The recent scuffle between Plaxo and Facebook via Robert Scoble's Facebook account being suspended and then reinstated has generated a fair bit of discussion concerning who owns what data — do you have the right to pull information about your Facebook contacts out of Facebook?
My initial reaction was yes and Facebook's actions are an attempt to limit your access to your own data. However there's a persuasive argument that goes in the opposite direction. By this logic I consent to giving Facebook personal information about myself (name, e-mail, birthday etc) with the knowledge that that information will go no further.
As Dare Obasanjo points out, “unlike address books in Web email applications Robert Scoble did not enter any of this contact information about his friends.” By that line of logic it's easy to see why people are upset with Plaxo's screen scraping tools.
In the end one of the lessons seems to be that if you consider information like your e-mail address or birthday to be private than you shouldn't enter it into Facebook in the first place. But above and beyond that is the question of why Plaxo is so interested in your e-mail in the first place?
Part of the reason is that for Plaxo and others your e-mail address serves as a unique identifier — you may have several user names across several social networks but odds are your e-mail address is constant. So when Plaxo pulls in your contacts' e-mail addresses from Facebook the best way to discover those people in Plaxo's own database is to search by e-mail.
But obviously being a unique identifier is not the sole purpose of an e-mail address. In other words, yes your e-mail address is unique and identifies you, but it's also a way to contact you, which may not be what you want.
Surely there's a better way?
Chris Messina argues in a recent blog post “it's high time we moved to URL-based identifiers.” Perhaps the best quote on why URL-based identity is better than e-mail comes from Kevin Marks:
Of course that's one of the ideas behind OpenID — create a single source for storing any identity information and control who sees what on per application (Facebook, Plaxo, et al.) or per individual (your Facebook friends, your MySpace friends, etc) basis.
As Messina writes:
So why are sites like Facebook and Plaxo using e-mail addresses? Well in part because e-mail address are much more common than URLs. Your mother probably has an e-mail account somewhere, but she's somewhat less likely to have an OpenID URL. But of course that's just a question of critical mass, something that OpenID is approaching rather quickly.
And there's another player that could easily step in to give millions of users an OpenID URL in one fell swoop — Google. Google has already started taking steps toward integrating your Google Profile into all its services and when it reaches Gmail, all Google needs to do is turn it into an OpenID provider and that would give every Gmail user a unique URL identity separate from their actual e-mail address. And you can bet that if Google does it, Yahoo, Microsoft and other e-mail providers won't be far behind.
Of course in the end Google, Yahoo and the rest may not be the best place to have an OpenID URL, but they would, at least in the short term, provide the sort of critical mass behind OpenID that moves it from beautiful theory to must-have feature.
And until that happens in squabbles like yesterday's tussle between Plaxo and Facebook, you and I will always find ourselves in the same place as Scoble — caught in the middle.
See Also:
