who actually coded or handle the data, almost everything is outsourced throughout the world, one on knows anymore where the data end up today or in future


I do believe in power of linking social networks from different sites. These startups do fill a niche. But I don’t want to give them “keys to the kingdom”. I wont trust them anymore than I would a guy on the street asking me for my Google passwd. I would give them access to data, on my terms . Things that will make me comfortable are:


  1. I do not want to reveal my password to a site wishing to import data. Instead I should be able to tell google to give a onetime access to just the
    data I want to be made available to that site nothing more.
  2. If I have given a access for a certain duration, I should be able to revoke that permission at any time.
  3. Every time any external site does access my data based on these permission that should be logged and I should be notified, if I so choose.
  4. I should be able to preview the access I have given the data that was shared any time in future.

Some of the above have been addressed by technologies such as SSO, OAuth etc. Google does support OAuth. But I find sites (including Google) to be seriously lacking at reporting. They don’t allow us to pick and choose what we want to share or notify us of what was accessed. I really don’t feel in much control when I share stuff using what is implemented.


I really hope as “social” takes the center stage and as new and upcoming sites encourage us to share more data, some of the technologies do come to our rescue and keep us in control.

2 comments:

  1. Good article with very valid concerns. I never share my user/pass to import friends list on any service incl FB.
    Since majority of users will set the norm, the problem will be with the younger users who collectively decide which service stays or goes - they don't seem to have as strong a view on online privacy & information security.
    Completely agree with your prognostication about the future of computing/communication.

    ReplyDelete
  2. Good point.....I keep telling the same to my friends too. On a related note, Google recently blocked FB from adding friends based on Google's data but that's purely a competitive move and not a new found respect for privacy on Google's part

    ReplyDelete