The Incredible Internet Irony Machine strikes again. The stealth startup that’s been my singular focus since stepping down as Executive Director of Open Identity Exchange and the Information Card Foundation last fall, called Respect Network, took one tiny peek above the covers last night — quietly opening the beta invitation signup page for our Connect.Me service before SXSW starts in a couple days.
After internal testing of the signup process we just wanted to do a little bit of live external user testing of the signup before SXSW. So my co-founder Joe Johnston took off the password protection on the page and before going to bed last night we asked a few family and friends to test it.
We woke up this morning to over 10,000 users. And that grew to 20K in a few hours.
But that’s not the ironic part.
While Joe and I were in a meeting with one of our key partners in building this new network, we were barraged with links to a post by Graham Cluley on Naked Security entitled Connect.me rush exposes risky behaviour of social networkers. In it, Graham points out:
Every day we seem to warn the readers of the Naked Security site about the danger of rogue applications and unknown parties gaining access to your social networking accounts.
And so you would think people would be wary of allowing a third-party app, which doesn’t explain its intentions and doesn’t explain who’s behind it, from gaining access to their Facebook or Twitter account.
But that’s exactly what tens of thousands of people are doing right now with Connect.me.
Now we get to the height of irony: the reason this new network is called Connect.Me is to address the privacy and control issues around social login and social data sharing. After spending the last decade building user-centric identity and data sharing infrastructure (just peruse this blog for acres of details), Joe and I and the Connect.Me team, which includes Marc Coluccio and Dean Landsman, were acutely aware that the game had already been won…by the social login services. As of last December, Facebook Connect was being installed on over 10,000 sites per day.
And we are even more acutely aware of how little people understand about the privacy implications, i.e., that Facebook (or Twitter or LinkedIn or whomever you use for social login) has a complete list of all your site relationship information. Not to mention all the data you share via this login.
That’s not a knock on Facebook, Twitter, LinkedIn, or any other social network. They are incredible services that have literally changed the world — far beyond just the social web landscape. But their spectacular success does not mean that the entire future of the social web must be sharing all our data and relationships through centralized social hubs.
Shouldn’t there be an option for you to better control your data, identity, and relationships?
That’s the core premise of a groundbreaking idea called VRM (Vendor Relationship Management). VRM isn’t new — it’s been a project at the Harvard Berkman Institute led by Doc Searls since 2005. Read all about it on the ProjectVRM site. Or look for the Twitter hashtag #vrm.
It’s also the core premise of the Personal Data Ecosystem Consortium and the unflagging leadership of Kaliya Hamlin and Mary Hodder, who have been at this just as long as we have. See especially their responses to the U.S. FTC Do Not Track proposal and the Dept. of Commerce Privacy green paper.
So Joe and I and the rest of the Respect Network team said: let’s build a service that operates by the principles of VRM.
We’ll share more about what we’re building over the next few weeks. It’s a big vision that will take time to fully realize, but we’ve started the ball rolling with Connect.Me. And we’re thrilled that our seemingly quiet launch stirred up controversy about a critical topic: privacy on the social web.
So, thank you, Graham. It’s not what we intended but then the Internet is not what anyone intended either — it’s become the beautiful electronic organism that we are all building together, and with Respect Network and Connect.Me we’re trying to make it better.
If you agree, here’s what you can do to get involved:
- Sign up for the beta at Connect.Me. Use my personal invite code: http://cxt.me/n62QnQ. Tell ’em I sent you 😉
- Follow @respectconnect on Twitter.
- If you’re a developer and want to be deeply connected to this effort, drop us a line at jobs@connect.me.
- If you’re a user who cares deeply about having a personal data trust framework for the Internet, drop us a line at anchors@connect.me. We have a very special role for you.
Equals Drummond 
Unless I missed a link on the Connect.Me website I think Graham Cluley is right. There is an About link and a link to your privacy statement. But neither explain who is running Connect.Me (well, Respect Network Corporation in San Francisco), what’s the background of those people running it, real addresses, phone numbers,…
Yes, many (most?) startups don’t provide this information on their website either but I think it should be mandatory if web services want to access rather personal information of their users.
I know who is running Connect.Me, other people don’t.
Cool – thx for the update and explanation; see you guyz around the Interweb… #TigersBlood and #winning all the way
“Now we get to the height of irony: the reason this new network is called Connect.Me is to address the privacy and control issues around social login and social data sharing”
I checked you out this morning, but wasn’t going to submit info. (though I did discover you haven’t coded for 2-digit names like, Twitter.com/ed, and others have).
But here’s the rub; you can add this white hats on white horses post now, and I welcome a more secure web and more thoughtful users, but what you did this morning just further encourages reckless behavior.
There should be an option for me to have complete control.
And it shouldn’t require access to my accounts in order to sign up, or to claim a url.
Read all about it on the ProjectVRM site. –>
“mailto:http://blogs.law.harvard.edu/vrm/about/“
In Graham’s defence, his reaction is appropriate – with limited information available, what these 20,000 users are doing is precisely what he is warning against and, without awareness of what you intend to do or be, they WERE a bit daft to allow your software access to their data.
I am not saying that you are a shady organization, I am saying that they did know know that and yet blindly clicked ‘Allow’.
Hey Joe, Dean, Drummond.
Your stealth launch was the perfect example of how not to launch a legitimate startup. Immediately, the initial behavior of the #connectme meme raised *all* the red flags of Cross-site scripting, clickjacking, phishing and social media malware reminiscent of Asian and Eastern European internet criminal syndicate modus operandi.
In fact, on a more benevolent tone, it sounded exactly like social engineering a la this XKCD strip: http://xkcd.com/792
I think I understand what you guys are trying to achieve and something needs to be done about the current internet “valet parking” insanity with the common user handing complete strangers the keys to their houses with reckless abandon.
Will PM and drop you a line.
Regards,
-Naz/Object404
Drummond, thanks for the explanation this is really useful but it still leaves lots of questions! Because information spreads so quickly now you need to have a comms strategy in place even if you are planning a soft launch in Beta. It’s clear you want to reveal at SXSW but even leaving a couple of days of uncertainty can lead to negative press filling the information void. When you release something as interesting as connect.me appears to be, you need to be ready to go with a PR plan immediately. I explain in a bit more detail here http://prandtheweb.com/2011/03/09/the-curious-case-of-connect-me/
It would be interesting to have details about the connections to connect.me. How many % via FB, Twitter & Linkedin? Thanks.
Hey,
To help explain the identity data leaks in applications that use FBConnect, I wrote this post: http://nelz.net/2009/09/26/facebook-connect-nonconsensual-privacy-leak/
Maybe that will help some people understand how one of the ‘big boys’ is even violating my non-user privacy.
– Nelz
Excellent! Looking forward to seeing what comes out of this.
If you want me to login using (twitter|facebook|…) for authentication, change the permissions your app requests so that doesn’t request the ability to update my profile.
I might give you permission to read my network. I won’t give you permission to update it until I’m really sure I trust you. No offense intended 🙂
Graham had the same response I did: please connect your social networking accounts to this site that purports to be all about privacy, yet doesn’t explain who runs it or what it is for.
No thanks! :]
Looking forward to seeing what connect.me has to offer! I will be checking into VRM thanks.
Thanks for the extra info. While I guess you were ‘caught on the hop’ a little by the unexpected take-up, it would have been nice to see this last week. I have had an interest in this stuff for quite a while, and have been following the OpenID, Infocard, VRM and Personal Data Store stories since they started – heck, I’ve even got an i-name too!
Will go and take another look, and sign-up …
Pingback: Georgina Lester – Business and Marketing Mentor » » Another #SM network to manage? Really? Is Connect.Me just another Klout? @respectconnect