Modernizing Authentication — What It Takes to Transform Secure Access
SAN FRANCISCO -- Applications that let consumers share their content, like Yahoo's Flickr, have made many a millionaire, and built a new generation of powerhouse companies. But with sharing come privacy concerns.
Flickr has found it can increase usage on its photo-sharing site by providing just enough privacy. Flickr developer Kellan Elliott-McCrea presented the company's concept of "casual privacy" at the Web 2.0 Expo, held last week in San Francisco.
"Sharing has been a great growth strategy for Web 2.0 companies. But there are things that people do want to share privately, including pictures of their kids, their homes, their weddings and last night's party," he told the audience. "We have very rich privacy controls already, but they can be too challenging for a lot of people."
Share nothing? Share everything?
He identified four models for sharing: share nothing, share everything, manage a crowd or casual privacy. The manage a crowd is the traditional model, it's about assigning roles, giving permissions. "The problem is, those models are insufficiently complex and yet too complex at the same time," he told the crowd.
GuestPass uses long, obscure URLs that are hard to guess but easy to implement. These URLs can be forwarded on to others, who can also follow them to see the photo. "We expect it to be propagated; it's a leaky privacy," he said. But it happens slowly, more like the way gossip might be passed along from friend to friend -- instead of the almost instantaneous way that scandal can permeate the blogosphere.
Elliott-McCrea recommended that companies that want to implement the casual privacy strategy make sure the URLs they generate are opaque, so you can't tell who made it. There should be no hinting in the error messages, such as, "I'm sorry but Leonard hasn't shared that photo with you." And no obvious gaps in the photo stream, for example, "Leonard has 37 photo streams, of which you can see 13."