J’écrivais ce message à un ami, à propos de mon expérience sur le site xkcd.com.

BD de xkcd

Donc…

• Je vois le dernier xkcd.
• Ça me fait réagir.
• Je veux répondre.
• Je sais qu’il y a des forums pour accompagner ces bande dessinées.
• Je vais sur le forum lié à celui-ci (déjà quelques clics et il fallait que je connaisse l’existence de tout ça).
• J’appuie sur Post Reply
• Ça me demande de m’identifier.
• Comme je crois avoir déjà envoyé quelque-chose là, je me branche avec mon username habituel.
• Ah, mauvais mdp.
• Je fais “forget pw”.
• Oups! J’avais pas de compte avec mon adresse gmail (faut que ça soit la bonne combinaison donc, si je me rappelle pas de mon username, ça marche pas).
• Je me crée un nouveau profil.
• Le captcha est illisible, ça me prend plusieurs tentatives.
• Faut que j’aille sur mon compte gmail activer mon compte sur les forums xkcd.
• Une fois que c’est fait, je me retrouve à la page d’accueil des forums (pas à la page où j’essaie d’envoyer ma réponse).
• Je retrouve la page que je voulais.
• J’appuie sur Post Reply.
• J’écris ma réponse et je l’envoie.
• Évidemment, mon profil est vierge.
• Je vais modifier ça.
• Ça commence par mon numéro ICQ?? Eh bé!
• Plus bas, je vois des champs pour Website et Interests. Je remplis ça rapidement, en pensant au plus générique.
• Il y a aussi ma date de fête. Pas moyen de contrôler qui la voit, etc. Je l’ajoute pas.
• J’enregistre les autres modifications.
• Et j’essaie de changer mon avatar.
• Il y a pas de bouton pour uploader.
• Ça passe par une Gallery, mais il y a rien dedans.
• Je laisse tomber, même si je sais bien que les geeks de xkcd sont du genre à rire de toi si t’as un profil générique.
• Je quitte le site un peu frustré, sans vraiment avoir l’impression que je vais pouvoir commencer une conversation là-dessus.

Deuxième scénario.

J’arrive sur un site qui supporte Disqus (par exemple Mashable).

• Je peux envoyer un commentaire en tant que guest.

You are commenting as a Guest. Optional: Login below.

Donc, si je veux seulement laisser un commentaire anonyme, c’est tout ce que j’ai à faire. «Merci, bonsoir!»

Même sans me brancher, je peux faire des choses avec les commentaires déjà présents (Like, Reply).

Mais je peux aussi me brancher avec mes profils Disqus, Facebook (avec Facebook Connect), ou Twitter (avec OAuth). Dans chaque cas, si je suis déjà branché sur ce compte dans mon browser, j’ai juste à cliquer pour autoriser l’accès. Même si je suis pas déjà branché, je peux m’identifier directement sur chaque site.

Après l’identification, je reviens tout de suite à la page où j’étais. Mon avatar s’affiche mais je peux le changer. Je peux aussi changer mon username, mais il est déjà inscrit. Mon avatar et mon nom sont liés à un profil assez complet, qui inclut mes derniers commentaires sur des sites qui supportent Disqus.

Sur le site où je commente, il y a une petite boîte avec un résumé de mon profil qui inclut un décompte des commentaires, le nombre de commentaires que j’ai indiqué comme “likes” et des points que j’ai acquis.

Je peux envoyer mon commentaire sur Twitter et sur Facebook en même temps. Je peux décider de recevoir des notices par courriel ou de m’abonner au RSS. Je vois tout de suite quel compte j’utilise (Post as…) et je peux changer de compte si je veux (personnel et pro, par exemple). Une fois que j’envoie mon commentaire, les autres visiteurs du site peuvent voir plus d’infos sur moi en passant avec la souris au-dessus de mon avatar et ils peuvent cliquer et avoir un dialogue modal avec un résumé de mon compte. Ce résumé mène évidemment sur le profil complet. Depuis le profil complet, les gens peuvent suivre mes commentaires ou explorer divers aspects de ma vie en-ligne.

Suite à mon commentaire, les gens peuvent aussi me répondre directement, de façon anonyme ou identifiée.

J’ai donc un profil riche en deux clics, avec beaucoup de flexibilité. Il y a donc un contexte personnel à mon commentaire.

L’aspect social est intéressant. Mon commentaire est identifié par mon profil et je suis identifié par mes commentaires. D’ailleurs, la plupart des avatars sur Mashable sont des vraies photos (ou des avatars génériques) alors que sur le forum xkcd, c’est surtout des avatars «conceptuels».

Ce que xkcd propose est plus proche du “in-group”. Les initiés ont déjà leurs comptes. Ils sont “in the know”. Ils ont certaines habitudes. Leurs signatures sont reconnaissables. L’auteur de la bd connaît probablement leurs profils de ses «vrais fans». Ces gens peuvent citer à peu près tout ce qui a été envoyé sur le site. D’ailleurs, ils comprennent toutes les blagues de la bd, ils ont les références nécessaires pour savoir de quoi l’auteur parle, que ça soit de mathématiques ou de science-fiction. Ils sont les premiers à envoyer des commentaires parce qu’ils savent à quel moment une nouvelle bd est envoyée. En fait, aller regarder une bd xkcd, ça fait partie de leur routine. Ils sont morts de rire à l’idée que certains ne savent pas encore que les vraies blagues xkcd sont dans les alt-text. Ils se font des inside-jokes en tout genre et se connaissent entre eux.

En ce sens, ils forment une «communauté». C’est un groupe ouvert mais il y a plusieurs processus d’exclusion qui sont en action à tout moment. Pour être accepté dans ce genre de groupe, faut faire sa place.

Les sites qui utilisent Disqus ont une toute autre structure. N’importe qui peut commenter n’importe quoi, même de façon anonyme. Ceux qui ne sont pas anonymes utilisent un profil consolidé, qui dit «voici ma persona de web social» (s’ils en ont plusieurs, ils présentent le masque qu’ils veulent présenter). En envoyant un commentaire sur Mashable, par exemple, ils ne s’impliquent pas vraiment. Ils construisent surtout leurs identités, regroupent leurs idées sur divers sujets. Ça se rapproche malgré tout de la notion de self-branding qui préoccupe tant des gens comme Isabelle Lopez, même si les réactions sont fortes contre l’idée de “branding”, dans la sphère du web social montréalaisn (la YulMob). Les conversations entre utilisateurs peuvent avoir lieu à travers divers sites. «Ah oui, je me rappelle d’elle sur tel autre blogue, je la suis déjà sur Twitter…». Il n’y a pas d’allégeance spécifique au site.

Bien sûr, il peut bien y avoir des initiées sur un site particulier. Surtout si les gens commencent à se connaître et qu’ils répondent aux commentaires de l’un et de l’autre. En fait, il peut même y avoir une petite «cabale» qui décide de prendre possession des commentaires sur certains sites. Mais, contrairement à xkcd (ou 4chan!), ça se passe en plein jour, mis en évidence. C’est plus “mainstream”.

Ok, je divague peut-être un peu. Mais ça me remet dans le bain, avant de faire mes présentations Yul- et IdentityCamp.

Bremen. Hochschule der Künste. Beautiful setting. European Soccer Championships. What more could I want? I was on my way to attend to the first Barcamp about identity online in Germany. Identitycamp was my first Barcamp, and will certainly not be the last Barcamp I’ll attend. The discussions were focused, the participants were enthusiastic, the weather was a dream come true, the place and the organization were wonderful, the atmosphere was relaxed, and the participants had two days of interdisciplinary knowledge exchange. Identitycamp focused online reputation, social relations and identity, and its big topics were reputation, social relations management, identity 2.0, data portability and privacy. The participants were the Web 2.0 /Identity 2.0 crowd and the privacy people, quite a few bloggers, and a few scientists from sociology, history, the political science and law in the middle. It was a good mixture for vital discussions.

Gerrit Hornung held the opening session with a talk about the new basic right to digital privacy that that Bundesverfassungsgericht, Germany’s highest court, put into place in December 2007. The decision was made about the question whether or it is legal to install a spyware, on the personal computer of citizens and spy into their information system given a suspicion of terrorism. Since people are highly dependent on their information systems online and on their personal computer, the court interprets a threat to a person’s information system to be a threat to a person’s integrity, and personal integrity needs special protection beyond the level that the other basic rights could guarantee. The Bundesverfassungsgericht decided that the suspicion on terrorism or endangerment of national security has to be very concrete for state agencies to step in and install the so-called Bundestrojaner – surveillance exerted by state agencies would be illegal if they just concerned any illegal activity, and it needs some jurisdictional authority to allow state agency to step in and engage in surveillance activities. Gerrit Hornung, though, though, that new right to privacy in information systems might open the door to extensive surveillance activitities from state agencies. Hornung explained the new basic right to digital privacy with regard to existing other basic rights in German legislation and pointed to open questions waiting for jurisdictional decisions in the near future. Does the new basic right apply for online information systems as people increasingly store their data on external servers? [Slides in German]

If there was one dominant topic at Identitycamp, it probably was about Single Sign On systems of verification, authentification and management of one’s credentials online. OpenID, I learned, is only one of various technologies in current discussion: OpenID is one possibility for people to manage their credentials, a competitor is Microsofts U-Prove which is about identity chipcards. The two competing paradigms infocards and OpenID seem to be moving closer to each other, recently. The best known case for this is using InfoCards for authenticating towards the OpenID provider. Dennis Blöte is currently developing a system which uses OpenID for the different online services at Bremen University (e-learning, exams, administration, etc.). [Slides in German].

Another big issue at identity camp was data portability. If you have registered in a number of social networking platforms, you cannot take your relational data with you, connect or manage different social roles online, since the conditions of use usually favour the business interests of the provider and prevent the user taking relational data other social networking platforms as one moves around the internet throughout one’s online biography. In practice, people have different habits of managing their reputation, social networks and identity. Some users strive to get a coherent representation of their in their various social circles and disclose the different facets open to the members of their interaction networks. These people will welcome full data portability. Other users, though, will try to keep their social circles from the academic world, the business world, the private sphere etc. separate. They will tend to limit data portability or at least control who gets to see what element of their personal identity, and at what specific occasion. The focus seems to be moving from single sign-on to data synchronization. Most people would that it would be nice to be able to update your contact data on all platforms you are a member of with one click, yet, from the standpoint of an autonomous user, one would expect technology to mature as to offer individual choice as to how one wants to manage the various elements of one’s personal identity.

New technologies and business models are always fascinating, but this one deserves special mention. Callink was designed to tackle the problem of increasing spam activities on the telephone and people being object to stalkers. Mark König from Fonym developed a smart business model to tackle spam on the telephone by introducing his spam filter callink. Callink allows telephone users to give away a link to the telephone online without handing out their number, to add an anonymous code on one’s identity card which directs a phone call to their telephone. Moreover, Callink enables users to filter out telephone calls that they define as spam or even threat, even if the number of origin is not disclosed on the telephone screen. Cool idea! Unfortunately, though, the callink is limited to the regular phone, so far. I could use it for my particularly for my mobile.

Stephan Humer gave a valuable introduction into digital identity from a social science perspective. I think, it was very important for people with social sciences background, practitioners and political activists to foster a discussion on what identity is all about, what makes for digital identity and what are the social, political, jurisdictional, cultural and technological components and implications. Humer emphasized the gap the factual social and individual relevance of digital identity and the lack of attention in social sciences, so far [Slides in German].

I had come to Identitycamp to discuss trust online with the participants. I was delighted how the participants shared my interest in the topic of trust and we had two sessions on the topic of trust online with reputation, social relationships and identity management onlineThese are the questions I discussed in my presentation: (1) Why are reputation, social relations and identity on the internet object to trust concerns? (2) How does the constitution of trust work? (3) How can trust – its preconditions and the constitution of trust online – be studied empirically? I am happy that the relevance of the topic was obvious to the participants regardless of their background. The language of trust giver and trust taker fit well into the technicians’ use of the term ‘relying parties’. Of course, every relying party, be it an individual user, a developer, a provider, a corporation or state agency can be in the role a relying party when it comes to the transfer of money, data, identity credentials. Here are my slides:

Ralf Bandrath writes:

You can reduce the need to trust with data minimization. A lot of the open questions discussed in the other sessions also boil down to “Who do you trust”? Your government? A corporation like Yahoo? The members of your social network? If the idea of a loosely coupled identity meta-system is that you do not need high trust among all parties, then I see two possible solutions:
1. Everyone becomes his or her own identity provider and does not have to worry about IdPs collecting their digital traces.
2. The amount of exchanged data is reduced in general, so you don’t have to trust all kinds of parties. This is where Identity 3.0 with minimal disclosure tokens and zero-knowledge proofs is very promising.

Ralf’s suggestion is, of course, a legitimate way to reduce the problem of trust online. It certainly does not make the problem obsolete, though. Of course, the more people pursue their daily activities online, the more money is transferred, the more data get transferred and the more people’s credentials are transferred. As people increasingly pursue their daily activities online, their vulnerability augments, and the more they must bear the uncertainty that they might be damaged with regard to their reputation, social relations and identity. Ralf’s suggestion pins down to be cautious, to limit one’s activities online, to reduce one’s expectations, at least in the short run. If every user would follow Ralf’s advice, this would limit the development of the internet considerably and limit legitimate business aspirations since it teaches the lesson “Reduce your expectations!” both on the side of large companies and state agencies and on the side of the individual internet user. People would be increasingly cautious to use online applications and be reluctant to try anything new as a result of negative experiences from the past. As a consequence, the development of Web 2.0 and related business models would be slowed down. Trust, though, becomes relevant only under the condition that expectations are high, that something big is at stake. Only in this case I would call it a trust issue. So, I look out for example cases where I find a social relation between at least one trust giver and trust taker, where expectations are high, where vulnerability is high [damage possible] and were uncertainty of potential damage does not vanish [even given a functioning technology, a thorough administration of rules, roles and routines and ‘perfect’ calculation of people’s trustworthiness which is usually displayed in the form of numeric representations] and people still do not refrain from using the internet but decide to expect something positive and use the internet. Only in these critical situations which are characterized by uncertainty of potential damage I can ask the question, why people trust, whom they trust and how they trust. One alternative way to trust vis-à-vis the purely naïve trust to move toward active trust which involves reflexivity and learning: Begin slowly, expect little, be cautious at the beginning, gain experience, gather information, exchange with other users, articulate your expectations, keep yourself informed about the other party’s behavior, exchange information with the other party regularly, reflect on your positive and negative experiences, and increase your expectations as experiences are positive. But even this active trust, which requires a lot of effort, is no guarantee that damage can be prevented. So, trust online pins down to a trust giver is away of the uncertainty of being damaged and still makes the ‘leap of faith’ to assume that a critical situation will be favorably dissolved, and a trust taker who offers a favorable definition of himself – be it an individual, a group, a company, a state agency or the internet public in its most abstract form. I am convinced that it needs strong institutions both online and in the offline world to help form an online social world in which people can move around and trust as they increasingly pursue their daily activities online.

Conclusion

Identitycamp was a really good meeting of practitioners, activists, bloggers, curious students and scientists to develop an interdisciplinary perspective on identity online and a wonderful opportunity to reach out beyond one’s academic discipline and milieu. The atmosphere was informal and the discussions were very constructive. The participants decided to stay in contact on Electronic Identities, and demand for a follow up was articulated. Yet, even a supreme conference or Barcamp leaves some room for improvement: The conference should have been framed by the organizers such that they give an introductory talk and a short conclusion of about ten minutes, each. Moreover, an introductory talk on the political, social and cultural aspects of identity for the participants unfamiliar with the way social scientists talk about reputation, social relations and identity, and there should be a separate introduction on the current developments from a technology and information perspective for participants with academic background and little knowledge on technology aspects of identity management should have been positioned in the first sessions on day one to help find a common language. Finally, I would hope that more and higher ranked experts from the various social sciences, economics, the humanities, the information sciences and especially, from experts on lawe, would attend an interdisciplinary meeting on Identity next time. So, I would pledge for a combination of Barcamp and the good old regular conference – the spontaneity of a Barcamp is a wonderful thing, but to help participants take home the very best of a conference, some framing would be helpful.

Thxs 2 AnalyThis for recording!!! For more Videorecordings, check out his site AnalyThis.net

U-Prove An brief introduction

Session by Caspar Bowden – Nur ein paar Notizen

* Identity Access Group

* Laws of identity
user control
minimal disclosure
justifiable parties
directional identity
pluralism of ops and technology
human integration
consists experience across contexts

–>join http://www.identityblog.com

* Self issued vs. Managed Information Cards

–Self issued
containing self-asserted claims “about me”
stored locally
effective replacement for username/passwd
eliminates shared secrets
easier than passwords

–Managed
Provided by banks, stores, government
Card contains meta data only
Claims stored at identity
-audited or non-auditting

* Protocol drill down (see photo)

*identity “history”
identity 1.0 -> centralized (MS Passport)
-central party sees all attributes/account data
-central party is all powerful

identity 2.0 (browser-only = SAML, OpenID)

identity 3.0 get ready for identity 3.0
-Multi clientside crypto security / privacy

= siehe securecomputing

* authentification vs identification

authentificate

name: XXXXXXX
adress: XXXXXXX
status: Goldcustomer

identificate

name: mark a.
adress: read
status XXXXXXXXX

——-
* Metasysteme

* privacy-friendly revocation
(“valid transactions provider”)

* censorable audit transcripts (? – not really noted)

*and some other points and issues

–Coming up in/with
integration into MS Windows (windows cardspace)
Windows communication foundation = .net
(patented – looks like braking innovation)
interoperability …. abstractional layer

announcements in coming time…

Recommended reads:
www.credentica.com
stefan brands www.idcorner.org
kim cameron www.identityblog.com

Ausserdem hat Mr.Topf auch über die Session geblogged, da kann man seine Sicht nachlesen!

Das Identitycamp Bremen fand in den Räumen der Hochschule für Künste Bremen statt, das WLAN über VPN hat super geklappt (keine Klagen gehört) und das Essen, insbesondere das dekadente Büfett (man bin ich leicht korrumpierbar am Samstagabend waren gut und ausreichend sehr gelungen die Organisation der Rahmenbedingungen. Dank dafür an die Sponsoren!

Some impressions

]]> http://unintendedpurpose.wordpress.com/2008/06/08/vertrauensbildung-how-to-study-trust-online-tina-guenther-auf-dem-identitycamp-bremen/ Sun, 08 Jun 2008 05:40:22 +0000 unintendedpurpose http://unintendedpurpose.wordpress.com/2008/06/08/vertrauensbildung-how-to-study-trust-online-tina-guenther-auf-dem-identitycamp-bremen/

1 Social Web
2 Reputation Beziehungsmanagement/Vertrauensmanagement
3 Wie Vertrauen in Rep / Bezieh und ID-MM konstituiert
4 wie man Vertrauen online erforschen kann

-> sozlog (Tina Guenther blog)

zu 1. Soziale Netzw./Twitter/Ebay/Partnerwahl/personalisierte Webseiten’(direkte Ansprache)/Google Krankenkarte/avatare

Einige Begriffe

zu 2. Reputation

Vertrauensrelevanz
- Akteure
- Erwartungen
- Verletzbarkeit
- Unsicherheit
- Agency
- (Doppelte) Einbettung

Arten der Schädigung
(persoenliche …)
-wirtschaftlich/,,,
Zombierechner/”Botnetze”
-spam

zu 3. Wie wird Vertrauen konstituiert?

Interorganisationales & interpersonales Vertrauen

Institution Struktur

Organisation Struktur Akteur

Individuum Akteur

(hier fehlen die Pfeile, die die Relationen und Prozesse in dem obenstehenden Diagramm abbilden und erklären, also nicht wundern )

Vertrauensrad

Rationale Wahl
Aufhebung der Spannung
Routinemodell
Reflexivität

4. Vertrauen online erforschen?

- Befragung / selbst rekrutierende Onlinebefragungen
- Experimentaldesign
- Leitfadeninterviews mit Experten
- Fallstudium (Befragung/Beobachtung)
- Blog / Forum

->Folien sind auf Slideshare unter Creative Commons License (Vielen Dank an Dr.Tina Guenther für die Veröffentlichung ihrer Präsentation)

Notizen sind wie die vorangegangenen nur eben nebenbei notiert, also quick&dirty – ohne Gewähr auf Korrektheit, Vollständigkeit etc – nur um eine Vorstellung zu bekommen.

Ich fands ganz interessant, auch wenn es zum Schluß etwas knapp mit der Zeit wurde. Da konnte aber Tina nichts für, da auch schon die vorherigen Sachen ein paar Minuten überzogen hatten und nicht alle gleich bei dieser Session eingetrudelt sind.

2much of interest

Hier noch mal ein besseres Foto nachgereicht:

So, da bin ich. Wer ist denn sonst schon so eingetrudelt?

Hier wird noch schwer an dem Setup gearbeitet, ich muss mal sehen – hab mir erstmal einen guten Platz in der Nähe einer Steckdose gesichert und drahtloses Netz eingerichtet.

Also meinetwegen kann es denn auch bald losgehen. Im Moment ist es noch recht ruhig, vorn beim Counter sammeln sich die Leute. Ich glaub jetzt wo das alles läuft kann ich wohl auch nochmal rausgehen.

Die Location ist cool, schoene Räume mit hohen Decken, alles halt in einem ausgebauten alten Speicher. Sehr passende Location, Holzdielen, große Fenster ,,, hach bin ich gespannt, was mich hier erwartet

Ich geh glaub ich mal ne Runde Fotos machen