Right. It seems to me that there's a big education task here - both for end-users and service providers.
For end-users, we can't assume it's obvious that anything they put on the public web is public knowledge, especially when it comes to data. I forget the details (Julian might remember) but there was a social graph aggregator a year or two back - Plink (?) - that harvested FOAF. Not sure what interface it had, but whatever, the person running it decided to shut it down after loads of unpleasant mail along the lines of "how dare you steal my information".
danbri has a good post around this issue, in particular in relation to privacy and the SG API:
http://danbri.org/words/2008/02/05/267In it he says: "There's a danger here of technologists seeming to blame those we're causing pain for." - indeed, but there's also a danger of the blame being redirected to technologists from elsewhere, see:
http://iandavis.com/blog/2008/04/identity-theft-its-not-your-problem(personally I wouldn't weep at the death of "privacy by obscurity", but still don't think we should be inflicting pain if we can avoid it)
Back to danbri again, he has some good suggestions:
[[
- Best practice codes for those who expose, and those who aggregate, social Web data
- Improved media literacy education for those who are unwittingly exposing too much of themselves online
- Technology development around decentralised, non-public record communication and community tools (eg. via Jabber/XMPP)
]]
I mentioned education of service providers - I really don't think they're anything like geared up to provide interactions for end-users that would give them a chance of informed choice. A terms of service doc might be adequate for walled garden environments, but those walls are crumbling. I don't think the ramifications have occurred to the service providers any more than anyone else.
Technically it isn't that difficult to provide granular access control to data, but without conventions for identifying different kinds of data in a way that would make sense to Auntie Edith, the user interface is a non-starter.
(Considering such conventions might well be in scope for this group).