A few years ago it was very hard to do so, but possible, because nearly all the stuff being hosted was simple text with an occasional image or graphic. Then, our bandwidth increased and digital media creation tools were delivered into the hands of ‘the rest of us’. We quickly outstripped our ability to host and manage all our content and a market for hosted applications was born. It hit its stride with Web 2.0.

The boom created a fantastic amount of opportunity. It also stripped us of control. While we were distracted by all the shiny new toys being offered over AJAX, we forgot that owning our own stuff was important.

Today, we’re back to the time when most of the people on the web were seeing it through the AOL lens. Our data lives in silos and some of these silos even claim that your stuff is actually their stuff (have YOU read the Facebook Terms of Use?).

When you post User Content to the Site, you authorize and direct us to make such copies thereof as we deem necessary in order to facilitate the posting and storage of the User Content on the Site. By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content. Facebook does not assert any ownership over your User Content; rather, as between us and you, subject to the rights granted to us in these Terms, you retain full ownership of all of your User Content and any intellectual property rights or other proprietary rights associated with your User Content.

We need to swing the pendulum back the other way. We need to be able to host ALL our own stuff, or at least, be the proxy whereby we manage access to all our own stuff (even if it’s hosted on a vetted, corporate-backed network in a large datacenter somewhere in the ‘cloud’).

When you come to see my pictures, you come through gallery.terrellrussell.com – but the images could actually be served from Flickr via API. And if/when I change that arrangement and move to smugmug.com via API, you’d still access them through gallery.terrellrussell.com.

I want dynamic sharing. I want to be able to put all my bits in one place (for sanity, for ease of backup, etc.) but I want some control over how those bits are shared with others (if at all).

I want dynamic privacy based on a set of rules. These rules can be simple. These rules can be complex. There can be sets of rules that seem to cover 80% of the people 80% of the time. The flexibility in a system like that would be paramount – how we deal with that flexibility is a different problem to be solved.

I want sharing rulesets that determine which stuff is visible and which stuff isn’t. I want to have rulesets that determine this visibility by viewer, type of data (pictures/video/status), viewer tags, tags on the data, reputation from a third party, time of day, time passed since the creation of the stuff… Let it be whatever – that’s the point. A rules engine that can handle arbitrary rules and apply them on the fly.

The graphic above is a first attempt at drawing what I want. People will come to get stuff from me (or send stuff to me). Their request will be processed through a set of rules I’ve put in place, identified as coming from a person/device I know, and then filtered through whatever authorizations that person/device has been granted. If they are then allowed to see or receive what they’ve requested, I’ll send it to them.

This has to be done with open source tools and protocols and we’ve already got two of them in the wild. OpenID for authentication and OAuth for authorization. Additionally, we have XRDS-Simple for service discovery. We need an Open SharingRulesEngine (OShaRE?).

I want to have a full audit of how my stuff is getting accessed. I want the ability to drill down and figure out what’s going on. Not that I’ll use it very often – but I want to know that I can.

I want to be in control of who sees my content. If you see a photo I took, embedded somewhere else, I’d like to know that happened. I’d like to have a feel for where the edge of my ‘influence’ lies and how it’s interacting with the rest of the world.

We’ve seen rules engines and rulesets and recipes before. They exist for business and email (procmail) and distributed archival infrastructure (iRODS). Help me build one for granting access to my stuff!

This could all be a pipe dream. I’m not convinced one way or the other (the current sticking point is the realization that the gatekeeper software has to know about every piece of content I create/store… complex… but doable…). But I do know that if the option for individuals to host their own identity and their own content is available, the market for innovation will move that much faster. And that’s almost always a good thing.

Whaddya say? 2 years for basic infrastructure that can do this? 5-7 years before it’s polished and anyone is using it but me?

As I wrote over at claimID, we had an incredible few days. There was a new energy in the air this time as interoperability was assumed and a focus on services began to take centerstage. There was a lot of talk about Reputation, OpenID 2.0, and OAuth 1.0. We’ve got the pieces now to begin building compelling applications and services. The business models will be appearing in May at the next conference.

We even had an impromptu OAuth party on Tuesday night in honor of the spec being released. Smarr/Recordon/Wachob/Hammer-Lahav/Messina and myself.

I ran a session on Tuesday morning on OpenLifeBits (thanks to John Panzer for the wiki notes) – and had some excellent feedback as well as discussion around what we should be building to house/manage our personal information. How do we define these bits and who owns this content? Is the information we have housed in the corporate silos our own? If someone else is involved in the creation of a particular piece of data – do we both own it? Do we own it jointly with the company as well? A friend request on Facebook – who’s is that to share? Mine? Hers? Facebook’s? Legally, today, it’s Facebook’s.

I’ll take credit here for two quotes captured on the wiki:

“Stalkers were on MySpace, now Facebook _is_ the stalker.”

A little over the top – but definitely something I feel strongly about. We’re seeing individuals post more and more personal information into corporate repositories willingly and without due consideration for where their information is visible and/or to be used under the terms of service.

I see Beacon as part of a greater slippery slope – we’ll all be living, publicly documented, without recourse.

“It’s a good thing that a bad thing became public” — on FB Beacon.

I feel strongly that Beacon is only the first public-facing version of what these large corporations have been doing for years. It is completely naive to think that companies will give away their services for free to the consumer without trying to leverage what they learn through statistics and demographics to make money. They have to have a bottom line, or they go out of business. Free or not, this stuff costs money to run.

When Facebook shows the public what is possible with their data, at first we squirm and yell, then we realize that we like more targeted information – it becomes less about SPAM and more about information we actually wanted.

The tricky part lies in where that fuzzy line of ‘worth it’ is drawn. Is it worth it for me to give my information to a company so I can get a free burger or $5 off my next box of detergent? For most consumers, the answer is clearly yes – or we wouldn’t continue to see these types of offers.

A quote from Alison Black:

Getting inside people’s decision-making, to inject caution before commitment is likely to be extremely difficult (even with well-understood hazards, such as smoking and alcohol, health educators have difficulty getting their message across). But given that there is a likelihood that many people will continue to act humanly and, therefore, incautiously, there is an opportunity for companies to commit openly to respectful data handling. It may cramp their style for trading data in the future, but as more companies commit themselves to rigorous standards, those that don’t will stand out. Maybe this contrast could pique people’s consciousness just enough for them to ask ‘whatever they’re offering, do I want to hand my data over to them?’

When things like Facebook Beacon force us to realize what is happening behind the scenes, we’re more likely to have informed opinions in the future (which is a good thing). That said, I’m not holding my breath for when we’ll see all these companies go with opt-in as their default. In today’s market, it just doesn’t pay nearly as well.