A more scatterdash followup to the previous, based on a few related discussions and responses.

I’m surprised that danah endorses Robert Scoble’s claim that it’s hypocritical to complain about Apple’s walled-garden approach to iPhone development while embracing Facebook’s closed-off model. (That Scoble is cheering on Plaxo, a site that I gave up on when it did a Quechup before Quechup, is curious by itself.)

It’s a cheap shot, and it’s based on a misleading conflation of code and content. After years of cultivating cottage-industry developers with XCode and WWDC and hardware and OS previews, Jobs’s ‘Let them code Ajax’ moment at WWDC went down like a flat fart.

A thought experiment: what would have been the reaction if Jobs had announced a SDK for third-party iPhone apps — a SDK that only allowed the creation of apps that ran in their own sandboxes, without access to user data, call data, or the data held in any other app? A few groans, I’d imagine, but nothing like the complaints of developers told, in essence, that their expertise in OS X counted for bugger-all on this particular platform.

The distinction between code and content, as I’ve hinted, isn’t always an easy one, but the distinction between an independent OS X developer wanting to build a native iPhone version of Bejeweled and an independent Facebook Platform developer seeking nebulous access rights to personal data seems clear enough.

::

This really oughtn’t to be seen as a ‘take issue with danah’ post, but I am going to take issue with the premise of a graf that Mr Hammersley pulled out:

I think that one of the reasons that the tech crowd lurves Facebook is because they both want the “transparent society.” This is the philosophy that information dissemination can only be beneficial and that people should not seek to hide things.

I suppose my big question is: ‘which tech crowd is this, then?’ My own tech crowd, as far as I can tell, is much more reserved these days, and the Quechup cock-up was significant because of the sheer embarrassment it dumped on people who rightly consider themselves pretty savvy about online privacy. It’s problematic being in a position where you’re essentially duty-bound to dip your toe into whichever new 2-point-oh site is generating buzz; given the option, my guess is that most of the tech veterans I know would circumscribe their online social activities to the few spaces where they feel most comfortable.

This isn’t to deny the existence of ideologues of the ‘information wants to be FREE (especially your bra size)’ variety, and my gut feeling is that British tech/soc types are generally less inclined towards that kind of absolutism. [insert cod-sociology, home as castle, twitching curtains, national reserve, lots of people living in small houses squashed up close, &c. ad nauseam]

All that said, I completely share danah’s discomfort at the tenor of Facebook’s current growth: it’s based upon wretched principles. I also agree that the impulse towards making-public is driving out the capacity to be private, though for programmatic and commercial reasons rather than philosophical ones. That data privacy laws in the US are awful, and data-handling practices atrocious, means that there’s an awful incentive to back winners, or keep potential losers from going under, because who knows where that database dump (or even that server hard drive) will end up once CopyCatster.com liquidates its assets.

There’s a different sort of transparency that I fully endorse: transactional transparency. How much is my locked-down profile worth to Facebook, and how much more would it be worth if I unchecked all those damn boxes I had to check? Are you going to make it worth my while to have my profile pop up in Google? Are you cynical enough to make user privacy a paid option?

The wider point: while the appearance of transparency can be was deceptive as the appearance of privacy, the perception that you’re evading transparency — like Jobs’s bait-and-switch on iPhone development — just encourages users to think the worst. It needs to be implemented at the transactional level (what does this do? why are you asking this? why the small print?) and at the very least, when you’re asking for more.

If any transactional element of your business model is based upon deception — and believe me, we can smell your business model from your UI — you’re a con-merchant.

::

The good Mr Yoz points me to this explanation of OAuth, an attempt to formalise the delegation of access privileges in granular, limited ways through API tokens. It’s an encouraging step forward, and while it doesn’t address fundamental issues of trust, it proves that all-or-nothing API access to password-protected data is just a product of lazy code-centred thinking.

That kind of brokering, or some kind of ‘trust escrow’ is a less problematic solution than the recursive nightmare of networks of trust for networks of trust; we rely on something similar for commercial transactions, though card-validators have the small advantage of being backed by large financial institutions. Another alternative might be some kind of third-party auditing model, again along the lines of e-commerce, but that brings along another set of issues.

(OpenID, on the other hand, remains the Schleswig-Holstein question of the internets.)