Portability Pledge – A first draft for TheStartupBus

The Startup Bus to SXSW Interactive 2010 is now rolling south by southeast. "12 strangers will board a bus in San Francisco. At 60 miles an hour and over 48 hours, they will conceive, build and launch 3 tech startups in time for a SXSW party in Austin." Can you bootstrap a company and squeeze in a decent portability policy? The Bus startups will try. The DataPortability Project wants to make your site's portability policy an impulse buy but your company lawyers and designers will want more time.

My proposal:

The Portability Pledge.

Four steps:

1. Take the Portability Policy Pledge
2. Draft your portability policy
3. Set up a customer conversation channel
4. Post your Portability Policy Pledge on your site

1. Write Your Portability Policy Pledge

This is your promise to have a signed-off portability policy posted by a deadline. Model language:

• On behalf of THIS ORGANIZATION operating THIS SITE we promise to post a complete Portability Policy on this page by 1 July 2010. We will be terribly embarrassed if we don't.
• Like a Privacy Policy, our Portability Policy will explain your rights, in this case your rights to access, share, synchronize, delete and backup your data with our services.
• We'll also explain our responsibilities and how to work with us to improve your portability experience.
• We're working with DataPortability.org to create a useful policy. Learn more HERE.
• We believe we can do more for you by responsibly sharing your data with services you trust.
• We support these Portability Principles:
  • It should be easy to bring your identity, friends, files and history with you to our site.
  • It should be just as easy to share them from our site with other sites.
  • We should make it easy to keep your information fresh with updates.
  • We will be considerate with your data when our relationship ends.
  • We will be explicit and transparent about our portability practices.
• If you'd like to discuss your portability rights with us, join us in this forum HERE.

2. Draft your portability policy.

Your policy will/should go through lawyers. It's part of you site's Terms of Service, End User License Agreement, or whatever contract connects you with your site's users.

This draft is what you'll give your lawyer.

The parts:

• 2.A. Welcome to our portability policy.
• 2.B. Our disclosures
• 2.C. How to talk with us about this
• 2.D. Cautions and other limits

2.A. Welcome to our portability policy.

This document is...

You'll explain what this document is, what it is called.

We're writing it so...

Say the purpose, what's inside, what's not inside.

We hope you get out of it...

Takeaways and benefits for users who read this and when to come back and read it in more depth.

2.B. Our disclosures

This is the body of your portability policy. You'll answer questions, grouped into five categories (Start, Sync, Access, Share, End). While the questions can be answered briefly with yes/no and multiple choice answers, it may take more time to provide the optional descriptions that explain your answers.

See the the full questionnaire and guide below.

2.C. How to talk with us about this

Learn more about data portability here...

Contact our ombudsman here...

Contact our portability alliance manager here...

Discuss with our other customers here...

2.D. Cautions and other limits

Subject to change...

Not my fault...

We only control ourselves...

We're not perfect...

3. Start Your Customer Conversation

You'll want a place to let customers ask data portability policy questions, for you to make announcements, conduct surveys, etc. Something like GetSatisfaction or UserVoice. You'll link here from your portability policy page.

4. Post Your Pledge

• The default file name: portabilitypolicy.html
• Popular locations: Root. Acme.com/portabilitypolicy.html
• Link to your portability policy on every page where you link to your privacy policy. "Portability" or "Portability Policy".
• We'll have a form for you to list your policy on the dataportability.org site.

There you go: four simple steps to a Portability Pledge.

You'll deliver on your promise when you answer and post your the Portability Policy Questionnaire.

The Portability Policy Questionnaire:

Start.

How well do you welcome me, my history, my friends?

1. Are your import and export APIs and formats documented?

• Yes
• No
• Suggested: If Yes,where are they documented?

2. Do people need to create a new identity for this site, or can they use an existing one?

• New Identity - The person is expected to create a fresh identity that is used on this site. This site does not trust a third party to authenticate identity.
• Existing Identity - The person can register an account that is accessed using an identity authenticated by some third party. This product assumes that, by selecting a third party to authenticate their identity, the person accepts that third party as trustworthy.
• Suggested: If Existing Identity, what identity services will you support?

Sync.

How do you keep my data fresh?

3. Must people import things into this product, or can the product refer to things stored someplace else? Can this product work with objects and information whose "authoritative home" is another product, or can this product only work with things that it hosts directly?

• Must Host - In order for this product to work with a thing, it must be hosted directly.
• Can Refer - This product has the ability to access and work with things that are hosted by third parties, assuming that the third party allows this.
• Suggested: If Can Refer, what items can be stored elsewhere and under what conditions?

4. Can this site accept updates that users make on other sites? In cases where the product tracks or manages things that the person has stored on some third party product, can this product watch the third party for updates?

• One Time Import - This product only sees the remote thing at import time, and does not watch for changes.
• Watch For Updates - This product watches the third party for changes, and updates its own view of the remote thing to match.
• Suggested: If Yes, what types of items and under what conditions?

Access.

How well do you help me use and manage my information?

5. Can the person allow other sites to use the things they've created or updated here? Does this product provide a way for third parties to authenticate a person and read or write?

• No Access - The person must use this product to read or access whatever it manages.
• Third Parties Can Read - The person can provide the third party with authentication credentials, and can read data managed by this product.
• Third Parties Can Write - The person can provide the third party with authentication credentials, and can write data managed by this product.
• Suggested: If Yes, what technical protocols are supported and how can users manage the authority they give other sites?

6. Can the person download or remotely access a copy of everything they've provided to this service? As part of their standard use of most products, people import or create things. Does this product provide an open, DRM-free way for people to retrieve or access via third party all of the things they've created or provided?

• No Access - This product does not offer the person the ability to download the things they've provided.
• Remote Access - The product provides an open, DRM-free way for people to download all of the things they've provided to the product, or remotely access it using a third party product.
• Suggested: If Yes, how and in what forms?

7. Do you disclose where my data is being kept in the real world?

• Yes
• No
• Suggested: If Yes, where can I learn where my data is kept?

8. Can I control where my data is kept in the real world?

• Yes
• No
• Suggested: If Yes, how can I exercise those controls?

 

Share.

How well do you help me share well with others?

9. If a person updates something here, is that change stored only by this product or can the person ask this product to store it elsewhere? Can this product accept some other site as being the authoritative home of a thing it knows about?

• Must Be Authoritative - This product assumes that it is the authoritative home of all things it manages, and does not update third parties.
• Can Update Remote - This product can work with a third party that is assumed to be authoritative. All updates made by the person using this product are also forwarded to the third party.
• Suggested: If Yes, how does it work in practice?

10. Can the person download or remotely access information that others have provided to the product? In cases where the product allows download or remote access, can the person export or access all of the data to which they have access, or only data which they have directly created?

• Provider Only - This person may only export or access data which they have directly provided.
• Full Access - The person may export or download any data to which they have access on this product, subject to reasonable usage and abuse rules.
• Suggested: If Yes, how and in what forms and with what other services or protocols?

 

End.

How well do you support a graceful exit from our relationship?

11. Will this site delete an account and all associated data upon a user's request? If the user creates a password or account for use with this product, does the product provide a way to cancel the account and erase all data associated with it?

• Immortal Accounts - Accounts or passwords, once created, are assumed to live for as long as the product is available. Desktop applications and other stand-alone products that do not have host services may have no way to remotely revoke accounts or passwords.
• Data Expires - If this product acts as a hub, the data it copies from other sites will expire in a set amount of time. This product must be linked to a place where it can refresh or synchronize data in order to stay current.
• Accounts Deleted Upon Request - This product has the ability to remove a person's account and all relevant data, and will do so when requested by the person or third party with appropriate legal standing.
• Suggested: If Yes, where can I find the procedure to request deletion.

12. Do you give notice before terminating the account?

• Yes
• No
• Suggested: If Yes, how much notice do you give and in what forms?

13. Can you recover a terminated account?

• Yes
• No
• Suggested: If Yes, how thoroughly, under what conditions, how quickly, and how is recovery triggered?

14. Do you have a posted appeals process or dispute resolution procedure?

• Yes
• No
• Suggested: If Yes, where are the procedures posted?

###

As you fill this out:

1. Would you have designed your service differently if you read the Portability Pledge beforehand?
2. Do you really need the pledge or are you ready to write a full portability policy before Austin?

tags: dataportabilityproject, dpp, portabilitypolicy, portabilitypledge, pledge, policy, sxsw, sxswi, roadtrip, promise

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Icons for a data portability policy – a few thoughts

I sat down with the DataPortability Project's Elias Bizannes a few months ago to organize the elements of a model portability policy. Your site's portability policy will be part of your Terms of Service or End User License Agreement. Your portability policy should help your sites and services communicate the data portability parts of your relationship with the people who use them and your business partners.

I'm heading down to an all day privacy forum co-hosted by Lauren Gelman and Mozilla this morning to discuss what browsers might do with a "privacy" icon.

The Clusters

We clustered portability policy questions into five stacks: Start, Sync, Access, Share, and End. I sketched five icons:

I cleaned them up a bit, but they are still rough:

Between the five, you'll see questions about the lifecycle of your relationship with a site, from its start to its finish. You'll also see questions about the power to manage your portability through interoperability.

The questions

We mapped these questions for your portability policy to the icons.

The questions can be answered by choosing Yes/No or from a short multiple choice list. Policy explanations, links, and actionable information are optional.

These questions are the work of the DataPortability Projects ToS/EULA Working Group over 2008 and 2009.

Start.

How well do you welcome me, my history, my friends? 

Are your import and export APIs and formats documented?

• Yes
• No
• Suggested: If Yes,where are they documented?

Do people need to create a new identity for this site, or can they use an existing one?

• New Identity - The person is expected to create a fresh identity that is used on this site. This site does not trust a third party to authenticate identity.
• Existing Identity - The person can register an account that is accessed using an identity authenticated by some third party. This product assumes that, by selecting a third party to authenticate their identity, the person accepts that third party as trustworthy.
• Suggested: If Existing Identity, what identity services will you support?

Sync.

How do you keep my data fresh?

Must people import things into this product, or can the product refer to things stored someplace else? Can this product work with objects and information whose "authoritative home" is another product, or can this product only work with things that it hosts directly?

• Must Host - In order for this product to work with a thing, it must be hosted directly.
• Can Refer - This product has the ability to access and work with things that are hosted by third parties, assuming that the third party allows this.
• Suggested: If Can Refer, what items can be stored elsewhere and under what conditions?

Can this site accept updates that users make on other sites? In cases where the product tracks or manages things that the person has stored on some third party product, can this product watch the third party for updates?

• One Time Import - This product only sees the remote thing at import time, and does not watch for changes.
• Watch For Updates - This product watches the third party for changes, and updates its own view of the remote thing to match.
• Suggested: If Yes, what types of items and under what conditions?

Access.

How well do you help me use and manage my information?

Can the person allow other sites to use the things they've created or updated here? Does this product provide a way for third parties to authenticate a person and read or write?

• No Access - The person must use this product to read or access whatever it manages.
• Third Parties Can Read - The person can provide the third party with authentication credentials, and can read data managed by this product.
• Third Parties Can Write - The person can provide the third party with authentication credentials, and can write data managed by this product.
• Suggested: If Yes, what technical protocols are supported and how can users manage the authority they give other sites?

Can the person download or remotely access a copy of everything they've provided to this service? As part of their standard use of most products, people import or create things. Does this product provide an open, DRM-free way for people to retrieve or access via third party all of the things they've created or provided?

• No Access - This product does not offer the person the ability to download the things they've provided.
• Remote Access - The product provides an open, DRM-free way for people to download all of the things they've provided to the product, or remotely access it using a third party product.
• Suggested: If Yes, how and in what forms?

Do you disclose where my data is being kept in the real world?

• Yes
• No
• Suggested: If Yes, where can I learn where my data is kept?

Can I control where my data is kept in the real world?

• Yes
• No
• Suggested: If Yes, how can I exercise those controls?

Share.

How well do you help me share well with others?

If person updates something here, is that change stored only by this product or can the person ask this product to store it elsewhere? Can this product accept some other site as being the authoritative home of a thing it knows about?

• Must Be Authoritative - This product assumes that it is the authoritative home of all things it manages, and does not update third parties.
• Can Update Remote - This product can work with a third party that is assumed to be authoritative. All updates made by the person using this product are also forwarded to the third party.
• Suggested: If Yes, how does it work in practice?

Can the person download or remotely access information that others have provided to the product? In cases where the product allows download or remote access, can the person export or access all of the data to which they have access, or only data which they have directly created?

• Provider Only - This person may only export or access data which they have directly provided.
• Full Access - The person may export or download any data to which they have access on this product, subject to reasonable usage and abuse rules.
• Suggested: If Yes, how and in what forms and with what other services or protocols?

End.

How well do you support a graceful exit from our relationship?

Will this site delete an account and all associated data upon a user's request? If the user creates a password or account for use with this product, does the product provide a way to cancel the account and erase all data associated with it?

• Immortal Accounts - Accounts or passwords, once created, are assumed to live for as long as the product is available. Desktop applications and other stand-alone products that do not have host services may have no way to remotely revoke accounts or passwords.
• Data Expires - If this product acts as a hub, the data it copies from other sites will expire in a set amount of time. This product must be linked to a place where it can refresh or synchronize data in order to stay current.
• Accounts Deleted Upon Request - This product has the ability to remove a person's account and all relevant data, and will do so when requested by the person or third party with appropriate legal standing.
• Suggested: If Yes, where can I find the procedure to request deletion.

Do you give notice before terminating the account?

• Yes
• No
• Suggested: If Yes, how much notice do you give and in what forms?

Can you recover a terminated account?

• Yes
• No
• Suggested: If Yes, how thoroughly, under what conditions, how quickly, and how is recovery triggered? 

Do you have a posted appeals process or dispute resolution procedure?

• Yes
• No
• Suggested: If Yes, where are the procedures posted?

Going Forward.

The questions and the clusters are works in progress. We're open to better questions, clusters, and definitely better labels and designs. These are just placeholders for better, official art.

I hope they serve a few common goals.

1. Make it easier to learn and understand the overall scope of a portability policy.
2. Make it easier to find the parts of a policy you care about.
3. Provide the visual part of semantic encoding that browsers and search engines can use to discover and understand where and what a site's policies are stored.

Things to do with the icons:

• Confirm the policy asks the right questions
• Prioritize and boil down for the Goldilocks Test: Not too much, not too little, just right
• Design an icon for the whole portability policy
• Design UI/UX behavior for what happens when you click on the portability policy icon
• Make the icons work better everywhere (cultures, visual impairments, sizes) and vet for semiotic conflict and mark infringement
• Semantic encoding (microformats, anyone?) that works across access methods
• Write the legal layer, creating plain language boilerplate that works for the business, for their lawyers, for site partners, and for users. Vary for world legal systems. Translate.

Join DataPortability.org's general mailing list to help or the low-volume announcements only mailing list for updates.

tags: dataportability, dataportabilityproject, dpp, icons, icon, portability, policy, portabilitypolicy

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Balancing power: Google v. AP, Yahoo! v. Geocities users, AT&T v. Skype

We try to be good to one another. Sometimes it's just about power.

The Associated Press newswire told search engines to pay for showing stories, or to stop showing them. [Ironic link above: AP story hosted on Google.] How quickly would AP enter bankruptcy if none of their stories showed up in Google News or search results?

Google's playing nice. They can, because they have the power in this relationship.

Yahoo! will kill Geocities later this month (26 October 2009). Millions of web sites, stores, online communities, blogs will vanish, along with their google juice. Geocities is a chunk of history for some, an online home for others. Yahoo! gave six months warning in its eviction notice. Yahoo! will move you to their paid hosting service. 

Yahoo! holds the power over Geocitizens in this landlord-tenant relationship. [Kudos to The Archive Team and the Internet Archive for trying to back up Geocities.]

AT&T blocked wireless access to VoIP on the iPhone for two years. Just to see what Skype and Google would do. They had power over Apple before the first iPhone launched. Less so now that Apple is a worldwide success.

Renters get power over landlords from their contract and from their government's landlord-tenant laws. Those laws rebalance power, create some process for notice and appeal, and define penalties for abusing process or power.

Skype is in the middle of a network of alliances, partnerships, antagonists, and dependencies. While some relationships are defined by market forces, many are driven by the struggle for industry and government power. Skype steps lightly. For every Skype government affairs person, the telecom industry has thousands. For every euro Skype spends on publicity and advertising to influence the public and regulators, the telecoms spend thousands. Skype is deft and agile, a guerilla going up against vested interests, avoiding brute force confrontations they could lose.

Meanwhile Skype earned its own power. Skype spent six years defining a global brand people love and trust. Skype quietly framed regulatory issues in Brussels and Washington placing Skype on the side of democracy and freedom. Skype proved its legitimacy as a profitable business (although still a rounding error in AT&T's 2009q2 Net Operating Cash Flow of $15.8 billion) and a competitor (8% of international minutes).

Skype is investing in its power. Geek cred will come if its Skype as a Platform service is successful. Skype is spreading its political attention to smaller governments. Skype has new PR, advertising, marketing partners to reinvigorate Skype's brand for what the company will become. Skype is building products to diversify its business model and create new sources of income.

Skype is approaching a half-billion users. Skype will no doubt be a US$2 billion a year company by 2013. Skype will sit at the table with Internet and telecom giants.

So I'm left with an incomplete thought.

Will Skype be as tender with its power as Google? Will Skype be as courteous as Yahoo! with trusting customers? Will Skype abuse market power through partnerships as AT&T?

Winston Churchill said the price of greatness is responsibility. What in Skype's cultural DNA says do no evil?

tags: skype, power, politics, ethics, morals

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Vote for 7 Portability panels at SXSW (including mine)

The SXSW 2010 PanelPicker is up. You can vote for seven data portability talks (including mine) to be in the Interactive conference's program before 11:59 pm Central Standard Time on Friday, September 4. Vote for Me!

Ubiquity: The Future of Tech and What We Can Do Now (Elias Bizannes, DataPortability Project). Internet + cloud computing + information + everywhere anytime anyway = ? Welcome to our new world of Ubiquity. Run by one of the founders of the DataPortability Project, this session will look at the longer-term trends in tech and what we can do now to innovate and accelerate this change. Business / Entrepreneurial / Monetization, Cloud Storage / Delivery, Economic Concerns, History of Technology, New Technology / Next Generation

Data Rights 2.0: the World Beyond Privacy (Gil Silberman, peerFluence, Inc.). Web 2.0 is about the interpersonal: friends, actions, expression. Who owns this space? What are the rules and norms? We’ll review multi-party data rights like security, disclosure, portability, and informed consent, then gives some concrete advice on what interactive companies need to do to avoid trouble, and build trust. Business / Entrepreneurial / Monetization, Community / Online Community, Social Networking

Data Portability for Multiple Identities (Andrea Hill, Independent)Sometimes you don’t want them to know your name.. Roller derby skaters adopt alter egos. Those with serious health conditions may wish for discretion in their online activities. Who is responsible for ensuring an individual’s privacy, and what is lost by choosing not to share personal information? Cloud Storage / Delivery, Community / Online Community, Digital Distribution, Government and Technology, Social Issues

Discovery Identity: API’s of the Semantic Web (Glenn Jones, Madgex) Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability. Back-End Programming / Databases, Front-End Programming, New Technology / Next Generation, Social Networking

The 5W’s of Data Portability (Dave Morin, Facebook) With the advent of Web 2.0 came a new readable, writable Web. This user-driven Internet calls for control of identity, connections and usability. This panel will discuss how to leverage this new direction with identity providers such as Facebook Connect - including the successes, failures and learnings of the technologies. Accessibility / Web Standards, Case Study, Digital Distribution, New Technology / Next Generation, User Experience 

Let My Data Go! Portability Freedoms and Revolution (Phil Wolff, Skype Journal) Want the freedom to move from site to site, bringing your online information, experiences, and friends with you? Instead sites lock us up and evict us. We've had privacy policies for ten years. Where is our Portability Policy? Where is our portability? What can we do now? Community / Online Community, Government and Technology, Licensing / Fair Use / Copyright, New Technology / Next Generation, Social Issues

Cloud Portability: A Standard for Using Cloud Resources (Alex Polvi, Cloudkick) This talk will discuss the on going effort to standardize the interfaces into the cloud. Currently every cloud provider has a unique, proprietary, API for consuming the services they offer. The cloud computing interoperability movement aims to provide standards that will overcome vendor lock-in, benefit the consumers, and allow the cloud ecosystem to grow transparently. Accessibility / Web Standards, Information Architecture, Open Source

tags: dataportability, portability, dpp, austin, texas, sxsw, southbysouthwest, southby

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Ever Fresh: a data portability approach

Caveat Lector: this is a rough draft of my thinking on what a Portability EULA/TOS should say/do/include. Please comment. – Phil

"Hey, hey, hey, hey-now. Don't be mean; we don't have to be mean, cuz, remember, no matter where you go, there you are."

 Buckaroo Banzai from The Adventures of Buckaroo Banzai
Across the 8th Dimension (1984)

So you start your data portability relationship with Open Arms, end it with a Graceful Exit. What happens in between? What are our portability concerns during our relationship?

Ever Fresh is a combination of policy and technology.

The policy says:

We will consume and share your onlife with other services. So everywhere you go, you have all of yourself, as appropriate. As we change, we'll let you know.

Breaking it down...

We will consume and share. "Consuming" is a software syndication term. It brings data by/about/for you into a system. Sharing flips the direction, data by/about/for you moving out of the system. Synchronization systems (sync or synch for short) compare the data they have with data others have, find the "best" version of that data, and update each other.  Synch services keep your experiences up-to-date using the freshest, most trusted versions of your data.

Your onlife. Shorthand for everything digital created by your behavior. Your IDs, your profiles, your stuff (like photos and messages), and collective works you've created with others (like annotated photos or a wiki page).

Your onlife isn't just what happens at one web site. It's what happens with your mobile phone. It's your email, your browsing, the documents you create, the videos you shoot, the IMs and texts you send. It's you and your stuff and the stuff you make with others.

Other services. Here we come to portability. This site, the one with the portability policy, will consume and share your onlife (data you make explicitly, data you make with others, data others make about you) with other services.

• Enumeration. Which ones? Is this site going to disclose to you a list of those sites before sharing? After the fact? When will they get your permission and when won't they?
• Transitivity. Will they agree to these same portability and privacy terms of service?
• Jurisdiction. Are they covered by the same laws as you and this site?
• Agency for Enforcement. What steps will this site take with partners to enforce side agreements? Will they always act on your behalf? When won't they? 
• Remedies for Breaches. What steps will this site take on your behalf to fix breaches by partners?

Let's look at two examples of data  passed through a third party.

Case 1: Flickr, part of a US company, shares your photos with Moo, a UK company, so Moo can print your flickr photos on business cards. Moo, in turn, shares your home address with several shipping companies.

• What should your Portability Policy say about this?
• What should Flickr demand of Moo on your behalf?
• What information should Moo require of Flickr before or upon receipt of your data? How would Moo know Flickr had done a complete and thorough job? What risks does Moo
• What should Flickr demand Moo demand the shipping companies do with your data, especially when Flickr may not know anything about Moo's other partners  (printing in Mexico for Canadian customers)?

Case 2: Skype, a Luxembourg subsidiary of a US company, partners with MySpace, a US subsidiary of a company, to integrate MySpaceIM instant messaging and voice calling with Skype's instant messaging and voice calling. Skype shares personal profiles with another company for directory services, including my birthdate and where I live. Skype is sharing my IP address to help connect calls and status updates.

My email address and birth date are sensitive data, useful in identity theft. So I have a stake in knowing with whom and where Skype shares that data.

Everywhere you go. Dataportability is device, connection, and location agnostic. This service's portability of your stuff should apply to all the sites, software, and devices you use. You may have web browsers on multiple computers and your phone. You may talk on your mobile, your desk phone, your MySpace IM or your Skype. Your experience should be seamless across systems. When this service is unable or unwilling to port your data, they should say so and say why.

All of yourself. It's tough being incomplete. So where you produce data, we'll manage as much as we can.

• Your browser or operating system could make your bookmarks, browsing history, saved passwords and tabs available across devices.
• Your communication tools could share your address book, contacts, conversation history, contact groupings and metadata, things shared.
• Your medical services could assure your records of care, diagnosis, treatment, prescriptions, imaging are available where, when and as you need them.

As appropriate. You are too much for any one site. So, while a site may agree to take and share "all of you," it wont' know what to do with everything outside its scope. Photo comments on flickr aren't the same as your restaurant reviews on Yelp. While Monster might build a team-job search for you using some of your LinkedIn friends, Monster doesn't need your IMDB movie ratings. So sites will take what they can use on your behalf and ignore the rest.

As we change. We change our policies and behavior all the time. We modify our terms of service, our license agreement with you, our privacy policies, agreements with third-party developers who may have access to data by/about/for your, and this portability policy. These contract revisions, these changes in what we promise and what we expect, adapt us to changing situations. We acknowledge your stake in those changes.

We'll let you know. Since you have a stake, we'll give you meaningful notice of changes, notify you through the channels you prefer, help you separate changes with small impact from those with large ones, and ask you to opt-in when the changes are substantial.

Ever Fresh: We will consume and share your onlife with other services. So everywhere you go, you have all of yourself, as appropriate. As we change, we'll let you know.

See also:

• Mozilla Labs Weave Sync 
• DiSo Project
• Xmarks

Original photo credit: backpackphotography. Photoshopped version.

tags: dpp, dataportability, openarms, everfresh, gracefulexit

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Open Arms: a data portability approach

Caveat Lector: this is a rough draft of my thinking on what a Portability EULA /TOS should say/do/include. Please comment. - Phil

We've discussed Graceful Exit, the ability for people to control their departure from a site or service.

Open Arms starts at the beginning of your relationship with a service. Let's summarize it, break it apart, and explain why this is a powerful way to do business.

Open Arms is a combination of policy and technology.

The policy says:

When you come to our site,
bring all of yourself.
We'll help you put it to use
in our context.
We'll make it easy to come.
We'll keep it safe.
We'll respect ownership as you see it.

What you add while you are here
will join your collection
and be portable in turn.

The elements.

All of yourself.

Bring your identity, your contacts, your history with your contacts, your photos and videos, your playlists, everything digital.

We'll ignore what we cannot use.

Put it to use in our context.

Every site has a context.

• Things it does
• Purposes people share
• Community standards of behavior.

For example:

• Monster brings work and workers together.
• Flickr helps people manage what comes out of their cameras.
• YouTube is a community of video.
• QuickBooks helps you manage your business.
• Chemistry helps you find true love.
• Amazon and eBay bring buyers and sellers together.

We need your data. These sites could help you do more and do it smarter with more and fresher and truer information from you. Monster could create team job search features if it knew your social graph. Chemistry could be more accurate if it had your music and video playlists.

Our sites are verbs. We do things. The more data you bring, the richer the data, the fresher and more standardized the data, the more we can do, the more creative we can be.

Most people don't try new sites because it's hard to recreate data. Especially for every site you visit.

Easy.

So for Open Arms to work,  bringing your onlife to each site you join must be fast, simple, easy, and obvious. And correct.

Safe.

We will protect everything you share. We will protect it from damage, theft, natural disaster, financial ruin, legal physical threats, from legal threats, from Martian invasion. As best we can. And we'll explain the threats we perceive and how we're protecting you and your onlife from them. 

Ownership as you see it.

"Ownership" is a tricky word: it means one thing to lawyers, something else to most people. Our online and mobile social experiences are a little ahead of the law. So all we can do is try to the right thing for you and for all of our guests.

We'll respect that your stuff is only "mostly" yours and that you may not have permission to share them with strangers. You may not have permission from the subject of a photo, or their parents. You may have clipped a blog post to share under fair use, but not for general distribution. You may have a confidential email that could endanger lives if leaked.

We will assume everything you bring is private to you and that you will tell us what can be shared, with whom, and under what conditions.

We'll make it easy for you to re-use your choices, so you don't have to explain yourself everywhere you go.

Portable in turn

Reciprocity works. So we're going to share with other sites the part of your onlife you spend with us, as you see fit. So you never feel we're holding your data hostage.

What's next?

So, we've "Open Arms" at the start of our relationship and "Graceful Exit" at the end. Next up "Ever Fresh" in between.

tags: dpp, dataportability, openarms, everfresh, gracefulexit

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Ping.fm takes updates from Skype IM

Ping.fm is a synch service in the social stack, mostly in microblogging and rich presence. Set up on Ping.fm:

Enable posting with Skype

To enable posting through Skype, request to add the bot "pingdotfm" by searching for the username and add it as a contact. When the bot appears on your contacts list, send it an IM with your verification code.

The ping.fm page will show your verification code once you log in to the site.

Ping.fm posts results in multiple places.

Twitter. (microblogging)

Vox. (blogging)

LinkedIn. (professional network updates)

This is one of many ways to update your Ping.fm account so Ping.fm can update your many online lifestreams. Ping.fm's bots also talk with AIM, jabber (including Google Talk), Windows Live Messenger and Yahoo! Messenger.

Hat tip to the Pacific IT chat.

tags: skype, ping.fm, synch, synchronization, dataportability, microblogging, im, chat, twitter, linkedin, vox

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

DataPortability.org update on thesocialweb.tv

I put in three or four hours a week into The DataPortability Project. Here's a video update by David Recordon interviewing Daniela Barbosa and Elias Bizannes, the project's chair and vice-chair. We're working toward some goals for 2009, and one deliverable is a Data Portability Policy Template to help sites disclose how well they support data portability values.

SkypeSync supports Portable Contacts API

 

The SkypeSync desktop utility imports your contacts into Skype from other platforms. The new SkypeSync 1.8 adds sources supporting the Portable Contacts API. The standard is supported by Plaxo, so SkypeSync supports import of Plaxo contacts into Skype.

SkypeSync supports other sources too, including webmail address books from Google and Yahoo! using email standards and mobile phone contacts via the SyncML protocol. I described SkypeSync's mobile data portability last year,

Skype's own Contacts > Import Contacts... wizard in Skype for Windows 4 imports from Yahoo! web mail and Outlook desktop mail. SkypeSync steps in to fill gaps in Skype's coverage.

SkypeSync suffers from a few limits beyond its control.

• Searching the Skype p2p user directory is so slow it makes looking up Skype names difficult.
• Backward compatibility means I now have six "Alec Saunders" contacts instead of one with his five phone numbers. UPDATE: Skype limits max number of phone numbers per Skype contact to three.
• Skype does not permit programmers to search the Skype Find/Prime business directory.
• And there is no place for SkypeSync to store medata from other sources (address information, emails, employers) as notes about my contacts.

On my wishlist for future releases:

• Dozens of other sources.
• Offer intermediate steps before adding contacts.
• Push Skype contacts into Plaxo and other services. 

Step by step... 

Pick your source. Today you can choose from SyncML mobile phones, Outlook, GMail, Yahoo! mail address book, and Plaxo.

I chose Plaxo, where I have more than a thousand contacts pulled from my Google, Yahoo!, LinkedIn, and Facebook accounts.

Skype is picky about phone numbers: they need a "+" in front, in the US a "+1". 

So you've defined your source and set your numbering.

Now you can start your importing. Trial mode limits you to 15 names from any source.

And go...

Whoops. I need to give SkypeSync permission from my Skype client.

So, trying again, SkypeSync adds 15 contacts to Skype.

Results

I buy the software and, with a "full license", import all 3970 of my Plaxo contacts.

They are labeled "SkypeSync" so you can see who's been imported.

Most of my contacts don't have Skype names, just phone numbers: the green phone icon. Some of them have two phone numbers. SkypeSync creates two contact entries, one for each phone number. Inconvenient, but needed for compatibility with older versions of Skype. Skype for Windows 4.0 supports multiple phone numbers for each Skype name, but this hasn't always been the case.

Looking at the screenshot above, some people are offline. They have Skype names in their Plaxo profiles.

Sadly, SkypeSync automatically sent these people an invitation to connect in Skype. Should this be opt-in? Should SkypeSync offer you the chance to not-add a former girlfriend, someone suing you,

Strangely, Skype sent an email notifying the new invitees. This is new to me. 

License	Trialware
Cost	€12, pay with SkypeOut credit
Easy of Use
Does What It Says
Useful
Fun
Social
Certifications	Not Skype certified

tags: skype, 4, dataportability, skypesync, plaxo, software, import, importing, portable contacts, portablecontacts, utilities, extras

follow @skypejournal and @Phil Wolff. Ask for an invitation to the Skype Journal private roundtable.