How are your girls? Privacy leakage in information flows

March 5, 2010 2 comments

One-way privacy settings are about as private as whispering to someone who insists on responding loudly (and often paraphrasing your whispers for good measure). So it is surprising that most, if not all, social networks allow one to specify the privacy of conversations flowing one way (those initiated by you) but not also of those flowing the other way (those initiated by others and directed at you).

Update: The New York Times has a piece that raises similar issues to my post. Here’s the relevant quote:

Yet an individual’s actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet … You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests … “Personal privacy is no longer an individual thing”

Polygamous Pimps

In response to a recent tweet in my buzz stream, a friend buzzed back:

“How are your girls?”

This particular buzz was public, which automatically meant all responses to it were public, including the utterly innocent question “How are your girls?”. Regardless of how air-tight my privacy settings in Google Buzz were, one can immediately infer some things about me: that I “have girls”. Most people would correctly understand that I am a father, though more creative readers may assume polygamy (or that I am a pimp).

Whatever your creative conclusions, one thing is for sure: an inadvertent leakage of my private details because of an inadequate online privacy model, one that largely regards privacy as flowing in one direction (uni-directional).

I am the captain of my ship. I am the master of my destiny.

Not when it comes to privacy, oh no!

Imagine a close friend bumped into you in a crowded elevator and asked how your new Viagra regimen is going on. From a privacy standpoint, you might as well have worn a Viagra costume to work, because the net effect is the same: an inadvertent leakage of your privacy. Assuming your friend had no ill intent, it is likely he was simply socially inept and did not realize the  privacy implications of their question.

It is clear then, that we are neither captains of our privacy ship nor masters of our privacy destinies. Why then, do most social media sites continue this illusion? Some sites allow you to specify an outgoing post as being private (Google Buzz example below):

Privacy settings in Google Buzz

privacy settings in Google Buzz

Two way street

As far as I can tell, no social site or app allows one to specify that conversations involving certain people will always be private, regardless of who initiated the conversation. This model of privacy correctly views information flow as a two way street (bi-directional), with privacy leakage capable of happening in either direction (you directly revealing your private information, or someone else revealing your private information while in conversation with you).

A number of chat applications implement such a privacy model in their “Off The Record” (OTR) features. Here is an excerpt from Google Talk’s description of their implementation:

We know that sometimes, we don’t want a particular chat, or chats with a specific person, to be saved … when chatting in Google Talk or Gmail, you can go “off the record,” so that nothing typed from that point forward gets automatically saved in anyone’s Gmail account.

… once you go off the record with a particular person, you will always be off the record with him or her, even if you close the chat window, and the two of you don’t chat again until several months later … We’ve designed this to be a socially-negotiated setting because we want to give users full disclosure and control over whether the person they’re talking to can save their chat. — What does it mean to go off the record

Wishful thinking

  1. I want to be able to go OTR with specific people, so that “nothing typed from that point forward gets automatically saved in anyone’s Gmail account.”
  2. I want this to be a “socially-negotiated setting” that does not make my privacy dependent on the technological awareness of my conversation partners.
  3. I want this setting to be persistent across all conversations involving specific people, whether one-or-one or in group conversations.Given the tight integration between Buzz and Gmail, it is not much of stretch to imagine a situation where a family member ask deeply personal questions in the midst of a public buzz stream involving my work.

In short, I want bi-directional privacy settings that work.

How about privacy leakage in conversations not involving me (from other people, to other people)?

Well, that’s a whole ‘nother can of worms.


M-PESA: the Black Swan of Mobile Money?

November 4, 2009 9 comments
a black swan

a black swan

“A Black Swan … is an event with the following three attributes.

First, it is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility.

Second, it carries an extreme impact.

Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.”

— Nassim Nicholas Taleb, The Black Swan: The Impact of the Highly Improbable, in the New York Times

M-PESA: the Black Swan of Mobile Money?

Lately I have wondered whether the rise and stunning success of M-PESA is a Black Swan. M-PESA, a mobile money transfer service developed by/for Safaricom of Kenya, was launched in 2007 and has seen staggering growth. Much has been written about M-PESA and equivalent services worldwide (a search for M-PESA at CGAP yields a treasure-trove of articles). None of the launched services appear to rival M-PESA in growth, even in countries with similar target demographics (Tanzania, next-door to Kenya, isn’t doing so well with M-PESA).

Let Sleeping Dogs Lie

While there doubtless are many factors explaning the M-PESA phenomenon in Kenya, the implicit expectation always seems to be that it is just a matter of time before a similar service somewhere replicates M-PESA’s success in Kenya.

I’m not so sure anymore. Here’s why.

With M-PESA’s success in mind, and its implications for a country’s financial institutions, regulators (hardly known to be trend-setters) are unlikely to approve a service with as much leeway as Safaricom had with M-PESA.

Being the first to market what was essentially an outlier, Safaricom in effect escaped the regulators’ scrutiny in the early stages of M-PESA. Infact, once M-PESA’s success came to the attention of Kenya’s banking community and to the Central Bank, they tried regulating M-PESA in a way that would have, at the very least, hampered its growth. Here’s an illuminating quote from Kenya’s Daily Nation:

Bankers are up in arms over the revolutionary innovation. They have complained that cellphone companies are operating bank accounts outside of any regulations.

“Money transfer on the cellphone is a great idea,” John Wanyela, an executive director of the Kenya Bankers Association, told the Sunday Nation.

“But you do not allow innovation to outsmart regulation….[It] has broadened access to the unbanked, especially those in rural areas. We can’t do what they (mobile phone service providers) do. All we are asking for is a level playing ground.”

Banks have put the Central Bank of Kenya on the spot, demanding to know what laws allow telecommunication companies to offer money services, saying Zain and Safaricom are invading their domain without much regulation, while they continue to operate under the stringent rules of the Banking Act.

The appropriateness of the regulation isn’t my focus in this post, rather it is the effect of the regulation (appropriate or not) on the growth of M-PESA and similar services.

It is unlikely, so it appears at this moment, that regulators in other countries would give any company such leeway. It is also unlikely that financial institutions, with a lot to loose from an M-PESA clone, would sit tight and hope for the best. What is more likely is that constraints, whether the result of banking-industry lobbying or well-conceived government policy, will be placed on any such services.

MTN’s Mobile Money in Ghana

The latest launch of a mobile money service in Africa, in this case Ghana, bears out my theory (Appfrica has more details). The MTN service, which has seen slow uptake, seems hamstrung by rules and regulations forced on it by banks and regulators in Ghana.

From the Appfrica article, MTN’s Mobile Money seems to burden merchants and customers in ways that Safaricom’s M-PESA does not. With MTN’s system:

  • customers need ID to perform *any* transaction
  • merchants are required to have a specific handset for customer registration (something Kenya’s Zain (then known as Celtel) tried and failed with Sokotele, its earlier attempt at mobile money (Zap is Zain’s current money transfer service).
  • customers have to sign for every transaction
  • merchants need a bank account from participating banks
  • the growth of the money-transfer network depends on banks expanding and accepting more merchants

Part of the reason for M-PESA’s runaway success has been its relative simplicity and lack of constraints, from the merchant/customer perspective. Fraud levels are somehow, and curiously, kept to a “manageable” level (if the lack of public outcry from Kenyans is anything to go by).

White Swans Galore

Sadly, it appears that M-PESA was an anomaly that won’t be replicated elsewhere anytime soon.

M-PESA succeeded, it appears, largely because there was no precedent, and hence little legislation standing in the way.

Perhaps regulators ought to factor this into their deliberations.

The Professionalization of the Consumer

October 21, 2009 Leave a comment

Cry Me A River

Here’s an interesting quote from a post at discussing the Microsoft/Sidekick/T-Mobile cloud fiasco. I’m trying hard to resist saying it was quite a storm.

What’s happening now is the IT-ization of the consumer. It’s a world where the head of house is CIO, the spouse runs the help desk and the kids do tech support. (Johnny, stop practicing piano and please get those Windows 7 security updated installed.) Of course, the consumer does it with no budget, resources, trained professionals or skills. This is a huge problem and the data issues we saw with Sidekick are just the tip of the iceberg.

Hmm… I’m tempted to say this is unique to the technologies of our age, that we are witnessing a truly unfortunate democratization of specialization (yeah, I know it’s a mouthful but bear with me). Except that it isn’t unique to our age or to our technologies and isn’t altogether unfortunate.

History Has A Nasty Habit Of Repeating Itself

Every generation, when faced with vexing problems, almost always laments the uniqueness of its challenges. I’m not entirely certain why this is so but I suspect it may offer some consolation for one’s inability to cope. As far as therapies go this may be a good one. Here are some counter-examples of the uniqueness theorem:

  • Healthcare: the medicalization of living, coupled with ready access to health information, has forced many to be virtual healthcare experts. How often do we Google different diagnoses and therapies?
  • Investments: shopping for a investment adviser is itself an exercise in mini-specialization. The depth of knowledge required is simply beyond what can safely be categorized as general knowledge. It is specialty knowledge.

As technology, for better or for worse, increases its hold on our lives, greater depth of knowledge will be expected of the general populace (what I call the democratization of specialization). I’m willing to bet on for better, despite the very real problems this view presents. Today’s specialty is tomorrow’s commodity, so dictates the marketplace of ideas.

Why This Is A Good Thing

Just as commoditization of goods and services leads to value creation higher up the chain, so does this transformation of yesterday’s specialty knowledge into today’s general knowledge.

I’m not a social scientist so I cannot back this up, but my feeling is that a better-informed population tends to make better choices, overall, for society.

And that is what progress is all about, right?


Update (Nov. 1, 2009):


Here is an interesting video on participatory medicine, a.k.a Health 2.0:

Participatory medicine is a product of its time: advances in medical technologies place increasing responsibility on individuals for their health care, while advances in different technologies make it increasingly possible for them to assume those responsibilities without attending medical or nursing school. Both kinds of technologies are tools designed to contribute to better outcomes. But the technologies do not constitute participatory medicine. Rather they enable it. Without tools ? insulin pumps, comparative quality ratings, in-home dialysis, and online patient groups, for example — participatory medicine would simply not be possible.

An excerpt from an article on the technical underpinnings of participatory medicine in the Journal of Participatory Medicine, a great journal even for healthcare laypersons (like me).


The Unbearable Powerlessness of Repetition

October 21, 2009 1 comment

The Power of Repetition?

Social Media advocates tend to get frustrated with the slow uptake of web2.0 technologies in their workplaces. Inspite of repeated “value propositions” to colleagues, not much happens. A blog post here, a wiki page there, all token entries really. The fundamental work ethic remains unchanged. Singing the song, drinking the kool aid and walking the talk (even of the ad nauseam variety) sometimes just don’t cut it.

This isn’t surprising.

After all, we’re asking people to fairly drastically alter their work ethic, and on short order. What is surprising is how many Social Media champions stick to the script despite the best evidence of failure.

Say It Ain’t So

I am yet to come across a compelling argument, from an employee’s perspective, for a more open work ethic. There definitely are many benefits to openness, and I ascribe to some of them, but most often these benefits are either to the employer or to someone other than the employees who will be expected to be open.

Say you are in the public service and are being sold on wikis and blogs. The benefit, to taxpayers, is blindingly obvious. The benefit, to you as a public servant, is much less certain. What looms large, from the employee’s perspective, are the risks involved in such openness. People instinctively evaluate actions with unclear outcomes based on worst-case scenarios. Openness is great when life is good in your unit, when things start falling apart and accusations take flight then openness starts to look like unwise exposure. After all, it’s a lot easier to be thrown under the bus when you’re exposed in great detail.

Older Than Your Wiki

This attitude is no different than the general risk-aversion among employees, and this predates social media by decades. Until people’s valid worst-case scenarios are dealt with, they will always be wary of genuinely working openly (the occasional wiki post notwithstanding). One can attempt to legislate openness, and that may have its merits, but appeals to the the inherent desirability of openness at the workplace need further strengthening and recalibration.

What’s Your Flava?

Perhaps the question should be: why do some work openly inspite of the risks that this entails?

I believe in openness because “if I have seen farther it is only by standing on the shoulders of giants“. They were open with their knowledge and experiences and I have been greatly enriched. Being in the information technology industry, I see the possibilities of openness and get excited by the ability to meaningfully engage in and with it. Sure there are risks but I get consumed by the potential.

It is unreasonable of me to expect someone not well-versed or interested in technology to have a similar passion. Most of the world population squarely falls under that category. Taking a message crafted for the choir and expecting non-believers to yell Amen! is a surefire zero-converts strategy.

f(a) + f(b) = “I win”

What about the risks of being open? Well, there are risks to being closed too. You have to decide which benefits you, short- and long-term. Social media proponents need to calibrate the message to target this intuitive cost-benefit analysis that we regularly employ. The parameters of the equation may be different for every organization, but the equation is still the same. Oh, a good “Social User Interface (SUIT)” is a constant in the equation.

In a future post, I hope to take the choir-strategy and give it a little street-smarts.

Social User Interface (SUIT): is the Enterprise 2.0 emperor naked?

August 26, 2009 4 comments

A lot has been written about why Enterprise 2.0 projects fail (the latest I’ve read: 14 Reasons Why Enterprise 2.0 Projects Fail).

Most of the articles I’ve read seem to ignore one point that I think is critical. In this post I will attempt to highlight that point.

In a previous incarnation with an international non-profit research organization, I piloted and implemented a “rogue” internal social networking application. It had to be rogue for the usual reasons (initial apathy from colleagues, hostility from IT types, zero resource-allocation, among others).

How hard is it to be social?

The biggest predictor of success, from my experience, was how well the application made it easy to be social. You’d be surprised that a vast majority of enterprise 2.0 applications make it quite difficult to be social in the way users already are. No wonder a lot of (re)training is required. No wonder user uptake is slow, if at all it takes off.

Instead of leveraging what should be the greatest asset out there, namely that humans already are incredibly social and want to further their social circles, most “social applications” toss out ways that work in the analog “real world” and try to digitally recreate unfamiliar ways of being.

Consider the following all-too-common mind-bending scenarios:

  • File-centric social applications:  I don’t know anyone who voluntarily shares files with colleagues just for the sake of sharing the file. People share information, seek comments, show-off their knowledge etc. Sharing the file is a means, not an end in itself. It still reeks of file-ism even after you add a few social widgets and re-brand.
  • The requirement for voodoo markup in some wiki applications: who wants to do that when there are other, albeit non-social, ways that have the added benefit of WYSIWYG editors?
  • The expectation that browsing to a website will be the primary interface for interaction with the application: what ever happened to email/IM integration? I purposefully only include email and IM as they already are accepted as legitimate in most enterprises (email more so than IM).
  • Context-aware search: it isn’t enough that search is content-aware. If users are to meaningfully engage with the torrent of generated information, context-aware search engines should display relevant information without the user necessarily searching for it. This is important as one cannot possibly search for information they are not aware exists!

Social like I already am

Despite a deep desire both philosophically and practically to go the open-source route, I finally had to make do with a quasi-open platform (Clearspace from Jive Software, now confusingly re-branded Jive Social Business Software) principally because Clearspace made it easy to be social in a way that users already were.

This was pleasantly borne out when users, some with little training but most with no training, took to the platform with surprising gusto. Infact, some users developed such a personal affinity for the platform that they considered it “our space and HR shouldn’t mess with it”.

The sum total of tools that a user is expected to use in order to engage socially is what I’d call a Social User Interface (SUIT). The net-effect of a conscious design decision to engage users in a socially intuitive manner, both at the visible and invisible level, is what makes for a well-designed Social User Interface (SUIT). On this metric, a good number of enterprise 2.0 applications need some dressing-up.

How one application suits up

Here’s how Clearspace won me over:

  • People, and the resulting conversations, were at the center of Clearspace’s implementation. Users “got it” after a short period of using it. More “complex options” like tag-clouds often only required quick explanations.
  • The wiki app wasn’t even called a wiki, and most definitely did not look like one, even though it was one. Expanding/restricting allowed editors, and commentors, was such a breeze.
  • A really neat feature is tight email integration where one can start/continue conversations, and create new content, from email. This allowed people who loathed visiting another website to be part of the community, right from within their email application. With time, some of these same people saw the added value of regularly directly interacting with the web application, because it was worth their time. IM integration was achieved via Openfire, open-sourced by Jive and which has very tight integration with Clearspace. This provided another avenue for people to be part of the community, with the exact same permissions, from their IM clients.
  • Clearspace has a great “more like this” widget that displayed people/content that is deemed similar enough to what you are currently interacting with. The search engine behind this is the venerable open-source Apache Lucene.
    • This is one area that is painfully lacking in Elgg, a promising and open-source “social engine” (I’m currently working on a Lucene plugin for Elgg).
    • A “semantic search engine”, for instance OpenCalais, might even work better (I’m also working on an experimental plugin for Clearspace and Elgg).

Better filters, and the “Trust Spectrum”

There is definitely room for improvement in all social platforms/engines/applications that I have come across:

  • There is no clear way to quickly determine where the content you are creating will end up in the “trust spectrum” (coined by Gia Lyons: the digital corollary to the observation that we selectively share information in the real world). No application, not even Facebook, has an intuitive and quick indicator of  where, in the trust spectrum, your post will be placed. Remember Twitter’s DM Fail?
  • Most social applications use a points system to highlight top/most-helpful/trusted contributers. While a noble attempt at capturing the social nuance that “not all opinions are created equal”, it is not something that comes naturally to most people. What is needed is a better filter, this is what this feature really is, that takes into account how we really determine who to pay attention to in our everyday life. I have some draft ideas on how this may work, perhaps for another post.

What do you think? What has your experience been with regard to Social User Interfaces (SUITs)?