Martin Gordon's Blog

Mr Scoble is making headlines again, this time for getting kicked off of Facebook (now he's back in, although I wonder if someone not as high-profile been given the same luxury?). He got caught scraping data off of Facebook using a feature of Plaxo Pulse, a competing social network. I'm all for data portability, but this of course raised the question of who actually owns the data in your social graph.

Clearly what came out of this is that it's no one's data but Facebook's. It's clear they control access to it, so there's nothing stopping them from keeping it from you. After all, Robert wasn't just restricted from accessing the data he was scraping, he was also restricted from accessing his own profile, including photos, videos and other content that no one would argue he doesn't own. And it's in Facebook's interest to make it their own. Their top two (only two?) competitive advantages are closed access and momentum and the former drives the latter.

Facebook is being pulled from opposite sides by the push for open access and by the necessity to ensure privacy. They get in trouble for not doing enough of both even though the means to achieving both are often at odds. To that extent, there are three levels of open access Facebook (or any social network, for that matter) could offer while maximizing privacy for those who require it:

My Data
First things first, let me pull my own data out - my list of favorite music, my photos, my videos, etc. I let the network borrow it and I have a right to take it back (and take it with me). Furthermore, all of this is stand-alone data and does not reveal any information about my social graph. My pictures might reveal other people in my social graph, but tagged friend data is explicit revelation of that shared data and doesn't come along for the ride at this level.

Our Data
Second, let me pull out my links. This is shared data, but since the existence of the link is usually public knowledge and doesn't reveal any real identifying information other than your name, letting me take this data with me is probably okay in most circumstances. It would be safe, though probably unpopular, to make this shared data opt-out instead of opt-in.

Your Data
Finally, there's your information. This was the stuff Scoble was pulling out en masse and rightfully got in trouble for. I can take your favorite movies to my Netflix buddy list or your work info to my LinkedIn network, but only if you let me. Here's the kicker though: I have to let you have my data too. I shouldn't be able to post your pictures on HotOrNot (or explicitly say you're you in one of my pictures) unless I give you the ability to do the same.

Facebook doesn't currently let anyone do any of this. It's easy enough to get away with grabbing my own data, although it comes out in a non-standard format. Pulling out my links is a still quite trivial, though somewhat useless given the current state of things (meaning I can't do much with just your name and there isn't much to do even if I could). Robert proved it's feasible but risky to pull your data. For all Facebook knows all 5000 of his friends would happily let him have their email addresses and birthdays.

It's clear that a solution that maintains privacy and provides open access exists, I came up with one in less than an hour (though admittedly implementing it is a huge task). The problem isn't that a creepy old (just kidding on both counts :-p) blogger wants to wish me a happy birthday. The problem is that under the guise of protecting privacy, Facebook continues to block open access to data that wants to be free when all they're really doing is protecting their business model.

Technorati Tags: Facebook, open standards, business model, privacy, data, social networks, social graph