OpenID and DataPortability.org gain big support (on paper!!)

Momentum appears to be building behind the related notions that usersshould have a single set of login credentials to sign into most—perhapseven all—of the web sites that they frequent and that they should beable to easily move their personal data between different socialnetworking services. These ideas have gained so much traction recentlythat groups like DataPortability.org and OpenID have made many pundits'lists of "what will be hot in 2008." But while reports this week showthat OpenID and DataPortability.org are gaining support from giantslike Google, Facebook, IBM, and Verisign, a number of lingeringquestions about security and privacy remain.

This week's "open" shake-up in Web 2.0-land started when Facebook,Google, and Plaxo announced a partnership with the DataPortability.orggroup, whose mission is to build standards for easily moving one'sidentity and data between services. Aside from fledgling efforts like Google's OpenSocial platform,which allows developers to build widgets and applications that can workon and pull data from any site, there really isn't an easy way to moveone's pictures from Flickr to Picasa, or one's identity and media fromFacebook to MySpace. DataPortability aims to bring portability andcooperation into the mix, returning power back to users over their owndata and where they take it.
For better or worse, Facebook hopping on board with DataPortabilityrattled the Web 2.0 media pretty well, as the social networking companyhas come under mounting fire for being an increasingly one-way service.Its applications platform certainly opened up new ways for users topull data in from virtually any other site or service on the web, butits design and terms of service prevent—and in some cases,prohibit—trying to take any of that data to another service.
This portability issue came to a head when Facebook banned the accountof blogger Robert Scoble for using a newly developed tool to "scrape"all his data from the site for use elsewhere. It was later revealedthat the tool came from Plaxo, a PIM syncing service-cum-socialnetworking portal. Scoble's scraping and his subsequent ban (hisactions violated Facebook's terms of service) sparked yet another roundof criticism from bloggers over Facebook's closed nature, but some ofthe furor turned back against Scoble when it emerged that he was tryingto scrape more than just his own posts, pictures, and other data.Plaxo's tool was designed to also scrape the names and e-mail addressesof all of Scoble's 4,000+ Facebook "friends." The question then becameabout whether users "own" the contact data of their friends at siteslike Facebook.
On the other end of the data portability spectrum, TechCrunchpublished a rumor that Google, IBM, and Verisign plan to join OpenID, abudding unified sign-in service that allows users to create oneidentity and password for logging into multiple web sites. OpenIDcertainly isn't the first attempt at a unified, cross-site loginservice (such attempts go at least as far back as 1999), but it islikely the first from a more or less neutral party that boasts openstandards and identity portability. For a few years now, OpenID hasenjoyed a slow adoption from some fairly popular websites like 37signals and Wikipedia (the latter's OpenID support is in the works). But adoption from major players like Google, IBM, Verisign and possibly even Yahoo! would be a sign that OpenID has more or less "made it."
With all this news of portability and identity power getting returnedto the user, new questions over privacy and ownership beg to be asked.One of privacy advocates' long-standing criticisms of single sign-onschemes is that a unified login system runs a higher risk of securitybreaches and ID theft. If a user sets an insecure password for a masterOpenID login, all of the sites that use OpenID will be wide open tomalicious activity on that user's account.
On the social networking side of things, the privacy questions aren'tso much about the individual user as they are about the user's friends,and how much information one user can give out about those in his orher social network. Plaxo, in the past, has come under heavy scrutinyfor pulling stunts like the one it did with Scoble, as the company hastraditionally been willing to beg, borrow, and steal to gain personaldata of users who never even signed up for its services. (For a time,the contacts from the synchronized address books of Plaxo users wereharvested and spammed with invites to join the service). At the least,Facebook and Google will have to offer a straightforward, obviousoption for users to either grant or deny permission for their friendsto take their data with them when they move to another service.