Consider a more balanced discussion: http://bit.ly/cMFTAE

Also side note: like the idea of using cards to login but why not support open ID also or google accounts, twitter, facebook connect? I tried 3 browsers (Chromium, Chrome, Firefox) before I had to use IE tab in Chrome to get this thing to work - what a lot of work just to leave a comment: remember effective security = convinient, transparent security

Of course it seems Facebook has been dragged heels-in-the-ground to “socially acceptable” privacy policies, and its user experience around privacy has somehow seemed an “I-told-you-so” proof that “privacy hurts”. Big complex policies are a natural input to (outcome of?) that proof.

Twitter has been a lot hipper in figuring out which way the wind blows. The result in this case is real innovation. Let’s hope the idea spreads.

Meanwhile Danah Boyd has done interesting research on the response of young users to Facebook privacy alternatives. I’ll put up the reference.

If there’s one thing we’ve learned about “preventive” technology it’s that there will be a lot of very intelligent efforts to try disable it (anti-piracy technology being a great example).

Still, a very interesting and welcome innovation that I hope spreads worldwide.

I haven’t looked into what various contender’s APIs look like, or compared Google’s approach with that of other location providers. I hope someone drills into this.

So far I’ve just had time to comment on what Google SAYS its architecture is in its FAQs.

I’ve figured out that I have to learn to explain one thing a lot better: the architecture the main issue - and just as important as whether Google is doing something today or not.

The possibility of monetization combines with the capabilities of the architecture to determine the direction technology will move in. These developments have dynamics of their own, and those are what motivate to wade into this quagmire.

Google is busily undermining the business model of Skyhook and the other third parties who pioneered this area; on the one hand they made it acceptable becuse they made everyone demand accurate non-GPS-based location after finiding how convenient it is - on the other when they started they were upfront about having thought about privacy and having an API that delivered location rather than a database with the association of location and device seems somehow different to me. Google is a correlation machine and that seems to make it more likely that information if not identity can be extrated from their system (like the Gmail/Adwords journal acceptance correlation).

Although so much about this initiative seems misguided, a US company wants to take credit for it:

LOS ANGELES (Reuters) - A California software publisher will seek an injunction preventing U.S. companies from shipping computers with Chinese anti-pornography software it says was stolen, the company’s president said on Saturday.

Solid Oak Software Inc said it found pieces of its CyberSitter Internet-filtering software in the Chinese program, including a list of terms to be blocked and instructions for updating the software.

Brian Milburn, president of the privately owned, Santa Barbara-based company, said it was studying its legal options but would seek an injunction against further shipment to China of computers using the suspected pirated software.

“I look at it this way, if we were shipping iPods over to China and China says, ‘We want all these pirated songs on the iPods when you ship them to us,’ don’t you think somebody would be up in arms about that?” Milburn said.

Good story. But I refuse to say Uncle!

Domenico Rotondi
TXT e-solutions Spa

But there should be no mistake about what is going on here. Information Cards are fundamental to Internet identity for consumers as well as enterprises. Dick is joining our team to help carry these ideas forward, not torpedo them.

On a totally unrelated note, what’s the deal between the Geneva Framework and OpenID. It seems like there’s no relation but I thought Microsoft was going to work on making those two MORE connected. I’m a bit confused on what the plan is to make them work together better.

[Kim responds] Funny - when I look at your comment, without having changed anything, whether I’m logged in or not I see the posting as being by “davidacoder”. Here is a screen capture.. So I don’t understand the issue. Does it look different from your browser??

So, the situation at Live ID seems much, much worse to me. Maybe point that out first before you go after Facebook?

[Kim responds]: I agree that the default should be to use https for password entry. I hope Live ID will move towards a different default ASAP - it’s difficult and expensive when you do a billion authentications a day. It’s a problem across the industry and I’m trying to change it everywhere. I’m not a Facebook hater - I use it and like it.

What I was saying in my post was that they “lost” my profile and sent me an email that it seemed MUST be a phishing email. You would think at that point they could turn on the https while they recovered. But no, they didn’t use https when I was redirected from the wierd email. It just pushed me over the edge. If it looks like I’m the pot calling the kettle black, then I guess I need more time off.