Flickr's New Friend Finder: Data Portability or Privacy Violation?
Late last night Yahoo! owned photo sharing site Flickr launched a new feature - the ability to search your Gmail, Yahoo! Mail or Hotmail contacts list for people on Flickr so you can add them as contacts. Many services let you do that, but almost all of them require you to give up the user name and password for your email. Flickr did it right and it was exciting, for us at least. GMail users are taken to a GMail page, where GMail asks for their usernames and passwords - then asked if Flickr should be given one time access or ongoing access. That's great. We've been calling on applications to use best practices and emerging protocols to access user data without asking for passwords for some time. The risks are too great, otherwise.
Some Flickr users, though, are really upset. They don't want anyone who has sent them an email to be able to easily find their photos on Flickr. What some people call Data Portability, others call a privacy violation.
The Down Side
Flickr users have been able to find each other by searching for individual emails for some time, but that "security by obscurity" has been changed dramatically by a bulk comparison of all your email contacts to the Flickr user database. There's not consensus whether this is a good thing or a bad thing.
I liked it when I tried it, I connected with some interesting people on Flickr that I wouldn't have otherwise. I wouldn't appreciate it, though, if certain people from my past who have otherwise forgotten about me were now prompted to check out my photos on Flickr. If blog comment spammers I've had nasty email exchanges with were suddenly prompted to friend me on Flickr, I wouldn't like that very much either.
Ongoing Discussion
Just like many people objected to Robert Scoble's scraping emails out of Facebook in the name of Data Portability because they felt they had given him contact info in the limited setting of Facebook - these kinds of issues are going to come up a lot. The sticky privacy questions are the ones that Mark Zuckerberg told us are key to Facebook's own engagement with Data Portability. We've asked similar questions here about the new Google Social Graph API. The Data Portability Working Group has lively discussions on privacy (subscribe to a filtered feed for the topic here) but mainstream users clearly have serious concerns.
The situation at Flickr wasn't helped by the fact that the option to opt-out of exposing your email address to this new feature was broken for the first 12 hours after launch, as was the ability to search Yahoo! Mail contacts. In the big picture view of these issues, though - Yahoo! in general is generally remarkably good about identity issues for all but the occasional Chinese journalist. (Flickr is better known for innovation than for its crimes against justice and democracy, of which there haven't been any that we know of.)
Some users have stated that they would prefer email exposure in the new feature to be opt-in, instead of opt-out. Though it will drastically slow down user connections - opt-in for this kind of feature may ultimately be required in order for data portability to be accepted. On the other hand, the Facebook Newsfeed faced a wholescale revolt when user activity was by default exposed to friends there and now it's the site's defining feature.
Even what's thought of as the best practices in webmail APIs have a lot of unanswered questions remaining, as we discussed yesterday in a post about Xoopit. Australian tech consultant Lachlan Hardy argues that standards based authentication steps could still soften users' resistance to phishing and reminds us to look at the URL of the authentication page.
What do you think? How should checking your email contacts for friends on a new network be done? What other best practices would you like to see emerge in order to make portability of data useful, safe and desirable?
FOLLOW RWW ON TWITTER
RECENT JOBS
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
The huge difference with the Flickr import : no more password antipattern!
Say what you will about email address imports, *tons* of services offer that. Other services, however, make you enter your email username and password to achieve this effect : considered harmful.
Flickr is great about it because they make use of the technology available to *keep their users safe* while still providing the wanted functionality.
Posted by: Stephen Paul Weber | April 1, 2008 11:08 AM
This is tricky. It's not as if you don't have these email addresses. It's just the "time saving" factor.
Was it a privacy issue before when I manually typed in an address from gmail and looked them up on flickr. If the answer is "yes" than automating is "yes". If the answer is "no", then it's kinda inconsistent to say that someone who takes the time to type in hundreds of emails isn't violating privacy but if you use a tool you are.
Lots of interesting discussion ahead on data portability I'm sure.
Posted by: Darlene Fichter | April 1, 2008 11:41 AM
A stupid argument, I think. If you give your email to anyone, you've basically allowed them to do whatever you want with it. If you don't want people to *ever* find you via these kinds of tools, don't give out your email. Ever. Opt in data portability across the board will never happen.
Posted by: Joshua Kaufman | April 1, 2008 11:46 AM
From a Windows Live point of view I'm really jazzed that Flickr have implemented the Windows Live Contacts API to allow our joint-customers to have a killer web experience finding their friends.
Marshall - regarding security through obscurity and that this process now automates finding of friends... you could write a script over the top of flickr to find your friends anyway, and the scrip you would use would probably ask you for your username/password which would risk your security... overall I believe they have implemented great functionality that makes it easier for me to use MY DATA (friends) to enrichen an existing website.
-Angus
Posted by: Angus Logan | April 1, 2008 4:10 PM
Unfortunately computers need a way to uniquely identify people, and to have some kind of external mechanism that "vouches for" the fact that the Marshall Kirkpatrick that shows up in my search for you is actually *you* and not someone sitting on your account/username.
Today, that identifier happens to be an email address, which, oh, by the way, is really handy for sending marketing and other kinds of messages to. If and when we move to an opt-in contact identifier (like URLs), this problem will go away. It's just that, in the meantime, email addresses are the defacto standard since they don't require an extra opt-in step to receive account notification bacn in the first place (good for services) and everyone seems to have one! (And, since email addresses are again useful for contacting people, people tend to collect those kinds of identifiers, or use services like Gmail that collect those identifiers automatically).
Anyway, Flickr isn't doing anything wrong here, and in fact, by avoiding the nefarious password anti-pattern, they're doing better then most. Convincing people that URL-based identifiers are superior for the privacy-protecting reasons I've just cited is the real challenge ahead.
As far as I'm concerned, the whole import mechanism/concept is broken. We really need something more like buddy lists that come with you, like XMPP-Rosters, and that give you access to all your contacts, anywhere you go, but that you only interact with at intentional moments. Why are we front-loading this process of finding all your friends on a given network when it's increasingly unclear what value having yet more contacts brings?
Posted by: factoryjoe.com
|
April 1, 2008 5:22 PM
FFS. If you're so worried about people from your past (or other unwanted persons) finding your photos then you should really be making your photos visible only to your flickr contact list. This new Flickr feature makes it only -slightly- easier for you to be found. Big deal. Next.
Posted by: Lucas Chan | April 1, 2008 5:27 PM
Again, this reflects Yahoo's arrogant tactless attitude, like when they buy a company (like Flickr or MyBlogLog) and just assume we want to convert our logins to Yahoo.
Posted by: Ferodynamics | April 1, 2008 7:14 PM
Automating it is the key, whether Flickr does it or you write a script to do it. It changes the rules. Sure, some "public" records are available that show names, social security numbers, and other personal information, if you know exactly which courthouse to go to and what to look for, but bulk uploading them onto the internet similarly changes the privacy paradigm. Technology has a way of outpacing practices and legal protections. This is precisely why I have many email addresses that I use to segregate my activities and audiences, but few of them tie to my real name, each other, or other real world identifiers.
Posted by: Logical Extremes | April 1, 2008 9:35 PM
Hey Marshall,
I'm glad people are continuing to raise the issues around context and automation, this was one of the thorniest issues at SG Foo, and one that those of us from Flickr were able to share a fair amount of experience on having dealt with.
But I think it misses the point a bit given that being findable by email is very easy to opt out of. And has been for a very long time:
http://flickr.com/account/prefs/optout/?from=privacy
And these unsavory people from your past are much more likely to find you via:
http://www.google.com/search?q=marshall+kirkpatrick+site%3Aflickr.com
Posted by: kellan | April 1, 2008 9:55 PM
The reason a lot of apps don't do this currently, is that the data hasn't been available before with out scraping the data.
The Google Contacts API came out on the 5th of March,
http://googledataapis.blogspot.com/2008/03/3-2-1-contact-api-has-landed.html
The Mircosoft Live Contacts API came out on the 26th of March http://www.efytimes.com/efytimes/25631/news.htm
So I'd expect more apps to start doing it this way. I expect the ones who haven't do it yet either have longer release cycles or aren't on the ball enough.
Posted by: Richard Cunningham | April 2, 2008 9:00 AM
This is an interesting discussion with valid arguments on both sides regarding accessibility and privacy. I've been a Flickr member for several years and have experience with both operations: finding friends and being found.
One thought comes to mind in this regard (due to my recent participation in Twitter) is the possibility for a user to mark their account "visible" or "invisible" to searches (perhaps this already exists within Flickr on the overall meta-scale of the user), but also the ability of a user who is being searched for to be notified and sent a request whether they would want to release that contact information to that particular person.
I have my Tweets set as private and then each individual has to request to be given access to follow me. This gives me a sense of control over my information and identity. Perhaps something similar could be implemented on Flickr.
Posted by: Remiss63 | April 2, 2008 1:25 PM
dopplr.com did this too, and i was completely surprised to see it
Posted by: evbart | April 3, 2008 6:09 AM
With this development - as Beacon's intrusions on Facebook - I am starting to get in to the timescales of the new media economy. Once a service comes on stream, I reckon we have two years to play and participate with those whom we choose, free of being leveraged for someone else's profit...then BLAM! WE'RE MONETARIZED! I don't resent it; I just find it astonishing that it takes so long for the dots to be joined up.
Posted by: David Barrie
|
April 6, 2008 10:29 AM