As I wrote over at claimID, we had an incredible few days. There was a new energy in the air this time as interoperability was assumed and a focus on services began to take centerstage. There was a lot of talk about Reputation, OpenID 2.0, and OAuth 1.0. We’ve got the pieces now to begin building compelling applications and services. The business models will be appearing in May at the next conference.

We even had an impromptu OAuth party on Tuesday night in honor of the spec being released. Smarr/Recordon/Wachob/Hammer-Lahav/Messina and myself.

I ran a session on Tuesday morning on OpenLifeBits (thanks to John Panzer for the wiki notes) – and had some excellent feedback as well as discussion around what we should be building to house/manage our personal information. How do we define these bits and who owns this content? Is the information we have housed in the corporate silos our own? If someone else is involved in the creation of a particular piece of data – do we both own it? Do we own it jointly with the company as well? A friend request on Facebook – who’s is that to share? Mine? Hers? Facebook’s? Legally, today, it’s Facebook’s.

I’ll take credit here for two quotes captured on the wiki:

“Stalkers were on MySpace, now Facebook _is_ the stalker.”

A little over the top – but definitely something I feel strongly about. We’re seeing individuals post more and more personal information into corporate repositories willingly and without due consideration for where their information is visible and/or to be used under the terms of service.

I see Beacon as part of a greater slippery slope – we’ll all be living, publicly documented, without recourse.

“It’s a good thing that a bad thing became public” — on FB Beacon.

I feel strongly that Beacon is only the first public-facing version of what these large corporations have been doing for years. It is completely naive to think that companies will give away their services for free to the consumer without trying to leverage what they learn through statistics and demographics to make money. They have to have a bottom line, or they go out of business. Free or not, this stuff costs money to run.

When Facebook shows the public what is possible with their data, at first we squirm and yell, then we realize that we like more targeted information – it becomes less about SPAM and more about information we actually wanted.

The tricky part lies in where that fuzzy line of ‘worth it’ is drawn. Is it worth it for me to give my information to a company so I can get a free burger or $5 off my next box of detergent? For most consumers, the answer is clearly yes – or we wouldn’t continue to see these types of offers.

A quote from Alison Black:

Getting inside people’s decision-making, to inject caution before commitment is likely to be extremely difficult (even with well-understood hazards, such as smoking and alcohol, health educators have difficulty getting their message across). But given that there is a likelihood that many people will continue to act humanly and, therefore, incautiously, there is an opportunity for companies to commit openly to respectful data handling. It may cramp their style for trading data in the future, but as more companies commit themselves to rigorous standards, those that don’t will stand out. Maybe this contrast could pique people’s consciousness just enough for them to ask ‘whatever they’re offering, do I want to hand my data over to them?’

When things like Facebook Beacon force us to realize what is happening behind the scenes, we’re more likely to have informed opinions in the future (which is a good thing). That said, I’m not holding my breath for when we’ll see all these companies go with opt-in as their default. In today’s market, it just doesn’t pay nearly as well.

I was in charge of the big schedule board again. We had it up much faster this year with less tape failures. Technique is very important. And having 12 hands.

I learned how to play Bughouse in the first session. Two chess boards, four players, two chess clocks – and it turns you a bit nuts in less than 10 minutes – which proved just enough time for me to recover before the next hour.

I hosted the next session in the Bughouse room on Expertise Location and had a very engaging discussion around the problems of figuring out “who knows what” and how to keep track of that when you’re trying to hire or place people on teams.

I lured them in with an explanation of my thesis work around Contextual Authority Tagging and asked for input from the “real world”. I heard lots of encouraging comments about how my work meshes nicely with the movement in today’s knowledge management circles away from documenting our knowledge into files (separating the knowledge from the person who knows it) to documenting the people, their work, and simply keeping track of who knows what.

The group agreed that my ideas around tagging others’ knowledge is related to the 360° interview process and the Johari window and its concept of a “blind spot”.

“Everything is pointers.” The overwhelming consensus was that the real way people figure things out is by asking other people, and moving up the chain of expertise until the answer is uncovered. If Bill (who knows about X) doesn’t know the answers himself, he’ll point you to Dave. If Dave doesn’t know, he points you to the next person. This is how we solve problems and if I can help companies do that in a more efficient, documented, trackable way – then everyone agreed I’ve got a very marketable project – as soon as I write it all down, show that it works, and then defend it and get out of school.

The most interesting comment to come from the day’s talk was about a “persistent gap” that may prove itself to exist between what a person thinks they know about and what the group around them thinks the person knows about. Identifying if and when that happens would be a very interesting application of this technique and something I hadn’t really considered before. I’ve been working under the very straightforward assumption that there will be convergence between the three “lists” of terms/tags in my experiment:
- What I think I know
- What they think I know
- What I think they think I know

We’ll see.

The current plan gives me a year to write down what those who have come before me have already done (called the Literature Review) and a year to prove and then write down my own work (called the Dissertation).

Then of course, I’ll have to be a part of that “real world”. Hmmm…

OpenID is in the air, and providing services across domains will become very important very soon. I think we’re still about six months out from the Big Bang. August. I’m calling it.

Verification underlies Identity. Identity underlies claims about a person. Aggregated claims underlie the reputations we ascribe to people. With reputation, we can do really cool stuff. And it’s coming…

Cross-posted at claimID proper:

ClaimID allows real people to aggregate what is online about themselves. It allows them to bring links together, sort them, talk about them, and generally refocus their online identity on their own terms. We’ve had great success so far in getting that message out – and the feedback we’ve received has been positive. People really like the empowerment and are pleased when their claimID page begins to appear in the search results for their name.

But we also want to convey that these links are validated – verified in some way. So we introduced MicroID and OpenID to our system. Since that time, people have been pointing to their own websites, their own blogs, and their own OpenIDs hosted at other Identity Providers (AOL, Verisign, JanRain, Livejournal, etc.). And with all of those identities, it made sense for us to create a trusted place for you to aggregate them.

Verified Page

Today, we launched a special page for each person that brings these verified links into greater focus. The verified information about a person is presented all on one page, in one place – and you can be sure that these links are maintained by the person who owns the claimID account because of the math behind the scenes. MicroID and OpenID are based on strong hashing algorithms and cryptography and have been designed to validate and verify claims – just the sort of thing we’re doing at claimID.

Our pages are at:
- http://claimid.com/terrell/verified
- http://claimid.com/fred/verified

They’re very clean and very powerful.

Once you find someone’s claimID Verified Page, you can be pretty sure that who you’re reading about at claimID is the same person at all those other sites. This allows us to really begin to tap into the power of distributed identity and maybe even hint at some uses for basic reputation across disparate websites. Of course, if you don’t want to display your verified identity, you can easily turn this off in your account settings.

We’re not done with online reputation yet, but the single verified page at claimID is a very strong early step.

Wikipedia founder Jimmy Wales told CNET in an interview that the Germans are coming—and they have a plan to save Wikipedia. The German-language version of Wikipedia will get an experimental overhaul in the next few weeks designed to cut down on vandalism, edit wars, and misinformation. How will it work? Through the magical power of trust.

In the German system, any user will still be allowed to make edits to any article. Those edits won’t show up in the live version of the site, though, until a registered user with a certain level of time and experience approves the changes. It’s a simple change, but one that could prevent the most juvenile forms of vandalism from ever appearing on the main site, which should do much to remove the appeal of vandalizing articles.

This is interesting on a few levels.

The wiki phenomenon we’ve all experienced in the last few years has definitely reached a tipping point – a point where an educated populace has probably heard of, and might even be able to explain, what a wiki is. We’ve seen NYTimes articles, CNN reports, and BBC broadcasts. We’ve considered what it means to be a ‘real’ resource for our children’s homework assignments – what it means to have a NPOV (neutral point of view).

But we’ve also learned that communities of trusted peers do a very good job of policing themselves (it takes a global village?). While inalienable rights are great, I think this movement away from ‘all users are created equal’ is a good thing. We need to better mirror our real world and give credit and affordances to those who are experienced. We should allow those who are the experts, those who have done this a few times before us, to have more say in how things run. They’ve probably learned something.

This decision by Wikipedia, while in part a reaction to a lengthy court case, is a welcome one. The pantheon should be allowed to speak a little more loudly than the peons. It’s only fair. We’re not all equal when it comes to knowledge. Trust, reputation and expertise are what allow us to divide and conquer. Adam Smith’s Division of Labor is most efficient when we let the experts do what they do.

I welcome this change and can’t wait for it to trickle across the rest of the Wikipedia and the rest of the sites that let allow/encourage user-generated content. The sooner we have more than the lowest common denominator, the sooner we can tap the real power of everyone.

Third, you have to participate in the online conversation. If you don’t, the party will start without you and how many of the millions of people online do you think care about your reputation? That’s what I thought.

Nathan Schock at Fresh Glue:

It all started when someone decided to have fun with a Wikipedia entry. Nothing new, right? It happens all the time. But this entry happened to be about Stephanie Herseth, the lone member of the US House of Representatives from South Dakota.

The wiki-hacker claimed Herseth was pro-life (she’s not), pregnant (she’s not) and engaged to her campaign manager (she’s not). The false information was taken down quickly, but not before it got a little more interesting.

Herseth is in a (very non-competitive) race for re-election this fall and her opponent’s campaign manager couldn’t leave the Wikipedia reference alone. He emailed it to several political bloggers…one of which happened to be the blog of the Rapid City Journal…who posted the full text of the email on the blog…and then defended their decision to do so.

As local political blogger Pat Powers noted, whoever put the false information on Wikipedia didn’t do Republicans any favors. Neither did her opponent’s campaign manager because now the discussion is about his email, rather than what they want to discuss. Not surprisingly the Herseth campaign has sensed the momentum in their favor on this issue and is calling for the campaign manager to be fired.

There are three important new media lessons here for anyone who cares to learn them. First, the Wisdom of Crowds is real and represents a new kind of information and fact exploration process. In the old days (only a few years ago) someone would research a story for days, weeks, months, even years before publishing the definitive account in a newspaper, magazine or book. If you wanted to respond to that account, you had to do the same thing yourself and it was very difficult to correct a story once it was published.

Today, the quest for the facts starts out in the open with a blog post or a Wikipedia entry. Everyone can read that information and respond to it. Eventually, the truth is discovered, as it was in this case, through the participation of a large group of people, like a virtual party. That’s why Wikipedia is always among the most-searched topics on the net. That’s also what makes blogging so difficult for most people to understand. Any one post may not be completely accurate, but is rather part of the process of getting at the accurate account. Sure, there will always be those who abuse the system, as there were in this case, but those people are typically found out and appropriately flogged.

Second, the Internet is not nearly as anonymous as you think. If I were you, I would avoid emailing anything you don’t want the entire world to see. Bad email pitches can find themselves on the Bad Pitch Blog or posted on another blog that (at last count) had 80 comments. And by the way, your computer has a little thing called an “IP address” that leaves a convenient trail for people to follow. As we learned from the Cluetrain Manifesto and Adam Curry, there are no secrets, only information you don’t yet have.

Third, you have to participate in the online conversation. If you don’t, the party will start without you and how many of the millions of people online do you think care about your reputation? That’s what I thought.

Two seemingly unconnected events caught my attention over the last week and it was only this morning that I put them together. The first is the now well covered Photo’chopped photos that Reuters carried and then retracted, and the second was the less known case of Kevin Corazza v. Kris Krug. [on Flickr]

and he concludes…

My prediction is that reputation systems of all kinds will increasingly become a focus for anything in the public view, and they will rely on techniques that capture the power of community to derive trust rather than a brand manufacturing it.

We are moving quickly towards a time and technology where distributed, calculable reputation is available. We’ll be able to query our network about a person or company and see their public reputation score, their public-facing history laid out in contextually relevant and timely, localized, helpful clarity.

We’ll be leaving trails wherever we go and with whomever we interact. Our history will play a role in our future, more so than ever before. The shadow of the future will loom larger than it ever has.

Today, our networks are divided, our personas are separate. We can, as long as we’re obscure and not famous enough to note, morph and change who we are. We can pick up and move to a different state – a different city, and become a new person – to a point. We are tied to our physicality. But this is less true today than even a few decades ago, and it will continue to become less true as we move forward.

None of this analysis is new, but it’s becoming increasingly obvious as the science fiction of just a few years ago is now very much a case of current events.

The two things I notice most about online reputation at this point in time is that everyone has an opinion and that the tools are so rough (read: bad). Usually the opinions are strong. Anyone who has bought or sold something online, determined whether someone is date-worthy, or investigated who edited the One True Wiki has an opinion about what they want and what could be better.

We talked about eBay and Amazon, claimID and my theory on consolidation of self. I was surprised by the lack of squirming that usually appears when I begin talking about how I think there will be very little public anonymity in the future. Private transactions, we’ll have covered – you’ll be able to purchase something from those you already trust with a minimum of credential passing, as your physical-world credentials and prior history will do just fine. Publicly purchasing something from a stranger, however, will require a trust and reputation that will be provided by third parties and confirmation services.

Since spamming a reputation requires more friction than spamming (artificially inflating) an eBay score or an Amazon persona, these transactions will become more secure. As the bar rises for what the ‘average’ consumer expects (they currently expect a little lock in the bottom corner of the browser), all our ships rise. The friction and effort required to create and maintain a ‘fake’ persona, in order to scam someone, will climb as well.

The group in Room C seemed to buy this argument and, to a man, agreed that we were going to consolidate our public selves in this way. Does that mean that I am very convincing? Does it mean I’m simply the one who has thought about this the most of the people in the room? Or am I actually right? What am I missing? Why is it so obvious?

Boy do I need some numbers to back this stuff up.

It’s really easy to do – microid.org

MicroID =
sha1_hex( sha1_hex(“mailto:user@email.com”) + sha1_hex(“http://example.com/username”) )

which generates something like this:

< meta name="microid" content="33bef99225cc32fe3c8c14e05c33e26266370778" />

With MicroIDs generated and positioned in the of these services – third parties can verify that the same person (with the same independently verified email address) is the ‘owner’ of that account. This is big. This is powerful.

Please leave a comment with any activity / updates…

del.icio.us – done!

flickr.com – forum thread

ma.gnolia.com – done!

linkedin.com

last.fm – forum thread – done!

43places.com

43things.com

youtube.com

myspace.com

digg.com

wikipedia.org – MediaWiki extension

blogger.com

livejournal.com

technorati.com

wikitravel.org – done!

plaxo.com – done!

Updates:

Aug15 – added last.fm forum thread

Sept22 – last.fm completed

Oct 20 – del.icio.us noted

Oct 24 – wikitravel.org added – and mediawiki extension linked

Jan, 08 – plaxo.com added (via myplaxo.com)

He makes a point about global identity identifiers (OpenID, LID, i-names, etc.) being capable of allowing “cross-context reputation systems to emerge”.

I think he’s right on – and I’ve been working on some plans for one of these systems over the last few weeks.

I think a distributed system built on the DNS and existing URL-based identifiers is the key and hope to show that a subjective, individualized opinion about someone can be collectively tabulated and measured in a meaningful way. I’ve been most impressed with Dr. Windley’s work. This recent paper is something new and should generate rich discussion and inspiration.

This work is directly related to the great discussion generated at the Identity Mash-Up in Boston in June put on by the Berkman Center at Harvard. A third day open-space discussion at the MIT Media Lab named The Laws of Reputation led directly to the principles in the paper. Go OpenSpace! I was not in the room as I was fixing a bug in claimID with Brian Ellin that 45 minutes. Blasted productive OpenSpace!

The checks and balances needed in these systems are straightforward. They fall out of the required list of elements for a review system to be successful.

1. Require a verified reviewer – Whatever this means in context. Over time we will see OpenID being used to build these systems and identities can be used across systems and potentially aggregated. For now, the walled garden is probably the de facto standard – but that is changing. Systems should definitely not allow anonymous comments to have the same ‘weight’ in whatever scoring or rating system is put in place. Perhaps a side area for anonymous chatter that fades quickly from view.
2. Require a comment/rating – This really does require full text for full explanation and context, everything else is too simple. However, that being said, a simple Lykert scale for a few attributes makes available the generation of statistics and otherwise easier analysis – full text is much harder to count (but much richer).
3. Require a reviewee – The item being reviewed should be a unique entity in the system. For systems where the reviewee is actually a person, and not an event or location or album, the reviewee should be a first class entity as well – able to leave their own feedback and comments/reviews. Here is where the power lies for future development.
4. Make available notifications for all parties involved – This is probably the most important. There should always remain the potential for further conversation about any review/rating. The system should assist in that regard – removing any/all barriers to further discussion and digging to the real facts and circumstances. RSS, email (opt-in or otherwise) should always be made available to all parties; reviewer, reviewee and others.
5. Administrators of the system should always have the right to remove – Probably the most contentious point, but necessary. The administrators should always reserve the right to edit what is said in the system, assuming it’s held in a single place and arguably a full record of what was edited. With a distributed system, this is nigh impossible, but we haven’t seen any like that yet. Distributed systems change the calculus dramatically for all elements of reputation, so this is a fair concession at this point in time.

All systems of this type benefit from the network effects they can generate. The value in the network definitely follows Metcalfe’s Law as the utility of any review area will be significantly greater the greater number of users and reviews posted. It might go without saying, then, that none of the above pieces really matter if you don’t have a proper threshold of activity. The long tail of networks doesn’t win in this regard. Only the big part of the curve gets to play this game today if the goal of the site is global significance (eBay, Amazon, etc.). If a network you are building has a lower bar for success (only your friends, or your school/job), then success can be reached much more easily with less users and activity.

I think that when reputation and identity are involved – these types of systems should definitely not allow for anonymous comments within the walls of the system itself. There is a place for anonymity, almost always, but it doesn’t have to exist formally within the channel. We can always whisper in the hallway or talk around the watercooler – or even print out anonymous rants on the office printer and leave them for co-workers to find and muse over… but the types of effects that recorded/refindable/searchable anonymous comments/rants can have for the person being reviewed are way too dangerous. Like Liz says in a later comment – faculty are much more worried about a boss seeing these potentially slanderous and false comments than they are about potential students seeing them. And without any real recourse, the deck is way too stacked against the reviewee.

A very different question posed later is also a good one. Should these comments be dissolved over time? Do they lose their temporal relevance as time passes and the class and the students and, no doubt, the professor has had a chance to change. If I’m an incoming student, does a review posted 7 years ago really have any relevance to me? Should it? How would I evaluate that?

I’ll write a little more about the pieces of a reputation/review system that I feel are necessary in the next post.

Update: Necessary pieces of a rating and review system