OpenID | analytics

There is a lot of buzz of late regarding Robert Scoble getting knocked off of Facebook as he was testing out Plaxo and, in the process, scraping data from Facebook. The debate that has primarily raged has been around who “owns” our data when we load it into a social media site. I’m pretty sure that the Terms of Use we all blithely accept spell that out fairly clearly. I’m also pretty sure that legalese is largely irrelevant when it comes to the court of public opininion, as Facebook seems to continually rediscover!

Debbie Weil had an interesting take on the situation in her post: The controversial issue of ”data portability” (or what we used to call “privacy”). She makes the point that, “With so many of us living so much of our lives online we are trusting both that our ‘data’ won’t be misused and that it won’t disappear.” We don’t often enough recognize that data portability and privacy, if not directly in conflict, apply pressure in two different directions. Chris Brogan, Jeremiah Owyang, and many, many others have touched on the subject. In Brogan’s case, and in many of the comments on Twitter, the emphasis is on the nuisance factor of having to re-enter the same information in multiple places. Generally, there is some nod to “privacy” — “it needs to be secure, private, with configurable access permissions” — but that gets thrown in almost as an afterthought. On the other hand, it only takes one or two examples of some form of identity theft to give people pause about making their data truly portable. As a matter of fact, an on-going discussion in the world of web analytics is, “How much detail can we — and should we — track and keep on visitors to our sites?” And, when governments get involved, the emphasis is virtually always on ensuring privacy rather than on improving efficiency (in the U.S., HIPAA and CAN-SPAM come to mind immediately).

This is a truly thorny issue, and it comes down to trying to accurately manage personal preferences across multiple interrelated/interconnected systems. On one end of the spectrum, the privacy paranoid person resists sharing any true information whatsoever, and he can aggressively tell sites not to share his information in any way whatsoever — even with him! This poor soul is almost definitely going to give himself high blood pressure, and the shorter life he is going to live is going to be inefficiently lived as he continually puts up barriers that he has to repeatedly climb over. On the other extreme is the person who will openly share even his bank account details because he doesn’t believe it will ever bite him in the ass (we can label this archetype Jeremy Clarkson).

The reality is that 99% of us live somewhere in between these two extremes. Most of us believe that where we have placed ourselves on this spectrum is the obviously logical place to be. And most of us are uncomfortable shifting even slightly from our current position towards either end of that spectrum.

The person who has a finite number of cell phone minutes each month on herplan may fiercely guard that number while freely sharing her home number. Another person may have unlimited minutes and no issues with screening her cell phone calls as they arrive, so may prefer that number as her primary, most public contact channel.

This means any “solution” will have to be highly configurable. Which, sadly, means that it may be cumbersome to manage. And may struggle to get adopted. I’ll continue to keep my fingers crossed that OpenID, The Todeka Project, or some other approach can allow us to personalize our point on the privacy/portability spectrum.

I seem to be a fan of redux postings. I can’t help it — it so often seems that, within a few days of making one entry, something happens that reinforces or expands the point!

Quick recap on my original post on this subject: Chris Brogan made a short video about how he wished he didn’t have to provide the same information about himself — name, phone number, address, date of birth, etc. again and again and again. Why couldn’t he just have some place — maybe even a social network like Facebook or LinkedIn — be the holder of some sort of master record with all of his contact info? My response was, “Well, it’s a lot trickier than you might think.”

Now, several different things have happened to me in the past couple of weeks that touch on the same basic issue:

When Twitter announced a 12-hour outtage, a group rallied to make a temporary shift to Pownce…and began questioning why they had to re-invite / re-accept all of their friends on each social network they joined
I realized that Jeremiah Owyang has been thinking about OpenID quite a bit
I stumbled upon the Todeka Project and their MyID.is efforts (which I don’t fully understand — they’re a little thin on content)
I stopped by REI while travelling for work to pick up something for the kids

I’ll summarize the first three like this: lots of people are thinking about the problem, some with more depth than others. There’s no easy, obvious solution.

Mainly, though, I’m going to focus on the REI experience.

Here’s a little background:

I’ve been married for 13+ years, and Julie and I have settled into some pretty clear roles and responsibilities
Shopping is not my thing; I avoid it like the loud, drunken co-worker at the company’s annual Halloween party
When I do have to buy things, I try to do it on the internet; if I have to shop in person, the checker could overcharge me by 50% and I’d be so busy mumbling and avoiding eye contact that I might not realize it until an hour or two later, after I’d recovered from the interaction (am I starting to sound like Monk?)
I have a name that falls in the second tier of “commonplace” — the first tier being reserved for the John Smiths, William Joneses, and Tom Johnsons of the world: in my high school of 400 students, there were two Tim Wilsons and two Kim Wilsons — in a school with a crappy intercom, that made for lots of confusion; when I picked up my college ID as a freshman, I wound up with the ID for “Tim A. Wilson” — he was a grad student, so I saw “Tim” and “G” (for grad student — my middle initial is G) and “Wilson.” I took it. You get the idea.
I avoid using my work contact information in any personal situation — I’m not a goodie-goodie on that front; there’s just no real point

And, doggonit , a few more important details:

I changed jobs in April of this year
I moved from Austin, TX, to Dublin, OH, in August of this year
While we have an REI membership, we have not done any shopping there — online or offline, at any location — since before the move

So, there I am at REI in Austin. I’ve pretty much wandered the whole store twice looking for three different things in the $5-7 range for each of my 8-year-old, 6-year-old, and 2-year-old. The 2-year-old was the humdinger, but I eventually settled on a silk sunglasses case with little peppers on the outside (she likes to accessorize, so it seemed like a good mini-handbag — it was a stretch, but I’d been in the store for a good 45 minutes and could feel the hives just waiting to burst out).

It was a slow night at REI. I headed to the cash register to check out, thinking, “Crap! She’s going to ask me if I have a membership and I know I do but I don’t really care and it’s only $20 or so why on earth did I think this was a good place to shop for stuff for the kids crap crap CRAP!”

Sure enough: “Do you have an REI co-op membership, sir?”

“We do, but I don’t have my card, and it’s going to be a bear to try to look it up.”

“Well, let’s at least give it a try!” (rather perkily, I might add)

<sigh>

First attempt: our old (Austin) home phone number. No dice.

Second attempt: wife’s name…in Austin. No dice.

Third attempt: my name…in Texas. No dice.

Fourth attempt: wife’s cell phone number. No dice.

Fifth attempt: my name…in Ohio. Not Cincinnati. Not Lima. Dublin? There’s a Dublin, OH one? At <my new address>??? Bingo!

But then I was curious: “Okay…so what’s the phone number on that?”

The answer: my old work phone number.

To recap: REI had our membership under my name (read background above — the chances that we actually signed up under my name are slim; it’s remotely plausible that Julie signed up under my name for some reason, so I’ll give them that) with my old work phone number (in Austin) and my new home address (in Dublin, Ohio). And, I called my wife to confirm — we had not conducted any transactions with REI since the move that would have prompted them to update our information.

So, how did they do it?

Well, I think they tapped into one of several databases that are maintained by companies whose sole value proposition is that they keep lots of information on people, and they keep that information current. Not just their addresses and phone numbers, but also demographic information. REI, despite my rather generic name, used one of those services, and the service (or REI) performed matching logic and decided that it was sufficiently confident that I was the Tim Wilson formerly of Austin who now resided in Dublin that it could update my address. But, it was not sufficiently confident to update my phone number — or it didn’t have a phone number to do an update. How on earth my old work number ever got into the system is a mystery.

All that is to say that this sort of thing is complicated. Over the course of 2007, I have had six different phone numbers that I might have provided in the course of various transactions:

My old home phone number
My new home phone number
My cell phone number
My wife’s cell phone number (see the roles above — there are times when I may initiate something, but she’s agreed to take follow-up action)
My old work number
My new work number

To further complicate things, of these six phone numbers, only one has an Ohio area code. My new work phone number is an Austin area code, and we haven’t changed our cell phones (there’s no need).

It really does make my head hurt to think about it. The Google toolbar’s “Autofill” option is a neat idea, but it only fills in the information I want it to maybe 1 in 3 times.

Interesting stuff. I’ll keep my fingers crossed.

analytics

analytics

DEMYSTIFIED

Tag: OpenID

How Many Times Do I Have to Tell You My Name?…Redux