Xoopit, Or Channels vs Trenches

I’ve been a fan of Xoopit so I guess I am a bit surprised that Yahoo! has bought it. Xoopit, for me, was the future of email. Or a part of it.

(For those of you who haven’t used it, or those who didn’t “get” it, Xoopit is a plugin for Gmail—for others, too, but Gmail is the best working one—which extends Gmail’s functionlity: better search for attachments, dovetailing with Facebook so you can see who you’re talking to on Gmail etc.)

Xoopit, for me, was/is a way to push email beyond being one channel of communication to being part of a single channel of communication. In other words, I believe it will make no sense to future generations that we have different applications for communicating with people.

Right now we have SMS, phone, email, Facebook, LinkedIn, twitter, face time, and then within those we may have several accounts, depending on whether we’re at work etc etc… This does not make sense.

Some of us would argue that it makes sense if we want to keep our work friends in LinkedIn, and our family friends on Facebook. Yes, but those shouldn’t have to be product choices, surely?

We didn’t use separate postal services to communicate with different kinds of people we knew, or different phones for different kinds of friends? (Well, OK, we may have kept a work phone and a personal phone, but I don’t see many people doing that these days.)

What we are really looking for is a way to organize our increasingly complex social, work and family lives into a coherent web that allows us to control how we communicate with them—not dictated by service, device, product, but by our preferences.

For example, I want to communicate with friend A via SMS because that suits me (and her). I should be able to send that SMS through pretty much any device I want—phone, voice, computer (email, twitter, Facebook etc), TV, pigeon, whatever. It shouldn’t matter to me.

Similarly, the method and format that Friend A receives the message in should be her choice. It shouldn’t be an issue that I sent it as an SMS. She should be able to receive however, and wherever she wishes—guided by whatever factor is important to her (priority—’let everything from Jeremy through’—or cost—‘don’t send me anything by SMS because I’m on roaming, but data is free’ or device—“I’m only carrying my no-data cellphone so route all important communications thro via SMS”.)

Right now this is only a dream, for the most part. Why? Because we’re still stuck in a world of platforms, packages and a lack of understanding of why and how people communicate.

We don’t love twitter because it’s twitter. We love it because it opens all sorts of new doors for sharing information and experiences. And because it’s an open platform, which means we can control how we send and receive.

But we’re still some way off.

Some way off a world where I decide who I communicate with and how I communicate with them, instead of being nudged into one or another walled garden. I may want to talk to Friend A about their holiday on Facebook, but about the new project we’re working on via Gmail. I should be able to do that however I want, and from the same place, and she should be able to decide how she receives and reponds to those emails.

Right now we’re stuck in these trenches dug for us by the creators of the services.

A truly open system will be one where we control these channels.

Xoopit was just a small step, but it had potential. Being able to see whether someone I was talking to on email had a Facebook account—and, if they did, being able to see their profile picture—was great for me, as I communicate often with people I’ve not met, and who often have first names that aren’t always gender specific. Always good to know.

Imagine if that service extended to LinkedIn, twitter and others. Gmail would become a console that would enable me to manage and extend my networks more efficiently than occasional trawling through the network services pages themselves.

And finding attachments? Sounds trivial but it made finding stuff easy, and turned Gmail into an online repository of files I could—relatively—easily share and pass on to others.

Small shifts, but in the right direction.

The chatter on TechCrunch is that Google didn’t buy because it’s launching Wave.

Maybe true, but great though Wave sounds it doesn’t, I think, move us in the direction of open channels. Instead, it sounds a lot like Google wasn’t interested in Xoopit because it was taking Gmail in the wrong direction—into the world of open channels—when Wave is designed to keep us in the trenches.

Making Networks Do the Work

I don’t get overly excited about plug-ins but I think Xoopit may have shifted us into a new gear.

As part of a course I teach on journalist tools I do a demo of Gmail. I talk about it being the new desktop. But I’m only showing the bare bones of the thing: labels, filters, colors, stars.

For a lot of them, that’s an eye-opener in itself.

But it’s once you start talking about gadgets where you can access your calendar, your documents, your chat, then it really makes sense.

All good, but not really anything different to Outlook. Just lighter and accessible from anywhere.

But the arrival of an updated version of the plugin Xoopit, I think, really pitches webmail, well Gmail, into a new zone.

It has some basic stuff which is kinda useful. At the top is a row of picture attachments from recent emails:

image

Not that useful for me, but useful.

There are also links to videos and files: click on one and it takes you to a full listing of attachments, listable by type, date received, etc. You can even search by sender: 

image

But still that’s not what impressed me, and convinced me we’re on the threshold of something brand new.

Read an email thread and Xoopit will pluck out those people involved in the conversation. It will display them on the right hand side of the thread. Not only that; it will try to grab their Facebook profile and image—even if you’re not connected to them on Facebook:

 image

At a stroke I can now see who I’m talking to (in this case avoiding the catastrophe of misidentifying a woman as a man) and also see who we have in common:

image

To me this raises all sorts of possibilities. Suddenly my networks are beginning to talk to each other, to mine each other for data and work to close the gaps in them. I’m suddenly much better informed about the people I’m dealing with, without having to do lots of legwork.

Of course, this would be better if it was also searching LinkedIn (or maybe instead searching LinkedIn, in that I’d rather connect that way to a professional contact first.)

But it’s still the first time I’ve seen leveraging like this done in such a simple and unobtrusive way. It fits into my way of working rather than a lot of these network leveragers I’ve seen, which add to the clutter or try to automate things which should  be manual.

More on that anon.

For now, congratulations Xoopit. I count this as the first step in a bright dawn of social networks and contact lists working for me rather than the other way around.

And I think it’s further proof that Gmail—or Yahoo! Mail, or any of the rich featured webmail offerings—are actually a workplace in themselves, around which can be built all sorts of useful tools mining our other networks.

Why You Should Pay for Your Email

image

Screenshot from Search Engine Journal.

(update Dec 2011: Aliencamel is now more, unfortunately, and Fastmail has been sold to Opera.)

Using free email accounts like Gmail is commonplace, but not without risk. As Loren Baker, an editor at SearchEngine Journal, found to his cost, when Google disabled his account without warning. (At the time of writing there’s no explanation why his account was suspended, nor whether it had been resolved.)

The comments are supportive, but also point out the dangers of relying on a free service for business. This point, in particular, struck home; when it’s “free”, we’re not really the customers, except insofaras we’re the recipient of ads:

[such services] see the money coming from the investors rather than the users. Without monetary payment they are not even “customers”.

So what are the alternatives? Well, hosted email makes a lot of sense. If you’ve got your own domain, better to use that. But there’s also paid email services which, until Gmail came along, were where the smart users usually went.

So I asked a couple of them, AlienCamel and Fastmail, to give me five reasons why paid email services are better than free. Here’s what they had to say:

Here are Sydney Low’s of AlienCamel:

  1. No ads, no robots crawling through personal stuff
  2. Email infrastructure is expensive, you get what you pay for
  3. We backup your emails in US and in Europe
  4. Our spam blocking technology – pending email advisory – is patented and unique
  5. We’re limiting our growth to 2500 accounts – so it’ll always be fast and good

As a follow-up I asked him to elaborate on the last point: the logical thing would be that a larger provider would provide better support. His response:

Syd: scaling email backend is not linear – to go from about 3000 accounts and have the features and backup/redundancy, we would have to build a platform that would go to 10-20,000 accounts as a fixed cost business, we would need to not only spend $ on the infrastructure, we would have to spend $$$ on marketing to get the customers to pay for that infrastructure so, the business grows in complexity, cost, and we lose the closeness to the customer.

Jeremy: so a ’boutique’ email service is probably a better bet, in your view, than a mega one?

Syd: I believe so.

Here’s what Jeremy Howard of Fastmail had to say (abbreviated for space and fairness). Fastmail has been in the business a while, and is the provider of choice for those groups like Falun Gong who fear hacking by nefarious agents of the enemy (Chinese government, cough): 

  1. Support. FastMail has help for for pre-sales/configuration help and ongoing help
  2. Specialization. Free accounts are all about maximising ad revenue, not maximising your productivity
  3. Archival and compliance: FastMail provides 2 levels of archival – journalling of all of a business’s sent/received mail to a separate (searchable) archive mailbox, and on-line per-folder backups which can be used to restore a complete folder on demand. Also: searchable, complete, unmodifiable journal of all sent and received email for compliance.
  4. Supervision and control of staff’s use of business email, for security, policy-enforcement, and training purposes.
  5. Reliability.  Every email on FastMail’s systems has five levels of redundancy – Redundent HDD storage (i.e. RAID) on both a primary and real-time replica system, plus a complete on-line backup (accessible at a per-folder level).

It’s interesting stuff. It also highlights how we are perhaps being a bit too cavalier with the most important part of our lives—email has crossed the line between private and business, so many of us use our email accounts for both (Palin, cough.) Given that, we need to think hard about how we use that email, and whether free email is a false economy.

Why Social Network Sites May Fail

Look at a social networking site lie Yaari and you can see where the social networking phenomenon may fail, simply by abusing the trust of its users.

Sites like LinkedIn, Plaxo etc rely on expanding quickly by offering a useful service: trawling your address book to find friends and contacts who use the same service. We’ve gotten used to this, and it’s a great way to build a network quickly if you sign up for a new service.

But any service that uses this needs to stress privacy, and put control in the hands of users. Plaxo learned this a few years back. Spam a user’s contact list without them realising and you invite a firestorm of opprobrium on your head.

But surprisingly some services still do it. And in so doing they risk alienating users from what makes Web 2.0 tick: the easy meshing of networks—your address book, your Facebook buddies, your LinkedIn network—to make online useful.

Take Yaari, a network built by two Stanford grads which has for the past two years abused the basic tenets of privacy in an effort to build scale.

What happens is this.

You’ll receive an email from a contact:

 image

It’s an invitation from a “friend” which

  • gives you no way to check out the site without signing up. The only two links (apart from an abuse reporting email address at the bottom) take you to the signup page.
  • neither link allows you to check out your “friend”  and his details before you sign up.

If you do go to the sign up page you’ll be asked to give your name and email address:

image

Below the email address is the reassuring message:

Your email is private and will stay that way.

But scroll down to below the create my account button and you’ll see this:

By registering for Yaari and agreeing to the Terms of Use, you authorize Yaari to send an email notification to all the contacts listed in the address book of the email address you provide during registration. The email will notify your friends that you have registered for Yaari and will encourage them to register for the site. Yaari will never store your email password or login to your email account without your consent. If you do not want Yaari to send an email notification to your email contacts, do not register for Yaari.

In short, by signing up for Yaari you’ve committed yourself, and all the people in your address book, to receiving spam from Yaari that appears to come from your email address. (Here’s the bit from the terms: “Invitation emails will be sent on member’s behalf, with the ‘from’ address set as member’s email address.”)

You should also expect to receive further spam from Yaari, according to the terms:

MEMBERS CONSENT TO RECEIVE COMMERCIAL E-MAIL MESSAGES FROM YAARI, AND ACKNOWLEDGE AND AGREE THAT THEIR EMAIL ADDRESSES AND OTHER PERSONAL INFORMATION MAY BE USED BY YAARI FOR THE PURPOSE OF INITIATING COMMERCIAL E-MAIL MESSAGES.

In other words, anyone signing up for Yaari is commiting both themselves and everyone else in their address book to receiving at least one item of spam from the company. Users complain that Yaari doesn’t stop at one email; it bombards address books with follow-up emails continually.

Needless to say, all this is pretty appalling. But what’s more surprising is that Yaari has been doing this for a while. I’ve trawled complaints from as far back as 2006. This despite the company being U.S.-based. I’m surprised the FTC hasn’t taken an interest.

So who’s behind the site? This article lists two U.S.-born Indians, Prerna Gupta and Parag Chordia, and quotes Gupta as saying, back in 2006, that to preserve the integrity of the network access is restricted to the right kind of Indian youth. I’m not young, I’m not Indian, and I’m probably not the right kind, so clearly that goal has been abandoned.

Here are some more details of the two founders.

Gupta, who is 26, is an economics major who graduated in 2005, was working for a venture capital firm in Silicon Valley called Summit Partners until 2005. Her facebook profile is here; her LinkedIn profile is here. According to this website she once won the Ms Asia Oklahoma pageant (her hometown is listed as Shawnee in Oklahoma, although she lives in Atlanta.

Chordia, chief technology officer at Yaari, has a PhD in computer music, and is currently assistant professor at the Georgia Institute of Technology, according to his LinkedIn profile. His facebook profile is here.

There’s a video of them here. An interview with Gupta last year indicates that they’re going hell for leather for size:

We are focused on growing our user base and becoming India’s largest social networking site within the next two years. Our goal for the next year is to become one of India’s Top 10 Internet destinations.

What’s interesting is that nearly every site that mentions Yaari and allows comments contains sometimes angry complaints from users. In that sense Web 2.0 is very effective in getting the word out. Unfortunately if Yaari and its founders continue to commit such egregious abuses of privacy, we can’t be sure many people will trust such websites long enough for the power of networking sites to be properly realised.

(I’ve sought comment from Gupta, which I’ll include in this post when received.)

When Technology Lets Us Down

image

(from tcbuzz’s flickr collection)

Two recent events from the UK underlined how dangerous our dependence on technology can be.

The soccer UEFA Cup final in Manchester was overshadowed by riots when one of the massive screens installed in the city for fans who didn’t have tickets broke down.

And more recently, the inquest into the death of a former BBC editor found that she committed suicide after failing to find support among her colleagues. Her line manager, the inquest heard, tried to find her counselling:

However, her manager sent an email to the wrong address and his request was never acted on.

Technology is passive, and doesn’t take into account the implications of failure. In the first case the technology either didn’t work, or those setting it up didn’t know how to work (or fix) it. In the second case, the error was more obviously human: the sender of an email did not enter the correct address, or did not enter the address correctly.

This is more about our failure to anticipate failure in technology, and our blind dependence on it working.

Obviously, it would have been smart of the organizers in Manchester to have had a back-up plan in place for an eventuality like a screen breaking down. And the line manager’s apparent failure to see whether the email arrived at its destination or even to have picked up a phone and tried to reach the counsellor directly.

But perhaps there are ways for technology to further help us by providing a layer of redundancy? In the case of the screen, could there be some sort of diagnostics test which would alert the technicians that something was amiss, or about to be amiss?

And, in the case of email, the answer is perhaps simpler. There are tools out there to determine whether an email has arrived safely and been opened. The one I use is MessageTag, which will inform me whether an email I have tagged with the service has been opened. (The advanced service will give me a list of emails I have tagged and show me which ones have been opened, and which havent–a very useful checklist to show me which emails I need to follow up on.)

(There are privacy implications with services like MessageTag/MSGTAG, which I’ve gone into before. But sparing use of the service, I believe, is acceptable, so long as you give recipients the option of opting out of future tagging. Other people use the receipt acknowledgement option in Microsoft Outlook and some other email programs.)

We perhaps need to be reminded that technology, as it stands, won’t save us from ourselves.

Whaling in Singapore?

Singapore appears to be the source of a virus cleverly designed to hoodwink U.S. executives by appearing to be an emailed subpoena which mentions them by name, as well as their title.

The SANS Storm Center said three days ago that

We’ve gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case. It then asks them to click a link and download the case history and associated information.

One problem, it’s total bogus. It’s a “click-the-link-for-malware” typical spammer stunt. So, first and foremost, don’t click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his e-mail directly. It’s very highly targeted that way.

The report says that the server that the trojan reports back to is “hard-coded to an ISP in Singapore at this time,” from where, according to Ars Technica, it “steals copies of any security certificates installed on the system.”

(This, by the way, is calling whaling, since it is like phishing but is more targeted, and going for bigger phish, so to speak.)

The Inquirer says that the web servers delivering the emails are based in China, and, in language too loose to take seriously, “the cyber ruffians who later nefariously take control of the victims’ computers, based in Singapore.”

There’s no evidence the “cyber ruffians” are based in Singapore, as far as I can work out. The only possible connection could be the English and errors in the emails, which, John Markoff of the NYT reports, “led several researchers to believe that the attackers were not familiar with the United States court system and that the group might be based in a place that used a British variant of English, such as Hong Kong.”

That said, just because an ISP may have been compromised doesn’t mean that those involved are physically located in Singapore. Indeed, it would seem very unlikely they are; if they’re smart enough to launch an attack like this, you’d have to bet against them being anywhere near the ‘command and control’ center itself.

Still, it’s unsettling that an ISP may have been compromised. So far we don’t know much more, though I’ve put in requests for more information. (The source of the information about Singapore appears to have come from someone at Verisign, whose Asian PR address bounces. So don’t expect something anytime soon.)

Filtering Communications So They Don’t Drive Us Mad

A dear friend was supposed to drop something off around 11 pm last night. I turn in around that time, so I just nodded off. Luckily I didn’t hear her SMS come in around 1 am. But I could have. I consider the phone the primary communications device–if someone has an emergency, that’s how they’re going to reach me–and so you can’t really close it off. But how do you filter out stuff like my ditzy friend SMS-ing me at 1 am to tell me that after all she’s not going to drop something off?

In short, how can we set up filters on our communications channels so they don’t drive us mad?

One is not to give out your phone number. I keep a second prepaid phone around and I give that number, and that number only, to people I do business with. That phone gets turned off on weekends and evenings. I often don’t answer a cellphone call if I don’t recognise the number; if it’s important enough, I figure they’ll SMS me first, or else they’ll already be on my contact list.

Another is to confine and contain online. I don’t accept contacts on Facebook unless I’ve met them in person (and like them.) Everyone else I point to LinkedIn. I’ve noticed a lot of people are now following me (and everyone else, it seems; I’m not special) on Twitter so I’ve scaled that back to ‘public’ observations.

Indeed, Web 2.0 hasn’t quite resolved this issue: We’ve been campaigning to bring down those walled gardens, but we’ve failed to understand that garden walls (ok, fences) make good neighbors.

Email is still a burden: I’m still getting a ton of stuff I didn’t ask for, including press releases from UPS, just because I once complained to them about something, and stuff from a PR agency touting posts on a client’s blog (that’s pretty lame, I reckon. What would one call that? “My-Client-Just-Blogged Spam”?)

One way I’ve tried to limit incoming stuff is through a page dedicated to PR professionals. I then point anyone interested in pitching to me to that page. I’m amazed by how few people who bother to read it, but I’m also amazed at how good the pitches are by those that do. (And of course, I then feel bad that I don’t use their painstakingly presented material.)

I like this from Max Barry, author of Jennifer Government, who gives out his email address but says If you put the word “duck” in your subject (e.g. “[duck] Why you’re an idiot”), it’s less likely to be accidentally junked. What a great idea.

Then there’s simple things that help to keep the noise level down: Subscribe to twitter on clients like Google Talk and you can turn it on and off just by typing, well, on or off. (You can also turn on and off individuals, so if scoble is getting a bit too much for you, just type ‘off scoble’. I’ve always wanted to be able to do that.)

I’d like to see more and better filtering so we don’t have to succumb to the babble.

Stuff I’d like to see:

  • Phones that change ringtone or volume after a certain time unless they’re from some key numbers.
  • SMS autoreturns, that say “The person you sent this message to is asleep. If you need to wake him/her, please enter this code and resend. Be aware that if the message is not urgent or an offer of money/fame/sexual favors you may face disembowelment by the recipient.”
  • Oh, and while I’m at it, the ability to opt out of Facebook threads if they lose your interest.

And, finally, a way to turn down friends and contacts from my communication channels without them knowing. A great service, in my view, would be one that appeared to authorise their requests to be your buddies, but didn’t. Call it faux-thorising.

Backed Up? Or Cracked Up?

image

There’s quite a commotion online about a program called g-archiver that promises to back up your Gmail account, but in the process apparently harvests all users’ Gmail usernames and passwords, and mails them to a separate Gmail account.

This is indeed scary, although it’s possible that the person behind it wasn’t collecting the passwords for nefarious purposes. But it highlights some important issues that we tend to overlook in this Web 2.0, mashup age:

  • Your online email account is more vulnerable than an offline one (by which I mean, storing your old emails online, rather than downloading them to your computer and deleting the online copy.) In this sense, POP is good, IMAP and webmail bad.
  • If you give your username and password to third parties, i.e., those who access your account on your behalf, you need to be more rather than less careful than with the original service. For example, services like Plaxo allow you to access your other accounts but will inevitably require you to enter your username and password, which will be stored on their server.

On top of that, it’s intriguing to take a look at how legitimate this one program appears, and how little those websites helping in its distribution have vetted it. I found copies at Download.com (owned by CNET), despite a commenter pointing out it steals passwords, Shareware Junkies, BrotherSoft, Softpedia, ZDNet, Download3000, FreedownloadsCenter, the excellently named Safe Install and Filedudes.

Just out of interest, G-Archiver is apparently the work of a company called MateMedia, which registered the website hosting the software. An interview with the company’s president, Russ Mate, is here.

A message on the original blog post purporting to be from Mr. Mate says “MateMedia is a legitimate company and we are absolutely horrified that this has occurred”, and will be notifying any download sites hosting the software to “remove it immediately.”

That clearly hasn’t happened yet, but neither has the company removed it from its own website, at the time of writing. (Seeing the software alongside tools like FriendTools, which automates adding friends and comments for MySpace spammers, or TubeAdder, which does the same thing on YouTube, might give a prospective user pause for thought.)

My rules of thumb:

  • Never download software without visiting the author’s original site, and finding out who produced it. This applies to Facebook apps as well. (In G-Archiver’s case, there is no contact page.)
  • Think hard before you give your email password to any service, however legitimate. It’s not so much about losing your email password but about all the other passwords and personal data that a bad guy could access inside your email account.

As Web 2.0 involves more and more cross-pollination of information, so we need to be smarter about who we give our passwords to, and what information we store behind those passwords, both in email and in social networking accounts.

Bye Bye, Laptop?

image

The day seems to be getting closer when we can do something that would seem to be pretty obvious: access our pocket-sized smartphone via a bigger screen, keyboard and a mouse. Celio Corp says it’s close.

Celio Corp have two products: their Mobile Companion (pictured above), a laptop like thing that includes an 8″ display, a full function keyboard, and a touchpad mouse. At 1 x 6 x 9 inches and weighing 2 lbs, the Mobile Companion promises over 8 hours of battery life and boots instantly. After loading a driver on your smartphone you can then access it via a USB cable or Bluetooth. (You can also charge the smartphone via the same USB connection.)

Uses? Well, you can say goodbye to coach cramp, where you’re unable to use a normal laptop. You can input data more easily than you might if you just had your smartphone with you. And, of course, you don’t need to bring your laptop.

The second product might be even better. The Smartphone Interface System is, from what I can work out, a small Bluetooth device that connects your smartphone, not to the Mobile Companion, but to a desktop computer, public display or a conference room projector  — these devices connect via a cable to the Interface, like this:

image

The important bit about both products is that the Redfly software renders the smartphone data so it fits on the new display (this will be quite tricky, and, because it will carried via Bluetooth, would need quite a bit of compression. The maximum size of the output display is VGA, i.e. 800 x 480, so don’t expect stunning visuals, but it’ll be better than having all your colleagues crowding around your smartphone.)

The bad news? Redfly isn’t launched yet, and will for the time being be available only for Windows Mobile Devices. Oh, and according to UberGizmo, it will cost $500. The other thing is that you shouldn’t confuse “full function keyboard” with “full size keyboard”: this vidcap from PodTech.net gives you an idea of the actual size of the thing:

image

this is the keyboard size relative to Celio CEO Kirt Bailey’s digits:

image

Until I try the thing out and feel sure that the keyboard doesn’t make the same compromises as the Eee PC, I’d rather use my Stowaway keyboard.

For those of you looking for software to view your mobile device on your desktop computer, you might want to check out My Mobiler. It’s free software that purports to do exactly that for Windows Mobile users.