Where OAuth and everything social fails

Okay, I get it. The interwebs is like the real world, but binary. We all want to play in it and feel safe. How come it hasn't taken off?

Let's take as a hypothetical example site X. If they have made a big enough name, I'll trust them. Why? perhaps because everyone else is. The power of the masses is such that even if we're all wrong, I feel that we can also all rebel at the same time and it will be okay than if I land on some random site that ends up stealing my identity and my cats.

I've just mentioned the fundamental problem: trust. How do you trust a service or a corporation that you cannot see, chase, yell at or run over when it pisses you off? After all, the people in customer service are but human employees, they are not the corporation. Those running the corporation are the closest thing, but up there who knows what's going on. Maybe they are nice and fix problems when they come up, or maybe they laugh at you and close your account.

This is the kind of situation that makes legitimate businesses not flourish: lack of trust.

Back to site X. It looks legit. Okay, that means someone knows how to keep up with web standards, etc. That's a good sign: dedication. It's no guarantee, however.

Let's say site X gets acquired by Y, a rogue company without any particular concern for the individuals involved. The site has OAuth and whateverconnect which allows your identity provider (say, Google or Facebook) to pull the plug on the service if they become rogue. Unfortunately, they can only prevent the rogue company to do evil on your behalf. It cannot prevent them from acquiring information from you: the information cannot be taken back.

This is the fundamental problem between real life (meatware) and virtual life (software): the model doesn't work.

Can you imagine walking into a coffee shop and automatically telling everyone in it your home address and phone number? That's the equivalent of an email address. Giving you a way to contact me back doesn't mean I have to give you a way to contact everyone I know.

Message to identity providers: allow people to see my avatar and nickname and to contact me through your service. That's it. Not my email address, not my contacts, not my fan clubs. It's okay if you aggregate my behavioral data along with everyone else's and profit from that information, as long as you protect my identity. That's your end of the deal in exchange for the information I choose to give you. I do buy stuff, I do need ads, and I understand you need to know about me to show me relevant stuff. Just don't sell my identity. Protect it. Your company depends on the trust that your users have.

Furthermore, knowing who I am doesn't mean you should know everything I do. In a way, that is equivalent to having someone follow you around, even if it's just to figure out what you like best. It's creepy and it's not because I'm doing something I'm ashamed of. It has to do with moods. If I'm in the mood for entertainment, I want to watch entertainment-related ads, not diapers. I don't need a reminder of what I should be doing instead, that's why I'm watching sports in the first place. That's why you shouldn't bundle my identity with my physical container. Each mood is a different account. Don't mix them together.

For the people implementing and designing these standards: pay close attention to how these interactions work in the physical world. After all, these protocols have been around for thousands of years and have evolved to their current state based on what works best: evolution and selection. Being smart is not a substitute for insight and patience, it's just shortsighted.

Before I climb off my soap box, let me add this tangential note: If I'm paying for insurance I don't just expect to get some money for my stolen motorcycle. I expect you to also not make me fill 30 forms that are just a seemingly random combination of the same information: claim number, name, address, lien holder, who did my service the last time... ugh. I get it, the more information the better but your forms are ridiculous. It is the modern equivalent of torture. Neither physical nor terrible, but very, very annoying. Pay attention to your job, there's people on the other side.

(off the soap box)

My duty as an engineer is to realize that what I create, other people consume. I can make their lives better or worse.

My duty as a human is to realize that my attitude is other people's experience of life, and that if something sucks it is because someone made it that way, even if not on purpose.

My footprint is someone else's path.

Users are the beating heart of the internet.

Users flock to a site; and then what?
Why do they?

The internet is a vast universe. The bleeding edge is always too far to see, as well as the long tail of users. The reality is, there are new people coming online all the time; a constant stream of confused newbies. How do we capture them? How do we create an appealing product?

Timing and marketing are a separate, but crucial component. That is dealt by people more competent than I am. Technologically, however, I ask these questions: What needs to happen on Gravity to make people want to come back often? What needs to happen to make people feel like sharing stories of good quality? How do we cut down on the chattiness and crank up the quality of content?

This is the generic problem that everyone with a dream faces.

We need to ask each user, what do you like? what interests you? what do you already do? Users look for information, and filter and create and shuffle information. Most importantly, users need feedback. People asking for your advice, people letting you know when your opinion is valuable.

A nerdy way to see it: a user, like our system, has an input, and an output.
The output can be interpreted (and predicted) if the input is known. In terms of quantity, the input is a relative positive (as it increments the information in the system) and the output, compared to the input, can be less (information was filtered) or more (information was created), dissimilar (shuffled) or a combination of these. All these outputs are embedded with the ideas and feelings of each user, and an increasing quality will see increasing number of users on the site.

From the information consumption perspective, the user should always be shown the best content first, diminishing in relevance as she scrolls down. From the technical perspective, how does this ranking happen?

There needs to be a very transparent system for tracking user intention: assigning positive and negative points between users and items and rank them accordingly. Examples of explicit interaction: liking and orbiting. Weak indicators could be clicks, scrolls and mouse movements. These scores could be propagated to make educated guesses.

Intrinsic value for an object is determined by its outgoing positive connections. In other words, only external interest determines value of the object in question, and only relative to those consuming it. When it comes down to users and what they post, having someone else like your stuff is the only way you will get credibility, regardless of how good something is, according to you.

However, this is not the whole story. A company's success depends on how useful it is to its users. The metric of usefulness for each user will depend on how often users want to come back and invite the ones they trust. Again, it's a matter of propagating good stuff to the people you care about.