Is Privacy Dead Online? – review/thoughts on an SXSW panel

Follow all my thoughts on SXSW at http://www.trogger.com/users/2

Here at SXSW, my first panel was a talk on privacy on the web, and how it is developing.

An interesting study out of NYU shows, unsurprisingly I think, that teenagers do NOT consider their home to be a private place.  Kids see home as a place controlled by their parents, who have all the power and rules. Many kids don’t really have a space of their own in the real world; even their rooms can be invaded. But lately, they have been making that space online. They know their parents cant or wont get there, wont find what they write and do, who they hang out with, etc.  How valuable is this idea of privacy online, especially when you broadcast so much personal information; who controls that information, and how much is privacy infringed by what major companies do with it?

Nowadays, a consumer’s personal information is a form of currency. Companies covet it, sell it when they have it in excess, and hoard it when they don’t.  Companies who collect personal information – facebook, myspace, google – all seem to have the most confusing and complicated of privacy policies: they don’t want you to know what they could do with your information, else you stop adding it.  They also can change the ToS at will, whenever they care to, with no warnings to you. (What are teenagers THINKING when they feel they have more power online?)

So this raises an issue: default opt-in or opt-out.  Most consumer advocates are now pushing for EVERY aspect of sharing to be opt-in: your profile is not automatically searchable on facebook, you would have to opt-in to that. Google can’t give ANY information on you away,until you say it is okay. And just checking the “ToS” box at the bottom of 20 pages of hidden meaning and convoluted text would not instantly make it all okay.

But if this becomes the norm, how much profit do these companies lose?  And do these websites lose the very things that bring us to them?  Does the ease of social networks helping you share with friends and colleagues, or the convenience of google knowing what is relevant to you outweigh the danger of that information getting to advertisers or being used maliciously? And if it cant get to advertisers, how do the companies stay alive? What is the limit?

A lot of people at SXSW are early adopters: and so they know how to hide their behavior online, where to find privacy settings, and just how much control they are giving up and information they are sharing when they use gmail, make a search query, or friend someone. But does the average American truly understand? And whose job is it to educate them? Their own? The company’s?  Should “Joe the Plumber” be required to parse through every ToS before he registers for a site and helps them make their profit?

I suppose I am of the opinion that ToS and PPs can certainly have a bunch of legal jargon, but need to be broken into clear bullets RIGHT at the top, laying out everything relevant to the user. I think information sharing that benefits the user – for recommendation or ease of use – can be opt-out, to help give the user a god experience.  I think if collections of general information is TRULY being shared anonymously, that can also be opt-out.  I think any action that gives uniquely your personal information, with or without your name, must be opt-in.

But all of this is relatively obvious, I guess.  The challenge is how to implement it while keeping VCs happy and business moving.

I did write up the ToS and PP with these bullets in mind – trying to summarize them at the top of the page to make our policies at Trogger clear.  Thoughts on how to improve them?

FBConnect – 5 reasons why we dumped it.

A while back, my partner wrote a post on why we chose to launch with FBConnect as our exclusive login system.

Well, our  other partner has been working to integrate FBConnect for awhile now, and he’s changed our minds; we’ve trashed the idea.  Thought I’d let you guys know why.

5 Reasons why NOT to use FBConnect exclusively?

1. The unreliability of Facebook, especially lately.  If we are relying on their systems to keep track of our users, and we require people to be logged in to participate, then we break the minute Facebook breaks.  And they’ve been particularly snailish/breakish lately.
2. The ability people have to close their profiles to FBConnect, meaning we could not store personal user information for them.
3. The limited audience.  Sure, 150 million is a lot, but not necessarily our market.  We’ve begun researching what niche we think we could fill and, suffice to say, we think there are a lot of folks outside of the Facebook community who we may have a better chance of attracting.
4. As far as we can tell, actions are NOT posted on your friends’ newsfeeds, but instead only on your profile’s newsfeed.  And really, how often are you reading your friends’ profiles’ newsfeeds??
5. Every time a user wants to add something to their profile, a box pops up asking them what format it should be in and to confirm it.  I used this a few times on a site that had implemented FBConnect, and hated it.  What a hassle.  I now decline the offer to post anything with FBConnect.
6. PSYCH!  A sixth I thought of: we want our users’ email addresses.  No, we don’t want to spam them, but we do want the ability to send monthly reminder emails/newsletters…

4 things that keep us hooked…

1. We want people to be able to easily invite their Facebook friends to participate in a discussion.  We can use FBConnect to send friends these invites.
2. People should be able to immediately find their interests.  If they login without FBConnect, we’ll have to prompt them to enter in interests.  With FBConnect, we can just scrape that data from their profile and have suggested topics ready.
3. People can immediately see which of their friends are on Trogger and who we suggest they follow.
4. If people DO want to post a story to their walls, we don’t want to stop them.

Have you guys made similar decisions?  Different ones?  We are still considering it, and could be swayed…

Pros and Cons of Building a Site Around FBConnect

FBConnect is one of Facebook’s newest initiatives; it lets you login to third-party sites using your Facebook login and password. Further, if you’re logging into a site for the first time, it’ll auto-fill the page with your existing information (such as name, interests, and location).

Up until now, most of the sites that use FBConnect, such as Digg, give you the option to login with either a local account or your Facebook account. We’re going to go a step farther, implementing FBConnect as our exclusive login system.

While FBConnect is powerful, it isn’t perfect. Here are the Pros and Cons that factored into our decision to use it:

Pros
Faster development time. Our goal is to launch Trogger as quickly as possible. By choosing to use FBConnect, we cut out the time it takes to build our own registration form.

More context and specificity for users. Since everyone logs in using FBConnect, we can fully incorporate all the rich, structured data that Facebook has to offer. This means you can find out more about what your friends are doing, incorporate Trogger activity in your newsfeeds, and even be shown relevant conversations based on your list of interests.

Viral growth on steroids. One of my favorite parts of FBConnect is that it lets users publish their activity to their Facebook newsfeed. For example, if you start a conversation on Trogger, you can post it to your feed in a single click. Instantly, all your friends will see a prominent feed item when they visit your profile: “John Smith has just started a conversation on Trogger,” complete with link and description.

Simplified login and sign-up. Long sign-up forms are a great way to discourage visitors from signing up and becoming full-fledged members. FBConnect helps solve this problem by allowing you to login with your current Facebook account. If it’s your first time signing up, your Facebook information gets transferred over, so that there’s no need to fill out page after page of fields describing yourself.

Cons
You’re locked into a single system. By relying on Facebook as our sole point of entry, we face several potential pitfalls. Facebook’s servers might go down for minutes, if not hours, effectively preventing anyone from logging in. Some people may object to entering their Facebook information on a third-party site. Not to mention, Facebook might decide, for whatever reason, to prevent us from using FBConnect, to start charging exorbitant access fees, or to shut down the service altogether.

Limited user base. Lots of people use Facebook, but not everyone. Their user base is roughly 100 million people, which, while large, could certainly be higher. If someone comes to Trogger and doesn’t have a Facebook account, I imagine that most of them will leave deterred.

No email addresses. When a user signs into your site with FBConnect, Facebook provides you with some information about them, but leaves out one crucial data point: their email address. The only way to get someone’s address is to ask for it separately, adding an extra step to the sign-up process. While this isn’t the end of the world, it does add an extra step to what is supposed to be a streamlined login process.

Limited photo caching. Facebook lets you cache a user’s photo for a maximum of 24 hours. As a result, when you’re visiting a page with a lot of photos obtained via FBConnect, a distinctive “pop” appears as they suddenly all show up,  2 to 10 seconds after the rest of the page loads. This is distracting, obnoxious, and utterly preventable. A friend of mine within the company tells me that they’re working on a way around this, and I’m hoping it comes soon.

Overall
We decided that the Pros of FBConnect outweigh their Cons. We’ll be opting for FBConnect’s speed, engagement, and deep integration in exchange for a smaller base of potential users, less control of the login process, and restricted access to user data.

As we grow, we may look at incorporating other authenticated login systems, such as Google Friend Connect. For now, though, we’re sticking to FBConnect so we can build our site faster, and focus on integrating with Facebook’s powerful News Feed distribution.

Troggerpath – what’s up?

So Tuesday is wrapping up; a day spent fidgeting around with AdobePhotoshop, scanning the competition and noting their strengths and weaknesses, and debating with Raph and Christian about whether to start a blog.  We don’t want it evangelizing the greatness of our work with absolutely nothing to show, nor do we want to appear as ignorant, inexperienced, or unprofessional.  However, we thought it would be interesting to chronicle the development of a new company – from design and development, through adviser and investor meetings, and on to user growth and metric results.

I’m pretty firmly in the camp that having an informal company blog is a must.  It gets content up on our site right away.  It lets our interested beta testers know what is going on.  It informs our past event attendees of what we are working on now.  And it, hopefully, comes to provide helpful information to other startups.  I plan to write little right about the books and blogs I am reading, the information I am gaining at our various meetings, the ways we are solving internal disputes, the methods we are using to measure site growth, and anything else that I hope could be relevant to others (and that I might want to refer back to later.)

First things first, I need to stop being distracted by fun Facebook apps, and start learning more.