DataPortability Blog

Announcing the Portability Policy

Elias Bizannes — Wed, 23 Jun 2010 10:29:15 +0000

We’re proud to announce the release of the Portability Policy, the latest creation from the DataPortability Project. We believe that this will help further the vision of digital freedom that was the founding ideal of our group two years ago.

The software industry is still figuring out the right balance between open and closed, but we believe that communication is the first step. The DataPortability Project encourages standard, plain language policies describing how data and digital “stuff” can be moved from one product to another.

Inspired by the Creative Commons, the Portability Policy work began as a way to improve the confusing Terms of Service and EULA model – one which we believe has become outdated and ineffective. To quote the new site:

In the same way that your Privacy Policy tells visitors what you can do with information they provide, your product’s Portability Policy tells visitors what they can do with it.

The heart of the Portability Policy is a set of plain language questions that we hope will become a common vocabulary between software users and providers. Through these questions, a provider can disclose what they do or do not, to enable data portability. Eventually, we intend to release machine-readable version of these policies.

Data portability applies to a much broader set of software products than just social networks. The promise of data portability is that everyone benefits when work can be repurposed – by yourself with other tools or by other people. Any tool that lets people enter or organize their digital “stuff” should control how that stuff can be reused. Text documents, music play lists, pictures, and research data are just as valuable to share as “friend lists” and address books.

We do not promote any particular technology or approach; there are no right or wrong answers. While a social network might want to illustrate the myriad ways that they connect people and allow for data portability, a service focused on deeply personal medical or financial issues might want to highlight the fact that they allow no portability at all. Our intent is simply to increase communication and ensure that both parties — visitors and the service itself — each know what they should expect from the other.

We wish thank the hard work of the Portability Policy workgroup, which is chaired by Steve Greenberg. I also wish to thank TechCrunch for their support over the years – you can read my guest post today which gives further detail on the policy.

Elias Bizannes is the chairperson and executive director of the DataPortability Project.

Deleting Your Account: Data portability policy questions for a graceful exit

Phil Wolff — Tue, 15 Jun 2010 07:37:00 +0000

Cameron Chapman explains How To Permanently Delete Your Account on Popular Websites. Perhaps your site’s Portability Policy should answer these questions:

How?

If you don’t allow account deletion, why?
What steps do you take to prevent someone else from deleting my account?
What steps do you take to prevent me from deleting my account when I might regret it? (a moment of anger, intoxicated confusion, suffering from dreadful lack of coordination
Do you distinguish between account deletion and deactivation?
How long will it take for my account to be invisible to others?
How long before my account is gone forever?
If I delete my account, can others claim my username?
If I delete my account, will I be able to use my email address to create a new account?
What happens if I don’t have access to the email address I used to start the account?
What can delay account closure? (For example, pending financial transactions?)
Where is the procedure for deleting my account? What happens after I make the request?

Completeness

Where is the list of authorized software/services that might log into my account? (So I can turn them off.)
If you let me log into other sites with your credentials (“Sign in with your X account”), what happens to my accounts on the other sites? Where is the list of sites where I use your credentials to login?
When you delete my profile and account, what happens to shared/community content, like my contributions to a wiki page or to a threaded conversation or gifts to another person?
When I delete my account, do you also cancel subscriptions to any related premium services?
Do you make downloading and saving my assets (photos, contacts, history, etc.) part of the account deletion process?
When I delete my account, do you also delete my contributions (like videos on YouTube) or should I delete those before requesting account deletion?
If I have money or credit balances in my account, what happens to that money when I delete my account?
What do you do to help reduce search engine caching of and links to my deleted profile and resources?
What do you do with my answer to “Why do you want to delete your account?”

Skype.com’s FAQs try to answer some of these:

How can I delete my public profile?

Your profile record (except the Skype Name) is not stored permanently. Your profile will automatically expire and will be deleted from the user directory approximately 10 days after you’ve last used Skype.

How do I delete a SIP Profile?

Before deleting a SIP Profile, please note that deleting a SIP Profile causes: Any remaining Skype Credit allocated to that SIP Profile to be returned to the Skype Manager™ balance. Online Numbers to be returned to Skype Manager for reallocation.

How do I delete my Skype Name or personal profile?

You cannot permanently delete a Skype Name. Your profile record is not stored permanently. Your profile will automatically expire and will be deleted from the user directory approximately 10 days after you ve last used Skype.

How can I delete members of my Skype Manager?

Deleting a personal account will only remove it from your Skype Manager. The account itself will retain any Skype Credit allocated to it. Any subscriptions or Voicemail assigned to the account will be cancelled when the expiry period is reached.

Can I delete my Skype Manager?

Allocate the remaining Skype Credit within your Skype Manager to yourself or to another personal account of your choice. A personal account is one that was not created within Skype Manager.

Can members remove themselves from my Skype Manager?

This depends on the type of account your members have Members with personal accounts can leave the Skype Manager at any time.

What happens if I accidentally registered a phone I was calling from? How do I remove it?

You can remove the phones that you registered for your Skype To Go number by going to your account overview page

How do I remove a business account from a SIP Profile?

Click on the name of the business account that you want to remove. Click Remove account For more detailed help and information on Skype for SIP, there is a Quick Start Guide, a User Guide, and several other Skype for SIP guides available on the Guides page

How do I cancel my subscription?

You can cancel at anytime by signing in to your account and on the Subscription settings page, click Cancel

Skype shows a portability policy will reflect how your service works, what your service does, and your customer service workflows.

A few resources:

Call me at +1-510-343-5664, Skype me, follow @SkypeJournal and @evanwolf.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Check out #OExchange, a data portability protocol

Phil Wolff — Thu, 03 Jun 2010 14:55:34 +0000

“OExchange is an open protocol for sharing any URL with any service on the web.” We want to share stuff among sites and services. OExchange provides a really simple way for your software to discover and get resources from other sites, and to share your resources. This is probably one of the coolest things in this space since XML-RPC.

It’s plumbing so I’ll leave out the technical stuff, but it can make it ridiculously easy for programmers to build getting and sharing your stuff into their apps.

So here’s stuff to get you started. Quick Start Guide for service providers, publishers, and tool developers. Spec for OExchange-Offer and -Discovery. Tools for coders. Demo.

OExchange solves some data portability implementation problems better than most tools. Take a look at the video (1:31).

Congrats on the launch.

The next step is the less-fun part, where the community learns OExchange’s strengths and limits from deployment, and lessons learned turn a new protocol into a de facto standard. The conversation continues in the OExchange Google group.

Chris Saad questions Mark Zuckerberg

Elias Bizannes — Sat, 29 May 2010 23:19:58 +0000

Chris Saad wrote an important post that appeared on the ReadWriteWeb Blog yesterday. I recommend you read it to get a better understanding of Facebook’s privacy moves in relation to Data Portability.

In it, he raises a key point about the tendancy for Facebook, as well as other large companies, to manipulate industry language for their own ends. As Saad puts it:

“The lack of honesty and clarity from the company and its representatives … and the continued trend of taking established language – such as “open technology” or “data portability” – and corrupting it for its own marketing purposes, is far more disconcerting than the boundaries it’s pushing with its technology choices.”

Read it on ReadWriteWeb.

Data portability in the Credit Card industry

Elias Bizannes — Fri, 28 May 2010 18:31:09 +0000

Our Steering Group accepted PortabilityStandard.org as an official action group of the DataPortability Project, with Bryan Johnson of Braintree Payment Solutions as chairperson.

In the words of the new group:

The Credit Card Data Portability Standard is supported by an opt-in community of electronic payment processing providers (service providers) that agree to provide credit card data and associated transaction information (sensitive data) to an existing merchant upon request in a PCI Compliant manner.

Why are we supporting it

There is a perception that the DataPortability Project is addressing only social networking issues, but we try to focus our efforts in other verticals like medical and now financial. To give an example of why this is important:

Let’s say you have an account with Netflix. You’ve provided your credit card to purchase movies through Netflix.
Netflix uses a payment provider like PayPal, who does the actual credit card processing.
One day Netflix decides it doesn’t like PayPal’s policies and new fees. They start shopping for a new payment provider
Because credit card data portability is not in effect, Netflix has to re-ask its consumers for their credit cards. This is because PayPal – not Netflix – is the company that stores and controls your credit card data.

It’s crazy because Netflix is the company a consumer creates the relationship with, and yet PayPal controls this important information about them.

This is why we welcome the credit card working group. This is an issue hidden from consumers, and will only affect how B2B operates – but in the long run, it’s making the market more efficient as we march towards a world of true data portability.

We look forward to working with the group to develop the approach and increase exposure of this important issue.

Facebook Embraces Data Portability – Again

Steve Repetti — Wed, 26 May 2010 21:02:45 +0000

Today, Mark Zuckerberg, CEO of Facebook, made his strongest endorsements of Data Portability to date. Speaking from the company’s Palo Alto offices earlier today he stated:

“There is this concept of data portability that we’re trying to enable. We believe that people own their information and not only should they have control over it, but they should be able to take it to other services.”

This is a bold pronouncement from a company that has all too often been perceived as being more closed than open when it comes to data policies.

Of course the devil is in the details, particularly in understanding better what he means when he says “this concept of data portability that we’re trying to enable” – hopefully the “concept” is the same one most other folks understand to be regarding data portability.

As for the rest of his statement, it is a significant milestone for him to say “people own their information” and that they “should be able to take it to other services. If this holds true, then Facebook may be on the verge of becoming the largest and most influential supporter of data portability – to the significant benefit of all.

Still, Facebook has been here before – having initially joined the non-profit Data Portability organization and then largely remaining on the sidelines.

Hopefully, this all comes to pass and Facebook becomes the shining example of how a large company can balance direction and profitability with open data policies. If not, Mark’s words will likely become a rallying point that will surely stick in his side.

But, for now we’ll take him at his word, literally, and hope that the corner has turned. If this is in fact the case, then one of the best things that Mark and Facebook could do is to enact an official Portability Policy – just like those suggested by the soon to be released initiative from the DataPortability Project.

–Steve Repetti
Data Portability Vice-Chair
www.radwebtech.com

Facebook claims data portability is criminal

Elias Bizannes — Thu, 06 May 2010 17:05:55 +0000

In the past, we’ve been contacted by Power.com about their long-standing conflict with Facebook, but which seems to have been dismissed by Facebook management as a petty distraction. The Electronic Frontiers Foundation has now got itself involved, urging a federal judge to dismiss Facebook’s claims – which is, that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites. Some very important points have been raised that I’ve quoted below from the press release:

“California’s computer crime law is aimed at penalizing computer trespassers,” said EFF Civil Liberties Director Jennifer Granick. “Users who choose to give their usernames and passwords to aggregators like Power Ventures are not trespassing. Under Facebook’s theory, millions of Californians who disregard or don’t read terms of service on the websites they visit could face criminal liability. Also, any Internet company could use this argument as a hammer to prevent its users from easily leaving the service as well as to shut down innovators and competitors.”

Even the simple use of the automatic login feature of most browsers would constitute a violation under Facebook’s theory, since those services are “automatic means” for logging in. But the risk for users is even broader. If any violation of terms of use is criminal, users who shave a few years off their age in their profile, claim to be single when they are married, or change jobs or addresses without updating Facebook right away would also have violated the criminal law.

“The information you put into social networking sites is yours, and you should be able to access it, export it, and aggregate it as you please,” said EFF Legal Director Cindy Cohn. “If Facebook’s legal argument is upheld, it will hobble companies that enable consumer choice, as well a create a massive expansion in the scope of California criminal law.”

For the full brief: http://www.eff.org/files/filenode/facebook_v_power/poweramicus.pdf

“Open” does not mean “Interoperable Data Portability” which is the real goal

Elias Bizannes — Thu, 29 Apr 2010 23:41:23 +0000

Last Sunday, Chris Saad and I wrote a piece on this blog assessing Facebook’s recent announcement.

Chris has written a follow up piece which I think is a great perspective on what the industry should be thinking about.

….Open is no longer enough. The web community needs to up it’s game.

The same is true for data portability – the group and the idea. Data portability is no longer enough. We must raise the bar and start to aim for Interoperable Data Portability.

Interoperability means that things work together without an engineer first having to figure out what’s on the other end of an API call.

Indeed, our vision as a group is the end goal of privacy-respecting interoperability. This is and always has been the goal of the DataPortability Project. Read Chris’s post on his personal blog for more.

Assessing the openess of Facebook’s “Open Graph Protocol”

Elias Bizannes — Sun, 25 Apr 2010 20:11:50 +0000

This is an analysis by DataPortability chairperson Elias Bizannes and former chairperson Chris Saad.

Summary
In essence, Facebook is striving to create a web-wide semantic search engine and recommendation system based on a mix of open and closed technologies.

While some of the approaches are indeed open, the overall outcome is an attempt to further lock in Facebook’s dominance over the web’s social infrastructure and capture as much attention data and social graph data in proprietary formats and API’s as possible.

The Metadata
In order to bring their open graph to life, Facebook requires publishers to describe their pages using rich semantic data.

They provide this metadata in the page header, which is accessible by other services. It is described in a fundamentally open format. These are all good things for the web in general and the semantic web specifically.

Facebook is making good use of W3C endorsed standards, like RDFa. Exactly how RDFa works in HTML5 (and thus how this protocol works in HTML5) is still being standardised – so any criticism to date on Facebook’s compliance with these existing efforts are not significant at this time.

The spec is also released under the Ope n Web Foundation Agreement, Version 0.9. This is a good thing, because it clears IPR issues and links it with other maturing open efforts.

Social Plugins
As part of this push, Facebook has released a series of light-weight widgets that publishers can quickly embed on their site to get started.

The plugins focus only on Facebook APIs and datasets, although nothing more or less is expected from the company on this front.

The plugins are a way to bootstrap the usage of the new APIs. Alone, they are not complete solutions for serious publishers who recognize that the rest of the web (ie, Twitter, Yahoo, Google, etc) are collectively larger than Facebook. They need cross platform solutions that use the FB API but include alternatives.

These widgets will do fine for the long tail and may pose a real threat to social widget players focused on that market.

Gestures
This is a play to increase the quantity of semantic data on the web and then capture social gestures (aka “Likes”) made against those concrete semantic objects – think a web-wide recommendation engine. This is a big step forward for Tim Berners-Lee’s vision of the semantic web.

This could be a concern for Amazon’s dominance over the product recommendation space and will hopefully lead to a more open recommendation ecosystem/technology set as the two battle it out.

Currently, however, these gestures are submitted to FB’s proprietary database using proprietary API calls.

This was not the most open way to execute on this functionality. Instead, these gestures could be written out to a site-specific Activity Stream that can then be indexed by any web-crawler.

The way the functionality is now – Google, Yahoo, Microsoft and any other players would have to negotiate bulk access to the datasets, putting Facebook in a position to control who gets to innovate on these social patterns.

24 Hour Caching
During the f8 conference, Facebook also announced a rollback of their 24 hour caching rules for data usage. We think this is a good step forward and aligns Facebook with other major services.

Value for publishers
Facebook allows users to interact with content without authenticating themselves to the host site. This means the host sites have no access to the user’s data, gestures or friends while Facebook benefits from a complete picture of their clickstream and other actions.

While this is good for user privacy, it is a devils bargain for the publisher who is hosting Facebook user experiences while only seeing a fraction of the potential value.

At stake here is access to (and value extraction from) user actions on given sites. Currently many interactions on third party sites will not actually be accessable or monetizable by third party sites who host Facebook experiences.

Value and privacy for users
During the announcement, Facebook claimed to be placing user privacy at the top of its list of concerns. Although this does not strictly relate to interoperable Data Portability issues, it is clear that by automatically opting all users into this protocol, Facebook is more interested in on-ramping its entire userbase rather than giving users an initial choice.

In addition, for users to leverage this data in other services, those services need to – once again – code defensively against Facebook’s APIs and data formats instead of using open formats like Activity Streams to encapsulate the data.

Medium Term Outcomes
Ultimately Facebook is building a semantic search engine and e-commerce recommendation engine bootstrapped by pblishers hosting their social widgets and users making proprietary gestures.

While Google and others might use some of the same metadata, they won’t have access to the proprietary aspects of the system leaving FB in prime position to innovate and control outcomes.

It also furthers Facebook’s goals of turning their Identity platform into the default login system for the web, something that no company should own. Thankfully, OpenID, as an underlaying technology, already far exceeds Facebook’s closed system (having being used by the majority of login providers/login events such as Google, Yahoo and others). As a community, however, we should be sure to drive that point home where ever possible and ensure site owners offer the open alternative.

In order for true interoperable, peer-to-peer data portability to win, serious publishers and other sites must be vigilant to choose cross-platform alternatives that leverage multiple networks rather than just relying on Facebook exclusively.

In this way they become first-class nodes on the social web rather than spokes on Facebook’s hub.

Further Reading:

David Recorden says why it’s good for the web

Chris Messina talks about the Open Graph Protocol

Lack of independent thought on the technology

Upcoming Event: Internet Identity Workshop 10

Rai — Mon, 19 Apr 2010 23:31:17 +0000

* How are social networking sites and social media tools applying user-centric identity?
* What are the open standards to make it work? (identity and semantic)
* What are technical implementations of those standards?
* How do different standards and technical implementations interoperate?
* What are the new social norms and legal constructs needed to make it work?
* What tools are needed to make it usably secure for end-users?
* What are the businesses cases/models that drive all this?

-from IIW10 invitation

These issues and more will be discussed at the Internet Identity Workshop 10 from Monday, May 17, 2010 till Wednesday, May 19, 2010 in Mountain View, CA.

Head on over to their Registration page and get your tickets. Hurry, early bird ticket sales end on April 30th!

DataPortability.org will be representing and we hope to see ya there!