Me and you and everyone we know

Wired: Brad Fitzpatrick has a common problem. He doesn't know who his friends are,writes  Danny O'Brien.

Wired:Brad Fitzpatrick has a common problem. He doesn't know who his friends are,writes  Danny O'Brien.

Now our problem is that he knows too much: about his friends, and about yours.

Brad is the creator of LiveJournal, one of the first websites to allow you to create lists of friends, and then give them special powers to read about your life.

By now, you may well have used a similar site yourself: perhaps Linked-In, or Facebook, or Bebo, or MySpace.

READ MORE

If you've used more than one, you'll know Brad's problem. Signing up for the first friends system is exciting. You look around trying to find which of your friends are already on the system and which of them you might want to invite.

The second friends site is rather less fun. Even though it may have additional features to the first, you can't just transfer your friends across. You have to go through the same registration, friend finding, friend inviting cycle. After a while, your friends get a little sick of traipsing around to your latest passion, and you get even sicker constantly re-entering your social network's data.

Like many geeks, Fitzpatrick is at the far extreme of this problem. He's a member of dozens of social networking sites, and never wants to re-enter his friends list again. He's also got the skills to fix the problem. As well as being LiveJournal's founder, Fitzpatrick also wrote much of the code that runs thousands of web companies' sites, and he recently quit LiveJournal's parent company to spend more time with his projects.

Fitzpatrick's solution was to chivvy and search a handful of the biggest social networking sites, and build up a big database of everybody's friends, on all of these sites. This information is public, and freely contributed by members of the services: all Fitzpatrick did was to tie it all together.

The result, which he is still working on, but spoke about in public at last weekend's BarCampBlock event in Silicon Valley, has some useful features. When you join a new social networking site, that site could just interrogate this collected database to find your friends. That gives greater mobility for users between sites, making the market for these social services more competitive.

That lowers the barriers to entry for newer sites, which might worry Facebook, MySpace and company: but it also stops the drastic collapse and death of unfashionably old sites too. Facebook may worry about new entrants stealing its thunder, but only because it exists on the corpses of older social software, like Friendster and Orkut. With a database of friends that works for all these sites, none of them need depend on being the king of the heap to survive at all.

That's the positive side. But what about the implications for the privacy for users of these sites?

Most of us don't mind contributing a list of our friends for the fun of seeing them participate with us in sharing pictures, stories or diaries with each other. But few would anticipate that such data could be plucked out of these sites, and combined with other information. Do you really want strangers to be able to search through your combined acquaintances, as easily as they can Google your name? And if you think that they will not, will you be able to resist making the same search on your friends?

And what about other information linked from this collation? What about temporal changes if this data is collected over long periods of time? Would you like everybody to know who your college friends were? Or when exactly someone in your life ceased to be your friend?

Already social network sites leak information that has surprised its users. When Facebook introduced a feature to see when your friends' relationships changed, there was uproar. Dating sites still allow searches on e-mail addresses, even though those e-mail addresses are never made public in member profiles. That means that if some spammer or scammer runs their e-mail list through a script that automatically interrogates a dating site, they'll be able to learn far more about their victims.

Fitzpatrick and his colleagues, in examining these problems, have already suggested setting up a non-profit group and perhaps requiring some authentication matter to provide some protection for their database of friends.

But the horse is already out of the stable: Brad is smart but the data he built his database from is public and could be done by any enterprising coder. There may be less well-meaning groups who have already done so. What a better way, for instance, to get spam past your filters than to label them with your friends' names and nicknames?

Fitzpatrick has done nothing wrong and his database may well provide many benefits. But we're lucky that he has openly discussed his work before putting it to good use.

At the very least, it gives us time to prepare for our next privacy shock: when the harmless details we willingly entered into these public websites are data-mined and extrapolated to reveal secrets about us, and our friends, that we never intended to divulge.