WebFinger live on Yahoo!

[Eran Hammer-Lahav]

We are still tweaking our service but the initial release is now live, powered by YQL. Sam Pullara put this together and got it deployed in record time. He also created a YQL client for WebFinger:

http://developer.yahoo.com/yql/console/?q=select%20*%20from%20webfinger%20where%20account%3D%27beestage%40yahoo.com%27&env=http%3A%2F%2Fdatatables.org%2Falltables.env

This is cool stuff!

EHL

[Brad Fitzpatrick]

Congrats!  :-)

This is awesome.

[Steven Livingstone-Perez]

Nice. Cool UI there too!

Must play around.

--------------------------------------------------
From: "Eran Hammer-Lahav" <er...@hueniverse.com>
Sent: Friday, September 18, 2009 1:20 AM
To: <webf...@googlegroups.com>
Subject: WebFinger live on Yahoo!

[Brett Slatkin]

Woot!

On Thu, Sep 17, 2009 at 5:20 PM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:
>

[John Panzer]

W00w!  (Wow webfinger!)

--
John Panzer / Google
jpa...@google.com / abstractioneer.org / @jpanzer

On Thu, Sep 17, 2009 at 5:20 PM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:

[DeWitt Clinton]

Very nice!

  http://webfingerclient-dclinton.appspot.com/lookup?identifier=dcli...@yahoo.com

-DeWitt

[Blaine Cook]

Very exciting! :-D

2009/9/18 Eran Hammer-Lahav <er...@hueniverse.com>:

[Ben Laurie]

On Fri, Sep 18, 2009 at 3:02 AM, DeWitt Clinton <dcli...@gmail.com> wrote:
> Very nice!
>   http://webfingerclient-dclinton.appspot.com/lookup?identifier=dcli...@yahoo.com

Nice!

[Joseph Smarr]

Awesome to see early implementations on both google and yahoo, and double-awesome to see a working client with yql! Thanks, js

[Kaliya *]

So I am all for Yeah!s

I went and tried the page out to see what it exposed about me.

Both for my "public" use around the web a lot yahoo handle and another one that I have explicitly kept my "real name" not attached to in any public forums.

My name listed in both accounts was Kaliya however when you expose people's "profile names" in web finger you might be exposing information people don't think is public on the web.  Needless to say I went in and immediately changed my profile name in my more private account.

I just shared this with guy friend who has several yahoo accounts - one of them for dating.  I said do you have your "regular name" listed in the "profile name" - he thought he might. It sort of made him cringe that this was now exposed.

I think you might have a real uproar from users by exposing their profile names publicly on the web without letting them know you are doing this. It would be good to send people a note asking telling them this information will be exposed to ANYONE WHO ASKS before you make it available via webfinger.

I was thinking about the difference between twitter and almost everyone else.  Twitter starts at Radically Open and explicitly so - so as a user I know what bargain I am striking in using the tool.  

Everyone else is trying to go from "closed" as the default and move towards more open and pulling users along is a challenge - it is changing the rules of the space and it needs to be well thought out or it will back fire badly.

-Kaliya

On Thu, Sep 17, 2009 at 5:20 PM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:

[Blaine Cook]

2009/9/25 Kaliya * <identi...@gmail.com>:

> I think you might have a real uproar from users by exposing their profile
> names publicly on the web without letting them know you are doing this. It
> would be good to send people a note asking telling them this information
> will be exposed to ANYONE WHO ASKS before you make it available via
> webfinger.
>
> I was thinking about the difference between twitter and almost everyone
> else.  Twitter starts at Radically Open and explicitly so - so as a user I
> know what bargain I am striking in using the tool.
>
> Everyone else is trying to go from "closed" as the default and move towards
> more open and pulling users along is a challenge - it is changing the rules
> of the space and it needs to be well thought out or it will back fire badly.

If I'm not mistaken, all this information is already public, but
webfinger makes it a bit more obvious to get to it.

There was a discussion at SW Foo about privacy (I can't remember who
all was in the room, but I suspect a fair number of people on this
list ;-) ), and how do we manage expectations, etc, and the general
consensus seemed to be that showing people that their data is public
is more important that allowing them to pretend that it's private.

This might be a case where people get a bit weirded out that their
data is "now" public, even though it always was, so combining a
precautionary principle (e.g., "do this to enable data sharing") would
be good, but the HTTP cookie example suggests otherwise --- people
were really freaked out, and providing a "click here to turn it off"
button was enough, and left the web better overall (probably!).

Interestingly, the reactions Kaliya describes here are exactly those
of people whose plaintext / unencrypted passwords are being shown to
them for the first time. It's probably better that we try to do this
in a way that very strongly says "we're just showing you this because
it's always been this way, and we're helping you gain control of your
own data, before baddies take it without your knowledge", instead of
just shoving it in people's faces.

b.

[Christian Scholz]

Am 26.09.2009 16:25, schrieb Blaine Cook:
> 2009/9/25 Kaliya *<identi...@gmail.com>:
>
>> I think you might have a real uproar from users by exposing their profile
>> names publicly on the web without letting them know you are doing this. It
>> would be good to send people a note asking telling them this information
>> will be exposed to ANYONE WHO ASKS before you make it available via
>> webfinger.
>>
>> I was thinking about the difference between twitter and almost everyone
>> else. Twitter starts at Radically Open and explicitly so - so as a user I
>> know what bargain I am striking in using the tool.
>>
>> Everyone else is trying to go from "closed" as the default and move towards
>> more open and pulling users along is a challenge - it is changing the rules
>> of the space and it needs to be well thought out or it will back fire badly.
>>
> If I'm not mistaken, all this information is already public, but
> webfinger makes it a bit more obvious to get to it.
>
> There was a discussion at SW Foo about privacy (I can't remember who
> all was in the room, but I suspect a fair number of people on this
> list ;-) ), and how do we manage expectations, etc, and the general
> consensus seemed to be that showing people that their data is public
> is more important that allowing them to pretend that it's private.
>

If data is already publically accessible that's of course right. I
remember having had a big discussion about privacy at a web monday here
in Germany after somebody explained what XFN is and that twitter exposes
it without user notice.
So it also might depend on the region you are in. We in Germany are
probably a bit more sensible to such things and thus I would rather put
privacy controls in place than simply stating that everything is public
anyway.

There might also be some laws involved regarding privacy and german
networks have to deal with that e.g. in the context of Open Social where
the solution of studivz seems to be to let people create personas per
application (which is the data set this application receives and not
automatically the default profile).This might be a case where people get

a bit weirded out that their
> data is "now" public, even though it always was, so combining a
> precautionary principle (e.g., "do this to enable data sharing") would
> be good, but the HTTP cookie example suggests otherwise --- people
> were really freaked out, and providing a "click here to turn it off"
> button was enough, and left the web better overall (probably!).
>
> Interestingly, the reactions Kaliya describes here are exactly those
> of people whose plaintext / unencrypted passwords are being shown to
> them for the first time. It's probably better that we try to do this
> in a way that very strongly says "we're just showing you this because
> it's always been this way, and we're helping you gain control of your
> own data, before baddies take it without your knowledge", instead of
> just shoving it in people's faces.
>

Agreed.

-- Christian

[Eran Hammer-Lahav]

I am not sure what specifically are you surprised about. All Yahoo! is exposing right now is your profile page which existed for the past 10 years at http://profiles.yahoo.com/screen_name. Were you not aware of that?

 

EHL

[Kaliya *]

On Sat, Sep 26, 2009 at 9:22 AM, Eran Hammer-Lahav <er...@hueniverse.com> wrote:

I am not sure what specifically are you surprised about. All Yahoo! is exposing right now is your profile page which existed for the past 10 years at http://profiles.yahoo.com/screen_name. Were you not aware of that?

Right another friend I was discussing this thread with pointed there were public profile pages. 

I had no idea. 

sorry just not obvious that any profile data about my account was being pushed out in public. 

-Kaliya

[Santosh Rajan]

Let us also not discount the intelligence of the average users. Our users have also been much smarter than we techies would like to believe.

The internet has been around since 1994, and users have been smart enough to create their own distinct "real" accounts and "party" accounts.

Who told them to do it that way in the mid 90's? Nobody. They figured it out for themselves.

So let us not get paranoid about this issue, and let us techies concentrate on the technicalities.

--
http://hi.im/santosh

[Henri]

Could you make it so that the profile is also revealed inside a:
<Link>
<Rel>http://webfinger.info/rel/profile-page</Rel>
<Rel>http://microformats.org/profile/hcard</Rel>
<Rel>http://gmpg.org/xfn/11</Rel>
<Rel>describedby</Rel>
<MediaType>text/html</MediaType>
<URI>http://profiles.yahoo.com/screen_name</URI>
</Link>
block?

On Sep 17, 8:20 pm, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
> We are still tweaking our service but the initial release is now live, powered by YQL. Sam Pullara put this together and got it deployed in record time. He also created a YQL client for WebFinger:
>

> http://developer.yahoo.com/yql/console/?q=select%20*%20from%20webfing...

[Eran Hammer-Lahav]

Is the Yahoo profile markup hCard compliant?

EHL

> -----Original Message-----
> From: webf...@googlegroups.com [mailto:webf...@googlegroups.com] On
> Behalf Of Henri
> Sent: Saturday, September 26, 2009 8:57 PM
> To: WebFinger
> Subject: Re: WebFinger live on Yahoo!
>
>

[Henri]

Running my profile through hKit works fine:
http://tools.microformatic.com/query/plain/hkit/http://profiles.yahoo.com/henri_watson

[Kaliya *]

On Sat, Sep 26, 2009 at 8:55 AM, Santosh Rajan <sant...@gmail.com> wrote:

Let us also not discount the intelligence of the average users. Our users have also been much smarter than we techies would like to believe.

 

The internet has been around since 1994, and users have been smart enough to create their own distinct "real" accounts and "party" accounts.

Who told them to do it that way in the mid 90's? Nobody. They figured it out for themselves.

So let us not get paranoid about this issue, and let us techies concentrate on the technicalities.

Right - that is my point.

you are techies thinking about technicalities and perhaps missing some social norms/expectations.

Actually normal uses are both smart and dumb. they make assumptions about how these things work that are different then how "techies" make them work or think they should.......

-Kaliya


 

[Santosh Rajan]

"Actually normal uses are both smart and dumb."

I am quoting you above. Exactly. 

1) Do you think providers and developers can develop software only for "smart" users or for "dumb" users as you suggest? I don't think so.

2) If you agree with me, can you draw a bell curve, so that we can cut off the "smart" and "dumb" ends of the curve, and develop for the middle bulge. I don't think you can do that either.

Right! There is no science that can tell us "techies" which way to go. If there is please let me know or show me. 

All the techie's can do, is take the middle road, and tweak their software in both directions, based on experience. 

That is the state of software engineering at the moment.

--
http://hi.im/santosh

[John Panzer]

Reviving this thread...

How about a "Webmirror" application that monitors your web info and shows what other people can see about you?  Make it both a web page you can go to as needed, and something that monitors your distributed web profile and alerts you when it detects changes, especially expanded/additional information.

--
John Panzer / Google
jpa...@google.com / abstractioneer.org / @jpanzer

[Allyson Kapin]

Hey Everyone:
I just joined this awesome group. I wanted to say hello and chime in a
couple of on-going discussions but first a quick intro. I run the
Women Who Tech TeleSummit, just finished co-organizing She’s Geeky DC
with Kaliya and team, and run a web dev firm based in DC called Rad
Campaign. We work with nonprofits and you guessed it – political
campaigns. I also blog for Fast Company, Huffington Post and a couple
of others.

I have been thinking a lot about the privacy issues that Kaliya raised
a couple of months ago on the list. I think her points are valid and I
hope we can brainstorm more about how to address them. John Panzer
(who wrote a post on Nov 13th) maybe onto something about integrating

a "Webmirror" application that monitors your web info and shows what

other people can see about you.”

I was at a conference recently and a group of women were talking about
this very topic and were horrified to learn that not only would their
info would be so public but what about women who have been sexually
assaulted, have been victims of domestic violence, stalking, etc.
Plenty of men have been victims of stalking too. While it’s true this
info is already public and you would think users would already know
this, the reality is that many users just don’t realize that it’s so
public. Perhaps they setup a profile 10 years ago on Yahoo and don’t
even remember that it exists. Some users just don’t connect the dots
and I think we need to be sensitive to that fact and take the issues
into account as things continue to develop.

This list has some of the best problem solvers. How can we address
these issues?

Cheers,
Allyson

On Nov 13, 7:01 pm, John Panzer <jpan...@google.com> wrote:
> Reviving this thread...
>
> How about a "Webmirror" application that monitors your web info and shows
> what other people can see about you?  Make it both a web page you can go to
> as needed, and something that monitors your distributed web profile and
> alerts you when it detects changes, especially expanded/additional
> information.
>
> --
> John Panzer / Google

> jpan...@google.com / abstractioneer.org / @jpanzer
>
> On Sun, Sep 27, 2009 at 7:33 PM, Kaliya * <identitywo...@gmail.com> wrote:

>
> > On Sat, Sep 26, 2009 at 8:55 AM, Santosh Rajan <santra...@gmail.com>wrote:
>
> >> Let us also not discount the intelligence of the average users. Our users
> >> have also been much smarter than we techies would like to believe.
>
> >> The internet has been around since 1994, and users have been smart enough
> >> to create their own distinct "real" accounts and "party" accounts.
>
> >> Who told them to do it that way in the mid 90's? Nobody. They figured it
> >> out for themselves.
>
> >> So let us not get paranoid about this issue, and let us techies
> >> concentrate on the technicalities.
>
> > Right - that is my point.
>
> > you are techies thinking about technicalities and perhaps missing some
> > social norms/expectations.
>
> > Actually normal uses are both smart and dumb. they make assumptions about
> > how these things work that are different then how "techies" make them work
> > or think they should.......
>
> > -Kaliya
>
> >> On Sat, Sep 26, 2009 at 9:07 PM, Christian Scholz <c...@comlounge.net>wrote:
>
> >>> Am 26.09.2009 16:25, schrieb Blaine Cook:
>

> >>>  2009/9/25 Kaliya *<identitywo...@gmail.com>:

[Will Norris]

I could certainly imagine a utility kind of like SocialSearchMe.com, but fleshed out quite a bit more. It would be great for demonstrating the power of tying all these technologies (XRD, WebFinger, microformats, etc) together. But as you point out, it would be equally useful for people to be aware of what data about them is publicly available. To that end, it would be great to include good plain-english explanations of how this data is connected, and how to disconnect or hide parts of it if the individual wishes. Kind of how DataLiberation.org catalogs how to move your data in and out of various Google services, this utility could document how to connect/disconnect and show/hide your data on various services.

-will

[Mike Hanson]

I agree in theory - but in practice, for a web service to show you which data is protected, you would probably need to grant it access to the data, unless we posit a new cross-web API for "data visibility queries". And that's no good, because you've just created a new super-site with access to all your data, which, presumably, is what we're trying to avoid.

My current belief is that a client-side user-agent is better positioned to provide this function, since you've already disclosed your information to it (when you submitted the forms in the first place!). We're experimenting with the idea in Mozilla Labs right now, as part of the Weave Identity / Account Manager project [1]. We'd love to get your ideas about how to do it.

Take a look at Google Dashboard [2] for a good example of how a large service provider can provide an integrated report, too.

Best,
Mike
--
Michael Hanson, Mozilla Labs -- mha...@mozilla.com

[1] https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager
[2] http://www.google.com/dashboard

[John Panzer]

I think it's useful to have some discussions about applications (and issues) like this with Webfinger discovery technology on this list, because they often affect the development of the protocol spec.  At the same time, it may ultimately be difficult to keep the substantive-spec discussions (where there's a specific proposal about the evolving spec) from being lost in more general discussions about applications of the spec.  I haven't seen enough traffic to worry about this yet but with DeWitt's new code up and running, the finalization of some of the underlying specs, the discussion that Joe started, etc. there's starting to be quite a bit more activity.  If we want to have separate groups, or an agreement on conventions for tagging subject lines, etc. now's probably the time to start thinking about it.  Not pushing one way or the other, but would like to get some sense from the list membership about what would be most useful.  Or if there's no change needed, then signalling that would be fine too.

--
John Panzer / Google

jpa...@google.com / abstractioneer.org / @jpanzer

[Bob Aman]

> I think it's useful to have some discussions about applications (and issues)
> like this with Webfinger discovery technology on this list, because they
> often affect the development of the protocol spec.  At the same time, it may
> ultimately be difficult to keep the substantive-spec discussions (where
> there's a specific proposal about the evolving spec) from being lost in more
> general discussions about applications of the spec.  I haven't seen enough
> traffic to worry about this yet but with DeWitt's new code up and running,
> the finalization of some of the underlying specs, the discussion that Joe
> started, etc. there's starting to be quite a bit more activity.  If we want
> to have separate groups, or an agreement on conventions for tagging subject
> lines, etc. now's probably the time to start thinking about it.  Not pushing
> one way or the other, but would like to get some sense from the list
> membership about what would be most useful.  Or if there's no change needed,
> then signalling that would be fine too.

For the moment, I think these announcements are still useful (though
subject line conventions are probably a good idea). However, I
wouldn't mind seeing maybe a page on the wiki listing known client and
server implementations.

-Bob