Developing such an innovative project as XdbE undoubtedly is one has to do quite a lot of rethinking of apparently obvious and common concepts to ensure that the project ideology not only is up-to-date, but preferably ahead of events. Among the most burning issues of the current phase of Web 2.0 development are issues of user privacy and ownership of user data. Such questions as “Who owns user generated content?” and “How far can you go without infringing user privacy?” need to be answered clearly and unambiguously at the formation phase of our project.
Very much in line with the approach advocated by TheSocialWeb TV among others we firmly believe that all user-generated content belongs to the user who generated this content. Whatever ToS may be put forward by some Online Community Hosts we believe that common law overrides those and the ultimate owner of user-generated content is that user him or herself. No Online Community Service (Social Network) could own this content or otherwise claim any intellectual property rights to it simply because such services only act as means of publishing for such content. At the same time one should respect decision of a user to publish his or her content at a particular service as although this content is not owned by the service but it in some way “belongs” to that given community. Any sort of user content aggregation should exist either as being set up by the user him or herself or with explicit permission given by the user.
XdbE does not deal with user-generated content at all but all that reasoning presented above is nevertheless quite important as it first of all explains why it is so and secondly defines our attitude towards user-related information circulating within the XdbE network. The intended purpose of XdbE is to provide real-time representation of global User Circle (Social Graph) or GSG (Global Social Graph) and hence all that is not within the scope should be left out not only because taking it on board would make the whole system heavier and less manageable but also because we can’t take what really belongs to somebody else. So, the principle number one: XdbE does not contain any user generated content.
But trying to build a universal User Circle (GSG) database we inevitably have to explicate our policy for dealing with user personal data. In our approach to this question we are leaning heavily on thoughts brought forward by LZZR in his Internet States of Presence article and elsewhere. First and foremost we do not pretend, like FOAF Project does for example, that information we are dealing with here is about individuals. Instead we firmly believe that user information available to us only reflects actions of an individual (or sometimes groups of individuals and possibly even some internet spam bots). Hence, we consider the basic block to build our User Circle database with to be not personal data but rather user account data. With this approach the boundary between personal data and user generated content might become sort of blurred. Without complicating things any further it is suffice to state here that we simply accept that we have no means to know how the kind of representation we operate relates to real-life individuals. More importantly, we don’t need this information to become personal information for obvious reasons of protecting user privacy. There are quite many different approaches to this subject currently in circulation. To illustrate let me give you a quote form ToS along which Yahoo! is currently operating:
Personal information is information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available.
If you read exactly what is written it means that all information ever published about an individual falls outside the scope of this definition. In contrast we prefer rather more restrained approach. Instead of turning XdbE into a database of personal information we decided to limit this sort of information to the necessary minimum. Here we had to balance the need to protect user privacy and the need to maintain usability and functionality of XdbE that would allow building basic applications without the need to retrieve information from any third-party sources. Although for building a global User Circle database it is enough to identify each node by its user name and community such limitation would make this database almost useless in terms user experience it could provide. Ultimately, attempting to minimize the amount of user information circulating within the system we came up with a concept of AGL. AGL or Age, Gender, Location is in our opinion the lowest amount of user data that both make the system functional and at the same time keeps user information below personally identifiable threshold. We obviously can not restrict, and more importantly we have no intention of prohibiting building third-party databases where user data driven from XdbE are combined with other data including those of more detailed and personal nature. However, all technical and legal responsibility lies with those third parties and not with XdbE.
Another tricky bit we had to decide upon was relationship status. Sometimes a user might want to keep some of his or her friends visible only for other friends or even only to oneself. Excluding such data completely from XdbE would make the system lame in terms of end-user usability substantially limiting data portability. At the same time we should obey the decision of a user to restrict the circulation of his relationship status. The way out is to assign three possible states of friendship relationship: public, private and friends only and treat them accordingly. All unauthorised and non-participating clients will receive only data on relationships marked as ‘public’ while participating and authorised clients will receive all. To ensure that the data does not end in wrong hands XdbE Terms of Service shall include a clause making it legal responsibility of all participants be it Online Community Services or XdbE DS operators, or application developers or anybody else for that matter to obey relationship statuses assigned by a user.
Needless to mention that data encryption algorithms built into XdbE data exchange protocol serve the same purpose of protecting user privacy as well.