lecture 2: interactions, frameworks, privacy & security on the social web (2014)

Social Web 2014, Lora Aroyo!

Social Web2014

Lecture II: What People DO on the Social Web?

Lora AroyoThe Network Institute

VU University Amsterdam

Monday, February 17, 14

Social RelationshipsSocial Web 2014, Lora Aroyo!


People have relationships within & across different contexts: family, sports, work, friends

In ‘real world’ it works due to a relatively small set of social contexts & interaction opportunities

http://www.w3.org/2005/Incubator/socialweb/wiki/SocialWebFrameworks2#Social_Graph_Management_Today


Social in Physical World


Digital social dynamics match physical world: friends are friends in both worldsThere are also significant differences:• # people to interact with, not limited by

distance/time• a person can ‘block’ or ‘manage’

relationships• multiple systems - multiple accounts, i.e.

multi-ple digital representation (personae, personal profiles) of a user

• personae are subject to different social norms

• personae can evolve over time• personae are less (not) limited in scope


Social in Digital World


• Accounts on different social & professional networks, utilised in different ways, depending on the digital context, e.g.: • friendly chat on Facebook• professional discussion on LinkedIn• dating on Hives

As a consequence there is a need to manage the user profiles, identities & permissions, and their social graph (relationships) & their social media


Multiple SN Accounts



Problems

Maintaining a multitude of online profiles for different contexts is cumbersome and time consuming —> not scalable

Difficult for new social networks to attract new & maintain active members simply because of the effort involved in creating &

maintaining “yet-another-profile”, e.g. re-establishing different aspects of your profile under yet another context

Users cannot control how their information is viewed by others in different contexts by different social applications


for managing multiple Social Web profiles“policy-oriented web” architecture to support trusted

services in the longer term


Architecture Needed


In one system manage your personal information:• home address, telephone number, & best friends • your Friends Profile gets exposed to Hives and Twitter

In another system manage work-related information: • office address, office telephone number, & work colleagues• your Work Profile gets exposed to Plaxo and LinkedIn

Another choice could be to store your entire profile locally with a trusted third party, and then

• your Health Profile can be exposed to health care providers • your Citizen Profile can be exposed to government services


For example …



Social Web User






Distributed Profile






Social Graph






Social Groups







Frameworks





Personal Profiles



Opening the Sites


• Demand from application developers to make use of the amounts of Social Web data & make their applications available to the site members

• Demand from users to reuse data and connections they have already established on other sites, e.g. Google+ download your data, Diaspora* download xml, download photos

• In response: Facebook provided an API & Google OpenSocial API


Opening the Sites


• open, decentralized standard for authenticating users that can be used for access control, allowing users to log on to different services with the same digital identity where these services trust the authentication body

• making sure the users are who they say they are• http://openid.net/• Started in 2005 as Yadis (Yet another distributed identity

system)



http://openid.net/

http://openid.net/

http://openidexplained.com/

with OpenID, the process starts with the application asking the user for their

identity (typically an openid URI)



who’s right?

privacy vs. security?

can we trust what people provide to

SNSs?


what’s next big thing in SNS?

why do people make their social life

explicit?

earning money vs. protecting users


OAuth• an open protocol to allow secure API authorization in a

standard method for web applications; it enables users to grant third-party access to their web resources without sharing their passwords

• largely based on: Flickr’s API Auth & Google’s AuthSub • limitations in terms of complexity, user experience, scale• 3 flows merged into one: web-based apps, desktop clients &

mobile/limited devices; e.g. when Facebook Connect existed - flows for web apps, mobile devices & game consoles

• http://oauth.net/



http://oauth.net/

http://oauth.net/

OAuth 2.0• OAuth 2.0 focuses on client developer simplicity - providing specific

authorization flows for web & desktop applications, mobile phones & living room devices

• not backwards compatible with previous versions• 6 New Flows• http://oauth.net/2/

the application directly requests a limited access OAuth Token (valet key) to access the APIs (enter the house) on user's behalf. If the user can grant that access, the application can retrieve the unique identifier for establishing the profile (identity) using the APIs.



http://oauth.net/2/

http://oauth.net/2/

Figure credits: http://www.phpbuilder.com/columns/sachin_khosla062510.php3


Twitter Employing


http://www.phpbuilder.com/columns/sachin_khosla062510.php3

http://www.phpbuilder.com/columns/sachin_khosla062510.php3

Facebook Platform• Graph API - core of Facebook Platform, to read and write data

to Facebook (simple and consistent view of the social graph)• Open Graph - defining Actions and Objects• Facebook Query Language (FQL) - SQL-style interface to query

the data exposed by the Graph API• Authentication (Facebook Login) - interact with Graph API on

behalf of Facebook users (single-sign on mechanism for web, mobile & desktop apps)

• Social Plugins, Facebook Payments, Ads API, Chat API (via Jabber/XMPP service), JavaScript SDK

• Depreciated: REST API, FBML, and the old Javascript API, Facebook Connect APIs



https://developers.facebook.com/docs/reference/rest

https://developers.facebook.com/docs/reference/rest

https://developers.facebook.com/docs/reference/fbml

https://developers.facebook.com/docs/reference/fbml

https://developers.facebook.com/docs/docs/reference/oldjavascript/

https://developers.facebook.com/docs/docs/reference/oldjavascript/

http://en.wikipedia.org/wiki/API

http://en.wikipedia.org/wiki/API

• open standards-based (e.g. JavaScript, HTML) component model for cloud-based social apps

• Google initiative (set of APIs) in 2007:• People & Friends API (people and relationship

information)• Activities API (publishing & accessing user activity

information)• Persistence API (simple key-value pair data for

server-free stateful applications)• with Open Social embedded in a site, a site instantly

becomes a social Web site (initially running only at Orkut)• integrated, e.g. OAuth, OAuth 2.0, Activity Streams• http://www.opensocial.org/



http://en.wikipedia.org/wiki/Activity_Streams_(format)

http://en.wikipedia.org/wiki/Activity_Streams_(format)

http://www.opensocial.org/

http://www.opensocial.org/

• Half a year after Facebook Platform, Google launched Open Social

• Popular containers (initially): MySpace, Hi5, Plaxo, LinkedIn, Orkut, Friendster, Six Apart

• http://opensocial.org/category/showcase/ (currently)• Plugged-in applications: iLike, Slide, Flixter, Rock You, etc.• https://github.com/opensocial

• Apache Shinding: reference implementation of OpenSocial Specification (Social Network APIs):

• Apache Rave: lightweight extendible platform for using, integrating & hosting OpenSocial and W3C Widget services (context-aware personalization, collaboration & content integration capabilities)


OpenSocial


https://github.com/opensocial

https://github.com/opensocial

• The Twitter platform offers access to the data of more than 200 million tweets a day, via different APIs

• Each API represents a facet of Twitter• These APIs are constantly evolving, and

developers have to be aware of that• http://dev.twitter.com


Twitter APIs


http://dev.twitter.com

http://dev.twitter.com

• the API for leveraging core Twitter objects • enables access to core Twitter primitives including timelines, status

updates & user information, etc.• RESTful API calls to build a profile of a user: user name, user

Twitter handle, user profile avatar & the graph of people that user is following on Twitter

• enables interaction with Twitter: create & post tweets back to Twitter, reply to tweets, favorite certain tweets, retweet other tweets, etc.


REST API


• Dedicated API for running searches against the real-time index of recent Tweets; query for Twitter content:• a set of tweets with specific keywords,• tweets referencing a specific user, • tweets from a particular user

• to access to data around Trends • it’s limited, e.g. index of only recent tweets (6-9 days);

no authentication: all queries are made anonymously; some tweets & users may be missing from search results (focus on relevance)


Search API


http://support.twitter.com/groups/32-something-s-not-working/topics/118-search-problems/articles/66018-i-m-missing-from-search




• real-time sample of the Twitter Firehose• for data intensive needs, e.g. data mining, analytics research• allows for large quantities of keywords to be specified and tracked,

retrieving geo-tagged tweets from a certain region, or have the public statuses of a user set returned

• Public streams: public data flowing through Twitter. The primary use case is following specific users or topics, and data mining, e.g. public statuses from all users, filtered in various ways: by userid, keyword, geographic location

• User streams: single-user streams (all data for a single user's view of Twitter; Requires the user's OAuth token); The primary use case is providing updates to a Twitter client

• Site streams: multi-user version of user streams (for servers to connect to Twitter on behalf of many users); The primary use case is website and other service integrations

• Connecting to the streaming API requires keeping a persistent HTTP connection open (different than the REST API)


Streaming API


https://dev.twitter.com/docs/streaming-apis/streams/public

https://dev.twitter.com/docs/streaming-apis/streams/public

https://dev.twitter.com/docs/streaming-apis/streams/user

https://dev.twitter.com/docs/streaming-apis/streams/user

https://dev.twitter.com/docs/streaming-apis/streams/site

https://dev.twitter.com/docs/streaming-apis/streams/site

REST vs. Streaming


TfW: a set of products that enables websites to easily integrate Twitter basic functions• Tweet button• Follow button• Embedded Tweets• Embedding Timelines


Twitter for Websites


Twitter Cards

Summary

Photo App GalleryMonday, February 17, 14

Twitter CardsApp Installs & Deep Linking



Issues related to User Profiles &

Networks



• Legal still in its infancy, but courts do rule on new behavior• 4th amendt. to U.S. Constitution - not equipped to address SNS

• e.g., is content on Facebook accessible without a warrant? • Truthfulness of personal profiles - subject of debate• Privacy hard to understand (few read Terms) & misinterpret ‘Friends’

Privacy Concerns


• security of people (sex offenders)• security of computers & data

• with enormous numbers of users & enormous amounts of data, sites are natural targets of spammers, phishing, malware attacks (‘new friend malware’, ‘twitter spam’ etc.)


Security



Privacy Settings


Fundamental aspects to consider for users of Social Web:• Ownership of their own personal information, including:

• their own profile data• the list of people they are connected to• the activity stream of content they create

• Control of whether & how personal information is shared with others

• Freedom to grant persistent access to their personal information to trusted external sites

http://opensocialweb.org/2007/09/05/bill-of-rights/


Bill of Rights




http://www.economist.com/blogs/babbage/2012/01/online-privacy

Issues:• burden on companies: it is next to

impossible to rid the web completely of a piece of information: some digital ripples will inevitably remain

• where one man’s data end and another’s begin

• crooks may try to invoke it to have their name struck from unfavorable online coverage

• it is not always clear what counts as reporting on the internet

“Having figured out how to remember nearly everything,

it is about time people relearned how to forget”

27-01-2012

“Personal data is the new oil of the internet and the new

currency of the digital world.”

Meglena Kuneva, European Consumer Commissioner, 2009





• "privacy paradox" = lack of awareness of the public nature of Internet • flexibility to handle friends with different conceptions of privacy• ability to control data flow inside and outside network• realize that sensitive information can be reconstructed


Privacy: Awareness not Paranoia


InitiativesSOPA, PIPA, ACTA

• By media industry:• AHRA 1992 - soft• DMCA 1998 - surgical• SOPA/PIPA 2011 - nuclear

• By non representatives• ACTA - 39 countries




http://thenextweb.com/twitter/2012/01/27/twitter-isnt-censoring-you-your-government-is/


Follow-up: CISPA




http://edition.cnn.com/2014/01/15/tech/web/net-neutrality-explained/

Net Neutrality



http://edition.cnn.com/2014/01/15/tech/web/net-neutrality-explained/

Net Neutrality

http://www.truth-out.org/news/item/21659-democrats-introduce-bill-to-restore-fccs-net-



http://tacma.net/


how do you think we should keep people

‘awake’?

what about the involvement of big

companies and their desire to find out more

about our network, behavior and interests?



the real piracy solution may be to offer high-quality, easily available and relatively cheap content to the users

Why wouldn’t governments just

stimulate the industries to innovate?


piracy as stimulus for innovation?


“Carr argues that the Internet physically "rewires" our brain to where we end up acting like computers — avaricious gobblers of information –- and our grip on what it means to be human slackens.”

Richard Foreman, playwright

2008

2010



image source: http://www.flickr.com/photos/bionicteaching/1375254387/Social Web 2014, Lora Aroyo!

Assignment 1


Provide analysis of privacy issues on the (Social) Web• three articles <--> three mind maps <--> main Social Web privacy issues • write for people who didn’t attend the course (max 3 pages)

Provide analysis of current privacy-related public initiatives• legal contexts for privacy and ownership • compare the intentions of both initiatives (advantages & disadvantages) • your own vision on how this impacts the future of the social web • your own advise to policy makers with regards to privacy on the web. • links to Net Neutrality

Link to Hands-on session: • what would change if SOPA/PIPA, ACTA, CISPA were active – would you

still have access to the information you pulled in for the assignments• illustrate your answer showing what changes could appear in the graph

from exercise 4 (Hands-on session 2), explain why. (max 1 page)• all visuals, e.g. screenshots, diagrams, in appendix, use template

Deadline: 21 February 23:59



Installations• Python 2.6 or 2.7• Python packages: json, facebook, uurllib2• JavaScript Info Vis Toolkit (jit.zip)• Facebook Developers appExperience OAuth Query the Facebook Open Graph Visualize your FB social network in various ways

image source: http://www.flickr.com/photos/bionicteaching/1375254387/Social Web 2014, Lora Aroyo!

Hands-on Teaser


http://www.flickr.com/photos/bionicteaching/1375254387/











lecture 2: interactions, frameworks, privacy & security on the social web (2014)

Technology

sites social web

social mediasocial web

scope social web

social web userhttp

amounts of social web

comsocial web

social graphhttp

social groupshttp