Privacy and the implicit web


Implicit web apps rely on access to information you don’t want everyone to know. Unlike traditional server driven web sites, implicit web apps often run on the user’s own machine. This gives them access to all the user’s data, whereas a web service can only see a small slice covering what the user did whilst visiting that site.

The only difference between an implicit web client app and spyware is intent. Fred Wilson has a quote "If someone’s going to spy on you, it’s probably best if it’s you." I think "If someone’s going to spy on you, it’s probably best if it’s us" is a better reflection of the current state of the implicit web scene. We aren’t empowering users by letting them own their information, and control exactly what is revealed. Instead at install time we’re asking them to sign over the right to pull all their information onto our servers.

This isn’t a big issue yet, because there’s not much awareness amongst users of the dangers. But it would only take one big privacy breach to start people worrying. We need to plan ahead to make sure we don’t get classed as spyware by zealous blockers.

I think the model for the future is something like the Attention Trust. Set up to provide a standard for the treatment of user’s web-browsing behavior, they mandate a set of principles their members must follow. In return, organizations that meet those principles can display a badge demonstrating their trustworthiness.

It’s not perfect, there’s not a rigorous inspection or application process to join, it’s mostly self-regulated, and the rules are focused on web-browsing. But it is an organization I expect to grow and mature as the demand from legitimate implicit web companies to avoid being labelled as spyware gets stronger. They also offer a very interesting Firefox extension for tracking user’s web-browsing, I’m tempted to try a port over to IE.

The trickiest practical part of this is that providing the sort of fine-grained user control will take a lot of extra engineering, and some smart UI to avoid baffling the user with a space shuttle control panel of options. Most services allow you to temporarily disable information capture, but I think one of the requirements is going to be the ability for users to remove data from your server after it’s been captured, and that’s going to be a lot harder to implement.

As I was researching this post, I ran across an article by Alex Iskold on ReadWriteWeb that was really helpful. I guess I wasn’t the first to spot Amazon as the ur-Implicit-Web-App!

Funhouse Photo User Count: 1,686 total, 73 active. The stats have moved at least, but still seem a little flakey, showing data from three days ago.

Event Connector User Count: 65 total, 10 active. No progress on signing up a conference, I will be chasing this up again, and considering some different approaches to reaching organizers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: