Social Networking Sites Turn Outward
from the privacy-challenges dept
The New York Times reports on MySpace's new Data Availability project, which will allow third-party websites to automatically import information from a user's profile, saving the user the hassle of re-entering it on a bunch of different sites. As the Bits blog says, this is a smart move and could be the start of an important trend toward making MySpace a more outward-focused platform. Facebook wasted no time in announcing a program of its own called Facebook Connect that will have similar functionality. And now it looks like Google will rolling out an extension for Open Social that will provide some of the same features. We've said before that the achilles heel of social networking sites is that they're so inwardly-focused. In the long run, it's going to be difficult for any site—even one as large and technically savvy as Facebook or MySpace, to get users to stay inside of a walled garden. The site that figures out how to be a platform that other sites use for identity management will have a huge advantage in the long run. MySpace and Facebook appear to regard this kind of outwardly-focused platform as the next frontier in social networking.
They're going to face some serious challenges in the privacy department, though. We discussed the privacy dilemma with Facebook apps back in January, and both Facebook and MySpace are going to have to grapple with the same set of issues with their new strategies. On the one hand, they need to lock things down sufficiently that one bad (or compromised) application can't suck down a ton of private user data and do bad things with it. On the other hand, if they are too restrictive, it will limit the usefulness of their platforms and discourage third-party websites from using them at all. Striking this balance, and coming up with security mechanisms that give sites the information they need without giving away the store, will be crucial to these initiatives' success.
I think it's possible that these problems will prove intractable. Ordinarily, when we talk about an "open API," we mean an API that anybody can use without any kind of pre-approval, and that doesn't constrain how data received through the API is used. Obviously, MySpace and Facebook aren't going to want to offer an API that's open in this sense; there's too much potential for mischief if an application can trick a user into authorizing a malicious application. So unless they can come up with a really elegant mechanism for limiting the spread of information, there's going to have to be a vetting process, which will mean extra overhead that limits how quickly the platform can grow. It's going to take a lot of ingenuity to make these platforms open enough that a lot of potential partners can participate while keeping them closed enough that they don't become vehicles for the bad guys to cause problems.