[OpenID] Combining Google & Yahoo user experience research

[SitG Admin]

>I understood that UCI (in the OpenID vs the Cardspace sense) to be 
>about user empowerment. It exists to break the notion that FaceBook 
>(or some other IDP) controls the portability of buddy list. I 
>control my buddy list. Period. The OP is just a contractor, to me; 
>handling my copyrighted data aggregation.

Your friends are still your friends; the *human* relationships are 
not controlled by Facebook or any other site. It's the *data* 
relationships (representations of the human relationships, and what 
can be inferred from them) that sites uniquely have; it's not 
something the *user* offered, it's something that the *site* worked 
to create. So the question may be, how do we isolate the data sets 
"owned" by the site from the data sets "owned" by the user?

Metadata. We don't use this in HTML; we have tags inline with the 
text. But it's certainly possible (and was *very* friendly to 
forensics!) to have a separate file (or part of a file) that kept 
track of which formatting changes were made and where they 
started/stopped applying. This data would then be combined with the 
plaintext to restore the formatted document.

This is a straightforward concept with dynamic webpages, drawing 
(presumably) from both databases simultaneously. But the formatting 
needs to be done server-side because Facebook (et all) doesn't trust 
the user with this proprietary data. So how does the user recover if 
Facebook goes down?

Backups, yes. The user can't "have" Facebook's data; can Facebook use 
encryption? Backup *their* data relationships (compressed) to the 
user's offsite storage, encrypted to keep the user from "having" 
Facebook's data. This encryption could eventually be broken, but by 
that time won't the data's usefulness have "expired" or been replaced 
by more current data sets? If anything, this is a promise that, 
eventually - when computing power has advanced sufficiently - even 
Facebook's utter demise would not *forever* deprive the user of what 
they were used to. Abandonware that gracefully exits to the public 
domain.

The offsite backup of data relationships holds an intriguing promise 
for new start-ups: instead of having to back up all your data (an 
enormous cost in hardware), you just back up (and, of course, secure) 
the *keys* - at that point, your own local hard-drives become mere 
backup for the *users* in case *they* lose your data (which, since 
you managed it on their behalf, isn't really of much use to anyone 
else). Hard drives could also be ditched entirely if the start-up 
wanted to focus on privacy.

-Shade