Last week, I had the great fortune of attending the Hypothes.is Reputation Workshop. Hypothes.is aims to build nothing less than a peer review layer for the whole Internet. It’s a mind-boggling idea when you let it sink in. The technical challenges are formidable, and the cultural ones are even bigger. Nevertheless, the excitement around the project is intense and contagious.
It’s a project that has drawn in the likes of Wikimedia, the Internet Archive and the Electronic Frontier Foundation. The stewards of the free Web want this problem solved. To get the ball rolling on figuring this out, Hypothes.is invited a colorful panel of experts – and… me. – to a three-day think tank on San Francisco Bay to identify the challenges, parse them out, and prototype solutions. And guess what? We pulled it off.
Why We Need Hypothes.is
There are two fundamental, related cultural problems with the Web that Hypothes.is wants to address: identity and reputation. Reputation is the main problem, but you can’t approach it without fixing identity. A reputation doesn’t refer to anything without a consistent identity behind it.
The goal is to build a system of reputation for, ideally, all the content on the Web. No filter exists today for us to assess what information is good and what information is bad.
Right now, the Web is vulnerable to gaming. Google’s search ranking algorithm is a fine piece of early reputation technology, and it’s constantly improving, but it’s exploitable by playing with back-links and keywords.
And now that the social filters of Facebook, Twitter and Google+ have begun to dominate the time of Web users, the Web runs the risk of becoming an out-and-out popularity contest. If we could filter the Web by reputation, we could turn it into a meritocracy.
Identity & Reputation
Today, identity and reputation are fragmented by different, often competing online services. We have Facebook identities, Google identities and email identities. We have OpenIDs, but we might have a bunch of those. Some of these identities may be linked, but the links are weak.
In each of these networks, we also have reputations, however basic they may be. Our contributions are liked and +1d by friends and ranked by an algorithm. These services might provide APIs to be interoperable with other sites and applications, but that just extends the domain of the dominant platform, Facebook or Google. It’s not a multi-faceted identity. It’s the same monolithic identity extended everywhere.
Plus, identity providers like Facebook and Google have interests that run counter to ours. Real people are multi-faceted. We want to be able to express different aspects of ourselves in different contexts. But Facebook, Google et al have built businesses upon consistent, unchanging, public identities for all of us, despite nasty, sometimes dangerous consequences.
People with enough privileges don’t have to worry about their public identities and reputations, but marginalized or vulnerable people around the world face real danger for speaking out online. They still need the ability to participate fully. That’s why a truly Web-wide reputation system cannot be subject to any company’s “real names policy.”
We learned in the workshop that the best kind of online identity is one that is pseudonymous but expensive. It’s easy to get one pseudonym, but it’s very difficult to change or create new ones. A pseudonym could also be privately verified with a government-issued ID or some other standard, so the user remains pseudonymous to the world, but the reputation system knows who it is.
Hypothes.is needs relatable identities to build a reputation system. It will have its own reputation algorithms, mechanisms and moderation strategies. It will implement its trusted users’ contributions as a layer of reputation that can apply to all the content on the Web. Hypothes.is users will be like Wikipedia editors, but for everything.
What Might Hypothes.is Look Like?
Hypothes.is wants to build a layer of annotations attached to a system of reputation. In order to do that, it also needs to create a community around the right set of tools.
In the workshop, we imagined a few different interfaces. One crucial interface decision will be the way annotations are displayed on top of the content as a user browses the Web. It could be “heat maps,” where areas of the document with lots of annotation are color-coded to indicate activity, quality or both. It could be a sidebar full of various annotations, even multimedia ones.
Once it’s in place, a user signed in to Hypothes.is will be able to judge a document’s reputation on sight or even filter a long list of documents. Participating sites will be able to stand behind their visible reputations. The Web will be less sketchy and seedy in places where clarity and transparency are needed.
And it won’t be imposed by some central authority, but rather by the work of dedicated annotators from all around the Web. Call them journalists, call them editors, call them curators, call them whatever you want. The advantages of this system over one based on blogging, hype and personality should be obvious. We could have a standard for assessing the quality of Web content, and that will help us assign real value to it.
If you’re curious about the particular, potential designs we discussed, you should visit Dario Taraborelli’s amazing notes on Wikipedia. He goes into depth about the possible solutions we considered. There’s no product news to report yet. I’m just here to update you on the state of the conversation. It’s thriving, it’s exciting, and it’s necessary.
Photos courtesy of Hypothes.is
Disclosure: My really good friend Randall Leeds is building Hypothes.is as the technical co-fonder. This happened after RWW started covering founder Dan Whaley’s efforts to create an annotation system for the whole Web. It’s a complete coincidence. Still, I admit that this may have an impact on my reporting. But hey, at least my fund isn’t investing in it.
Yesterday we wrote about the positive and negative consequences of living a hyperconnected life. One becomes more accustomed to multitasking, shuffling through personal and work-related tasks, and a heightened ability to pick out nuggets of information that are actually useful. On the downside, one can become obsessed with the Internet, and find themselves feeling sad and lost when they do leave the glowing screen(s). As we become more accustomed to being kings and queens of our own Internet worlds, our brains do quietly adapt to new stresses and modes of cognition.
But what of identity? How do we define who we are online vs. who we are offline? In our hyperconnected world, identities are fractured. Facebook wants to be your online identity’s one true login. Studies have shown that we perhaps divulge more online than we otherwise would offline. Social networks are strange indeed.
Will we be happier, healthier people if we follow Zuck’s advice and become one with the Internet (and give all our data to Facebook)? Or should we stick to a more 4chan-esque approach, which suggests that we’re way more complex than that?
In our real lives, we constantly struggle between who we think we are, what others think we are and what people think we think we are. The real self is saddled somewhere in the overlap between these three circles. These ideas of the self apply in both an online and offline context. This abstraction, explains ScepticGeek, may come at least partially from Carl Rogers.
Online, we battle with the same conflicts, plus a few other quirks. We are a Facebook identity (or two), a Twitter account, a LinkedIn oh-so-professional account and maybe even Google+ (plus search your world, no less). Each online identity is in and of itself an identity. Maintaining them is hard, often times treacherous work. We must slog through the Internet-addled identity quagmire.
“It’s not ‘who you share with,’ it’s ‘who you share as,’” Poole says. ReadWriteWeb’s Jon Mitchell continues that thought: “In other words, we’re only presenting one, Facebook-facing aspect of ourselves when we share online via Facebook,” he writes in his story, A Proposal to Fix Online Identity. “The advertisers who make Facebook possible don’t have a full picture; they have a Facebook caricature.”
Keeping that in mind, your online persona will always be just that – a persona, a caricature of the real you. But how much should that differ from the real life you?
It all comes down to trust: Are you who you say you are? Can others trust you?
In ScepticGeek’s post, he suggests that you’ll experience quite a bit of stress if you are different online from how you are in real life. It’s not easy being two different people. But one writer argues that online it is indeed easier to make oneself vulnerable, which is part of the appeal of social networks.
“When people have the opportunity to separate their actions from their real world and identity, they feel less vulnerable about opening up. Whatever they say or do can’t be directly linked to the rest of their lives,” writes Rider University’s John Suler. He coined the term “disinhibition effect,” which suggests that people on social networking sites feel free to share very personal things that they might not share in real life. But online actions do have real, offline emotional consequences.
So consider how much of your online persona does match the offline you – not in terms of ads you look at and click or products you buy, but how you behave.
He is as great a contributor to the concept of cloud computing as any individual alive today. Today, Chris Kemp, the co-architect of the pioneering NASA Nebula project – the first to encapsulate a cloud server into a shipping crate – told a meeting of the Cloud Security Alliance Monday morning at the RSA Conference in San Francisco that OpenStack is, and will continue to be, designed to support other security architectures, but not to serve as one itself.
“OpenStack was really designed around common, open source technologies,” Kemp told an overflow session, “so that if you have familiarity with securing these underlying technologies, you’re going to have a fairly easy time writing security plans and implementing security and controls and monitoring around these technologies.”
Now the CEO of the commercial Nebula firm that bears the name of the NASA project he helped lead, Kemp mentioned the newest of the various components that are all integrated into the OpenStack project. OpenStack is, after all, a stack – a conglomeration of tools, resources, and techniques that collectively, and openly, enable businesses to pool compute and storage resources into private cloud architectures. One component is the Keystone identity service – which for OpenStack has been an on-again, off-again business. Just last week, Kemp said, it was on again, with a complete rewrite that includes new back-end products.
“If you’re in the identity management business, and you’ve got products in that area,” said Kemp, “we’re trying to make OpenStack much more out-of-the-box compatible with these products.” But to do this, he went on, OpenStack has adopted a plug-in architecture, so as to specifically avoid placing itself in the role of identity provider – as an authoritative source of credentials. “The intent is for OpenStack to exist in an environment where you already have some sort of identity management provider. We’re not trying to authenticate anything outside of the rest of the APIs, and we’re definitely trying to provide a common security framework for role-based access control in all the different components of OpenStack.”
Openness means friendliness – at least, that’s what implementers expect, as Kemp pointed out. Friendliness, in a technical sense, means integration. So any existing component with the facilities to integrate with Active Directory or LDAP, such as monitoring API accesses, successful and failed attempts to authenticate, logging, and correlation, should be capable of being integrated with OpenStack. He advised attendees to plan their implementation of OpenStack around how best to use their existing security information management (SIM) tools, not to change their processes to make way for it. A best-practices implementation of OpenStack, he said, would introduce no new management domains.
Knowing that, Kemp warned that OpenStack certainly does not add security where little or none exists. “Out of the box, it’s a framework and a reference implementation. It is not secure out of the box.
“Just like installing BIND on a Linux box doesn’t give you a secure DNS infrastructure, installing OpenStack out-of-the-box does not give you a scalable, secure OpenStack-based private cloud,” he emphasized. “It’s not intending to, either.” That should not dissuade careful implementers from implementing OpenStack, he added, because it does contain the building blocks for a private cloud which – when combined with best practices – can improve security and reliability.
The Cloud Security Alliance holds its annual Summit event as part of the RSA Conference, complete with its own panel session, keynote speaker, and innovator awards.
Starting today, Facebook will quietly “poke” users who have many subscribers, and ask them to verify their identity with a government-issued photo ID. After doing so, such famous Facebookers can drop in an “alternate name” which will be displayed in parenthesis next to their real name.
Verifying accounts can be helpful for artists and others who perform under one name, and want to share their alter-ego name – think Nicki Minaj’s alter-ego, Roman Zolanski. Nicki’s real name is actually Onika Tanya Maraj – is that something she would want to share with fans? And for journalists like ThinkProgress’ Matt Yglesias, who use their real name as byline (Yglesias has 3738 Facebook friends and 10,203 subscribers), there is apparently no point to verifying a Facebook account. Or is there?
Users who verify their accounts will receive higher priority in Facebook’s “People to Subscribe to” suggestions box. This serves as another way to keep important figures on Facebook, at a time when interest graph-driven social network Pinterest is ramping up.
Of course, this doesn’t really divert from Facebook’s real name policy, which it outlines here. Users still have to register with their real names. For the not-so-Facebook famous people, note that Facebook does currently recognize “alternate” names, such as nicknames or maiden names. But of course, that is completely different from perceived or real pseudonyms or alter-ego identities.
Did someone at Facebook finally started listening to what 4chan’s Chris Poole said at last year’s Web 2.0 – that we are not mirrors, we are prisms, and Facebook is doing identity wrong. That or Facebook just realized that while many people have alter-egos/identities, if Facebook changes the rules for perceived Facebook famous people, perhaps one day regular users will get the same benefit. But that surely won’t happen for awhile, anyway.
Image courtesy of Shutterstock.