Personal information about the people in our lives is typically kept in different places. These places can be one or more email accounts, one or more social/professional networks or one or more messaging/chat services. Integrating all this information at the right time and in the right application can be an incredibly useful discovery tool. Reading an email and seeing social network activity, new photos that have been posted and noting upcoming calendar events encourages viral communication and sense of urgency to connect.
But the way this information is integrated can have significant impact on you and your friends in terms of privacy and security. The recent launch of LinkedIn Intro is an example of a good idea with good intentions that should have been implemented differently.
LinkedIn Intro is implemented as a server (IMAP proxy) that sits between your email applications and your email service(s). You give it authentication information for each service and agree to let it modify your incoming email to add LinkedIn information. The result is an email that includes relevant LinkedIn personal information about the sender and recipients who are also LinkedIn members (all members or just in your network?)
The security concerns about giving any black-box service access to your most personal and private information have been well covered in other blog posts, rebutted by LinkedIn, and re-re-rebutted. So no need to rehash those discussions other than to say the concerns are valid, even with the most well-architected and well-intentioned security plan. A good security rule of thumb – assume the worst will happen.
But the point I wish to stress is more about you, your friends, and people who send you email.
Someone (other than spammers) who sends you email has a reasonable expectation that you will receive the message as sent. And you as the recipient expect that what you see when you read the email is what the sender wrote. A system that modifies the email after it has been sent without the sender’s permission violates this implicit trust. This is what Intro does, it modifies your email before you read it. Which quite seriously, can impact the context and even in some cases, content of the communication and how the recipient understands the message.
Other services have tried inserting advertising in email accessed via IMAP as a way to monetize users who never access webmail. An active mail account is a valuable strategic asset and trusted customer engagement channel. It creates a user interaction point that can be leveraged with advertising, content recirculation, and other value-add services if that is your business model. When a user accesses a service using a device application and IMAP, that leverage is weakened or worse case, even lost. So looking for a way to make this user a valuable asset is a good thing, it means the service has a reason to further test and develop value-added services with and for their installed base. But do people really want advertisements inserted in your email? An advertisement for something that you haven’t endorsed or approved and maybe highly offensive? Most would say never and switch services.
You should never accept a service that modifies your or your friends content without everyone’s explicit permission. That is the clear (and unwritten ‘T&C’) contract that people in the web era expect.
The right way to provide this type of service is to let the user decide what services to integrate and do the integration at the application level. This is exactly the way that the OX App Suite Halo View functionality works. Halo View is accessible anywhere you see a contact and shows everything you know about that person. You select the services you want to combine in Halo View and provide authentication (OAuth or username/pw). These external accounts are accessed and the information pulled into Halo View without modifying any messages or content. Just as important, the feature works anywhere you have a contact shown – address book, calendar, file sharing. If you pull in email, contacts or calendar from other services, the feature works for those services as well.
And inline with our overall philosophy at Open-Xchange—build products that give the people who use them the freedom to work they way they do—with Halo View, you can even revoke the access, add new services, or disable the whole feature entirely. Ruthlessly open. This is our style and approach to developing web-based software and services. And developing them as open source products means anyone can look at the source and see how the information is being accessed and integrated.
Choose a fully transparent system that keeps you in control!
