A key reason for Facebook’s success was a very well thought-out access control system. To see my Facebook profile you either had to (1) be a friend as confirmed by the profile owner or (2) a member of my network. In the early days of Facebook, network membership was confirmed by authenticating the domain of a user’s email (e.g., student@harvard.edu). Since the vast majority of users do not alter default access controls, most sites previously had opted for a public default (MySpace) or direct social graph only (instant messenger buddy list). Protecting a user’s information by very thoughtful access controls encouraged Facebook users to share their real names and early norms encouraged users to accept only real friends as connections.
While this solution was a big step in the right direction, it is far from perfect. People implicitly use very sophisticated access control systems in their daily lives. In addition to the coarse controls encoded in Facebook, we also vary what we share with others by topic (e.g., I may share work-related information with a different group than I share information about a recent trip to Las Vegas) and over time (e.g., relationships evolve over time).
It looks like the current social graph owners are very well positioned to own a very important piece of the social computing future. But if someone can figure out how to dynamically represent the REAL social graph in all of its glory, they will create an enormous amount of value.
While I’m not sure what this solution looks like, I have a few thoughts.
1. It must be passive. Consumers will not actively manage the minutiae of their online social graph. Simple actions like “accept friend” are fine. But for atomic permissions, the solution is auto-magic — with some sort of override, of course.
2. It must be dynamic. If you can’t keep up with my life, I’ll stick with what I have today.
3. A new user interface. A big part of the solution lies in figuring out how to visually represent the complexity of these permissions. The system should make it easy for me to see where my permissions stand today, as well as allow me to quickly see what changes have been made in the past.
10 Comments
November 2, 2008 at 12:43 am
“we also vary what we share with others by topic”
The problem with this is that these access controls are defined implicitly in real life and explicitly online. Human emotion is too volatile to express quantitatively with sliders and toggle switches.
I agree that it must be passive, but I don’t think that a system with explicit controls will succeed simply because the interface required to change default settings for permissions at a topic-level becomes too overwhelming.
November 2, 2008 at 5:17 am
I didn’t say explicit, I said passive and dynamic. With enough data, isn’t it possible to use statistical analysis to extract a “friend function” for the purpose of making future predictions with respect to your [atomic] social graph? And then use machine learning to continuously tune that function?
November 2, 2008 at 5:21 am
4. It must actually keep your information private. Facebook is _not_ a close friend of mine, and in order to share things that I only trust to friends, I need to know that a third party isn’t going to be reading and datamining it.
November 2, 2008 at 8:36 pm
Mike,
I agree that it should be passive and dynamic; however, #3 implies that there are controls to explicitly tune the settings, which means that the access controls can be reduced to a page of switches and sliders.
I’d be all for a machine learning based system, but I feel that the function requires too many variables for end users to make adjustments.
November 2, 2008 at 9:00 pm
Fair argument, Eric.
Perhaps a system that offered visibility by offering these two features:
1. A white list and black list at the highest level of abstraction (e.g., don’t ever show Mike anything or don’t show any pictures I upload to co-workers). Again, only for those who care strongly enough to invest in such a thing, and;
2. Transparency into why a particular activity was shared with a particular person. So, at any time, a user could ask the system to back into the key variables that led to a specific action (e.g., “why did the system share my photos with Mike, a co-worker?”). Rather than a strictly explicit system, think of it as reverse engineering your own application to provide transparency to the user. And, of course, the user could then further tune the system.
November 2, 2008 at 11:33 pm
In my opinion as FB developer (thus exposed to same data streams from different accounts) FB already has 500% of that information. question only is when they get dev cycles to harvest and apply it. its visible they implementing step by step heuristics in that direction, yet its pretty complex process both mathematically (models), processing (huge real-time clickstream for every active account) and socially.
Example data points they already harvest and which goes into determination of friend-feed events
1) which profiles i watched, clicked on, communicated with?
2) which photos i watched, tagged, browsed?
3) which clusters of people seems to be commucating, wall-messaging, and participating in same events?
4) etc etc
FB default social graph its just blank canvas. 500 or 5000 friends are meaningless. yet actual daily actions of users are gold-mine of information, where every click and discovery shows who that user really connected to. and naturally it will change over time as user social circle ebbs and flows.
In short, i think all that data is out there and easily discoverable from click-stream.
November 4, 2008 at 10:43 pm
Hey Mike,
There’s a paper from the May issue of Nature that has some bearing on this, called “Hierarchical structure and the prediction of missing links in networks”
The naive use of this would be to implement a “suggest-a-friend” feature, but it could be use to predict anything, including a social network whose edges represented specific kinds of permissions.
I have a copy on my website, here: http://20bits.com/downloads/nature06830.pdf
November 4, 2008 at 10:46 pm
Also, all the code from the paper is at Aaron Clauset’s homepage, here: http://www.santafe.edu/~aaronc/randomgraphs/
Knowing you, you might want to play around with it.
The code is pretty gnarly, though, and not very user-friendly.
November 14, 2008 at 5:35 pm
Mike,
This is an interesting but difficult subject at best. I wrote a post about this a while back
http://ungeekdapo.wordpress.com/2008/05/19/my-data-and-having-it-my-way/
Central to my post is the hotly debated example between Scoble and Arrington which illustrates the uber dynamic nature of permissions. In a subsequent post, I suggested the idea of defining open privacy standards.
http://ungeekdapo.wordpress.com/2008/06/23/time-to-define-open-privacy-standards/
Thoughts?
December 7, 2008 at 1:01 am
Hi Mike,
Had 2 quick notes on this post:
1) Just noticed that Facebook has a feature now that allows a user to create a “Friend List”. Individual friendlists can then be set up for differing privacy settings. The user interface for former is quite good, but for the latter is not the best (but better than I would have expected).
The next logical evolution seems to be automatic Friend List suggestions or at least some level of machine learning based suggestions …
A step in the right direction I think, though it still surprises me that this is not getting more traction.
2) Orkut has always had an option of selecting different levels of “friendship” when adding new friends, but unfortunately does not use this information for anything useful as far as I can tell. (might be wrong)
-MB
Leave a Reply