There’s been an interesting thread on the AoIR mailing list lately about the possibilities of social network migration and aggregation. One list member longed for aggregation:
I wonder if we would see a sort of a social network aggregator developed in the near future. A tool to integrate all our networks.
Today, we can aggregate all the news, blogs, etc. we need using an RSS reader. We can also aggregate all the content that we create on different platforms in one place – using jaiku.com, so that it is easier for others to follow everything we do online.
Would that be possible to somehow integrate all our online social networks? Is there a need for it?
I replied that migration would be preferred to aggregation:
IMO, what would be best is standardization of data structures across social networks to enable portability of user data. I should be able to pick up all my data (and relationships?) from one social network and move to another.
And later, in response to concerns about how aggregation might lead to decontextualization of information, I repeated:
That’s why I’d argue for data portability, not aggregation. Allow me to choose my own context for which to share my personal information. If I tire of the culture at Facebook, I should be able to easily port my profile to another site.
The conversation continued among various members, and then I stumbled upon Google’s involvement in the development of a social network aggregator, Socialstream. After posting that fact to the list, some grew concerned with Google gaining access to yet another part of our lives and the challenges of aggregating from various sources with various privacy policies:
Subject: Google scares me again
When Google aggregates different social software types, how is it going to handle the different amounts/kinds of disclosure that the different softwares now permit/forbid. Will it encompass Business software such as Visible Path, Linked In or (cursed be its name), Plaxo.
The emergence of an aggregator like Socialstream prompted another reader to ask me:
I’m wondering whether Michael might share some insights about legal issues that will need to be addressed by businesses who enter into agreements with others businesses to share personal information about their users and online practices. In reading through information presented about the Google product, it was suggested that user actions would be regulated by business agreements. many decisions are going to be made for individual users would be made for the user by the business owners and operators. It was suggested that users would only need to specify, “as an afterthought”, who would be able to see personal informaton and what services would host it. This is a major change in practice from the manner in which users are currently using Google services, particularly those related to the capture and exchange of personal information with other entities (government agencies including law enforcement, public and private sector businesses, private citizens).
After providing the caveat that I’m not a lawyer, I gave this lengthy reply:
The notion of businesses entering into agreements with other businesses to share personal information about their users (and online practices) is nothing new. I recently bought some items from Babies R Us, and they required my phone number in order to process the transaction. I decided to give it to them, and suddenly I’m on the mailing list for a dozen various baby retailers (power of reverse look-up directories). Businesses have been selling customer lists and purchasing habits long before Amazon or Google got into the game.
In terms of legal issues, it seems that business (contractual) agreements are often the ONLY thing regulating the flow of personal information in these contexts. There are very few (U.S.) laws limiting the flow of personal information among companies, and those that do exist are for very specific data sets (library records, medical records, video rental records, etc). The only limits are self-imposed by the companies themselves, and more often than not, the “privacy policies” and EULAs we sign off on are much more about how they WILL share our information as opposed to how they will PROTECT our privacy. IE, when we sign up for our “frequent shopper cards” we’re signing a business agreement that includes in the fine print our acceptance of the fact that the data will be shared with “trusted partners” or some fluff like that. Facebook has similar language in their Privacy Policy: “We may offer stores or provide services jointly with other companies on Facebook. …and we may share customer information with that company in connection with your use of that store or service.”
Unfortunately the norm is for the flow of personal information to be much more in the control of business interests than the individuals themselves. We have little choice in the matter that Choicepoint has aggregated all of our financial information, and once we sign up for our Facebook account we allow that business agreement to dictate how Facebook will handle our information as well.
Gail seems to suggest that Socialstream’s aggregation of social network information from other services via “business agreements” among the parties constitutes a “major change in practice from the manner in which users are currently using Google services.” Well, I suppose so, but maybe not in the way Gail is suggesting. As more and more users migrate to “Planet Google” to fulfill their needs for information seeking, shopping, news, blogging, browsing, spreadsheets, e-mail, chat, and so on, we provide Google singular access to all that information in about our lives. Rather than being dispersed among various services (both online and off), for many people, all such activities are linked through a common Google Account and/or cookie. So, it seems that for users currently using Google services, acquiescence in the collection of personal information by Google has already taken place. Perhaps Socialstream is Google’s attempt to gain access to even more of “all the world’s information” that is currently beyond their reach. While users of Facebook might presume that their actions aren’t visible to Google’s crawlers (see this for a possible exception), a service like Socialstream would mean even actions on non-Google properties could be captured by Larry & Sergey.
This leads to what I see as the real possible danger here. Users of various social networking services might be working on the assumption that their activities on a particular site remain there – that they are bound by the context of that environment and culture. By allowing all that activity to be aggregated by some third party, any contextual integrity of those actions might be violated. This is similar to concerns about Facebook opening up their databases via an API framework. (A key design feature to avoid this is allow individual users to opt-in to such an aggregation of their site-specific activities by off-site services).
In general, I can see two different situations emerging form such a social network aggregation schema as Socialstream: (a) users gain more control of their social networking data. They have a single repository of all their personal information, and selectively dole out which sites get what pieces of data, etc. ; or (b) Single entities (such as Google) obtain the power to aggregate users activities that are currently dispersed across numerous platforms, threatening the ability of users to control who has access to their personal information. Which way the bottle will point once it stops spinning, I don’t know….
I haven’t really thought hard about these issues beyond this stream-of-consciousness e-mail reply. Clearly, there is work to do on this…
MichaelZimmer.org 