Why Flickr Doesn’t Do FOAF

Tim Berners-Lee asks "So do you think Flickr could be persuaded to source FOAF?"

Given what I've heard from Stewart Butterfield (co-founder of Flickr), the answer is a No.

Back in 2004 (Mon, Nov 29, 2004 at 8:41 PM to be exact), I wrote Flickr asking if they could add sha1 hashes of user emails (in an obvious attempt to be able to convert the data into FOAF). Here's the original request email:


Hello,

Would it be possible to add a sha1 hash of a person's email address to
the response of flickr.people.getInfo ? I understand that we don't
want to give out email addresses, and it's nice that the API doesn't
expose them. But to help in uniquely identifying users across
systems, a good identifier is often their email address. To safe
guard against spam, creating a SHA1 hash is a good way to hide the
email, yet still provide a unique identifier for the user.

This sha1'ed email address becomes a candidate key to the user, so to speak.

Thoughts?

Thanks!
Seth


To which Stewart replied (and I have his permission to quote him):


Seth, I guarantee that the problem is not that we don't know how to
provide the functionalty - as you say, it's easy.

It's more that it has a lot of complications at the social level. How
do you know whether any of our users *wants* their Flickr profile
(potentially filled with cool, beautiful or emotionally important
family photos) to be associated with their Tribe profile (potentially
filled with descriptions of their kinky fetishes)? I know I don't want
my professional profile on LinkedIn tied to my clownish profile on
Orkut.

Remember http://beta.plink.org/ ? ... read about why it shut down. A
lot of those lessons apply to us. I think Dan Brickley is a super guy,
and I think FOAF is well intentioned. But I also think it has nothing
to do with Flickr (or even Tribe/Orkut/Friendster/whatever).

Last, since approximately 0% of users want or care about this
functionality, it's not a good deal for us to implement it. It'd be
really neat if there were a machine-readable description of who I am
and what I'm up to online tied to a single idetifier, enabling
software that could make all kinds of inferences about me and tie all
kinds of facts about me together. On the other hand, that would really
suck. If you know what I mean.

We don't even want to get into explaining to people what this is, let
alone build a UI to allow them to opt out, etc., etc.

I appreciate your enthusiasm, and I know you're coming from the right
place, but it's just not something we're willing to support right now.
(And you can quote me if you'd like ;)

- Stewart


So, at least back in 2004, Flickr was concerned about making it too easy to "connect the dots". I wonder if this still holds true today? Is anyone else worried about this?

I can certainly see Stewart's point. But I bet with some solid privacy controls, or as Stewart puts it, "opt in" controls, I think a middle ground could be found. Like it or not, sooner or later there will be systems to tie it all together anyway. Might as well preempt it all and put the power into the hands of the users.

UPDATE: Looks like Flickr now exports mbox_sha1sum checksums from their flickr.people.getInfo API call. Someone saw the light. :)
13 comments

Popular posts from this blog

Converting Array to List in Scala

I ported a JavaScript app to Dart. Here's what I learned.

Minification is not enough, you need tree shaking