Why Flickr Doesn’t Do FOAF
Tim Berners-Lee asks “So do you think Flickr could be persuaded to source FOAF?”
Given what I’ve heard from Stewart Butterfield (co-founder of Flickr), the answer is a No.
Back in 2004 (Mon, Nov 29, 2004 at 8:41 PM to be exact), I wrote Flickr asking if they could add sha1 hashes of user emails (in an obvious attempt to be able to convert the data into FOAF). Here’s the original request email:
Hello,
Would it be possible to add a sha1 hash of a person’s email address to
the response of flickr.people.getInfo ? I understand that we don’t
want to give out email addresses, and it’s nice that the API doesn’t
expose them. But to help in uniquely identifying users across
systems, a good identifier is often their email address. To safe
guard against spam, creating a SHA1 hash is a good way to hide the
email, yet still provide a unique identifier for the user.This sha1′ed email address becomes a candidate key to the user, so to speak.
Thoughts?
Thanks!
Seth
To which Stewart replied (and I have his permission to quote him):
Seth, I guarantee that the problem is not that we don’t know how to
provide the functionalty - as you say, it’s easy.It’s more that it has a lot of complications at the social level. How
do you know whether any of our users *wants* their Flickr profile
(potentially filled with cool, beautiful or emotionally important
family photos) to be associated with their Tribe profile (potentially
filled with descriptions of their kinky fetishes)? I know I don’t want
my professional profile on LinkedIn tied to my clownish profile on
Orkut.Remember http://beta.plink.org/ ? … read about why it shut down. A
lot of those lessons apply to us. I think Dan Brickley is a super guy,
and I think FOAF is well intentioned. But I also think it has nothing
to do with Flickr (or even Tribe/Orkut/Friendster/whatever).Last, since approximately 0% of users want or care about this
functionality, it’s not a good deal for us to implement it. It’d be
really neat if there were a machine-readable description of who I am
and what I’m up to online tied to a single idetifier, enabling
software that could make all kinds of inferences about me and tie all
kinds of facts about me together. On the other hand, that would really
suck. If you know what I mean.We don’t even want to get into explaining to people what this is, let
alone build a UI to allow them to opt out, etc., etc.I appreciate your enthusiasm, and I know you’re coming from the right
place, but it’s just not something we’re willing to support right now.
(And you can quote me if you’d like
- Stewart
So, at least back in 2004, Flickr was concerned about making it too easy to “connect the dots”. I wonder if this still holds true today? Is anyone else worried about this?
I can certainly see Stewart’s point. But I bet with some solid privacy controls, or as Stewart puts it, “opt in” controls, I think a middle ground could be found. Like it or not, sooner or later there will be systems to tie it all together anyway. Might as well preempt it all and put the power into the hands of the users.
UPDATE: Looks like Flickr now exports mbox_sha1sum checksums from their flickr.people.getInfo API call. Someone saw the light. 
March 23rd, 2008 at 2:10 pm
Four years ago is a lifetime in internet apps. It’s before Flickr was acquired and before OpenID, OpenAuth etc. so the landscape has changed. But still, good reasons need to be given.
March 23rd, 2008 at 4:40 pm
No doubt 4 years ago was a long time. I’d love to hear the official Flickr response to “when are you going to export FOAF?”
March 24th, 2008 at 12:40 am
Perhaps a new email to Flickr is warranted? As you’ve pointed out, it is possible to use an opt-in policy to improve the privacy aspects, so that’s not much of reason. There’s a growing push for data portability and it just seems logical that the owner of the email address should decide what they want to do with it.
Flickr used to innovate, but these days they seem to have stagnated quite a bit. They’re still a useful service though.
March 24th, 2008 at 6:43 am
Cool that you asked this back then.
I came over to say what Dave said! Although the DataPortability group may not actually have achieved anything concrete yet, its mere existence suggests something of a sea change.
btw, doesn’t Flickr now use Yahoo! IDs?
March 24th, 2008 at 8:12 am
Yes, Flickr has switched totally over to Yahoo! IDs.
I can control who sees my photos in a fairly granular manner. I should be able to control who sees my account info, yes?
March 24th, 2008 at 11:10 am
Alexandre Passant has a quite complete Flickr-to-FOAF export service that generates FOAF for all Flickr users. It dynamically generates a FOAF profile by interrogating the Flickr API for user details. And apparently, it always includes the SHA1, even if the user doesn’t show his email address in his profile …
March 24th, 2008 at 11:21 am
Looks like Flickr added the mbox_sha1sum property! That’s a good step in the right direction.
March 25th, 2008 at 12:00 am
Richard, thanks for pointing the SHA1 output. I took care of respecting users’ privacy with the export service, so there’s indeed something wrong, eitheir with the script, or with the Flickr API. I’ll check and update the exporter to fix this.
April 17th, 2008 at 6:52 am
[…] Why Flickr Doesn’t Do FOAF - [timbl: So do you think Flickr could be persuaded to source FOAF? dajobe: maybe ] […]