Update: GoDaddy has responded to Namecheap's accusations. See the statement below.

We wanted to give our customers a quick update on the status of domain transfers associated with one of our competitors, GoDaddy.

First, we're very sorry that some of you in the past 24 hours have experienced delays in transferring domains over to us.

As many customers have recently complained of transfer issues, we suspect that this competitor is thwarting efforts to transfer domains away from them.

Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules.

We at Namecheap believe that this action speaks volumes about the impact that informed customers are having on GoDaddy's business.

It's a shame that GoDaddy feels they have to block their (former) customers from voting with their dollars. We can only guess that at GoDaddy, desperate times call for desperate measures.

Don't worry - each and every transfer request will be processed manually by our team. Every request will go through. We won't rest until everyone who wants to join the Namecheap family can do so!

Note: Italics emphasis is ours, bold by Namecheap.

The Verge reports that GoDaddy lost 21,054 domains on Dec. 23, 2011 yet gained 20,034 domains. While it has been widely reported that there has been an exodus from GoDaddy, it appears that much of the churn has been business as usual for the domain registrar.

Users began to boycott GoDaddy and transfer their domains away from the service after GoDaddy was revealed to be one of the official supporters of the Stop Online Piracy Act that has become very unpopular among technology circles. GoDaddy has since rescinded its support of SOPA but the damage has been done and the fact of the matter is that GoDaddy still supports SOPA in theory, if not in an official capacity.

Here is a screen shot from a user trying to transfer his website:

Reports surfaced last week that GoDaddy was calling clients with large numbers of registries that were trying to transfer away, begging them to stay. GoDaddy realizes that the cost of the SOPA blunder and PR nightmare could mean millions of dollars lost in the short term and less public trust in the longer run. Namecheap wants to position itself as the go-to destination for GoDaddy refugees. Hence, whatever Namecheap can do to make GoDaddy look bad in the process is good for business.

Are you transferring out of GoDaddy? Has the process been easy? Have you experienced delays? Let us know in the comments.

Update 5:18 EST, Dec. 26:

GoDaddy has responded to Namecheap's accusations in an email to tech blog TechCrunch. In the statement, Richard Merdinger, senior director of product development at GoDaddy, says that Namecheap never contacted GoDaddy about normal rate limit blocking for transferring of domains. According to Merdinger, the block has been removed and GoDaddy is not hindering domain transfers to Namecheap. See the statement sent to tech blog TechCrunch below:

Namecheap posted their accusations in a blog, but to the best our of knowledge, has yet to contact Go Daddy directly, which would be common practice for situations like this. Normally, the fellow registrar would make a request for us to remove the normal rate limiting block which is a standard practice used by Go Daddy, and many other registrars, to rate limit Whois queries to combat WhoIs abuse.

Because some registrars (and other data gathering, analyzing and reporting entities) have legitimate need for heavy port 43 access, we routinely grant requests for expanded access per an SOP we've had in place for many years. Should we make contact with Namecheap, and learn they need similar access, we would treat that request similarly.

As a side note, we have seen some nefarious activity this weekend which came from non-registrar sources. But, that is not unusual for a holiday weekend, nor would it cause legitimate requests to be rejected. Nevertheless, we have now proactively removed the rate limit for Namecheap, as a courtesy, but it is important to point out, there still may be back-end IP addresses affiliated with Namecheap of which we are unaware. For complete resolution, we should be talking to each other -- an effort we are initiating since they have not done so themselves.

-Rich Merdinger
Sr. Director of Product Development - Domains
Go Daddy

Several commenters and people on Twitter have noted that of the several domains they transferred off of GoDaddy, the last few have taken a lot longer than the first. What has been your experience? Let us know in the comments.

Those who hadn't memorized Metro's schedules had to employ its persnickety Trip Planner, a clunky Web form that not only won't let you click on a map to specify your location but also chokes on cities, states, Zip codes and even commas if you add them to a street address. Meanwhile, other U.S. cities had enjoyed transit directions from sites like Google Maps since at least 2005. But not DC.

Start lobbying to open a conversation. Greater Greater Washington editor David Alpert quickly had hundreds of signatures on a petition protesting the decision. That persuaded Metro to detail its objections: fear of losing $68,000 in yearly ad revenue from the Trip Planner page, a wish to be paid for its data, and the legalese around data sharing. That then widened the discussion from an argument over APIs to one over the proper use of taxpayer dollars.

"David came along and started this campaign," said Christopher Zimmerman, an Arlington County Board member who chaired Metro's board in 2008. "It wouldn't have happened without the public pressure." Alpert could also lobby Metro from closer in after joining its Riders' Advisory Council in January of 2009.

Flipping the debate from potential profits to actual expenses. Gordon Linton, a former head of the Federal Transit Administration who served alongside Zimmerman on the Metro board, focused on the opportunity cost of giving data to other sites. He said the agency had given away resources - for example, free parking for car-sharing services - that it later realized could yield income.

"While we were raising fares and cutting service if we were investing staff time and energy for a product that would reap some financial benefit for those who would use it and sell it, then we in turn should get some money back," Linton said.

Zimmerman took the opposite argument: the ease of upgrading one aspect of the Metro experience. "We were having a lot of difficulties," he said. "If some of these things don't cost us anything or don't cost us a lot [to fix], we should do them right away."

Alpert suggested this debate encouraged Metro staffers to rethink things. "Staff may have felt they were under orders from the board to maximize revenue. Zimmerman gave them permission not to worry about that."

Oh, and Google never had any interest in paying for a schedule feed. Wrote spokeswoman Anne Espiritu: "We do not pay agencies for their data."

A change in leadership can help. All of this effort got sidetracked on June 22, 2009 when two Red Line trains collided and killed nine passengers. Things were set back further when general manager John Catoe unexpectedly resigned in early 2010 and his interim replacement Richard Sarles had to focus on safety upgrades.

But Sarles' earlier employer, NJ Transit, had provided rail schedules to Google back in 2008. He wanted to follow suit here, said Metro spokesman Dan Stessel.

Metro and Google signed a data-sharing agreement in July of 2010, once Google had dropped earlier demands for an indemnification clause. Metro directions showed up on Microsoft's Bing Maps in September 2010; they arrived on Google in May after a final shove from Sarles following his appointment as WMATA's full-time general manager in January.

(But even now, you must return to Metro's sites or a few third-party apps for bus and train arrival predictions. Google only announced a standard format for that data, GTFS-realtime, in August, and Metro is still weighing support for that. And some regional bus systems that Metro's Trip Planner includes have yet to provide their own GTFS data to mapping sites.)

What about the original financial arguments? We may never know how the math worked out: without detailed surveys, you can't draw a line from clicking on maps to boarding trains. But Stessel, who didn't provide a dollar cost for the work involved, suggested that the rationale merchants invoke to invest in intangibles like store or site designs works for public transit too: "Our primary motivation is improving the customer experience." Zimmerman had a more philosophical justification for how a government agency should act: "Putting information in the public domain is part of what we do."

Sometimes, being open isn't easy. You could say that there were many stops on the route that Metro took.

In an interview with Geekwire, Anokwa explained the kit is already being used to do socio-economic and health surveys. The survey data is tied to GPS locations and assigned images. Additional projects include creating "decision support" for medical professional sand "building multimedia-rich nature mapping tools.."

The ODK is an out-of-box tool that allows the user to build a data collection form or survey, collect the data on a mobile device and send it to a server, aggregate the collected data on a server and extract it in useful formats.

The kit has been used to monitor fraud in Afghanistan, map water sources in Ghana, monitor deforestation in Brazil, survey human rights violations in the Central African Republic, to support community health workers in Boston and more.

As a detailed example of the use of the Open Data Kit, he offered USAID's AMPATH project in Kenya.

"AMPATH in Kenya has been using ODK for their HIV home-based counseling and testing program. Their counselors go house to house with phones running ODK. The software walks them through a standardized counseling and testing protocol and the geo-tagged results are sent to their OpenMRS medical record system using WiFi or GPRS. AMPATH has reached some 65,000 individuals and has been able to rapidly and cost-effectively identify individuals at significant risk from HIV, saving lives."

What links did we miss? Let us know in the comments.

Called The Locker Project, the open source service will capture what's called exhaust data from users' activities around the web and offline via sensors, put it firmly in their own possesion and then allow them to run local apps that are built to leverage their data. Miller's three person company, Singly, will provide the corporate support that the open source project needs in order to remain viable. I'm very excited about this project; Miller's backgrounds, humble brilliance and vision for app-enabling my personal data history is very exciting to me.

Where data extraction is made easy already by APIs or feeds, Lockers will pull it that way. Where the data is appealing and the Locker community is motivated to do so, data connectors will be built.

Searching those data archives has been a technical challenge for many other startups, but the Locker team says it is trivial for them - because they only have to build search to scale across your personal data and the data you've been given permission to access by members of your network.

Seach and sharing across a user's network will be powered by Miller's eagerly-anticipated open source P2P project called Telehash, described as "a new wire protocol for exchanging JSON in a real-time and fully decentralized manner, enabling applications to connect directly and participate as servers on the edge of the network."

The team was not yet willing to disclose the identities of its investors on the record.

Apps on Your Platform

Building a developer ecosystem is going to be the team's biggest priority. What will apps look like in the Locker ecosystem? They'll be pieces of software run locally on top of your personal locker and across any of your network connections that give them permission.

The app model is a compelling one and provides a logical source of revenue for Locker and Singly. Presumably they will monetize sales of apps.

The team is collecting video testimonials from industry luminaries about what kinds of apps they'd like to see built on top of their data. Singly won first prize in the startup competition at the O'Reilly Strata conference and Tim O'Reilly himself later gave the project a shout-out in a panel on data ownership.

The team behind the project say they fantasize about apps like:

• food recommendations in neighborhoods they've visited from restaurants their friends have checked in at


• a newsfeed filtering out what their click-stream history shows they've already read


• pre-diagnosis of possible medical conditions based on personal medical and other history.

Your personal data will likely be of interest on its own, as a type of diary, but it's probably going to be much more interesting and useful when cross-referenced with other sets of data. Those other sets of data will provide context, surfacing correlations and patterns that would otherwise be invisible. Recommendations, personalization, alerts, benchmarks, social and self assessment: the types of value adds that can be built on top of a good data set are just beginning to be explored. And there are few data sets as interesting, to you, than you.

Part of a Big Picture

Kaliya Hamlin, long-time online identity expert and now Executive Director of the Personal Data Ecosystem Collaborative Consortium, is enthusiastic. Hamlin says Miller's project is "a great development from the perspective of this emerging market/ecosystem happening. Others are looking at getting into the personal data store market as well, personal.com is coming to market for example, services businesses too - this is really happening."

In a blog post on the sector in general earlier this week, Hamlin put it this way:

"A nascent but growing industry of personal data storage services is emerging. These strive to allow individuals to collect their own personal data to manage it and then give permissioned access to their digital footprint to the business and services they choose--businesses they trust to provide better customization, more relevant search results, and real value for the user from their data."

She also expects the personal data market to become subject to extensive regulation soon.

Miller says that some ad industry people he's spoken with hope that an independent system for data stores under the control of consumers themselves will help create an atmosphere concerning liability more amenable to innovation on top of that data than exists today. Advertisers are interested of course, but far more app developers will likely seek to build on top of that data once it's accessible and properly permissioned.

The people behind The Locker Project will have no shortage of issues to tackle trying to take a distributed, open-source, app-centric approach to leadership in an emerging era of data. It wouldn't be the first time that Jeremie Miller has managed to change the world though.

Facebook announced this weekend that it would begin offering third-party applications and websites a way to request that users share their "current address and mobile phone number." Simple enough, right?

While Facebook says that the move is intended to make it easier for users to take their information with them across the Web, members of the data portability community argue that its yet another move by Facebook to lock users in. At the same time, the question of how Facebook handles these permission requests and whether or not it's clear to the end user is a point of contention that further calls into question how a user's online identity should be handled.

We asked some experts in the field and here's what they had to say.

Facebook: It's All About Portability

First, Malorie Lucich, a Facebook spokesperson, told us that the impetus for the change comes down to enabling users to bring their information with them, rather than forcing them to type in the same information wherever they go:

We want to make it easy for people to take the information they've entered into Facebook with them across the web. This new permission gives people the ability to control and share their mobile phone number and address with the websites and apps they want to use for more efficient experiences. As always, no information will be shared with an app or website until a user explicitly chooses to share it.

David Recordon, a senior open programs manager at Facebook and member of the OpenID Foundation, commented yesterday that the feature was intended to offer precisely this portability. "Given that I trust Kickstarter enough to give them my credit card information, I also trust giving them with my address," wrote Recordon. "Why should I need to type my address in again versus them being able to ask me for it?"

Other members of the data portability community, however, see things differently and call into question Facebook's methods of data sharing.

A Central Hub or Cog in the Machine?

"The problem is not that the user can (and must be able to) choose to access their data from Facebook on a 3rd party site," said Chris Saad, co-founder of the Data Portability Project and VP of strategy at Echo. "The problem is that Facebook has architected the whole thing from the beginning to be an exclusive hub and spoke relationship with them rather than a peer to peer relationship on the open web."

According to Saad, Facebook's intentions are simple - to get third-party sites and apps to rely entirely on Facebook for user information. "It's like giving a taster," he said. "Paying comes later."

Alana Joy, an independent digital strategist, agreed with Saad that Facebook was vying to be the central hub, rather than another cog in the machine.

"Facebook seems to be more concerned with positioning themselves as the official global 'people registry', harvesting users' information for profit," said Joy, "than they are about providing a safe place for individuals to share their lives with only those they choose to."

Of course, Facebook founder Mark Zuckerberg has said rather plainly that the company wants to push people's boundaries and expand the idea of public versus private. A key point that the company stands behind is that the user is given the opportunity to decide whether or not they share this information, both in privacy settings and in the permissions dialog.

"We introduced the granular data permissions model last April to make it clear to users exactly what information an app or website is requesting, allowing them to make more informed decisions about whether or not they want to proceed," said Lucich. "That being said, we're always looking into ways to make the platform user experience as positive and clear as possible."

With Third-Party Apps, It's All or Nothing

This sort of granularity isn't enough for Elias Bizannes, a board member of the Data Portability Project.

"Something bugs me about the Facebook connect privacy options," said Bizannes. "When you connect, you see what permissions you have to give, but you don't have an option there to deny individual permissions."

According to Facebook, apps should only be requesting information they absolutely need and therefore, were a user to deny access, the app wouldn't be able to function anyway.

"The reason why people can't pick and choose what data to share is because the app needs the requested information in order to perform its core services, such as photo access for a photo app and birthday date access for a calendar app. Developers are required to only request the information it needs to provide a customized experience," wrote Lucich. "Ultimately, it's up to the user whether or not he or she wants to grant an app access to their information."

Bizannes argues that the current model of permission forces users to blindly accept and allow the sharing of their information, "because they know if they click 'no' they don't get any access to the app."

"Users should have the ability to decide upfront what data they permit, not after the handshake has been made where both Facebook and the app developer take advantage of the fact most users don't know how to manage application privacy or revoke individual permissions," argued Bizannes. "Data Portability is about privacy-respecting interoperability and Facebook has failed in this regard."

On The Other Hand...

Inside Facebook's Josh Constine takes a more tempered approach to the whole thing, suggesting that instead of kowtowing to fear, Facebook should "instead push forward while minimizing negative outcomes by helping users make [a] more informed decision."

Constine's article echoes Recordon's sentiments, reminding the fearful that Facebook has been diligent in other instances and made sure that third-parties were dealt with appropriately when they mismanaged user information. The new feature may ask users for more in terms of personal information, but "there are many benefits to allowing developers to ask users for their contact information," writes Constine. "Mobile phone number access could power apps that act as up-to-the-minute communication hubs between groups of friends, allowing members to be notified by SMS when friends are nearby, want to plan an event, or upload new content. Home address access could let ecommerce sites pre-populate delivery details during checkout, leveling the playing field so smaller merchants can compete with established giants like Amazon that have already forced users to type in their address manually."

Saad argues that Facebook continually ups the ante without properly notifying its users.

"It's obvious that most users don't understand the bargain they're making - and that's mostly because Facebook keeps changing it," said Saad. "The same prompt that once granted some basic permissions for authentication now grants permission to your whole life."

Pete Warden, a big data guru who recently found himself on the wrong side of Facebook's line between public and private, says that a big result of this new feature will be for third-party sites and applications to figure out who you really are.

"The most interesting part of this change is the ability it gives companies to connect Facebook accounts with information from offline databases," said Warden. "There's a treasure-trove of marketing data available for every household in the US that they'll now be able to use to profile their Facebook users for everything from buying habits to income, children and pets."

According to Warden, this sort of data will help sites connect your activities to your real identity in ways that were previously not possible.

While the word "privacy" has been a sore point for Facebook over the past year, is it that Facebook is entirely cavalier with user information or is it just that its scale provides an easy target? Warden said that Facebook isn't much different from many other sites. "They're just behaving like the rest of the marketing world, the only difference is that they're under a lot more scrutiny than everyone else."

To Share or Not to Share?

In the end, does this come down to the simple question of whether or not you should ever share this information if you don't want it to be public? This is a solution that many users advocate. On the other hand, should users be petitioning for a more granular control over their information, wherein they can make more individual decisions over when and where they share what information? The fact that Facebook wants to be your one true login is no secret and the company will continue to push the boundaries in this realm. How will most users react?

"Most people won't care until they personally are victimized by it," predicted Alana Joy. "Like the gentleman whose profile picture was used in a Facebook ad for singles when he is a married professional with a family. [...] It really does illustrate just how Facebook can and will do whatever they want with whatever you post there."

We spoke with a few members of the data portability community to see what they had to say about the debate between these two big companies and what it means for the rest of us.

Eve Maler (aka XMLgrrl), host of the User-Managed Access group among other things, started off by reminding us that "Facebook's end-users are not its customers; they're the product." While Google's relationship to its end-users is much the same, she said, "it has developed a strategic stance on privacy and data portability that accepts and promotes greater user control of the personal data it sees, and this allows Google to capture the high ground in this debate."

Forcing Facebook's Hand

Chris Saad, co-founder of the Data Portability Project and VP of strategy at Echo, agrees with Maler that Google has the upper hand in the debate.

"Facebook has been a one-way beneficiary of Data Portability for far too long," said Saad. "Google asking for reciprocity from equal peers on the internet is a perfectly reasonable, if not overdue, move."

Elias Bizannes, executive director of the Data Portability Project was a bit more ambivalent in his approach, framing the entire situation in terms of global trade negotiations. According to Bizannes, nobody is winning at this point.

"This tit-for-tat approach is what governments still practice with trade and people-travel restrictions," explained Bizannes. "The reality is, Facebook and Google are hurting the global information network."

When user data can be moved around at a user's discretion, then for a company to have the best product becomes more important than having the most data.

Both Saad and Maler, however, said that the dispute was moving things in the right direction.

"Battles like the current one," said Maler, "along with the mutually reinforcing effects of social pressure and media attention, are a key way to ratchet up data control across the board for end-users who aren't paying customers of these services."

Saad said that it was unfortunate that Google had to add the clause to their TOS, "but it is clear that there was no other way to force the issue. Many open standards on the Internet - including HTTP, HTML, DNS etc assume/force two way openness, and Google is just trying to re-establish some fair use."

In the end, Bizannes said that both Google and Facebook would benefit from working together rather than duking it out.

"These companies need to recognize what their true comparative advantage is and what they can do with that data," explained Bizannes.

What a site really wants is persistent access to a person so they can tap into the more recently updated data, for whatever they need. [...] Having a uniform way of transferring data between their information network silo's ensures privacy-respecting ways that minimize the risk for the consumer (which they claim to be protecting) and the liberalization of the data economy means they can in the long term focus on their comparative advantage with the same data.

What if No One is Right?

Steve Greenberg, lead author of the first Portability Policy and self-described "product manager nonpareil", pointed out that while Google may appear to hold the moral high-ground, neither company comes out ahead in the end.

There is no "good guy" here.  To me, it looks like Google wanted to pick a fight with Facebook and used data portability as an excuse.  This is a shame because, from a portability standpoint, Google had been among the best in the industry.  I would ask both Google and Facebook to allow people to move their data around freely.

Why do I doubt Google's sincerity, especially since they've been friendly in the past?  Unless they were just looking for a pretense to shut off portability, it's hard to see what they hope to get out of this.  Everyone who might care already knows that Facebook won't let you export data.  Why punish your users just to get back at Facebook?

What's Next?

According to Bizannes, companies can only survive by being competitive and, in this case, that comes in the form of data portability.

Maler, meanwhile, cites the User-Managed Access group she hosts, saying that it "is creating opportunities for users to offer novel 'personal data products' in a way that increases their ability to dictate requirements for privacy and data portability."

Saad reminds us that data portability isn't just for show and "'Having an API' is not openness. Having the right terms of service and an INTEROPERABLE data format and protocol is openness."

Maybe it's battles like this, between the Internet giants, that will settle the debate. Perhaps folks like Maler, Bizannes, Saad and Greenberg will finally convince them that openness is in their best interest. Or maybe, one day, the users will demand a way to do what they want with their data.

While the move is a significant step in the right direction for the social network and its users, a few significant players in the data portability discussion are here to remind us that we aren't there quite yet.

Data portability is the idea that users are, and should be, in control of their data, how its used, and have access to it at any time. Beyond this, data portability inherently implies data interoperability-- the ability for your identity and social graph data to be used across any site or service, as controlled by the end user, and therefore requires the use of open web standards. [...] Facebook continues to maintain, under their TOS, the last word on your data usage through an all-encompassing license to do what they wish with your data (including sub-license it to other entities).

Leonard goes on to point out that, while you may now be able to more easily download your data to manipulate separately, it will still remain on Facebook's servers. You cannot remove it.

The Electronic Frontier Foundation similarly lauded and chastised Facebook's efforts this morning, saying that the feature brought Facebook closer in line with its Bill of Privacy Rights for Social Networking. The EFF offered a series of recommendations for Facebook to make it easier for its users to switch services if they so desired. Part of those recommendations included the ability to export more of your social connections and contact information, the ability for users to opt-out of allowing their contact information to be exported, and even the possibility of contact information available as a separate file.

Both the EFF and Leonard seem to agree that Facebook has made a big step to data accessibility, but have yet another step (or two, or 10) to get to "data portability". Leonard urged the site to adopt the DataPortability Project's Portability Policy, which she calls "the first true step towards data portability, transparency and end user control."

So, for the new feature, we have a resounding "here, here!", but we're reserving the real applause for the day when users can actually download their data and delete it off of Facebook's servers.

According to the HHS, the program is "a public-private collaboration that is encouraging innovators to utilize community health data to develop applications that help raise awareness of community health performance and spark action to improve health." At today's event a number organizations are demonstrating a preview of their work with the data, including Google, Microsoft and GE.

First Results

• Google: The company imported the public data into Google Fusion Tables where it can be explored and visualized.
• Microsoft Bing: "Using community health data, Bing has created new features that allow easier selection of hospitals based on patient quality of care ratings and new ways to assess potential areas to live based on a combination of community health measures and access to goods and services."
• The Network of Care for Healthy Communities: A Web portal combined with community health data provides officials with policy information, local services, best practices and evaluation tools that can spur local action.
• Community Clash: Created by MeYou Health, "Community Clash is an online card game that engages you in a discovery of your community's health and well-being status and how it compares to other communities in a head-to-head clash. Community Clash gets personal, prompting each player to compare his or her own Well-Being Score and encourage social comparison with friends through Facebook integration."

Opportunities

• Data mashups: Sharing information across data sets and regions will create multiple opportunities. Will there be a management system in place to fix or enhance data sets and their underlying models as needed?


• Services engine: There are a mix of CSV, XML, map data, and other sources available in the data set. Will the sets be offered as APIs and how it will be leveraged across different parties?


• Missing gaps: Will the community health data initiative spawn new areas of research funding?


• Public and private: What will be the focus of private companies that offer services based on this initiative? Will it attract VCs and investors outside of the public sphere?

As the one of the people who popularized that concept in relation to social networks, and as a founding member of the organization representing that cause, I'd like to call bullshit on that.

Until now I have stayed largely silent on the privacy hoopla because data portability and the open Web are not strictly related to privacy - at least in the sense that things don't need to be public for them to be portable or interoperable.

For example, just because the Web is based on open technologies (HTTP, HTML, SSL, JavaScript, etc.), it does not mean using your credit card on a properly configured website is public or unsafe. Sending email from one person to another does not mean third party websites can now suddenly "instantly personalize" their recommendations to you based on keywords found in your inbox.

Despite being based on interoperable technologies, these transactions remain private and secure.

Advocating Open Technologies Is Not Promoting the Death of Secrets

In the face of this, however, Mark Zuckerberg and Facebook continue to (deliberately?) confuse the idea of open technologies with "sharing in public." The attempt to correlate the two things is at best misinformed and at worst dishonest.

With his latest statement, Zuckerberg and Facebook are now going so far as to declare their privacy missteps as "data portability." Actually, Facebook's changes have nothing to do with data portability. In fact, the root of the user backlash has nothing to do with what the company is doing but rather how its are doing it.

Its problem is that, as a service, Facebook started as a place for people to share with friends and family in a private setting. Users expected privacy. This expectation is referred to as a "social compact." It is an implied agreement that has less to do with the terms of service and more to do with user expectations and ethics. When I give you my business card, for example, I expect (through our implied social compact) that you won't give it to spammers.

It turns out, however, that this compact was good for users but not great for Facebook's business. There are two broad reasons why Facebook has felt forced to make the service more public.

Mark Zuckerberg Facebook SXSWi 2008. Photo by deneyterrio.

First, it's hard, if not impossible, to monetize private communication. People don't use those kinds of service with the intent to buy, but rather with the intent to communicate. Intention is critical when it comes to advertising and e-commerce.

Second, competition from services like Twitter have made it cool to be public, and it's finding interesting ways to monetize this public information (the least of which is selling its inventory of Tweets for $15 million a pop).

Most of Facebook's very mainstream users, however, still just want a private place to keep up with their friends and family. In short, the economic interests of the service are not in line with the interests of its users. Despite this, Facebook has been forced to smashed big cracks in its privacy blanket and started forcing its users, en mass, to adopt more transparent and public online personas.

This (now public) data can be used by advertisers, publishers and other third parties to help Facebook attract even more users, more data and ultimately more dollars through targeted ads and micro-transactions.

The Wrong Social Compact

The problem, then, is not Mark Zuckerberg's stated goal of making the world a more open (read, less private) place, but rather that Facebook did not initially establish the right social compact - promise - to its users to justify its role in this vision of public sharing.

As a result, users feel (rightly) violated. Facebook broke its promise for business purposes. And this is not the first - or last I suspect - time it will do it. (Remember Beacon?)

Finally - in regards to actual data portability, interoperability and the Web - the technology choices Facebook makes are anything but open. It uses proprietary technologies, protocols and formats to capture value from the Web and lock it up in its hub.

In short, nothing about its cultural or technological approach is open or interoperable; it has nothing to do with interoperable data portability - the only kind that matters.

Facebook has every right to do whatever it likes with its service. The market will decide if it continues to like the service or not. Any backlash from the media, or demands for more fairness, are largely irrelevant unless users vote with their feet and stop using the service. Facebook knows this is unlikely, though, given its deep (and growing) integration with the rest of the Web.

But claiming that users love the changes because more and more of them are stumbling into the service by way of widgets on publisher pages is dishonest. There is a real fear amongst the user base (and their partners) about these changes.

When it comes right down to it, the lack of honesty and clarity from the company and its representatives about these issues, and the continued trend of taking established language - such as "open technology" or "data portability" - and corrupting it for its own marketing purposes, is far more disconcerting than the boundaries it's pushing with its technology choices.

What Are the Next Steps?

We as responsible members of the technology community and the open web must be clear and honest about what we see - and any threat it might pose to our industry or the wider world. While jumping on the bandwagon might be fun and easy (and even profitable), it is a abjection of our own responsibilities.

So what can Facebook do in the face of this criticism and push-back?

• Declare clearly and unequivocally that its service has changed from a private place for sharing to a tool for public publishing.
• Go beyond what it has already done to correct the issue and provide a giant status indicator on the top right of a user's profile page indicating if they are in one of three modes: Public, Private, or Friends and Family only.
• Alternatively, (although highly unlikely) it can change its business model from one based on ads and publishers and to one that's based on charging users for pro services in order to align its economic interest with those of its users.

What can others do to protect their privacy or capitalize on Facebook's faults?

• Right now: Recognize that Facebook has violated user trust over and over for the sake of its business model, and will do it again. Stop sharing private information with the service.
• Short term: Create a properly private sharing network where people can feel safe to be with their friends and family.
• Medium term: Recognize (or decide to ensure) that Facebook is only one service, and in order to maintain and encourage competition and respect in the marketplace, other smaller (and not-so-small) players must be supported when making technology decisions (i.e. publishers must choose cross-platform tools and technologies).
• Long term: Continue to create an open alternative to Facebook whereby the Web is the platform and users can choose the applications that make sense for them, which includes privacy.
• Forever: Understand the difference between an "interoperable, open Web" and "Death of Privacy" - they are not the same thing.

Next week The DataPortability Project will be announcing a new initiative that will improve communications between Web services and users - stay tuned.

Facebook maintains that PV is violating a number of its terms of service, including one that insists you cannot "collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission."

The Electronic Frontier Foundation filed an amicus brief in support of Power Ventures.

Facebook argues that by offering these enhanced services to users, Power violated California's computer crime law. It grounds its claim in the fact that Facebook's terms of service prohibit a user from having automated access to a user's own information and that Power continued to offer the service to Facebook users even after Facebook sent Power a cease and desist letter demanding that it stop. Yet merely providing a technology to assist a user in accessing his or her own data in a novel manner cannot and should not form the basis for criminal liability.

It's hard not to buy the logic of EFF's argument. It's equally difficult not to see the possibility that this suit is an attempt to discourage any actions on the part of users to master Facebook information. That interpretation is certainly in keeping with Facebook's recent activities, in terms of its providing user information to developers and forcing users' hands when it comes to their own information. Facebook, it might be argued, wants to be the only arbiter of its information. And by its information, of course, they mean yours.

"The system will coach the athlete based on their training plan, monitor's the athlete's performance via wireless sensors and provide feedback during performance to help the athlete follow their plan," according to COO Jeff Broderick.

"One of the biggest problems we solve is to give each workout context within the athlete's overall plan and how it relates to their goals. Because our system knows the athlete's plan and listens to the athlete's body in real time, our customers are more likely to avoid fatigue-related injuries and performance issues," according to CEO Kirk Ewing.

The packages contain the wireless sensors to record heart rate and sport specific data, a phone application and a subscription to the MyEnki online training app. The first platform to be supported will be the iPhone. iPhone Sport Packages for Cycling will ship in June with Running following in August and Triathlon later in Q4 2010. Support for Android will arrive in Q4 2010 with Blackberry and other phones following in 2011.

The smartphone connection may help to distinguish Enki Sports from competitors such as Nike, as well as BodyMedia, Fitbit and others.

Envisioned by four NYU computer science students, the Diaspora project would replace today's centralized social web (yes, they mean you, Facebook) with a decentralized one, while still offering something that's convenient and easy for anyone to use.

The end result of those discussions was the idea for Diaspora. So they stopped talking about it and started building.

The project is now hosted on Kickstarter.com, a social fundraising platform that lets entrepreneurs and other creative types crowd-source funding by setting up a project goal, deadline and optional set of rewards for project backers.

In Diaspora's case, they're less than $2000 short of their $10,000 goal with under a month left to go until reaching their deadline. If the project receives the necessary level of funding by June 1st, it will be built and the code released as free software using the aGPL open-source software license.

What is a Decentralized Social Network?

So what is Diaspora anyway? Instead of being a singular portal like Facebook, Diaspora is a distributed network where separate computers connect to each other directly, without going through a central server of some sort.

Once set up, the network could aggregate your information - including your Facebook profile, if you wanted. It could also import things like tweets, RSS feeds, photos, etc., similar to how the social aggregator FriendFeed does. A planned plugin framework could extend these possibilities even further.

Your computer, called a "seed" in the Diaspora setup, could even integrate the connected services in new ways. For example, a photo uploaded to Flickr could automatically be turned into a Twitter post using the caption and link.

When you "friend" another user, you're actually "friending" that seed, technically speaking. There's not a centralized server managing those friend connections as there is with Facebook - it's just two computers talking to each other. Friends can then share their information, content, media and anything else with each other, privately using GPG encryption.

Diaspora, the Turn-Key Solution

Because not everyone will be technically capable of (or interested in) setting up their computer to function as a "seed," there are plans to offer a paid turn-key service too, similar to Wordpress.com, the blogging platform. Wordpress itself is software you can install and configure on your own server, if you're inclined to do so, but if you're less technically-savvy, you can opt to quickly start a blog via Wordpress.com instead. Diaspora would function in a similar way.

If a lot this sounds reminiscent of Opera's Unite project, the Web browser maker's overly-hyped plan to "reinvent of the Web," it should. In Opera Unite, users can share documents, photos, music, videos and run websites and chat rooms by directly linking two computers together.

However, in Unite's setup, there are Opera-run proxy servers involved, which led to issues - especially when those servers went down. Diaspora wouldn't have that problem.

Mainstream Success?

Still, the concepts behind Diaspora, while the sort of thing tech geeks will eat up, may be harder to grasp for the everyday Facebook user who is still trying to figure out how post a link or video to their Wall. Distributed, decentralized, open-source what?

If Diaspora is realized, it will be up to technology advocates to position the turn-key service in a way that will make it sound simple and appealing to precisely those sorts of mainstream users if it is to ever succeed. Taking shots at Facebook's privacy issues may be a good course (Take back control with Diaspora!).

We would like to see Diaspora come to be, even if it never goes mainstream because it would finally offer privacy advocates a real alternative to the increasingly data-hungry Facebook.

Plus, after watching the video of students explaining their idea, saying "no" would be like turning away a Girl Scout cookie seller empty-handed. We just don't have it in us.

For more information about the project and the potential for distributed social networking in general, check out the Q&A between Mozilla's Luis Villa and the team here. We couldn't do a longer interview with the team members ourselves because they're busy with "finals and graduation," we're told.

In this world, keeping up with all the work in the community itself is a feat in itself. As proven recently, even aligning the naming of standards in our small community (xAuth, XAuth) proves challenging enough. With that said, we'll share we what we've learned about this version and what work has been incorporated into it.

The OAuth Working Group in IETF generated a first draft of OAuth 2.0. This group that is credited with this document consists of active leaders of both the Twitter API team as well as Facebook community standards team. A robust number of daily discussions are happening in the working group hosted at IETF include topics such as the default use of JSON that show the opportunity and challenge of growing the standard from a web-based to a broader set of devices and scenarios.

One of the stated goals of the IETF OAuth working group is to maintain backwards compatibility with OAuth 1.0. From our sampling of the depth of change in scope and conceptualization of the standard, this may be a big deal for the group, especially if key members decide to legacy their support for the first versions.

As part of the evolution of OAuth, there is the case of the OAuth WRAP Google Group. This group has forged ahead to develop profiles for scenarios seen as extensions to the profile OAuth 1.0A. This includes new ways to gain tokens bringing the use cases of Javascript or RIA applications. WRAP also redefines the dependency on SSL and provides a simpler way to get started using tools easily accessible to the web resource. With some changes noted, this work has been brought forward in the OAuth 2.0 public draft.

David Recordon, a chief thought leader in the open web (also employee at Facebook) recently offered this summary "What's going on with OAuth?" to help align the understanding of the evolution of the standard.

Here we show one of the better known descriptions of the OAuth flow as provided by Yahoo. The annotations show a few of the areas that are under consideration for changes in OAuth 2.0 and/or in the work done in the OAuth WRAP group.

Last week, at Twitter's Chirp '10 the Twitter API team gave this presentation, "Too many secrets, but never enough: OAuth at Twitter". This document contains overview of the basic process of Twitter, commitment to the movement to OAuth 2.0, and discussion of Twitter's xAuth and OAuth Echos projects.

Twitter Likes to Optimize

Twitter is deeply intertwined with the inception and direction of OAuth. The company is both involved in the specifications but also is a lightening rod for discussion in the development community. In the Twitter blogs and developer groups, OAuth is being considered deeply in the trade-offs in implementation, design, and risk in the Twitter ecosystem.

A few areas under discussion is how to remove the re-direction from the process, and also how to keep a running log of all account client accesses available to the user as a way to make sure users are aware and signaling proper account use.

The Twitter API team has been willing to make change happen in the community by deprecating legacy processes, such as basic auth. With the changes coming in OAuth 2.0 the company may be in the best position to bootstrap developer adoption of the new standards.

In this way, OAuth 2.0 need to adapt to the speed and need of the Twitter use cases, to avoid becoming like XML. XML is a good thing, of course, but when push comes to shove, JSON is lighter weight and more compact. This is helping it become the preference for data attribute exchange in APIs like Twitters that support OAuth.

With the rise of the social ecosystem as the hub for authorization, it is becoming clear that the IETF efforts need Twitter as much as Twitter needs the IETF. This seems like a good balance that will guide use cases along the way to practical standards formalization.

There are a lot of questions out there about OAuth 2.0. Top of mind is whether this technology release will see the effective join of Twitter, Facebook, and Google? Or, will the practical matters of business and strategy keep the standards intact, and the implementations as islands?

What is your prediction for OAuth 2.0 and web resource authorization?

As Programmable Web pointed out this morning, it looks like Yahoo actually implemented OAuth several days before Gmail got around to it.

If you think of going to a website and finding all the people you know on there by using Twitter, you're most likely already familiar with OAuth - it's that window that pops up that you click "Allow" on.

From the Yahoo! Mail Developer Community group on March 25:

Today we're super exited to announce our OAuth API for Yahoo Mail! Not only have we moved to a much cleaner authentication technology, but we have removed all the restrictions limiting message access of "free" accounts. That means that you can now use the full API for all Yahoo Mail users regardless of their free/premium status, accessing full message contents if your application needs it. Cool, eh?

For those of you out there using Yahoo Mail, which is still a majority, expect to see some cool new add-ons for the age old email service to be released soon. At least, that's what we're hoping for.