This use of the word attention, though, doesn’t apply only to the Internet and media.  It also applies to plain-old products too – which cereal you eat and where you vacation, etc. – in fact, it can apply to everything.

So, it follows, that energy attention is the subset of your attention as it applies to energy:  what, where, and how, you do and don’t use energy.  Just like the more general attention data, such data can also be quite valuable, both to you in reducing your energy use and costs, but also to third-parties for marketing and sales purposes (note that carbon attention overlaps with energy attention, but I am not going into that now).

Electric and Gas utilities record one major aspect of your energy attention today:  your electricity and gas usage data.  Most utilities provide these data back to their customers in summary form on bills, and many provide it in more detail.  My local utility, PG&E, provides me with hourly electricity and gas usage data through their Web portal.

While functional, I wanted real-time usage data.  My first thought was to use the GE SmartMeter that PG&E installed.  While the data could be retrieved from there, my access to it is on an unknown schedule with an unknown feature set.  The California Public Utilities Commission, utilities, vendors, and other stakeholders have been wrangling over issues central to the ownership and sharing of such energy attention data.  Both the Commission and PG&E have good reasons to be careful with this data:  PG&E installed and owns that meter and paid for it with rate-payer monies.  There is a decent (though somewhat dated) overview at Giga OM.  And while the Commission released an update to their proposed decision (PD) yesterday (here), the wrangling isn’t over.

So instead of waiting for this to all get resolved, I followed Jon Udell’s lead and installed The Energy Detective 5000 (TED 5000).  This monitors my home electricity usage in real time, giving me immediate access to my own energy attention data.  This to me, is exactly in the spirit of the Attention Trust (AT), an organization that I did some pro-bono work for in the past along-side of Steve Gillmor.

Now what does this have to do with attention and the AT?

Back in 2005, the AT was formed to assert user rights over attention data, specifically as it related to that data collected by Internet  services.  For example, Google tracks user attention (through clicks and time on pages, etc.) and uses that  information for operating their various services.  You consent to their right these data  through their Terms of Service (TOS).   The AT asserted that the user also owns these data.  To assert this ownership, the AT provided the Attention Recorder with which a user could record their own attention data from the browser.  The act of capturing such data from the user side of the firewall ended the discussion of who owned the data.  Yes, the Internet service has their copy and can use it based on the TOS, but the user owns the data too.

So, the TED 5000 is my own personal Energy Attention Recorder.  I assert ownership over the data and authority to do anything I want with it – including exposing it to any third-party service I so choose.

Interestingly, the PD issued yesterday names the TED 5000 specifically (although in reference to a utility comment).  This is in response to one of the CPUC questions (paraphrased):

Does the Commission have authority over entities that receive information on a consumer’s energy usage from meter sources other than a utility?

While the Commission has deferred this question, it is clear that they will face an up-hill battle on protecting consumers from their own
actions.

I, for one, claim ownership of my own energy attention.

I mostly agree with what he says, except I think his underlying premise is wrong:

It’s good for entrepreneurs and good for users to have angel investors caught in hell. When they feel they have to spend more money to stay in the game, that’s good for all of the rest of us (press, users, entrepreneurs).

First, there really is a place for the classic angel – that is, the Ron Conway kind that is in it to help entrepreneurs succeed.  I don’t think it helps anybody if these angels are “in hell.”  The angels that Robert talks about are really VC in my book and frankly I don’t think they belong “in hell” either.  Now some do, of course . . .

Second, more money thrown at entrepreneurs is not in and of itself a good thing. On some level it gets more people building companies, but does it really get more people innovating?  Before the “dot bomb” hit, the same thing was happening in VC.  Everyone and their brother formed a venture company and all sorts of things were funded that were patently ridiculous.  That was a part of why the crash happened.

• Hosting HTML
• Context menus
• WCF and REST enhancements
• Support for RIA Services
• Drag & Drop
• Running out of sandbox for trusted apps
• Sharing components between .NET 4 and SL 4

Lot of other things too.  I’m excited to start using this.  Also a shout out to Tim Heuer – he has helped me on a few things before and I got a chance to meet him today.

Those of you following NewsGang will know why I am very excited about these Silverlight developments.

The old terms are back in effect: delete your account and so goes your data.

A minor success for users everywhere – even those who don’t think this stuff matters.

The change?  Before Facebook relinquished their rights to your data if you deleted your account.  Now they don’t. 

I don’t have a problem with this new policy.  I do have a problem with the new part.

Of course, I’m not arguing whether Facebook can legally make this change, but it does violate their user contract.  I’m not talking about a legal TOS, but of an understanding with their users.  What is the problem?

• Facebook has just asserted ownership to something that they didn’t claim ownership to before.  And this isn’t future data, this is past data.  Data you already contributed to Facebook with an understanding that they wouldn’t keep it.

This is another example of what I call the user-beware contract – where the TOS can change at any time without notification. 

So, what is the user-aware way to make such a change?

• Maintain their old policy for data in Facebook before the change.  This bifurcates user data between before and after the policy. Delete your account?  Old data goes away, new data does not.

OK, but this is still a user-beware contract.  What else should they do?

• Require users to opt-in to the new policy.  If they opt out, either delete them or let them continue the old policy.

I’m sure Facebookians (and any one hosting a large service) is rolling their eyes at this point.  But just because being user-aware is inconvenient doesn’t make it infeasible.

And a shout out to Ned Sykes for prompting this post: no, I’m not concerned about Facebook stealing my tweets, but as a voice in user rights, I am interested in promoting TOS that are pro user.

BTW: The user-beware/user-aware terms are defined in my post User Contracts – Part II: User Beware.

Well… this is embarrassing. We just released an update that’s newer than 14.0.8050.1202. One of the two bugs it fixes, is that our “Check for updates” mechanism broke irrevocably in 14.0.8050.1202 and earlier builds.

If you download the new version from http://download.live.com then “Check for updates” will work again. Sorry for the inconvenience!

So, if you aren’t at least at version 14.0.8064.206, then you should upgrade again.

It looks better and now it renders my blog template correctly.  Maybe there are more features I’m missing.

It is worth upgrading it just to get the “Check for updates” feature.  So you never again have to figure out how to upgrade it (see Jim’s rant here: Sighcrosoft – Why Can’t I Just Love Live Writer Without Confusion?).

Strangely enough, its now easy to upgrade here:  http://download.live.com/writer.

1. Sharing one credential across all of your Internet services is not a good idea.  See How many OpenIDs do I need?
2. The OpenID vision isn’t ready because there is not yet an ecosystem for Internet services (i.e., Relying Parties) to rate the trust level of an arbitrary Identity Provider.  See OpenID isn’t ready for prime time.

This led to a conversation with Bill Washburn, Executive Director of the OpenID Foundation. He was a pleasure to talk to and receptive to my ideas and concerns.  I left that conversation with an interest in contributing to OpenID through my writing.  I have been pretty pegged lately on other activities, but found the Microsoft HealthVault announcement interesting because it is at the intersection of these two topics. 

What is the announcement?  That Microsoft’s HealthVault will become an OpenID Relying Party later this week. 

Very cool news.  Congratulations to Microsoft for becoming the first big player to be an OpenID Relying Party in a significant way.  Also, congratulations to the OpenID Foundation and Bill Washburn for their role in this.

Now how is this intersection of these two topics?

1. Sharing Credentials

I’ll start by partially answering my first question:

How many OpenIDs do I need?

Partial answer:

I need one for each health information provider; for exclusive use with that provider.

I just don’t want to share these with any other Internet service. 

So the premise that OpenID allows me to share credentials across sites is of no value to me here.  (Note: that said, there are good reasons I might choose other Identity Providers for this application).

2. How do Relying Parties know who to Trust?

There are a growing number of providers out there, new implementations of custom coded OpenID providers, established businesses, startups, etc.

So if you want to become a Relying Party, who do you trust?  Everyone?  No.  The answer is easy.  From Sean Nolan,

The deal is — as of our next release in the next few days, users will have a new way to identify themselves to HealthVault. In addition to Windows Live ID, they will be given the option of using OpenID accounts from Verisign or TrustBearer.

You, the Relying Party, choose an explicit list of trusted Providers.  This is a completely rational approach.  Especially if you are responsible for protecting confidential data. 

Before you know it, more and more companies/services will become Relying Parties.  Each service — at least those that protect valuable confidential data — will have to perform a risk analysis to determine which Providers to accept.  Each Relying Party will end up with a different set of accepted Providers — a different set in constant flux.

Earlier I suggested that I could choose how to consolidate my OpenIDs, but the reality may be much different where I have to choose OpenID providers based on the services I use.  This reality seems like a complicated, user-hostile patchwork of Identity.  Kind of like what we had before OpenID.  Only more complicated.

What do I think should be done about it? 

One answer is that the OpenID Foundation fast-track efforts to formalize trust and reputation resources for Relying Parties. Bill Washburn had some other ideas too, and maybe this Microsoft announcement is in support of that effort.

How long will any of this take?  Can’t say, but I will continue to look on with interest and write about OpenID.  Despite my criticism, I am a fan.

Google changed the Reader user-contract with no notice.  This rankles me.  I’ve lost control of my shared items.  This is a dramatic change with only the weakest of opt-outs.  What’s more, any opt-out is too late.  My items have already been shared.  What kind of opt-out is that?

Oh, but there are more options.  They give us the ability to manage who gets to see our shared items.  But only after others have a chance to read them.  For example, I can hide my items from my “friends” who are on Google Reader.  Other “friends” that start using Google Reader will get to read my shared items immediately.  The onus is on me to make sure I actively manage the list. 

And the icing on the cake?  “Friends” wasn’t a word in use by Google Reader before.  Now it has been defined to mean my Google Talk contacts.  No fair.  This is not analogous to Facebook “friends”.  In Facebook, I accepted people as “friends” based on the Facebook definition.  Now my Google Talk contacts are my “friends” based on Google’s new definition.  This is clearly backwards. 

Is Google breaking their terms of service?  Almost definitely not, but they are changing a basic part of the user-contract: that user data won’t become more public without user consent. This is a perfect example of the “User-Beware contract“, summed up as: “we’ll change the user contract whenever we feel like it.”

What’s next? 

Your email contacts have been shared with your friends

Your emails have been shared with our advertisers

You calendar entries have been shared with your . . .

You get the idea.  This may seem like a joke, but frankly I don’t know what is in store for the user contract.

Steve Gillmor suggests this is arrogance on Google’s part, and he’s probably right.  Yet mostly people are ignoring this or don’t get it (e.g., Scoble doesn’t seem to get why anyone would care). 

Why is the blogosphere giving Google a free pass on this one? 

Cool extensions to RSS/Atom, though I wish they hadn’t chosen the “FeedSync” name.  That sounds like a product, not a specification.  I preferred SSE, and would have thought RSS-SE (RSS Sync Extensions) or to be more agnostic, FSE (Feed synchronization extensions) to be even better.

Jon Udell has more details here and links to Channel 9 videos, etc. 

So, who is going to support it?  For blogging applications, I’d like to see . . .

• FeedBurner (Google)  support the history and tombstone feature right away.  Also, the ability to aggregate feeds with full synchronization would also be cool.
• How about WordPress?   Support FeedSync directly?

Presumably Microsoft will be using this too in some new Live services.  Other applications?

If you want to know more about how it works, Jay Goldman wrote the excellent post: Deconstructing Facebook Beacon JavaScript.  The title belies the fact that the article gives a good overview too (it isn’t just for developers).

An innovative idea — one that reminds me much of the GestureBank work conceived by Steve Gillmor and myself.  Given that, it should be no surprise that I don’t think Facebook did anything “evil” here. 

Now, they could have done a better job with it.  From the get-go, I would have preferred if they had

• been more public about how it works; and
• required that users “opt-in” to the whole program.

Not surprisingly, there was a backlash and Facebook made some changes (Official- Facebook Flips On Beacon).  Great.  I don’t think what they did violated their user contract, but the changes are more user-friendly.  I would prefer my User Aware contract, though this is a User Beware contract (User Contracts – Part II- User Beware). 

But, the problem isn’t with Facebook or their user contract.  If you don’t like the service (in total), don’t use it.

What I don’t understand is all the focus on Facebook here.  Like all silos they are capturing data, data, data.  That is what Facebook is all about.  

Why isn’t the focus on the 3rd parties who submit your stories?  They are the ones pouring user stories into Facebook. There have been reports of users not having approved their stories.  This is a bad thing, and maybe a technical flaw in Beacon, but ultimately it is the responsibility of the 3rd party to protect your data.

They should give the users control over their Beacon settings:

1. Never send stories to Facebook
2. Approve each story before it is sent to Facebook.
3. Always send stories to Facebook.

If anything, Facebook should require this of its Beacon partners.

So, why aren’t people up in arms over the eBays, TripAdvisors, Yelps, Fandangos, Epicureans, etc.?

But, hey, if you don’t like the way these sites are spraying your data over the Internet, then stop using them.  

Last Friday we recorded a new show titled The Gang. I’m initially asking those interested in hearing the results to join this Facebook group. Looking forward to seeing you there.

See you there? 

Perhaps it is payback, but certainly the OpenSocial strategy predates the Microsoft agreement.  Not even Google could pull this whole thing off in just a few weeks.

This begs some questions:

• Did the losing proposal from Google include OpenSocial?  Did it require that Facebook adopt the APIs?  Did that push Facebook to Microsoft?
• Alternatively, was Facebook threatened with OpenSocial as a retaliation?  That is, did Google offer to shelve OpenSocial if Facebook accepted a Google deal?

It isn’t yet clear (to me anyway) whether or not Facebook was briefed on OpenSocial.  Google said yes, then no.  Facebook said no, but some evidence points to them actually having known. 

• Are these differing stories rooted in non-disclosure agreements dating from the failed negotiation between Google and Facebook?

Final question:

• Does anyone really believe that Google would have shelved the OpenSocial strategy just for an ad deal with Facebook? 

I for one do not.

For an excellent post on Facebook / OpenSocial, read Dan Farber.

I recently wrote about some problems I had with the user contracts for Cluztr, an attention service.  At the time I promised to write about a user contract I could stomach.  Some of these ideas are being rolled into what Steve Gillmor has called Click Insurance to be supported by the GestureBank.  More on that soon.

My problem with the Cluztr contract is their version of user opt-in.  Cluztr is unremarkable in this way — many companies use the same approach.  Their form of opt-in goes like this:

1. Read our user contract before you use our service (good);
2. Using our service implies acceptance of our contract (good);
3. We may change our user contract (not good or bad);
4. We may not post any notification that our contract has changed (bad); and,
5. Continued use of our service implies acceptance of our new user contract (what?).

I call this the User-Beware Contract.  This is any contract expressly allowing the service provider to change it without user notification.  The onus is on the user to be wary of the service provider.

Instead, I’d like to see the User-Aware Contract.  It goes something like this:

1. Read our user contract before you use our service;
2. Using our service implies acceptance of our contract; 
3. We may (and probably will) change our user contract;
4. We will notify you of any change;
5. Any change will require you to opt-in again formally (through a click-through or other process);
6. If you do not formally agree to the new contract, you will be removed form the service and all user data associated with your account will be purged.

This type of contract puts the onus on the service provider.  After all, the service provider changed the user contract — shouldn’t they take the responsibility of notifying them and getting their continued opt-in?

A variant of the latter approach is not uncommon (e.g., on banking sites).  Your data may not be purged if you don’t accept the new contract; however, you will not gain access to the site unless you do.

That said, the User-Beware Contract is, by far, the dominant contract on the Web.  The big players all use it, most of the smaller players use it.

I would like to see an attention service throw out their User-Beware Contract in place of a User-Aware Contract.  Of course, they’ll have to notify their users of the change

The interesting part of their user contract is in their privacy policy.  I call out some parts of it (out of order).

Adherence to the principle of Property

Most importantly in this context, the principle of property:

Property – You own your attention and can store it wherever you wish. You have CONTROL.

A critical corollary to this is that you can delete your attention data too.  They have this covered in the following:

Cluztr collects clickstream data by means of a browser add-on that tags your use of the Internet. We do not track Internet usage on a secure website, or capture username or password information at any time. You have full control over your clickstream data and can delete or purge our database at anytime.

Note to legal: tighten up that language.  This really should say “purge your attention data from our database” instead of offering users the right to completely delete the entire Cluztr database.

So far, so good.

Changing the policy without notice

And then we have some sticky language about changing this policy.  Granted, this is common in its user unfriendliness:

By submitting your information you consent to the use of that information as set out in this Policy. If we change our Privacy Policy we will post the changes on this page, and may place notices on other pages of the web site, so that you may be aware of the information we collect and how we use it. Continued use of the service will signify that you agree to any such changes.

In other words (my words):

You own and control your clickstream data unless we decide that you don’t.  This privacy agreement is the only place we are obligated to tell you this.

Not good.

Change of ownership

And finally, their sale caveat:

Unless otherwise stated in this Privacy Policy data relating to you will not be disclosed to any third party unless you have specifically given your consent. We will not rent or sell your personal information without your permission (other than as part of a sale of the whole or a substantial part of the assets of Cluztr).

This language makes me nervous because it appears to mean:

You own your data unless we need it as an asset to sell the company in which case we own your data.  For all intents and purposes, we own your data.

To be kind, they may mean here that your contact info (like email address) is owned by them, but your clickstream is not. If they are purchased, that contact info would be passed to a new owner.  OK, but the ownership of the clickstream should not change and, if that is their intention, they should state it.

Conclusion

Cluztr has made a good start at a user-friendly contract but then mucked it up by over reaching on rewriting the policy and on the company sale.

I wouldn’t sign up with an Attention service with such a policy.

Next up on this topic:

1. the GBX2 broadcasting user licenses
2. a better user contract (what I currently call triggered-opt-in)
3. other Attention companies and their user contracts

A lot of good stuff in this post, but I want to highlight one part. 

I posted the other day about the deprecation of the Google API.  My take: good for the Google; bad for the gaggle (i.e., the application developers).  Fun to talk about, but there are pragmatic solutions to this.  Something to be scared of?  No.

We (the users) needn’t be scared of vendor choices like this.  Why not?  Because nobody is forcing us to use these services.  As Steve says:

Who am I supposed to be scared of? Google? Nope, if the Ajax API and the terms of service around including unaltered adsense are so counter to user interest, that will precipitate a decline in usage and therefore less adoption of Google properties. Seems self-correcting to me: user votes, user wins. Why do we need saving here?

Exactly.

http://www.attentiontrust.org/

Good job guys.  A little too much Latin, but that will get sorted out. 

Looks good. 

I argued that this is simplistic — that sometimes a rollup is the best choice for a company to make. He conceded that in a weak market (and again, if you are a loser), this might be the way to go.

Interesting that Jason articulates his point purely in terms of the entrepreneur: if you are strong, you find a way to win or fail trying.

Failure is a part of being an entrepreneur, but successful companies are made up of more than just the entrepreneur(s).

What about other stakeholders? What if the options are: “fail” or “rollup”? Your employees all get jobs and maybe the investors get to let their money ride.

I think that this will always feel like losing to the entrepreneur. This will never be the grand vision he or she was working towards. But winning and losing is not so black and white.

Am I defending a loser mentality? No, I think I’m just defending pragmatism.

Disclaimer: I have never been a part of a rollup nor am I seeking one out!

In addition, Kevin puts on his 20/20 hindsight spectacles to praise himself:

In hindsight, I don’t ever think Rojo was given the credit it deserved. Feed search in particular. In fact, earlier this year when Ask/Bloglines released their feed search it was pointed out that Rojo had been doing the same thing for months.

Just kidding you, Kevin. Congratulations — I hope this acquisition is good for you.