Tag Archives: privacy

ZeroKlout2

Klout, Big Data and the Meaning of “Opt Out”

Is it possible to have a Klout Score of Zero (K = 0)?

Why, you might ask, would anybody want to have such a score in the gamified realm of influence measurement, where higher scores indicate a higher level of perceived online influence?

The answer may lie in the way that Klout profiles you, branding you a Specialist, an Observer, or a Broadcaster. The answer may also lie in how people relate to Big Data, vaguely defined ranking algorithms, and the increased tendency of offline organizations to make some big, and potentially misleading, assumptions about the role of online influence in an offline world.

“Klout calculates billions of data points across over 100 million influencers every day.” ~ Klout.com

Whatever the reason, there are people who simply want out.  But opting out, and driving your score to a meaningless Zero, is apparently a bit more difficult in the Klout dimension than one might imagine.

I PRESENT TO YOU MR. SAM FIORELLA

Mr. Fiorella was recently referenced in a Wired.com article (What your Klout Score really means) that delved into an experience he had a while back with a potential employer, who eliminated Sam (and possibly others) from the list of candidates based on his perceived “sub-par” Klout Score. As listed on the Klout.com website…

It’s not the first time something in the online world has impacted a decision in the offline world, and it definitely won’t be the last (see Jeremiah Owyang’s post “How ‘Social Profiling’ Will Work In The Real World“).

Sam ultimately did improve his Klout Score (into the 70’s) but was never happy with the idea of being ranked (or branded) by an algorithm for online OR offline purposes. So when Klout offered an “opt out” option at the beginning of November, 2011, he promptly did just that. He opted out and initiated the deletion of his Klout profile, per the language on the Klout site:

Klout Opt Out

As far as Sam was concerned, he was satisfied that after opting out nobody would be able to view his Klout Score moving forward and that only trace data would remain in the system (for 180 days, after which it would be removed).

He also understood that Klout would continue track his activities on the public broadcast social site Twitter. 

Note: I wouldn’t be surprised if Klout NEEDS to track Sam privately in order to accurately determine the Klout Scores of others within his Twitter social graph. In essence, influencers who are not tracked become dark matter, or invisible thought leaders. They mess with what we perceive by influencing behavior in unseen ways. 

But there was also a level of expectation that the information gathered on Twitter (and his resulting private Klout Score) would to be kept private and OFF the Klout.com site.

Unfortunately, it didn’t work out that way.

I PRESENT TO YOU MR. SAM FIORELLA’S GHOST

In the name of full disclosure, I know Sam personally and I am a registered Klout user. I was also aware when he, and others, opted out of Klout last year. So when I read the Wired article, and the various other articles and posts that it spawned, the analyst in me was just a bit curious to see if Sam had in fact been removed from the site. So I search Klout.com and found no public profile or information on him.

But I did come across the profile of a friend of mine, and attached to that profile, in their Influencers list, was the smiling face of Sam Fiorella. On the site, exactly where it should not have been.

Apparently, the phrase “you will be removed from Klout.com within 24-48 hours” – as mentioned in the Klout opt out statement – may not mean what you think it means.

Sam opted out from Klout almost 6 months ago. Could this possibly be the “trace data” mentioned in the Klout “opt out” statement?  I don’t believe so, as his current Twitter avatar is on display along with an assumingly current Klout Score of 52 (which sounds plausible since Klout appears to be pulling his data only from Twitter, not the complete list of social sites that Sam previously had linked to his Klout account, and it increased to 53 last night).

But wait, there’s more (thank you Ron Popeil). While I did pass on the option to invite Sam back to Klout (he wouldn’t have accepted anyway), I couldn’t resist the chance to test the software and see if it would allow me to give him a +K in Blogging. It did:

I’m not sure the +K stuck (even though it does now show me a greyed out +K button for Sam and Blogging, it apparently didn’t decrement my +K counter).

But the mere fact that it allowed me to go through the action, give me a success notification and offer the option to Tweet the +K out, was more than just a bit interesting – it was a challenge to figure out what had gone wrong, how it might be corrected and to think strategically a bit about some of the larger (beyond Klout) implications it might have.

FOR YOUR CONSIDERATION

From a social perspective, you cannot deny that influence exists – marketing, advertising and sales people have been trying to identify and target influential consumers for years. Nor can we deny that our online and offline lives are colliding extremely fast, and influence in one medium can, and will, transcend to another.

From an online influence measurement perspective, there is a defined need to look for insights in online behavior (served by Klout and other firms such as PeerIndex, Twitalyzer, TweetLevel, etc.), and the people at Klout have been very honest and open with me, and others, about how and why they are undertaking this task. 

But there is a disconnect when a phrase like “removed” appears to mean “erased a bit” – not quite how I would interpret it.

CAN WE ACHIEVE ZERO?

When Sam opted out of Klout, he assumed that he would still have a Klout Score, but that his information would no longer be shared or visible to others – in essence giving him a public null Klout Score (K = 0) that he sought. While the data would still exist, and be interpreted by Klout, they would not share their interpretations with others.

So why is Sam Fiorella still appearing on Klout? Perhaps there is an issue that weaves around Klout’s interpretation of words, and the managing of expectations from a contractual Terms of Service (TOS) perspective. Or perhaps it has to do with the massive amounts of Big Data that we are crunching on an ongoing basis, with technology evolving at such a rapid pace that glitches and ghosts, while unacceptable, are going to occur. Either way, there is a flaw somewhere in the system, and Mr. Fiorella has become its poster child.

PRIVACY AND PERVASIVE COMMUNICATIONS

Sam’s issue with Klout is bigger than either Sam or Klout. Not to diminish what Sam is going through, neither Sam nor Klout are alone in facing issues regarding personal data, big data, privacy or changing technology. If anything, his dilemma is indicative of a much larger series of questions and issues that we face.

We live in an age of technology-enabled Pervasive Communications. Our ability to communicate with almost anyone, anywhere at any time, over a multitude of communications channels, is allowing us to unleash our DNA-driven need to create, share and consume content and information with others.

As we do this, our public actions are increasingly tracked, tagged, shared and mined by people and companies that we’ve never met. They’re sifting through piles of Big Data looking for patterns, for trends, for clues regarding what influences our decisions, and how our decisions influence – if at all – the decisions of others. This isn’t necessarily a bad thing, but when this activity lacks true transparency of both intent and use, the user is increasingly, and unknowingly, giving away far more than they are receiving in return.

“There is nothing in the dark that isn’t there when the lights are on.”

~ Rod Serling

The data is out there and it’s not going away. It may lose some of its relevance, but it will still be out there and is increasingly being linked with other data to create “new” data. The questions of who really owns our data (both pre and post-processing), how and when it can be shared and reused, and how much light (transparency) should be shined upon it, will likely be argued (and should be) for many years to come.

While many individuals may argue that they want their data out there (in an effort to achieve a richer, more engaging online experience), I do believe that there are different times and places for private and public, and, as individuals, businesses and governments, we need to continually ask ourselves:

  • What should the ground-rules be for how Terms of Service and ownership of data are defined?
  • How will we let these definitions and rules evolve and adapt to technology and human behavior patterns that don’t yet exist or have yet to be defined?
  • How can we provide true transparency (in simple terms) to online users regarding their data and its linkages with other data (there’s a business out there if you can create that infograph, BTW)? And,
  • How we are going play together in an ever shrinking sandbox where transparency has become a buzz-word and personal privacy continues to become increasingly elusive?

I also believe that when an “opt out” option is offered, as it was with Klout, it should be just that – a way for you to take yourself, and your data, OUT of the system. If not for your actions, the data wouldn’t exist in the first place.

 Note: Images adapted from Klout.com

twitter_1402

Twitter’s Privacy Invasion (edited update)

NOTE: This is an edited excerpt from a prior post, highlighted here at the suggestion of a few readers who thought it worthy of its own individual post.

For a while now, Twitter has been testing its own t.co link shortener to shorten/wrap long URLs in private Direct Messages sent between users via their website (transparently to the user, btw – you can read more in their June 8th blog “Links and Twitter: Length Shouldn’t Matter“ – a blog that is hosted by Google’s Blogger network and that I doubt most Twitter users don’t even know exists). In a recent email to users, dated August 30, 2010, they explain that the use of t.co will be expanded to all messages, including those sent via 3rd party applications, and that the length of the shortened URL may vary based on the application/device the receiving user is using, to quote:

“A really long link such as http://www.amazon.com/Delivering-Happiness-Profits-Passion-Purpose/dp/0446563048http://t.co/DRo0trj might be wrapped as for display on SMS, but it could be displayed to web or application users as amazon.com/Delivering- or as the whole URL or page title.”

As a primarily TweetDeck user, the advantage is minimal to me – it already has a function that shows you what a shortened URL expands into. There is also a “post-click, pre-connect” malware check to ensure that you are not connecting to a bad site – again a feature that I already have in my browser.

But the way that they internally use the t.co link shortener is what causes me concern. All links, including those in private DMs (as well as those already shortened through services such as bit.ly which will be “wrapped” internally by Twitter in the t.co format), will be tracked on a per user/per click basis, allowing Twitter to create a data repository of what links you click, the type of content you are accessing – from news to product/vendor sites – and potentially who sent them. Their justification is “Twitter will log that click…to provide better and more relevant content to you over time.”

Sorry, Twitter, but I don’t need or want you to provide content to me. I follow people, not you, for content and conversations.  And I’m far from thrilled that you will now start keeping track of the links users click in the name of providing relevant content, which could be interpreted to mean anything from suggested users to follow to targeted advertising to whatever you decide is most profitable (it’s the “whatever” that concerns me, as this is potentially valuable marketing information that could be sold to/exploited by 3rd party groups).

Everybody understands that what you publicly post is public, but there is also an expectation of privacy with respect to Direct Messages that are not part of the public timeline, not searchable and not shared with 3rd-party search engines (a variation on their “protected tweets” theme). The thought of Twitter tracking content in private Direct Messages – which have become an alternative to quick email exchanges for many people – leaves me with a Facebook-like “invasion of privacy” feeling.

Will I stop using Twitter? No, its value still out-weighs its disadvantages. But I will start to view it in a different light and will probably be less inclined to click on sponsored or vendor-oriented links.

twitter_140

Twitter: 4 Lessons to Learn about Marketing & Privacy

Last week (along with all other Twitter users) I received Twitter’s “Update: Twitter Apps and You” email. It announced:

“Over the coming weeks, we will be making two important updates that will impact how you interact with Twitter Applications”, namely 1) the anticipated mandatory use of OAuth for 3rd-party application user verification and 2) the expanded use of Twitter’s t.co link shortener as a default standard for Twitter messages.

Most of what they announced was anticipated, but their email, while informative, raised an interesting point about user privacy and was a great example of how not to get out “the message”. Here are four thoughts and lessons that I think Twitter needs to understand, all important to me in judging their progress transitioning from a disruptive startup to a viable long-term business.


1. Twitter doesn’t know how to, or can’t, reach its audience efficiently.

I manage a number of different Twitter accounts and would have expected to receive all of the emailed updates within a relatively short period of time. Sure, they have over a hundred million users, but it took a surprisingly long time for all my accounts to be notified by email (through Sept. 4th) for an announcement that was effective August 31st and partially posted on their blog site on August 30th.

Lesson #1: Announce upcoming updates before, not after, they have occurred.

2. “There are over 250,000 applications built using the Twitter API.”

This statement in the email really got my attention – 250,000 apps is a huge number. But it begs the question “really?” I’ve searched around and can’t find any verification of the number, or a list of more than a couple thousand apps (twitdom.com, lists less than 2,000 leading apps and Twitter’s own “Top Ten Twitter Apps” shows Twitter.com at #1 with 78% user share and UberTwitter at #10 with only 2%, leading one to conclude that there might be just a few “dead” apps lying around there somewhere). Additionally, I’d be very interested in the selection process used when they listed the following examples (especially if I were a Twitter app developer with competing applications):

“applications like TweetDeck, Seesmic, or EchoFon, websites such as TweetMeme, fflick, or Topsy, or mobile applications such as Twitter for iPhone, Twitter for Blackberry, or Foursquare.”

Lesson #2: If you throw out a really big number, people will want to know more. Don’t keep them guessing.

3. Twitter doesn’t understand how contradictions lead to confusion.

From a pure “information” perspective, the email was a bit confusing with some odd contradictory statements.

Example A: Their opening statement “Over the coming weeks, we will be making two important updates that will impact how you interact with Twitter applications” is a bit confusing given that:

1) Their new OAuth policy had already been put into effect as of August 31st, as they stated in their August 30th blog post: Twitter Applications and OAuth (interestingly hosted by Google’s Blogspot.com site), and

2) the expanded use of their t.co link shortener directly involves their own website as well (interestingly, Twitter counts their own website as an application, something I doubt most users do, especially when you take into account the listing of applications in Item 2 above doesn’t include their website).

Example B: The first sentence of their explanation of OAuth (which is probably now, and forever, a meaningless word to 90% of their user base) states that it allows 3rd-party applications to access your Twitter account “without asking you directly for your password”. Humorously, the next sentence goes on to state that “applications may ask for your password”. Granted, they may ask only once, but they could have phrased it differently, such as (my wording):

“OAuth is an authentication technology that requires you to provide your Twitter password only once in order to authorize a 3rd-party application to access your Twitter account. You will not be required to enter your password again for that application. Further, the 3rd-party application cannot store your Twitter password, providing you with an added layer of security (you can even change your Twitter password if you like without having to provide it again to the application).”

Ironically, their August 30th blog post (listed above) does a much better job at explaining how OAuth will work than their email did – too bad they didn’t link to it in their email, or, better yet, use the same text.

Lesson #3: Consistency of message (especially across multiple sources) is critical to credibility.

4. Twitter tracks the links you click, in public or private messages, in any 3rd-party app.

This is probably the most significant point of the entire email update. For a while now, Twitter has been testing its own t.co link shortener to shorten/wrap long URLs in private Direct Messages sent between users via their website (transparently to the user, btw – you can read more in their June 8th blog “Links and Twitter: Length Shouldn’t Matter“). In their email, they explain that the use of t.co will be expanded to all messages, and that the length of the shortened URL may vary based on the application/device the receiving user is using, for example:

“A really long link such as http://www.amazon.com/Delivering-Happiness-Profits-Passion-Purpose/dp/0446563048 might be wrapped as http://t.co/DRo0trj for display on SMS, but it could be displayed to web or application users as amazon.com/Delivering- or as the whole URL or page title.”

While this might be a nice feature, it is the way that they use it that causes me concern as the t.co link shortener also includes a “post-click, pre-connect” malware check to ensure that you are not connecting to a bad site and that “Twitter will log that click…to provide better and more relevant content to you over time.”

First off, I don’t need the malware check (a feature that many users already have in their browser or security software). Secondly, that last statement seems to directly imply that Twitter will now start keeping track of the links each individual user clicks, whether they are in public or private Direct Messages and regardless of the app (such as Twitter’s website or any 3rd-party app) – all in the name of providing relevant content, which could be interpreted to mean anything from suggested users to follow to targeted advertising to whatever.

Everybody understands that what you publicly post is public, but there is also an expectation of privacy with respect to Direct Messages. The thought of Twitter tracking what links people click (especially in Direct Messages – which have become an alternative to quick email exchanges for many people) leaves me with a Facebook-like “invasion of privacy” feeling, and that is the last issue that Twitter wants to deal with at this point in their business.

Lesson #4: If you use the phrase “log that click” you must explain exactly how that information is used.

So there you have it. Four points that jumped out at me after reading Twitter’s latest update email. From presentation to content, this email is a border-line #fail.