Cloud Computing | A Fool’s Wisdom

Our strategy with the ebookstore is ‘buy once, read everywhere.’ If you want to read on your iPhone, if you want to read on your BlackBerry. We want people to be able to read their books anywhere they want to read them. That’s the PC, that’s the Macintosh. It’s the iPad, it’s the iPhone. It’s the Kindle. So you have this whole multitude of devices and whatever’s most convenient for you at the moment.
JP Mangalindan, “Jeff Bezos’s mission: Compelling small publishers to think big“, CNNMoney Fortune, June 29, 2010

I also enjoyed Bezos update in the article on cloud computing and the utility model reality..

I love my Kindle 2, and what Amazon.com has done for publishing!

Here though, “read their books anywhere they want to read them”, there is a disconnect between vision and execution. The Amazon Kindle experience on the Mac has a strong unpleasant odor.

Now for the part of the Tagged.com story, I really wanted to tell. As I mentioned in “Tagged.com Spam? Phishing? Nice Guys? My Personal Story” I try to look at situations and problems from different angles.

There is a clear opportunity for online email providers and social networking sites to limit the damage of phishing and email spam by giving customers tools to regulate the flow of data.

Yesterday, before New York Attorney General Andrew Cuomo suing Tagged.com story broke, I cold emailed a member of the Gmail team:

Gmail could help web security a lot by providing:
1. Authentication (OAuth) to Gmail address book making it clear that you were not providing your Gmail passsword to a 3rd party web site.
2. Default level of access only provided names and salted hashes of email addresses from address book (possibly 3rd party web site part of salt)
3. Allow only a limited number of actual email addresses to be requested in a time period. I’m guessing ~30 would be a sweet spot.

That would seem to be one possible solution. If this is not a good solution, I think it’s important for your team to look to tackle the problem described below in another way.

EXPLANATION

[Background information described in my "Tagged.com Spam? Phishing? Nice Guys? My Personal Story"]

I’ve seen similar UI at othe web services, where everyone in your address book is selected by default. I think there is an awesome opportunity for your team to create an experience that works well for your partners and protects your customers from the type of mistake described above and more importantly from malicious sites.

Some of the problems that I think Gmail and other online email address book and social networking sites should at least take partial ownership by:

Not allowing 3rd party sites to embed login forms. They should use OAuth or a similar approach. (Even on AppEngine — train us well).
Having a really clear experience about what data you are giving access to (how pissed your friends might be), and a way to provide only limited data.
Providing salted hashes instead of email addresses, so that a person can find their friends on a 3rd party service without having to hand over the actual email addresses of their friends.

I don’t think I read the Google Chrome Operating System announcement until after I sent that email. When I did read the announcement, I thought about how empowering and freeing it will be for our computing to be in the cloud, but I also thought about problems like this one, and how many scary things can happen when you are no longer hold the container(the harddrive in your PC) for your information and data. There is a lot of design still to be done to create a safe and friendly experience.