Lessons from iMeme

The opening panel of iMeme 2007 posited that Google, Second Life, Facebook, and Salesforce.com are (becoming) platforms rather than applications. Moderator David Kirkpatrick asked whether becoming a platform was the ultimate goal for a technology company. The responses from the panelists tend to suggest it is, at least for them—but if it weren’t, it’s unlikely they’d have been invited to present on that panel.

To become a platform, you have to let other people play with your toys. All these companies have done so, with the most recent example being the phenomenally successful release of the Facebook API. (That stands for “Application Programming Interface” and means you make enough of your source code available that anyone with the right skills can develop plugins for your software. A plugin, as my mother-in-law explained when I first met my fiancé the software developer, is like the software equivalent of an attachment for your mixer.)

So there was a lot of talk about openness and how you can bring anything into Facebook: Twitter, video, blogs, etc. and so on.

Yes, but can you take it out again? Marc Benioff, CEO of Salesforce.com, pointed out that the reason so many people are stuck with IBM mainframes is that they can’t export their metadata. You might be able to export your list of contacts, but not the connections between the different contacts and the networks within the company, not the workflow, not the customizations. And those are the things that make the data really useful.

If your computer dies, you can reinstall your operating system in a couple of hours, but it might be days before you’ve got everything customized back to the way you were using it: the fonts, the icons, the themes, the view settings, the browser plugins, the hotkeys, the e-mail filtering rules… To back all of that up, you need a complete drive image, and if you try to restore that to a computer that isn’t identical to the one you made the image from, it probably won’t work.

FIR correspondent Dan York has talked a lot about “walled gardens” on the Internet, places like Second Life and social networks where members can communicate with others inside the network, but not reach outside. But the issue isn’t really that there’s no communication between those within these new spaces and those outside of them. It’s that once you create your profile/build your avatar and build up a network, you can’t take it with you. You can’t move your Facebook friends into LinkedIn, or vice versa. (You can’t take your graphically superior World of Warcraft character into Second Life, either.)

Esther Dyson, chief asker of provocative questions, expressed this as a tension between these would-be platforms and their users over data ownership, though it might be more appropriate to describe it as a dispute over metadata ownership. And while Mark Zuckerberg blithely assured her that the solution was to give the users total control over their data, Facebook’s terms of service explicitly prevent that, by giving Facebook a license in perpetuity to use whatever you put into it.

Beyond the issues of cross-platform incompatibility of things like avatars (a trickier technical issue than matching up the categories for profile data and the type of relationship someone else has to you), beyond even the fact that many of these sites make their money from advertising and therefore sell your contact information and stated likes and dislikes to corporations, not to mention displaying ads next to your content, there’s a more serious issue.

The thing which makes social networks interesting is the thing which makes them dangerous. It’s extremely useful to type in a single query and find out who out of the people you already know has a connection to a person you want to meet. It’s fun to find out who has read the same books or seen the same movies. But boy, does it make you vulnerable. And it makes all your friends vulnerable, too.

Suppose someone I know owes money to an unscrupulous creditor. The creditor has connections to organized crime and gets their phishing/pharming specialists to hack into the social network both I and my acquaintance belong to. Now, instead of just harassing the person who owes the money, the creditor can call all the debtor’s friends and colleagues in an attempt to enlist them in getting the money. In the process of doing so, the creditor will annoy a lot of people and probably ruin the debtor’s reputation.

Or suppose you’re an author marketing your book through MySpace. You accept all the friend requests made to your book (or main character). Then one of your readers gets arrested on suspicion of terrorism. That gives the U.S. government the right to that person’s data, which means you are going to show up on the list of that person’s “friends.” So even if you’ve never met the suspect and had nothing to do with whatever s/he is accused of, you might find yourself having a chat with Homeland Security.

And that’s why we can’t just transfer our connections from one network to another without asking their permission. The people we know have a right to decide in which context they want to admit to knowing us. Even those who know and trust us might prefer to limit the amount of collateral damage they let themselves in for by staying out of certain environments and keeping their metadata to themselves.