Skip to content

Happy 10th Birthday, Wikipedia

I love Wikipedia.

It represents democracy in action. It represents our continual redefinitions of both truth and relevancy. It represents our ability to deal with authority in the face of a distinct lack of credentialing. It represents our best efforts to make sense of our world and to both collate and distill its essence.

I think it represents the future.

It is a thing of beauty and I’m inspired by it every day.

Happy 10th Birthday, Wikipedia.

And thanks!

Tags:

Weak Passwords: Scourge of Shared Hosting

This was originally posted at the TextDrive blog on May 7, 2005. Copying here for posterity.

Please consider your fellow servermates and avoid the use of weak passwords.

What Not To Do

Strong passwords are great. Cryptographically secure passwords are even cooler and highly encouraged. That said, under no circumstances should anyone be using something like “jason/jason” or “damelon/damelon” as their login/password combination.

Dictionary attacks have been monitored on these servers from the very early days and are considered “constant” today. Expect that if you are using a weak password for your account to be compromised by these attacks. This escalates the possibility that other users will be affected by your oversight. This is a very bad thing.

Choosing Good Passwords

Information about how to choose good passwords can be found in many places. A good summary can be found at the Australian Computer Emergency Response Team’s site here.

Choice Selections

“It has often been said that ‘good fences make good neighbors.’ On a Unix system, many users also say that “I don’t care who reads my files, so I don’t need a good password.’ Regrettably, leaving an account vulnerable to attack is not the same thing as leaving files unprotected. In the latter case, all that is at risk is the data contained in the unprotected files, while in the former, the whole system is at risk.”—Klein, 1991

“I remember seeing a great phrase on the Mexican Hackers Emergency Response Team page, which went something like ‘Passwords are like underwear: don’t share them, hide them under your keyboard, or hang them from your monitor. Above all, change them frequently’”—SecurityFocus

Thanks, Terrell

References

[1] AusCERT. Choosing Good Passwords. (2001) http://www.auscert.org.au/render.html?it=2260

[2] Klein, Daniel V. (1991) Foiling the Cracker; A Survey of, and Improvements to Unix Password Security. Proceedings of the 14th DoE Computer Security Group. May 1991. http://www.klein.com/dvk/publications/

[3] SecurityFocus. (2001) Password Crackers – Ensuring the Security of Your Password. http://www.securityfocus.com/infocus/1192

[4] Smith, Richard E. (2002) The Strong Password Dilemma. http://www.smat.us/sanity/pwdilemma.html

Tags: -

Vollis Simpson in NYTimes

In today’s NYTimes — an article about Vollis Simpson discusses his past, his hands, and his art.

Kelly and I commissioned 16 whirligigs from Vollis for our wedding in 2008; 15 tabletop whirligigs for our wedding party and immediate family members, and one larger “bike wheel” for ourselves.

You can see our order for the bicycle wheel in small black text on his door in photo 3 of 12 in the accompanying slideshow. It’s way down at the bottom…

And again, before it was covered with two more years of barn activity.

It’s wonderful to see him get this kind of recognition and I hope many others continue to have a chance to enjoy his work.

He has lived to see what he thought of as a hobby for himself and quirky entertainment for the neighbors become part of a seriously regarded corner of the art world, one that generates master’s theses, museum shows and significant money.

His work, which graced a window at Bergdorf Goodman in Manhattan last Christmas, is on permanent display in Baltimore, Atlanta and Albuquerque.

We love our whirligig.

Tags: - - -

Promises and Privacy of Self-Disclosure in Online Communities

I just read the most plausible of law review papers suggesting the potential for protection of a private space within social network sites (SNS). Fellow UNC grad student Woodrow Hartzog proposes the use of Promissory Estoppel as a means to protect self-disclosure in online communities. It would create a type of contract or agreement between users of a site whereby a protection would exist for information disclosed in that community or site. If someone else shares the disclosed, private information, with a few caveats, they can be held accountable.

Abstract:
The unprecedented sharing of private information on the Internet is leading some to herald the demise of privacy. It is far too facile, however, to conclude that because people are sharing private data online, they should expect no privacy. The need for confidential disclosure is no more prevalent than when sensitive information such as dating profiles, candid thoughts and past substance abuse is revealed in online communities. What happens when information leaks outside these communities? Traditional remedies will likely fail to protect people when members of an online community violate the confidentiality of other members. In this article, I contend that the law can ensure confidentiality for members of online communities through promissory estoppel. This is the first article proposing the application of promissory estoppel via a website’s terms of use as a method for protecting disclosure in online communities. Under the third-party beneficiary doctrine or the concept of dual agency, these agreements could create a safe place to disclose information due to mutual availability of promissory estoppel.

Hartzog goes on to quote Professor Daniel Solove in a passage on practical implications:

The use of promissory estoppel to protect self-disclosure in online communities is consistent with many legal and public policy considerations besides privacy. Additionally, it could help create a stronger normative culture of confidentiality to protect the well-being of online community denizens. Professor Daniel Solove has asserted that “[p]rivacy, in the form of protection against disclosure, regulates the way people relate to others in society…[I]t promotes one’s ability to engage in social affairs, form friendships and human relationships, communicate with others and associate with groups of people sharing similar value.” … His conclusion underscores the need to create a safe place for disclosure online.

The four part analysis of whether a promissory estoppel should be applied is proposed as:

1) Was there a clear and definite promise?
2) Did the promisor intend to induce reliance on the part of the promisee, and did such reliance occur to the promisee’s detriment?
3) Must the promise be enforced to prevent an injustice?
4) What are the damages?

Hartzog ends his paper:

The proposed theory of recovery advances privacy as control over personal information, one of the foundations of information privacy law. It focuses on reliance instead of a commercial-based bargain theory. It also encourages speech by offering a safe place for sensitive self-disclosure and an easier process by which potential disseminators of information disclosed within a community can determine the appropriate level of discretion to apply to accessed information.

Ideally, if utilized over a significant period of time, the promissory estoppel remedy could create a stronger normative culture of confidentiality through improved channels of internalization of duties of discretion. Additionally, the solution is likely compliant with the First Amendment, as analyzed under the Cohen standard. Finally, although the available damages under promissory estoppel are less than that in tort, the theory could potentially have an effect on other torts, such as the tort for breach of confidentiality.

It is difficult to predict the full impact adoption of the promissory estoppel remedy would have for online communities, but the provision of a safe place for users to disclose personal information online would likely promote both speech and the personal well being of online community denizens.

Tags: - - - -

We Live In Public opening in NYC

A remarkable film about identity and the loss of ourselves in technology and media.

Please make sure to watch this movie when you get a chance.

It’s opening theatrically in NYC this Friday for the first time. I saw the film at Social Web FooCamp in April, met and spoke with Ondi and Josh, and had some great discussions around identity, performance, and our senses of self and each other.

It was fascinating to be a part of the conversation with the people building out today’s state-of-the-art communication technologies (e.g. Facebook, Twitter, Google, Microsoft, Apple, Yahoo) and the ones who have already seen the future. My mind raced for a few days afterwards.

Go see We Live In Public.

Tags: - - - -

Pseudonymy is Hard Work

I keep meaning to write down when these things happen… The march towards consolidation seems so obvious to me, and yet people are still confused when I suggest they can keep things separate.

Deep Throat
A few years ago now, in 2005, the world finally learned the identity of Deep Throat. He had remained pseudonymous for over 30 years. Mark Felt came forward himself when he allowed the release of his name in a Vanity Fair article by his attorney. The disclosure was on his terms. He decided to end the secrecy before he died.

This is something that I claim would be impossible in today’s interconnected and recorded world. Are there stories today that are being published where the sources are on “deep background” and the public is clamoring to know the source’s identity?

The Fake Steve Jobs
The Fake Steve Jobs had a good thing going with his blog The Diary of Fake Steve. He was continually witty and received rave reviews for his poking fun at the mystery and aura that is Apple and Steve Jobs, proper. Of course, over time, his identity was revealed by the New York Times to be Dan Lyons. And like Felt, there was a book deal shortly thereafter. The ruse lasted 14 months — much longer than expected.

“I’m stunned that it’s taken this long … I’ve been sort of waiting for this call for months.” — Lyons

He has since taken up the writing as Fake Steve again – and it’s still just as funny – but without the cloud of intrigue as to who would be so bold…

_why the lucky stiff
Yesterday, _why, a fairly well known programmer in the web2.0 space apparently deleted his online presence. This is news, regardless, but what’s more interesting is that “_why” is a pseudonym and so far, we don’t know for whom. He has deleted his accounts, his blogs, his code and for now, the community of programmers and hackers have yet to unearth his identity. The thread at ycombinator seems to be getting close – I suspect it is only a matter of hours before we get some confirmation.

John Resig posted a remarkable eulogy (his word) to _why:

At this moment, _why’s online presence appears to be no more. All of his sites and code are gone. This includes, and is not limited to:

* http://twitter.com/_why
* http://github.com/why
* http://whytheluckystiff.net/
* http://poignantguide.net/
* http://hackety.org/
* http://shoooes.net/
* http://hacketyhack.net/
* http://tryruby.hobix.com/

Two conjectures are common at the moment: His account(s) were hacked and sites taken down or he simply decided to delete his online presence. I personally believe that he did this deliberately and with some amount of forethought.

Still Hidden?
What examples do we have where we still don’t know who is behind a widely-known* piece or body of work? Does it still happen? The timeframe for the ability to remain unknown is correlated with visibility, no doubt.

I’d love to keep a list somewhere…

Tags: - - - -

Credentialing and Iran and Twitter

The recent and ongoing story that is the Iranian Election of 2009 has brought to the fore a variety of social media and 21st century technology issues.

We’ve seen CNN get slammed (via the #CNNFail hashtag on Twitter) for not doing a timely job of covering the nascent election results and ensuing reaction on the ground.

We’ve seen CNN ironically run a pre-scheduled show (Reliable Sources) on the very topic of Twitter and other social media and their questionable relevance in a world of network news and (known) talking heads.

But we’ve also seen the realization that with many conversations and an exploding number of sources from which to choose from, we begin drowning in the overhead of deciding what to follow and where to focus our attention. In a rapid news cycle with new sources and new faces, we don’t know what’s good. We don’t know who is reliable. We don’t know where the trusted voices are.

3. Buyer Beware

Nothing on Twitter has been verified. While users can learn from experience to trust a certain Twitter account, it is still a matter of trust. And just as Twitter has helped get out first-hand reports from Tehran, it has also spread inaccurate information, perhaps even disinformation. An article published by the Web site True/Slant highlighted some of the biggest errors on Twitter that were quickly repeated and amplified by bloggers: that three million protested in Tehran last weekend (more like a few hundred thousand); that the opposition candidate Mir Hussein Moussavi was under house arrest (he was being watched); that the president of the election monitoring committee declared the election invalid last Saturday (not so). -source

And this is because we have very little in place that can provide us with credentials for these new voices. They’re all equal and they’re all anonymous, until we work through the quality of their content on our own (which is very time-consuming and expensive from the perspective of the news-hungry individual).

5. Twitter Is Self-Correcting but a Misleading Gauge

For all the democratic traits of Twitter, not all users are equal. A popular, trusted user matters more and, as shown above, can expose others who are suspected of being fakers. In that way, Twitter is a community, with leaders and cliques. Of course, Twitter is a certain kind of community — technology-loving, generally affluent and Western-tilting. In that way, Twitter is a very poor tool for judging popular sentiment in Iran and trying to assess who won the presidential election. Mr. Ahmadinejad, who presumably has some supporters somewhere in Iran, is losing in a North Korean-style landslide on Twitter. -source

We need a system in place whereby the community itself (read here: The Internet) can continuously and collectively vet these voices and provide a contextual backdrop on what a particular actor knows about. We need the ability to see and hear the collective’s live opinion on the sources themselves – as well as a continued eye on the content they’re producing.

Now that everyone really can have a global, instant, “retweetable” voice – we need to know who’s doing the tweeting if we want to believe the content before digging through our own vetting process. We grant authority to The New York Times and The Washington Post – largely without questioning their sourcing. If they say something, we run with it. We should get to the point when we can do the same with individuals we don’t personally have a relationship with (mediated or otherwise).

This need is being demonstrated with ad-hoc tools like twitspam.com and posts like this one specifically about the Iran Election and trusted sources.

Perhaps this is another case of the academic seeing everything from the perspective of his own problem/solution, but I sincerely feel a huge opportunity for whomever can get a robust expertise market online and available for exactly these kinds of moments. Contextual Authority Tagging

Tags: - - - - - - -

Ambushed by Eugene Eric Kim

So here’s something I’m not quite used to (yet?).

Eugene Eric Kim has written a wonderful post on the Blue Oxen Associates blog about his use of my ideas around Contextual Authority Tagging in his work with organizations regarding reproductive health.

Terrell’s premise is that reputation in context can be extremely valuable, often more valuable than what you say about yourself. For example, suppose you asked me for three words to describe myself. In a work context, I might say, “collaboration, transformation, do-gooder.” That is how I perceive myself, or at least how I want others to perceive me. Those three words have gone through a personal filter, which may be filtering useful information. Maybe I’m too modest to say certain words. Maybe I’m deluded. Or maybe I simply don’t know what others value most about me.

There are three interesting pieces of information here:

* What do others say about you?
* What’s the difference between what others say about you and what you say about yourself?
* If you and everyone else get to see what is said about you, how will what is said evolve over time?

I’m anxious to see what Terrell discovers about these and other questions. If his premise is correct, then there are all sorts of interesting applications of this. For example, many knowledge management tools include some sort of expert finder, which is generally reliant on what people say about themselves in their personal profiles. It may be more valuable to have an expert finder that’s oriented around what others say about you.

He’s included some Wordles of the types of information and interactions that come from having people share stories and talk about one another.

Earlier this year, I facilitated a strategic workshop for Civil Liberties & Public Policy (CLPP), another reproductive health advocacy and leadership organization, and I kicked things off with this exercise. The visualizations from that exercise are particularly instructive. Here is a visualization of all the words that the participants used to describe each other:

clpp-wordcloud

This is most rewarding to me – and I look forward to working with Eugene in the next few months on some collaborations. I think we have a lot to offer each other in the ways we see these tools.

Tags: - - -

Social Web FooCamp and IIW8

I’ve been in the library a lot in the last few weeks, but just managed to remember booking some flights for upcoming fun stuff on the west coast.

Social Web FooCamp

In only a couple weeks (gah, how’d that happen…) I’ll head back to the Social Web FooCamp. This is a great honor to be invited back and I hope to continue providing insight and ideas on the tangle/noisiness/mess of our social Internet.

IIW8

I’ll be at IIW8 again in May. This is a fantastic event and one I hated missing last Fall. I really look forward to seeing everyone in the Identity community again. So much has changed in only a few years – and Doc Searls, Kaliya and Phil Windley always put on a great un-conference.

Progress

And then, back to the library. Also, found two guys in Brazil who simulated my (not finished yet) dissertation. I guess that means I’m officially in a race now. Excellent.

Tags: - -

Later Button poster at iConference 2009

Two weeks ago the 2009 iConference was held at the Friday Center here in Chapel Hill, NC. There were lots of great posters and papers and hallway discussions.

Jacob and I presented our poster and have since posted it online over at dlist.

We ran a Mechanical Turk study with over 2000 responses to help determine whether people would be willing to share their stuff more after some time had passed.

This study investigates users’ willingness to disclose information with respect to how long ago that information may have been created or captured. Users were more willing to share items as time passed.

Potentially, a “Later Button” should be put into practice to address this latent willingness (40% of sharing scenarios) to disclose information at a later date.

laterbuttonthumb

Conclusions:

The most striking outcome of this research is the apparent willingness of over 40% of people to share these types of information with others “later”, across demographics, the intimacy level of the item itself, and the perceived audience. This suggests a gaping disservice on the part of current tools.

Tools like Twitter and Facebook should consider an interface control that allows their users to designate the sharing of items “later”. The more granular data from this study (dividing “later” into more discrete chunks of time) suggests a strong default for this control to be set at “one month” of elapsed time between the creation/capture of an information item and its availability to the designated audience.

The apparent collapse of nuance between “inner” and “outer” audience and between “very” and “somewhat” intimate items suggests a flattening of how we understand and relate to our information sharing and our perceived audiences.

Are Facebook and/or Twitter to blame for this apparent flattening of our friendscape? Are all our friends equal when it comes to the mediated sharing of personal information?

Tags: - -