Spock's Risky Take on Trust, Privacy, and Identity Management Online

This post sort of follows on from my musings on Pownce, and the relative (in)utility of the current glut of social networking "services".

Received any Spock trust invitations lately?

Spock, a self-described “people search application that allows you to see what your friends and colleagues are doing on the web”, could potentially tell us something about the future of metasearch engines—those clunky crawlers that tried, and mostly failed, to bridge the gap between structured web directories like Dmoz, and the chaotic openness of Google’s PageRank™ technology. Although its interface design, a web-2.0-ified “Google Classic Home”, is so trendy that I’m afraid it’s already terribly dated.

The Spock team have got one thing right: web search is now the primary vehicle for information discovery, and the sudden realisation of this (by the media, at least) has created all sorts of headaches for identity management and privacy online.

We, i.e. the affluent, educated, Western audience that remains the dominant internet consumer group, have made search engines, and the companies that run them, immensely powerful because we have enabled them effectively to constitute our interface to the world. Consequently, we have endowed search engines -- and their enabler, internet connectivity -- with powerful social meanings. “Searchability” means potential, openness, connectedness, currency, agency—qualities that are socially desirable in early 21st century cultures; or at least, the “globalised” cultures of the developed world.

Spock’s positive appeal to consumers is to tap directly into these powerful social meanings. Its negative appeal to consumers consists of using the language of risk to talk about identity management on the web:

“The first step towards managing your online identity is putting the information you want seen about you online. That allows you to control what is being said about you. The second step is staying up to date on new information about you as it appears.” (Spock blog)

 Both aspects of Spock’s appeal, positive and negative, come at absolutely the right time for the consumer market: in education, careers advisors are trying to convince students of the need to “clean up their profile”, while teachers, counsellors and youth workers grapple with issues around cyberbullying; in the media and political spheres, the risks posed by ID theft loom large.

So, no argument on my side that managing online identity is important, and becoming increasingly more so. But if you already have an online identity, and if you proactively manage your online identity by publishing indexable information that allows others to locate you, then I don’t see value in the “service” Spock provides. Instead, I see considerable risk.

If you read through Spock’s Terms of Service, it becomes immediately apparent that the Spock folks are terribly worried about two things: the currency of the information on Spock, and the potential for individuals to create profiles that do not belong to them.

Like many, if not most, social networking services (e.g. StumbleUpon, Flickr), Spock is largely reliant on its user community to create value. The first cause of anxiety for Spock, of course, is that if Spock user profiles become out-of-date, then Spock is a useless “non-service” and people will just go back to Google. So, Spock talks tough, threatening to terminate your service if you do not maintain your information.

The second worry for Spock is that a user profile might not “authentically” represent an individual. Again, Spock is totally reliant on users to co-operate in this way to create a community of trust, because Spock itself cannot guarantee identity, and if users do not trust the identities they find on Spock then Spock again is exposed as a useless “non-service.” Doing a couple of sample searches on Spock for people that you already know have a well-established web presence reveals an intrinsic problem for Spock: Spock can and often does generate multiple search results for a single individual, just as happens on the “open” web via a traditional search engine.

Spock tries to solve this problem by encouraging users to consolidate these results into a single profile, by “claiming” them. In this way, Spock is asking users to help conserve its overall aim of having one Spock profile represent a single individual.

But why would you choose to help Spock by doing this? One of the things about the web in general is that information has a short life, and that is exactly what enables people to retain some control over their privacy. What if I change my personal or career goals, leave an organization or group of which I was a member, or move to a different city? Life happens, and people reinvent themselves all the time. But that might not necessarily mean that I want to reject or withdraw “obsolete” information about me – at times, it’s best to just let it alone, and let new information take its place.

It’s not especially useful, and it could even be dangerous, for a company to try and create a public expectation that “identity management” equates to an individual actively “controlling” all the personal information that is available about him/her on the web. And I can’t help thinking that it’s naïve at best, stupid at worst to think that an individual can solve the problem of managing his or her online identity (which consists of a complex mish-mash of information, some generated by the individual, some created by others) by creating Yet Another Profile on this type of system. At this stage, Spock’s goal of a single profile per user looks fundamentally incompatible with the way people—and the web in general—works.

Spock is behaving a bit like the banks that try and stop consumers from sharing their PIN numbers, even with immediate family members. Its attempt to make one profile represent “one authentic user” already looks redundant. Try asking kids using Bebo or Xanga not to share passwords, or create new profiles for their friends -- an interesting theme of the recent symposium on Facebook research.

With my academic hat on, I’d say we’ve already got other, better mechanisms to do the things that Spock says it’s offering users. Mechanisms that allow people to selectively share their information with services and with other individuals, and that don’t rely on submitting personal information to a commercial third party provider. I recognise that my bias towards sharing information, and towards open systems and standards, isn't necessarily shared by tech firms or the general public. But if people are prepared to share information with a system like Spock, surely it's worth looking again at OpenID, ClaimID and FOAF for trust and authentication; or Explode as a way to display distributed networks of people. Somebody like Scott Wilson can probably explain this much better than I can; check out FeedForward, his alpha tool for personalized information discovery.