Mozilla’s Experimental Lifestream Application

Sarah Perez at ReadWriteWeb explores a new Mozilla Labs project, sudoSocial. I’ve experimented with running my own instance of a life streaming application before. I installed and ran sweetcron on my server for a time but soon tired of it as it didn’t really help manage all the social data and interactions in which I am constantly awash and adrift.

I have mixed feelings towards life streaming applications. I desperately want better tools for aggregating and publishing my social messaging and as part of that suite capabilities to better own and manage my social identity. Despite some good independent progress, I don’t feel like sudoSocial or any other recent efforts really advance the state of play.

We have an ever increasing number of open standards from OStatus to PuSH and ActivityStreams. There are a lot of open source projects and services that partly cover the space but none that come anywhere close. The missing puzzle piece is the critical interconnection. With the standards in theory it should be very possible. In practice we need a critical mass that simply has developed yet.

I’ll add this one to the potential list, along with Raindrop, to watch for future development. I am not optimistic but am at a loss as to what might help spark better convergence amongst these different pieces-parts and most critically with the very popular, mostly closed services all the non-techies are using, forming a vast social anchor of combinatorially large dimension.

Diaspora Proposal: Open Source, Distributed Social Network

I’ve seen a couple of people link to this, including EFF. Diaspora proposes to build a distributed, open source social network following a model that is very similar to WordPress and StatusNet. In fact the project, which is seeking funding with their proposal on KickStarter, makes an explicit reference to running a hosted service exactly like WordPress.com. I am a big fan of both of these existing projects for the fact that they provide both the open software for those with the means and inclination to run their own instance and a service for anyone else who trusts them to do that heavy lifting. Further, StatusNet is one of the most prominent projects using the AGPL, so it is the very definition of a high value, free as in freedom web service.

Diaspora will also be released, as it happens, under the AGPL so no one running an instance can make any of their improvements proprietary. More importantly, no one can use any modifications that would be hidden from scrutiny, changes that might threaten the security and trust the project is trying to build.

Each user will be able to host their own server, or seed, and all the end points will be able to share data securely, leveraging strong open source encryption, Gnu Privacy Guard. The core idea is to put identity and discretion in who to trust back in the hands of the user. I am all for this idea, even if it doesn’t gain as much traction as the existing proprietary systems, it at least gives us a choice. My experience of the community at Identi.ca, the original hosted StatusNet instance, makes me optimistic as the people on such open services tend to be much more dedicated to the underlying principles.

I will also be curious to see how Diaspora will compete with Facebook and others. StatusNet has played a very cagey game with Twitter compatibility that seems to be paying off. If Diaspora can interoperate with the applications people use with Facebook and keep the migration cost low, that could prove key. Facebook’s privacy depredations could fuel interest in Diaspora the same way Twitter’s early outages drove folks to alternatives, including StatusNet.

It is unclear if the team, four students in New York, will continue on some scaled down version of the project without funding. Right now, with just over thirty days to their funding goal, they are over halfway there. I pledged support, it is risk free (other than registering for yet another site). If they don’t reach their goal, none of the pledges are charged. Given the potential gain, it seemed worth it.

Yet Another Open Identity Push

At RWW, Marshall Kirkpatrick describes yet another open identity effort, not surprisingly from a coalition reacting to a popular but uncooperative service. And again it is Facebook inspiring this latest competitive, open specification.

I had to visit the specification section of the XAuth site to understand how it differs from OpenID and OAuth. The main difference appears to be that this protocol is designed to allow sharing between multiple social services and multiple third party sites without creating a combinatorial mess of code and behind-the-scenes requests. It takes a page from the PuSH spec, using a third party hub through which “extenders”, or service providers, and “retrievers”, or client sites, communicate. It has similar management capabilities to OpenID but lacks even the simplistic identity sharing capabilities, at least in the spec itself. I find that a bit of a step backwards in terms of more easily distributing and managing my social identity.

I am inferring that XAUth does, or will eventually, provide access to your social graph on an extender service. Kirkpatrick states that it will allow 3rd party sites to request information about you from participating social networks. It is unclear from the spec page how this will work in practice. Unless it is like a combination of OAuth and OpenID such that the authentication both logins in the user and establishes trust between the service provider and the client site. I wish that was made more clear in the project page though going by the examples Kirkpatrick shares, it has to be close to the way things will work.

If my theory is right, the social networks will be responsible for wiring XAuth into their existing account settings. I don’t find that prospective either attractive or confidence inspiring. Sure, if the specification tried to be too pushy about what implementers have to do, it risks sluggish adoption. However, giving the providers a more free hand makes it more confusing to users about what will and will not be shared, or even whether one of their social networks is participating in this system for 3rd party info sharing.

As I always do with these efforts, I have to ask why existing technologies were not deemed good enough for the task. Both OpenID and OAuth have had more time to bake and address not just the privacy issues they concede in talking to Kirkpatrick but the security issues a larval spec like this is inevitably going to exhibit. I get that OpenID and OAuth won’t scale well with a cluster of interacting sites and services but an incremental addition of a central hub would seem less risky than building yet another spec from scratch.

WebFinger, a Silver Lining of Buzz?

I’ve made my skepticism of Buzz clear. ReadWriteWeb points out one star in the constellation around Buzz’s launch about which I am more optimistic: WebFinger. Yes, it is intentionally a reference to the finger command and the identd service from Unix. The details so far are clearly aimed at developers. It remains to be seen what services and applications will crop up around Google’s pushing of parseable profile and social graph data with email addresses.

The potential that has me hesitantly excited is that looking through the kinds of data that can be queried via WebFinger, it seems like the best recent attempt to crack the profile fatigue I’ve come to associate with new social services. If I can establish my profile one last time on a WebFinger capable site, like gmail, then maybe, just maybe the next registration prompt I get slapped with can be satisfied by just giving it my gmail address and authorizing what data can be shared.