Resolving the two HTML 5 specifications

For those who find the two versions (WHATWG and W3C) of the HTML 5 specification a source of more heat than light.

On 25th or 26th June 2010, depending on your time zone, Ian Hickson, who edits both versions said in an eMail

The WHATWG doesn’t actually work on HTML5, it works on an unversioned specification for HTML that is to be continually maintained. “HTML.next”, if you will (though the spec’s title is still “HTML5” by request from advocates…

In other words the WHATWG (Web Hypertext Application Technology Working Group) is also defining whatever comes next.

Having been distracted myself by the sometimes aggressive discussion this is an important point, that can help interested parties to better untangle what is being said.

Facebook Security

Facebook has grown from the thirst to meet up with old acquaintances, but it’s recently been strongly criticised.  I started using it with my eyes open.  I knew that security was flaky.  When the last set of security changes came through, I saw a surprising number of technically savvy users destroying their Facebook accounts.  Made me think again.

My first reaction was to also commit Web 2 Suicide (i.e. destroy my Facebook account).  Mainly because I couldn’t form a good enough opinion of what on earth was going on.  The permissions and security interface is hard to navigate, appears to be deliberately confusing and I simply didn’t understand it.

I persevered and eventually got a basic map of it.  Armed with that I realised that it would be possible to live with Facebook, provided I kept alert and put in extra work.

To assist others going down that same road, I’ve included that map and some brief notes.  This isn’t literature or journalism, it’s technical notes.

Update:  2010-06-01.  People can get hold of your information via the legal system.  I’ve called it Subpoena Leaks.  A judge needs to be convinced that a fishing expedition is a good idea.

Disclaimer

I think Facebook is a good and necessary experiment.   We don’t know what works and what doesn’t in this evolving Internet world.  Zuckerberg has retained control over it, in part by not offering you any paid services.  This enables him to do things which we (as users) can’t even imagine, the sort of things that can bring real improvement into the world.  He’s using that and in the process helping a lot of people better understand what does and doesn’t work.  I applaud the guts it takes to do that. However his attitude to Facebook users makes me concerned (profanity beware).

(Today, I hear that Facebook has acknowledged that their interface is bad and has undertaken to fix it.   Spurred on by an Attorney General or two.   There’s a chance that the interface will improve.)

Diagram

There’s a lot of ways information can get out of Facebook.  Some of them are sketched below.

FacebookDataUsers3

 

Here’s some notes on the diagram  (this is not  a description of the user interface)

The diagram shows your data in the centre.  Name, picture, profile, friend list…  It is accessed by a program layer (in grey) that feeds that information to several places.  Friends, advertisers…

Acquaintances.  Acquaintances are what Facebook calls friends.  This is the most obvious of the privacy areas, but there’s a few more as you can see from the number of coloured sectors above.  There’s a wealth of tools to manage these.  Some are hard to find but they’re there.  You can limit visibility down to individuals or the groups you yourself define.  (You can also exclude individuals or groups.)  It’s quite precise if you want.  The Individual and Group settings (at this writing) are hidden away under customize, where you also find the setting to keep that particular information to yourself.

If you want an idea of what anybody can capture from some Facebook data with a little effort, look at Pete Warden’s post on the subject.

Acquaintances of Acquaintances (AoA).  A lot of things can get published to this group, if you choose.  It’s a good idea to get an appreciation of how many they are and what you know about them.  If each of your acquaintances has between 10 and 300 acquaintances, who you haven’t friended, that could be a lot.  It could pan out between 100 and 90 000 people, that are not in your own friend list.

Everyone (on the web) Controlled like the above.  The amount of information published to everybody is increasing, without any option to limit some of it.  The recent changes to profile information (interests, books, films, music, employers and educational places) now makes that information visible to all.  (In addition to forcing you to link publicly, the automatic translation doesn’t work well and introduces it’s own cans of worms.)

Search Engines You can control what Google, Bing and the rest see.  There are web sites that automatically harvest information from Facebook and publish it online, you need to be aware what that means.  (Today I saw at a page that publishes phone numbers from lost phone number discussions, in real time.  I imagine some of those are meant to be hidden.)

Applications (Apps) are an interesting one.  I don’t know how many people use them, I personally tend to keep them disabled until needed.  Traditionally Apps have been able to download just about everything that you have stored on Facebook.  Formerly they were only allowed to hold onto the data for 24 hours before dumping it.  It’s reported that many Apps just stored the data indefinitely.  (From a practical point of view that makes a lot of sense.)  The new rule from Facebook is that App operators can hold onto data (no longer limited to a day!).  That’s a lot of data that they get.  Some of which might even be hidden from your Friends.

There is a new programming interface (May 2010) and new features that enable Apps to easily get the parts of the data that they really need.  From June 2010 I imagine that the promiscuous availability of your data will progressively diminish.  The safest way to limit applications is to deny them access altogether, if you want some access there’s finer grained controls.

There’s a Facebook Application called Privacy Mirror which lets you see how much information programmers and their applications can see.  If you use it I suggest disabling it after each time you use it.  (Try it and you’ll see why I say that!)

Application of Acquaintances (AA) is data that gets out via your Friends using an application.  Not something I expected to see but it’s there! Other applications can get your name, picture and public biography just because you’re on a friend list, but this goes further.  This could be thousands or tens of thousands of people (you’ve never met) sharing information about you with application companies, just because they’re Friends of Friends.  You can control this in that user interface.

Instant Giveaway / Instant Personalisation and  AIG / Acquaintances Instant Personalisation was recently introduced.  It’s a way for selected partners to get your information on Facebook immediately you land on their site.  At launch there are three such partners.  One of them only operates in the United States.  I find this idea creepy and want out of it, until I’ve seen how it pans out.  It’s easy to turn off your own giveaway, but acquaintances giving away your details, through this route, is harder.  You need to turn off each individual service that uses this by banning it.  That’s harsh to these services, but it’s the only option offered.

Advertisements (Ads), if I guess right, don’t get information through the same API that others use to get your data.  They are picked by a Facebook advertising engine that has direct access to everything.  So if you hide your age, they can still target adverts at your age group.  This is part of how Facebook makes money and keeps going, so it’s understandable.  There are opportunities to dig out hidden information, if the advertiser wants, so it’s potentially open to abuse.   (Facebook has been giving your ID to advertisers for some time.  From this they can get your name, picture and other details, in milliseconds.)  Currently you have no other control than to have nothing there in the first place.

Subpoena Leaks, another way all your information can be released is by court action.  Over two years of data including that from Facebook was released through the legal system in a Colorado court case where injured people were suing Wal-Mart.  I haven’t examined the details  but this is also something to bear in mind.  Not only can some government employees get to peruse what you’ve done on Facebook but others can too.

Crackers (often called hackers in the popular press) have in the past been able to grab a lot of information.  An exploration of the Facebook interface will show an alert user places where the system is weak and the bad guys might be able to get in.  I wouldn’t be surprised if everything you have on Facebook is being siphoned off by unsavoury characters.

Programming.  You can see what programs can access through applications like Facebook Mirror, or go in yourself and see what is revealed by the programmer interfaces.

To wrap up, there’s several ways that your data (like your profile) is shown to others.  There are ways to control this but it takes some work.  It also changes every few months so you need to repeat from time to time.  If you object to how it works you can always delete part of what you’ve already published.  Facebook, it seems, isn’t going to help you understand this.  You need to find out for yourself.  If Facebook’s value to you exceeds this effort there’s no need to delete your account.

This is the result of some online research and my best guess as to what’s going on.  I didn’t want  to research it myself, but found no option!  I haven’t validated it all thoroughly.  Caveat Emptor.  If you’re using it for  things that matter to you check your facts first, they change often.  Mike Gale.

Working at DARPA and online questionnaires

I was reading a New Scientist book review about working at DARPA.

It struck me that it would be interesting to see two things:

  1. What other New Scientist readers thought about the jobs at DARPA
  2. How easy it is to create an online survey

So I ran an online search for survey tools.  I took the third one (mainly because I couldn’t see how it ran without giving it a try) and created a survey.  I put a j.mp link (which is the same system as bit.ly) to it on the New Scientist site and went away for a day.

That took a few minutes.  The survey questions were created on the fly.  If you did this regularly it would be quicker, and automation might be possible.  (Respondents can pick as many answers as they want.)

When I came back to look at the results, the next day, 22 had participated in the survey.  Here’s the results:

WorkAtDARPASurveyDay1B

The next day (2009-11-14) I captured the results again.  This time there are 27 responses.  Here’s what they look like (as computed by the service).  The percentage numbers are worked out in an odd way.  I make the “I have an ongoing…” question ticked by 48% of participants so multiply the percentage column by about 2.4 to get % of respondents.

The results look much the same though we now might have one response from somebody working at DARPA or a similar place.

ProcessedReducedImageOfSurvey27In20091113

Commentary:

  • This isn’t a scientific survey as much as exploring an idea to liven up the web.
  • The sample size is small, 27 respondents.  The readership who responded seem overwhelmingly to like the idea of what DARPA does.  A lot of them think they would make a good contribution.  One of the other responses is basically saying he would like to do the unclassified work and would not be prepared to do any classified jobs.  A fair number indicate a willingness to do this for free, I’m not sure how that would stack up if they were actually offered the opportunity, but it does seem to show a high level of enthusiasm.
  • I would prefer a different analysis to that automatically calculated.
  • The free membership at freeonlinesurveys doesn’t offer a database/spreadsheet data download.  This is a pity but the capture of the screen image isn’t too bad.  For a fee you can get a data download!  The free version gives 50 respondents and it works for 10 days.  That is too restrictive for many purposes.   (I had a look at the HTML generated for the graphs.  I was not impressed with the way it had been done.)
  • I found a few reviews of these poll / survey systems after I did this.  They offer a range of features.  Some of these are: freeonline surveys, PollDaddy, Question Pro, Survey Monkey, Zoomerang, SurveyGizmo, SurveyPro…  If you were serious  it would be worthwhile to look at their features more thoroughly.
  • I find much online content falls far short of what can be done online.  It’s derived from ideas of newspaper and magazine publishing, without recognising the capabilities of the web.  The web can do so much more than printing.  Interactive pages, polls, some real computation power can be unleashed through a web interface.  I’d love to see more of this smarter web in future.
  • Conclusions:  *In a few minutes a survey can be set up to gather worthwhile information.  *This sort of thing is more attractive to me than plain text.  *It takes longer to write this up than it does to create the survey.