There was a lot of feedback on my post yesterday about the dangers of having a private company behind something like Facebook Open Graph. All I really wanted to say is that I wish something like Open Like were the one catching fire instead of a closed, privately-owned standard. I thought I would clear the air today with why I think the concept behind Open Graph is a good idea and actually makes us more secure.
Essentially, there are two ways to ensure security in IT. First, you can limit what someone can do. The first part of security obviously becomes weaker in an incredibly social web. More and more people will have more and more access to more and more of you. It’s impossible to argue that the social web makes the internet more secure from that respect. I’m not saying that it makes the internet too insecure, I’m merely suggesting that you’ll have to be careful what you share.
The second part of IT security is that you can limit who can do/see things. This is done by creating logins, fencing in parts of your website or (as in facebook) building multiple levels of friends. At the end of the day though, this part of IT security is about WHO you let in. For example, “Mark Edwards wants to be your friend on facebook.” How can I tell if Mark Edwards should be my friend? How can I tell exactly what about me I’m comfortable sharing with him? Is he the kind of person I let do a guest post on my blog? This is where a more social web actually makes the internet more secure.
With a more social web, I can scan Mark Edwards open identity. It will make it very difficult for him to pretend to be somebody he is not. Right now, he can setup a face ID on facebook pretty easily. In a future open graph world, I could go in and expect to see that he likes local restaurants (with GPS check-ins he may have had to actually visit them), that he has music tastes consistent with his profile, that he knows people I know, that he has liked websites I like, that he has posted comments I agree with. The bottom line, it would be awfully difficult for Mark Edwards to be a fictitious person that a hacker in China built. This makes me more secure. If people learned how to use the social graph properly, it could all but kill most of the phishing schemes out there.