Web 2 point “D’oh!”
27 January 2006, 10:29 pmOne of photo sharing/social networking site Flickr’s interesting features is its ability to create RSS feeds for photos from its members. I have several such feeds to help keep me in touch with distant friends. Today they all suffered an interesting glitch: they delivered me ten seemingly random photographs from a bunch of different folks. (I even got a variety pack of ten photos from an account that’s been deactivated.)
On one level, it was kinda fun. Flickr has plenty of professional and serious amateur photographer members, but I suspect most of its members don’t really expect people they don’t know to go browsing through their snapshots. I got a mild voyeurestic thrill from traipsing briefly through these stranger’s lives: the sumo wrestling fan, the guy about to eat the forkful of food, the new year’s revelers.
On the other hand, it crystallizes many of my misgivings about Web 2.0. It wasn’t really a serious breach of Flickr members’ privacy. Flickr’s welcome page even displays several recent uploads by assorted members in a similar fashion by default. Flickr does have an option to label photos as private, and I have no reason to think any of my accidental photo harvest violated that.
But it’s not a minor gaffe, either. Flickr made a mistake with the data its members entrusted to it. They distributed it to me when they shouldn’t have. (And, I’m guessing, to a lot of other folks, too). Flickr is one of Web 2.0’s biggest success stories. It’s acquisition by Yahoo is arguably one of the driving forces of the new bubble. Flickr has some visionary developers and the team has built one of the Web’s most remarkable applications.
For a best-of-breed site like Flickr to make an error this big is scary because of what it implies about the rest of Web 2.0.
At least once a week I hear about some cool new web application. There’s a disturbing trend: many — if not most — of them are web tools for managing data provided by members/subscribers. (This makes great business sense if your business model is to build hype and get bought: you don’t have to pay anyone for content or deliver an actual product.) They typically have privacy statements with as much cool factor and as little substance as Google’s “Dont be evil”: they say they’d never dream of selling your personal information to anyone, ever. Which is fine, as long as you trust that they’ll say the same thing when the venture capitalists demand returns on their investments.
Virtually anyone can buy a cool domain name and put up a slick-looking web page. Almost anyone can get a security certificate and put up a secure web page (although most Web 2.0 sites don’t bother). But the ability to round corners on boxes doesn’t necessarily correlate to expertise safeguarding customers’ data.
Flickr, one of the very best and brightest, just proved there are critical gaps in its ability to protect their customer’s data. Flickr’s data is fundamentally low stakes (given that the service explicitly disallows pictures that could people into trouble). But if one of several other popular sites had make a mistake of the same magnitude, I might have been served up someone’s personal financial planner, operational details of a competitor’s web project, sensitive medical data, or, heaven help us, a handful of credit card numbers.
People frequently ask me if I want to sign up for this new web service or that one. (It’s part of my job to keep up with stuff, so I often do.)
But sometimes my stomach does a little internal flop when I look at the site in question.
Flickr’s goof today helps explain why.
I’m willing to spot Flickr on this one; it doesn’t seem like that big a deal to me, but maybe that’s because I didn’t notice this issue myself. After all, they still haven’t removed the “beta” from their logo. It does seem a bit ludicrous considering they have paying customers (including me) and are owned by Yahoo!. But I still take it at face value, so I expect coolness, not bulletproofness. What did irk me to no end about Flickr early on was how often their servers were down for maintenance, with nothing but a cute message like “oopsie! we’re powdering our noses!” on the site. That has gotten infinitely better since they moved their infrastructure to Yahoo!.
More emblematic of my own misgivings with Web 2.0 are this week’s developments in Google, on one hand standing up to the US government’s snooping on its citizens, and on the other hand complicit in the Chinese government’s censorship of its citizens. Things were a lot simpler when you could depend on any corporation’s ethics being “evil is whatever we can’t get away with”. “Evil is what Sergey says it is” is a lot more unpredictable, and its effects are amplified through a 128B market cap and zillions of hits a day. Ten years ago, if you’d have asked me if I trusted and institution or an individual to act ethically, I’d have said, easy, an individual. It turns out that living in a world where where the decisions of a few individuals carry such a disproportionate weight now freaks me out a lot more.
I don’t buy the Beta argument nohow. Labeling your app “Beta” (thanks in no small part to Google) is practically a marketing gimmick these days. I think most web users think it means “cool and cutting-edge” much more than it means “there’s no telling what our app might do with your data.”
Invitation-only betas are one thing, but when they’re letting anyone sign up — and when they’re taking customers’ money to provide a service — I think application vendors have an obligation to take proper handling of their customers’ data seriously. Flickr is what, in its terrible twos? And the RSS feeds aren’t all that new.
I was much more inclined to cut Flickr slack when they were a gutsy startup attracting users more quickly than they could handle. They lost my sympathy when they sold out to an entity that (in my opinion, natch) has spent far too much time in the grey area between “permission-based marketing” and enabling spam. All of a sudden, the terms I’d agreed to when I signed up for their service were superseded by terms I hadn’t agreed to.
(MySpace becoming part of Murdoch’s empire is an even more egregious example, of course. But then, I thought MySpace was “evil” pretty much from the get-go.)
No argument from me re: Google’s inconsistency. I’ve never been comfortable with “Don’t be evil” as an ethical stance. It’s much better than “be evil.” But — extreme/black/death metal fans notwithstanding — I think most of the world’s great evils are committed by people who think they’re doing the right thing. I think far more people and organzations think that their actions are “reasonable,” “justifiable,” “appropriate,” or even “inevitable” than “evil.” And enormous piles of cash seem to have ethical judgment-impairing effects.
FWIW, I really liked the random feed. I noticed that baby Florine made it into mine as well as my contacts’. I kind of wouldn’t mind subscribing to an RSS feed of 10 random photos every day. But then, I’m a nibby-nose.
It happened to you, too? Thanks for the corroboration!
I thought it was kinda cool, too, although I still think it was a pretty serious goof.