Now that I’m getting out of the business of creating and engineering social platforms and into the business of using and building upon social platforms, I’ve been thinking a lot about best practices for all those involved in the development, use and consumption of social platforms.
For the last few years some of my most respected friends and colleagues have been busy building the social web. Blaine Cook, Eran Hammer-Lahav, Kevin Marks, Chris Messina, David Recordon, Dave Morin, Luke Shephard and many, many others have been working tirelessly on the nuts and bolts of what we’re calling Social Platforms (or the Social Web). The nuts and bolts are things like OAuth, OpenID, Activity Streams, LRDD, XRD, etc. and various providers (Twitter, Facebook, MySpace, Google, Six Apart, etc.) are enthusiastically implementing these common technologies.
The problem is that the tools for users to adequately manage their data on these social platforms are, at best, in their infant stages. The engineers that have been building these nuts and bolts, as we engineers often do, have focused mostly on security and technology rather than on best practices, social norms, or how these technologies will change or disrupt human communication.
I think it’s about time we thought about those best practices and social norms. So, here goes, an initial SWAG at what a Social Platform Bill of Rights might look like to the three parties involved (to use the OAuth adjectives, we have Users, Providers and Consumers).
As a provider you’re #1 job is to protect the user. Nobody knows your users better than you and those users have placed a lot of faith and trust in your hands. As a social platform provider you agree to the following terms.
- You will provide users with the ability to completely block an application. This means more than simply not allowing them to use that user’s data. It means that application will cease to exist as far as that user is concerned.
- Provide users with the ability to group their connections and alter settings based on which group a connection is in (e.g. Nobody from my “Work” group can see tweets that include the #bingedrinking hash tag).
- You will allow users to mute another user’s activity while still maintaining the connection.
- You will actively police consumers of your users’ data. Set precedence with your consumers and enforce them in your APIs and the tools you give to users.
- You will provide fine grain control over exactly what a consumer may or may not do with a user’s data. Furthermore, you will present the user with said options when they grant a consumer access to the user’s data.
- You will provider a clear and simple way for both consumers and users to privately contact you.
- Don’t be a douchebag.
Consumers (Application Developers)
As a consumer or application developers, you are in the precarious position of having to enhance a user’s experience without upsetting the user, their friends, and the provider. The majority of the burden for being an upstanding citizen on the Social Web falls on your shoulders. As a social platform consumer you agree to the following terms.
- Never create relationships between two users without explicit permission from the user initiating the relationship.
- All automatic communications sent from your application must be opt-in or confirmed by the user after each action (e.g. Facebook Connect requires a user click “Publish” to confirm publishing to the feed).
- Do not build applications that encourage and/or trick users into spamming their friends and followers.
- Allow non-users of your application to opt-out of communications originating from your application without having to install said application.
- Invitations from one user to another user to use or join your application must not be sent automatically nor should mass invitations be the default option. Make the user choose, carefully, which friends to invite to the service.
- Use the messaging frameworks provided by the providers. Do not require or use a user’s email address. Furthermore, do not ever send unsolicited messages.
- Do not enable automatic communications after a user has signed up.
- If your application spans multiple social platforms, users must be able to manage and control their data and settings from a single location (e.g. A user’s settings work the same on both Facebook and MySpace).
- Be up front about what data you plan on using, how you plan on using it and to whom you plan on sharing that data with. This text must be stated in clear, non-legalese, concise written form.
- You will provide a clear and simple way for users and providers to privately contact you.
- Don’t be a douchebag.
Without you this entire thing would fall into itself in a gigantic implosion. Despite what any provider or consumer says, the data you publish on the web is yours, which means it’s also, at the end of the day, up to you to protect it. As a social web user you agree to the following terms.
- Never give write permissions to an unknown consumer.
- Be cognizant of how an application will affect your friends and followers.
- Never send a mass invite to your friends to use a consumer’s applications.
- Do not use one service solely for the purpose of broadcasting posts/activities from another service. Cross posting is bad for the internets (An exception being aggregation sites, such as FriendFeed).
- Don’t be a douchebag.
At the end of the day, we’ve really messed up lots of things by bringing real life social norms to the web. The web had its own social norms, which often clash with real life social norms, before we did this. The result is going to include growing pains like sheep tossing, #spymaster, and Foursquare’s horrible decision to turn on automatic tweets after 2.5 months without even so much as notifying their users.
We’ll get it right, eventually. Until then we all need to start thinking about how we affect other people with our actions online, just like real life.
Also, interesting to note how, as is so often in real life, it comes down to not being a douchebag for all this to work just fine.