Archive for the ‘Identity’ Category

File Under: Identity, privacy, Social

Facebook Wants Your Past, Present, and Future On Open Graphs and Timelines

Facebook will soon allow its users to integrate all of their music, media, and lifestyle actions and interactions with their profiles, Mark Zuckerberg announced at Facebook’s f8 conference yesterday. Connecting profiles to services like Spotify will allow users to fill out their own curated “Timeline,” so friends can see each others’ media activities both as individuals and aggregated over their entire network, a move that will explode the amount of content on the site.

The new arrangement is part of two new Facebook initiatives, one of which is the Timeline. Users can fill in their Timelines with both content pulled in from other services — say, an article “liked” on Ars Technica or a game played — as well as “real world” activities like photos or status updates. The real world content can be filtered by date into the timeline, so users can fill in their backstory on the site with everything that happened before Facebook existed: moves to a new city, first words as a baby, or every single relationship breakup pre-2004.

Once in place, the timeline will be the new News Feed, with friends’ updates streaming past. But not everything will make it into the Timeline: small updates, like what music friends are listening to, may be relegated to the Ticker, the integrated online friends/status update bar rolled out Wednesday. Users will be able to choose which activities are significant enough to appear in their timelines.

Zuckerberg also placed emphasis on the new use of verbs in timelines, which will allow people to sort their friends activities in different ways. For instance, with a status update reading “Casey Johnston is watching Veronica Mars for the millionth time,” users will be able to click both “watching” to see what else friends are viewing at the moment, or “Veronica Mars” to see a list of other friends who like Veronica Mars.

These updates will feed into the second new feature, Facebook Open Graph, which collects and ranks the the activities or items that friends are interacting with. Apps that integrate with Facebook will be sorted in Open Graph based on popularity with a user and his or her friends, including Spotify, Hulu, Netflix, Foodspotting, Vevo, and Nike+, among many others. Open Graph is intended to help with app discoverability, showing users what their friends are doing without flooding their feeds every time a friend kills a mobster or plants a new crop of corn.

When Timeline was introduced, Chris Cox, director of product at Facebook, noted that “there is nothing we love to summarize more than time itself,” stating that with the new features it would be possible for users to create months or years in review.

Of course, Facebook’s entire motivation isn’t just for friends to become more intimate with each others’ past and present. Daniel Ek, Spotify CEO, spoke briefly at the conference, and noted that “because our [Spotify's] playlists are social, they [users] are more engaged. And because they are engaged, they are more than twice as likely to pay for music.” For Spotify, which boasted 2 million paying members worldwide as of Wednesday, the exposure to the better part of a billion Facebook members could mean big bucks.

The new completionist Facebook is a significant departure from what Facebook’s most avid competitors, Google+ and Twitter, currently offer on their sites. If Facebook can get users to buy into putting their whole life histories on the site, the amount of content there will explode, and create an investment and representation of self users won’t be likely to abandon. And with more content comes more opportunities to target ads.

The beta for Facebook’s timelines begins today, with availability being rolled out gradually. Neither Zuckerberg nor any of the speakers mentioned a timeline for the new version, but we expect it will be sooner rather than later.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

File Under: Identity, Security, Web Basics

EFF Wants to Secure the Web With “HTTPS Now” Campaign

The Electronic Frontier Foundation (EFF) has kicked off a new “HTTPS Now” campaign to educate consumers and help “make web surfing safer.”

The new campaign is a two part effort. First the EFF would like to encourage users to install the HTTPS Everywhere Firefox add-on, which will automatically redirect you to https connections. HTTPS Everywhere makes sure you’re always using a secure connection when you visit Gmail, Twitter and several dozen other sites; you don’t need to worry about checking the URL everytime you login.

While HTTPS Everywhere is a good suggestion for users, the primary thrust of the HTTPS Now campaign is aimed at popular websites. After all, HTTPS Everywhere only works if your favorite sites offer secure connections, and an alarming number of sites do not.

The EFF has partnered with Access, a digital freedom activist group, to create the new HTTPS Now website. The new site will keep track of which sites offer HTTPS connections, how much of the site is secure and whether or not the site mixes secure and insecure content.

Why all the fuss about HTTPS? Well, every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection, you expose your data to the world. It’s a bit like writing your username and password on a postcard and dropping it in the mailbox.

There is a better way, the secure version of HTTP — HTTPS. That extra “S” in the URL means your connection is secure, and it’s much harder for anyone else to see what you’re doing. Think of the extra “S” as the envelop that keeps prying eyes from looking at your postcards.

The problem gets a bit more complicated than just HTTPS though. Most sites already use HTTPS to handle your login info — that’s a good first step — but once you’re logged in the sites often revert back to using an insecure HTTP connection. That means you’re vulnerable to simple attacks like those made possible by the Firesheep Firefox plugin. Firesheep sniffs network traffic and looks for insecure cookies which it then uses to spoof your login credentials to the site. Firesheep allows other people to quickly and easily become you on the web.

So why doesn’t the entire web use HTTPS all the time? The answer is slightly complicated, but the primary reason is speed. HTTPS can’t be cached on CDN networks and there are also some (minor) costs involved with HTTPS certificates.

But obviously neither cost nor minor speed hits have stopped big sites like Twitter, Facebook, Gmail and Flickr from implementing HTTPS. The EFF would like to encourage other sites to follow suit.

If you’d like to see how your favorite sites fair when it comes to protecting your data from traffic snoops, head on over to the HTTPS Now website.

Photo: Joffley/Flickr/CC

See Also:

File Under: Identity, privacy

Mozilla’s ‘Do Not Track’ Header Is Starting to Catch on With Advertisers

Among the many new features in Firefox 4 is support for the Do Not Track (DNT) HTTP header. If you turn on the DNT header in Firefox 4′s preferences pane, the browser will broadcast a custom header in HTTP requests which tells servers you want to opt out of any tracking cookies.

Mozilla developed the DNT header to give users an easier way to opt out of increasingly intrusive online tracking by websites and advertisers. The header is, in the long run, a far better solution than constantly updating cookie-based block lists, which is currently the main solution for most users.

The problem with the DNT header is that, until now, no websites actually looked for it.

That, however, is changing. Mozilla announced today that the AP News Registry has implemented support for the DNT header across 800 news sites, which see more than 175 million unique visitors every month. That’s a huge shot in the arm for Do Not Track, which was previously a great idea, but one with little real world application.

Starting today, provided you turn on the DNT preference in Firefox 4, the AP News Registry will no longer set any cookies.

Mozilla also reports that it is in talks with the Digital Advertising Alliance to get the self-regulating group to support the DNT header as well. Strange though it may sound, the online ad industry actually has a decent track record of working with privacy advocates and even offers its own cookie-based opt out list. In other words, there is a good chance that DNT will be broadly adopted within the online ad industry.

While the DNT header seems well on its way to becoming a de facto standard (and a real standard, provided the W3C accepts it), it’s important to bear in mind that it will never stop rogue advertisers who choose to ignore your DNT settings. For the bad apples in the bunch, cookie-based blocking will remain the only viable option.

Footprints photo by Vinoth Chandar/Flickr/CC

See Also:

File Under: Browsers, Identity

Firefox 4 Beta 11 Offers ‘Do Not Track’ Privacy Setting

Firefox 4 goes to eleven. Mozilla has released an eleventh beta of Firefox 4, the next major version of the browser. Beta 11 includes the usual bug fixes and speed improvements, but it also has a new feature — the “Do Not Track” setting Mozilla is hoping will become a standard.

If you’re already using Firefox 4 you should be automatically updated. If you’d like to help Mozilla test Firefox 4, head over to the beta downloads page and grab a copy of beta 11.

The Do Not Track feature is a new HTTP header that will stop behavioral advertising tools from tracking where you go on the web. To turn on the new feature just check the box under the Advanced tab in Firefox 4′s preferences.

For now all you’ll be doing is broadcasting the new header information; it won’t actually have any effect. Because no online advertisers yet support the header, the new feature won’t protect your privacy. However, some of the biggest names on internet advertising already voluntarily offer a cookie-based opt-out system and it seems likely that, with Mozilla behind the new header, the same companies will support the new option eventually.

Mozilla is planning to release at least one more beta and then a round of release candidates before Firefox 4 is finalized later this year.

See Also:

A DIY Data Manifesto

The word “server” is enough to send all but the hardiest nerds scurrying for cover.

The word usually conjures images of vast, complex data farms, databases and massive infrastructures. True, servers are all those things — but at a more basic level, they’re just like your desktop PC.

Running a server is no more difficult than starting Windows on your desktop. That’s the message Dave Winer, forefather of blogging and creator of RSS, is trying to get across with his EC2 for Poets project. The name comes from Amazon’s EC2 service and classes common in liberal arts colleges, like programming for poets or computer science for poets. The theme of such classes is that anyone — even a poet — can learn technology.

Winer wants to demystify the server. “Engineers sometimes mystify what they do, as a form of job security,” writes Winer, “I prefer to make light of it… it was easy for me, why shouldn’t it be easy for everyone?”

To show you just how easy it is to set up and run a server, Winer has put together an easy-to-follow tutorial so you too can set up a Windows-based server running in the cloud. Winer uses Amazon’s EC2 service. For a few dollars a month, Winer’s tutorial can have just about anyone up and running with their own server.

In that sense Winer’s EC2 for Poets if already a success, but education and empowerment aren’t Winer’s only goals. “I think it’s important to bust the mystique of servers,” says Winer, “it’s essential if we’re going to break free of the ‘corporate blogging silos.’”

The corporate blogging silos Winer is thinking of are services like Twitter and Facebook. Both have been instrumental in the growth of the web, they make it easy for anyone publish. But they also suffer denial of service attacks, government shutdowns and growing pains, centralized services like Twitter and Facebook are vulnerable. Services wrapped up in a single company are also vulnerable to market whims, Geocities is gone, FriendFeed languishes at Facebook and Yahoo is planning to sell Delicious. A centralized web is brittle web, one that can make our data, our communications tools disappear tomorrow.

But the web will likely never be completely free of centralized services and Winer recognizes that. Most people will still choose convenience over freedom. Twitter’s user interface is simple, easy to use and works on half a dozen devices.

Winer doesn’t believe everyone will want to be part of the distributed web, just the dedicated. But he does believe there are more people who would choose a DIY path if they realized it wasn’t that difficult.

Winer isn’t the only one who believes the future of the web will be distributed systems that aren’t controlled by any single corporation or technology platform. Microformats founder Tantek Çelik is also working on a distributed publishing system that seeks to retain all the cool features of the social web, but remove the centralized bottleneck.

But to be free of corporate blogging silos and centralized services the web will need an army of distributed servers run by hobbyists, not just tech-savvy web admins, but ordinary people who love the web and want to experiment.

So while you can get your EC2 server up and running today — and even play around with Winer’s River2 news aggregator — the real goal is further down the road. Winer’s vision is a distributed web where everything is loosely coupled. “For example,” Winer writes, “the roads I drive on with my car are loosely-coupled from the car. I might drive a SmartCar, a Toyota or a BMW. No matter what car I choose I am free to drive on the Cross-Bronx Expressway, Sixth Avenue or the Bay Bridge.”

Winer wants to start by creating a loosely coupled, distributed microblogging service like Twitter. “I’m pretty sure we know how to create a micro-blogging community with open formats and protocols and no central point of failure,” he writes on his blog.

For Winer that means decoupling the act of writing from the act of publishing. The idea isn’t to create an open alternative to Twitter, it’s to remove the need to use Twitter for writing on Twitter. Instead you write with the tools of your choice and publish to your own server.

If everyone publishes first to their own server there’s no single point of failure. There’s no fail whale, and no company owns your data. Once the content is on your server you can then push it on to wherever you’d like — Twitter, Tumblr, WordPress of whatever the site du jour is ten years from now.

The glue that holds this vision together is RSS. Winer sees RSS as the ideal broadcast mechanism for the distributed web and in fact he’s already using it — Winer has an RSS feed of links that are then pushed on to Twitter. No matter what tool he uses to publish a link, it’s gathered up into a single RSS feed and pushed on to Twitter.

Dave Winer's RSS-centric vision of a distributed web image by dave winer via flickr

Winer will be first to admit that a distributed system like he imagines is still a little ways off, but as they say, the longest journey starts with a single step. For Winer EC2 for Poets is part of that first step. If you’ve never set up your own server, don’t even really totally understand what a server is, well, time to find out. Head on over to the EC2 for Poets site and you’ll have a server up and running fifteen minutes from now. The distributed web awaits you.