Security Camera - Photo by Sirius Rust
Beth threw down the gauntlet, and I had to pick it up. I’m sort of surprised I hadn’t written about this before. I think a lot about both of these, not so much for myself, but for organizations that I work with whose work is fairly sensitive.
First off, some definitions – I think that these two terms do get mixed up quite often, and understanding what’s really being meant by them in a technical context is important.
Security, in this context, is the concept that your personal computing resources and data are safe from both prying eyes, as well as hijack by crackers and spammers who will use those resources and data for their nefarious ends. In the case of your computing resources and personal data inside that box you call your laptop, or protecting the whole of your home or office network, security is a matter of using specific tools that prevent unprivileged outsiders from getting in. Wifi passwords, firewalls, password protected fileshares, virus protection software, etc. are the tools of the trade here. Security of your private data that is “in the cloud” is largely at the mercy of the software developers who hold your data. Luckily, most of them take security quite seriously. (That said, your data “in the cloud” can be compromised by lack of security on your network or laptop – someone installs a key logger, for instance, and grabs all of your passwords.)
Privacy, in this context, is that you can control, in a granular sense, what information about you is exposed to whom. Privacy is, as Beth says, primarily a matter of human behavior, but there are very interesting intersections with technology and security. In some instances, services have default privacy settings that are a lot less private than someone might like – and it takes some know-how to figure out how to correct those settings. Privacy is, also, a set of decisions that get made – sometimes in haste, or without much consideration. Your drunken decision to post that picture of you (or a co-worker) dancing in your underwear on a table at a party, the cat is out of the bag, and may never be able to be put back.
Security and privacy in the context of online communities, as Beth points out, are different beasts. The software that drives online communities (such as Drupal, phpBB, and others) have options to allow for varied levels of security. You might need to have a password to see anything. Or you might just need a password to make comments. You might not be able to just register for an account – you might need to go through an admin. These days, most software driving communities have roles you can assign people to, with specific privileges granted per role.
But privacy is made up of policy (the policy of the organization running the community) as well as the behavior of the members – their collective agreement that “what happens in Vegas, stays in Vegas.”
Tagged as:
nptech,
privacy,
security,
web2.0
I did a kind of radical experiment a couple of weeks ago: I de-friended almost all of my nptech and client Facebook friends (cutting my friend count by more than 60%). I had a few reasons for this, and over the past couple of weeks that I’ve been living this experiment, it’s made me quite happy. Of course, everyone is still on Twitter, and Linked in, etc., so I still feel connected.
Even though I tend not to blog anywhere near as much as most of my colleagues about social networks (because it’s really not my passion,) I’ve been a fairly early adopter, in the broad sense (of course, if I compare myself to Beth Kanter, I’m a laggard.) I have an account on all of the major social networks (and some of the obscure ones, too,) listen often, and update fairly regularly. A while ago, I realized that I would keep hearing the same nonprofit technology related stuff, over and over again, and I realized I was contributing to that by using Ping.fm to send the same status notices everywhere, or connecting my twitter account to my facebook and linked in accounts, etc. (actually, I think it might even be possible to create an infinite loop doing that stuff.) I stopped doing that a while back.
Now of course it used to be that all of my Facebook “friends” were other nptech early adopters. But around two years ago, a steady stream of my real friends started to come on, and then about 40% of my Facebook friends were non-nptech related. I noticed two important things: first, a status notice that a real friend was having a hard time would get buried in the cacophany of new reports, new campaigns, new blog posts, etc. Not a good thing. Also, I noticed that I censored myself on Facebook – I wouldn’t say things to friends, or play games, or take silly quizzes because I felt the need to be “professional.”
So all of that lead me to make Facebook a “work-free” space. I left work-related groups, disconnected this blog from Facebook, etc.
And doing that led me to think a little bit about how we nonprofit technology leaders use these social networks, and how we work with our clients to use these services. I do think that still, the majority of nonprofit organizations aren’t all that connected to social networks. I’m not entirely utterly convinced yet that all of them should. And I do wonder about the echo effect – if you are an early adopter, and you are on multiple networks, you are going to hear the same stuff over and over. Is that a good thing, or a bad thing? Should we be suggesting that organizations tailor much more specifically their messages, rather than using the services that allow them (and us) to send the same updates everywhere at once?
The technology behind social network strategy and implementation is way more my bad than communications strategy, but this experiment has opened my eyes to some of the things we may be doing wrong. And, of course, there is an entirely interesting conversation to be had about the issues of work and personal life, but I’ll save that for my other blog.
Tagged as:
facebook,
nptech
Facebook Connect was announced a few days ago, and, of course, it’s the talk of the Web 2.0 world. Beth Kanter, as always, has a nice overview of what it is, and what it might mean. Google Friend Connect has been around for a few months, but they just opened it up to everyone last week.
What do these two toolsets mean? Are they truly open, and based on open standards?
Just a quick definition: the “social graph” is, basically, your data about who you are, and who is connected to you – who your friends are. A portable social graph would be one that you can take with you, wherever you are – so the friends that are connected with you on one network are also connected with you on another. It’s the holy grail of social network connectivity – you are connected to who you are connected to, no matter what site you are on.
Google Friend Connect is a toolset based on three standards, two of which are open, one of which could probably be considered an open standard, but it originated with Google: OpenID, OAuth and OpenSocial. Any social network that can use these three standards can be drawn into the open social network web using Google Friend Connect. Any user on any of the social networks that use these standards can connect with their friends on others that use these standards.
Facebook connect, on the other hand is a proprietary process that competes with OpenID, and is only a two way communication between other sites and Facebook – it’s not at all open. And, if you are not on Facebook, that other sites use Facebook Connect won’t matter to you. (For instance, it won’t help connect LinkedIn with MySpace.)
Facebook Connect is not the portable social graph we’ve all been hoping for – Google Friend Connect is a bit closer to it. Both Google and Facebook are interested in being the repository for your credential and social graph data. However, the fact that Google uses the open standard OpenID means that you can actually control where that data lives – and that is not the case for Facebook.
What is most annoying to me is that Facebook Connect is proprietary, and it competes with an open standard, OpenID. They could have just as easily implemented the open standards – but they chose to go in a different direction. For most of the social networks except for Facebook, the walls of the gardens are coming tumbling down. But Facebook is basically just enlarging their walled garden.
What does this mean for most nonprofit organizations: not a whole lot. This is going to take a long time to shake out, and only the most Web2.0 savvy nonprofits are going to be doing technology projects that will involve implementing either of these new toolsets.
Getting involved in a social network, whether it be something like Facebook or Myspace, or a content-connected social network like flickr or delicious (I’m starting to get used to writing that without the dots,) is pretty easy. But there are SO many, and they all have their pros and cons.
What I have learned, though, is that a social network is only as good as something that you have absolutely no control over: how many of your real friends and colleagues use it. Sure, you can join a social network, and “friend up” a bunch of people you don’t know. Perhaps you’d meet some cool people. But you’d primarily be wasting lots of time.
And if you’re a nonprofit trying social networks out to figure out how to leverage your modest resources for maximal impact, it’s really important to know where your constituents are.
Over the last two years, I’ve joined more social networks than I can count (even after I vowed, and only a couple of times violated my vow to only join social networks that were based on open standards, like OpenID and ODD (Open Data Definition.)) The content-focused networks, like delicious, slideshare and flickr, I generally use as primarily a one-way method of publishing specific kinds of content to people I know (and, of course, people I don’t know, since it’s public.) I’ve learned that there are only a few that I really need to bother with:
- Facebook: I consider it a watershed moment when my partner joined Facebook last week. The majority of people who are my Facebook friends I’ve actually met in person, and a surprising percentage of my actual, real, in person friends are on Facebook (considering that I am a relatively old fart of the Facebook set at 49.) I’m not bothering with MySpace, Orkut, etc. etc. If, perchance, there was a wholesale migration of my friends to a new platform, I’d certainly move, but it makes no sense to join a social network that might be more open, for instance, if no one I know is there.
- del.icio.us (sorry, I couldn’t help it): I actually barely use the social networking capacity of delicious. I use it as both my personal repository of sites I want to keep tabs with. I know it’s public, and it also serves to share with people interesting stuff I think is worth looking at.
- Flickr: I also don’t use the social network capacity of flickr much, except to keep track of the photos of a few real friends and family.
- Twitter: The nonprofit technology community has chosen twitter as the microblogging service that it uses, so even though I use ping.fm to send status updates to plurk, identi.ca, rejaw, and some others, I never actually go to those sites. Very few people I care about are there (and they twitter too, anyway.)
- Slideshare: Again, a service I hardly use for social networking – I use it to make public presentations that I’ve done.
- LinkedIN: The professional, serious, network. I hardly use it, but I know it’s there, and it can be useful sometimes.
- Plaxo: Once just my address book backup, it seems to now have become a social network on it’s own. I only agree to be friends with people on Plaxo who are actually already in my addressbook (or I know should be.) That keeps the address book more likely to be correct. I don’t want or need Plaxo to be anything else, thankyouverymuch.
- FriendFeed: The compendium, with comments and likes. It’s great that I can follow all of the content (blogs, tweets, Flickr photos, etc.) of people that I want to all in one place.
An oddball one:
- Seesmic: I am completely conflicted about Seesmic. For those of you who don’t know Seesmic – it’s a video conversation social network. I’ve had some great conversations with people (including Deepak Chopra, who seems to not post much anymore.) It’s fun, and I love the idea, and I think it has the potential to be very powerful. But, I have to say that it feels like 85-90% of the conversations on Seesmic are, well, inane. There are some great exceptions to this, like a recent conversation about electric cars. But then it seems like with interesting conversations, some guy pretenting to be a robot, or someone else will post something completely inane, and then it devolves from there. Of course, some large percentage of tweets are inane as well, but there isn’t the same overhead. It will take me half a second to scan the “I’m cleaning my garage” tweet (and another second more to scan the responses, if any,) but do I really want to spend 5 minutes hearing about it? And spend the time playing the responses to it? Not hardly. Also, unlike the others, there really isn’t a nonprofit technology presence (who has the time?) So conversations I care about aren’t really going to happen there until that changes.
I have been thinking about the software tools we call “Management Systems” – like Content Management Systems, Document Management Systems, Learning Management Systems… I’ve also been playing a lot with an open source tool called Elgg, and have also played, in the past, with Crabgrass, another open source … “SNMS”?
What do these tools allow you to do? They allow you to create stand-alone social networks. Think a whitebox version of Ning, or Facebook. Elgg, a LAMP(hp) project, started it’s life as a learning platform with social network features, but has transmorgrified into a social network platform with learning features. It’s definitely a new project, and a very new community (with some huge warts) but it is promising for organizations that want to create private (or public, perhaps) social networks that include groups, discussions, document sharing, bookmarking, blogs and other things.
Crabgrass is written in Ruby on Rails, and has groups, messaging and wikis, among other features. It’s a particularly interesting project, because it has a definite political purpose:
Designed for social movements working for social justice, Crabgrass will consist of tools which allow people to connect, collaborate, and organize in new ways and with increased efficiency. In particular, we aim to help groups to communicate securely, network with other groups, and make decisions in a way that is easy to understand, transparent, and directly democratic. Where traditional social networking is about connecting individuals, Crabgrass is social networking to facilitate network organizing.
In the end, I don’t advocate that organizations build new public social networks in the vast majority of situations – I think they should find the people where they already are. But private social networks have their place, and can provide a compellingly interesting platform for our nonprofit standard “members only” websites. People are getting more and more used to social networks as the vehicle for connecting to others, and this is one way to provide this in a private setting.
I just joined identi.ca. identi.ca is a microblogging service based on an open source project, Laconica, and all of the updates are copyrighted by a Creative Commons (Attribution) license. You can log in using OpenID. All really great stuff. I imagine, too, because it’s based on an open source platform, developers will begin to code in data portability (or have they already?)
The documentation is a bit lacking, and it’s clear that it’s a very new project. There are an increasing number of third party apps that can use it (it supports the Twitter API.)
So I’m on identi.ca now (follow pearlbear). Like all social networks, they are only as usable as people in your social graph use it, and it’s pretty sparse for me right now. But hopefully that will change.
Yet another great NTEN project is happening, spearheaded by Beth Kanter, to develop a Social Media toolkit for Nonprofits. It’s called “WeAreMedia.” I have been really slow on the uptake with this project (it started while I was on vacation, and I never caught up after I got back,) but I hope that I will be able to keep up, and participate more fully in it as it evolves and grows. The first set of modules, on the “Strategic Track” are already done. The next set of modules, that are more tool based (with case studies) are next to be developed. The project took a short break to catch its collective breath, and Beth has some thoughts and ideas that came out of that conference call.
I’m excited about this project – it’s gathering the knowledge and expertise of a great group of folks, and it will provide a free source of information and case studies so that nonprofits can best figure out how to step into the frothy waters of social networks.
A note: Most people will notice that I have pretty much lost my curmudgeonly approach to social media. A year ago, I was bear-ish on Facebook, and said I wouldn’t Twitter. Now, I tell my clients that they really have to think about a Facebook strategy, and that nonprofit staff can gain a lot from networks like Twitter. I’m up to 1,700+ updates on Twitter, and keeping up with my lifestream on FriendFeed is about as difficult as knowing where I’m moving to next.
No, I didn’t go soft in the head (well, some people might think so.) What has happened is basically a sea change in the landscape. Not only are Gen Y and Millenials engaged in these social networks, but a wider and broader range of people are. It’s fairly clear to me that going forward, increasingly, social networks are a major way people are interacting on the web – and nonprofits need to understand how to engage their constituents given those changing realities.
Of course, I’ve been a wiki fan since the very beginning, and I haven’t lost the desire for true data portability, and open source alternatives to the current social networks. however, as you all know so well, I’m a realist.
You’ve likely heard a lot about “cloud computing“. And what’s true is that the sales-talk about computing in the cloud certainly makes the conceptual issues behind it, honestly, well, cloudy. So I’m going to try and lay out the details of what cloud computing is, and how it’s useful for nonprofit organizations.
Quick definition
Cloud computing is basically running applications on the web via “Software as a Service (SaaS)”. That includes applications from Google Documents, to Salesforce.com, to Gliffy.com, (the service I used to create that graphic.) It also includes applications that you might develop (or have developed) that are hosted outside your network. That’s really all it is – there isn’t anything fancy about it. It still requires the hardware and operating systems, and databases that more traditional applications that are inside your network require, but, generally, you hand off that responsibility to the folks that host your application, and access the application through the internet.
Advantages to cloud computing
The basic advantages are that you don’t have to maintain infrastructure for applications, saving you labor costs, as well as electricity costs. Also, you can access the applications anywhere you go.
Disadvantages to cloud computing
Depending on the vendor and the application, you are dependent on them to keep the application up and your data intact. Changes in the application happen without your knowledge or consent. Your data is not directly in your hands, but in the hands of a third party. You are dependent on your internet connection – which could be a problem for mission-critical applications.
What makes it possible
Cloud computing is made possible and easier by two trends, two that have happened closely in parallel, one that is relatively recent: High bandwidth to the curb and massive data centers.
High bandwidth to your home or office is a necessary requirement to cloud computing. Cloud computing just doesn’t make any sense, or work in any reasonable way without it (have you ever tried to use Gmail on dial up?) As the bandwidth available increases (via FiOS, and other methods) cloud computing will get even more attractive to organizations and people.
Huge data centers are being thrown up everywhere, and more and more companies are getting into the business of providing hosting for SaaS developers. Companies such as Amazon are creating massive grid storage and computing services for applications in the cloud.
What makes it usable
Newer applications are using AJAX and Flash, to give the kinds of functionalities we’ve come to expect with desktop applications – so it’s just like having a desktop application with our data – except it’s “in the cloud” not on our desk. As the limitations of both AJAX and Flash are overcome (and as both develop further) expect even more usability for online applications. And, further, efforts like Adobe AIR, and Microsoft Silverlight, are bringing full-fledged desktop application functionality to applications in the cloud.
What you should do
- Make an assessment – will using this online tool really save money or time, or facilitate collaboration in ways that is not possible with local apps?
- Always read the privacy policy – if you have sensitive data, this might be a deal-breaker
- Always maintain your own backups. If the provider goes belly up with your data, you’re toast.
- Make sure access is secure. Read up on the security of the application
Today, someone on the progressive exchange list asked about a tool called Rapleaf. A story about Rapleaf in Clickz (a newsletter for online marketers) says this:
Rapleaf allows you to quickly and inexpensively find out the social networking footprint of those you’re marketing to. Just send the company your e-mail list and tell it what social networking sites those on your list are using, their demographics, the numbers of friends they have, how many widgets they’re using, even their interests. Rapleaf digs into the usual social networking sites (Facebook, MySpace, etc.), as well as newsgroups, commerce sites (like Amazon), review sites, forums, and news groups, and even searches the general Web to find out where your people are and what they’re doing online.
An interesting conversation ensued on the list – with some arguing that this was a problematic thing. I actually thought this could be quite useful for organizations to figure out how to allocate sparse resources in the Web 2.0 space. But that’s not the point of this post.
I realized that one of the most important things that we can do is educate the organizations we work with (as well as individuals) about privacy issues and data. When is data public? When is it private? How do we know? How can we assure privacy?
It is important to understand that Rapleaf is just gathering public information on people, based on their email addresses. It is an inevitable result of our desire for social networks, as well as our desire for information to be portable (like in RSS feeds.) What’s important is that we understand what is actually public, and what isn’t, and how to keep what we want to be private, really private.
Yesterday, the big news is that Google Health launched. Google says:
“Google Health aims to solve an urgent need that dovetails with our overall mission of organizing patient information and making it accessible and useful. Through our health offering, our users will be empowered to collect, store, and manage their own medical records online.”
Sounds pretty interesting, but hold on a second. Before you sign up, read the privacy policy carefully. And note: this application is not HIPAA compliant. Here’s why. They do have a point – since they don’t provide health services, they don’t need to comply with HIPAA. The language (especially in this table) seems to suggest that the privacy they are providing is better than HIPAA. I’m not so sure, and, in the end, it comes down to “trust us”. I’m just not so sure how far I should trust Google with my health care data. It gives me enough pause to trust them with my email.
