About two months ago, I started a small project to see how SquareTags would work on virtual objects like web pages. Subsequent posts are here, here, here and here.  This post summarized what I learned.  Thanks to Phil Windley and his team for encouragement and support.

One by one, I tagged a few web pages I control with a Square Tag and defined an object in my SquareTag personal cloud as illustrated below.

I invited people to scan the tags and send me a Twitter ID or email address so I could respond. I received about 40 responses from nine states in the US, plus four other nations.  Not bad for a little blog way out on the long tail of online information.

Here are some things I learned:

Tagging virtual objects works as well as physical objects (I tagged some physical stuff, too.)

I was able to easily link information in my personal cloud to the virtual objects.  The personal cloud could potentially be a comprehensive repository for all my physical and virtual possessions.

In the cases of Facebook, About.me and Paper.li (the Discovering Identity Paper), the tags are embedded in a .jpg image, so the host site probably doesn’t even know the links exist.

Orange works just as good as black for SquareTags.  I started by using photos of the adhesive SquareTags I purchased, but then created orange tags which encoded the SquareTag URL and code for each tag.

I don’t think QR Codes are broadly used by most people.  I had to explain to several people I know what the codes were and explain what they needed to do to scan a SquareTag.

The user experience presented when someone scanned a SquareTag wasn’t optimized for this experiment.  Only one field was available, so having people uniformly offer both a contact point (Twitter ID or email address) and location didn’t always work.  Sometimes I would receive geo coordinates, but that required that a person opted in to use them.

All in all, it was an enjoyable experiment.  I think I’ll leave the tags in place for awhile, just to see if anyone else responds.  After all, I got one out of the blue yesterday.

I just finished reading an intriguing white paper, “Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores,” written by Thomas Hardjono, Dazza Greenwood, and Alex (Sandy) Pentland, all associated with MIT.  I was particularly interested to see how much detail has been built around this concept of Core Identities since Dazza Greenwood and I discussed it several years ago, while I was employed by Sun Microsystems.

The paper proposes …

At the heart of digital identities is the concept of the core identity of an individual, which inalienably belongs to that individual. The core identity serves as the root from which emerge other forms of digital derived identities (called personas) that are practically useful and are legally enforced in digital transactions.

… and goes on to explore:

potential business models for Core Identity service providers and Persona providers (specializing in personalization, privacy and preferences services for a unified user experience across many sites and systems)

The paper then ties the concept of Core Identities and Personas to the MIT Open Personal Data Store (Open PDS) initiative:

The OpenPDS is an open-source Personal Data Store (PDS) enabling the user to collect, store, and give access to their data while protecting their privacy. Users can install and operate their own PDS, or alternatively users can operate an OpenPDS instance in a hosted environment.

We use the term “dynamic” here to denote that fact that the PDS does not only contain static data but also incorporates the ability to perform computations based on policy and is user-managed or user-driven. In a sense, the OpenPDS can be considered a small and portable Trusted Compute Unit belonging to an individual.

The paper concludes by emphasizing these four concepts:

1. An infrastructure to support the establishment and use of core identities and personas is needed in order to provide equitable access to data and resources on the Internet.
2. Personas are needed which are legally bound to core identifiers belonging to the individual. We see personas as a means to achieve individual privacy through the use of derived identifiers.
3. the privacy preserving features of core identities and personas fully satisfy the data privacy requirements of Personal Data Stores as defined by the MIT OpenPDS project. The ability for an individual to own and control his or her personal data through deployment of a PDS represents a key requirement for the future of the digital commerce on Internet.
4. We believe the MIT OpenPDS design allows for a new breed of providers to emerge who will support consumer privacy, while at the same time allow the consumer to optionally partake in various data mining and exploration schemes in a privacy-preserving manner.

This sounds like OpenPDS is very much in line with the Personal Cloud concept.  Perhaps the MIT work with Core Identities, Personas and Open Personal Data Systems will help shorten the time before we can take advantage of real, working Personal Clouds. 

One of the benefits of growing old is the historical perspective offered by advancing age. I have been privileged to be an active participant as the computer industry has literally unfolded before my eyes.  

The first computer I saw demonstrated, back in 1970, was built by a hobbyist, using flip flops constructed out of discrete transistors and a numeric  Nixie tube display. The input device?  A rotary phone dial.  As an electronics hobbyist myself, I was fascinated by the blinking lights, even though the contraption really wasn’t very useful as an end user device.

Fast forward a few years … As part of my first engineering job, I built my first personal computer in 1978, predating the IBM PC by three years.  It was based on the Texas Instruments 9900 microprocessor, one of the first 16-bit microprocessors. I designed and built the color graphics display board and modified a Sony Trinitron TV to be the color monitor. I had to design and debug the circuitry, work with others to design the chassis and circuit boards and solder in all the chips.  I used an original Soroc terminal and Epson TX-80 dot matrix printer.  The computer had a rudimentary operating system and simple text editor.  I thought I was in heaven!  For a geek like me, I had both the joy of experimentation and emerging productivity for my work.

My next big step forward was getting one of the original Compaq luggable PCs - complete with two 256k 5-1/4 inch floppy drives (no hard drive). It was a great step forward in packaging, but the real benefit was the software - WordPerfect word processor and Lotus123 spreadsheet.  My productivity really accelerated.  And I didn’t have to build anything. (By the way, I still have that computer!)

Of course, the MacBook Air I use now is almost infinitely more capable than the those old relics.  We have come a long way.

What does this have to do with Personal Clouds? I somehow get the feeling we are still in the hobbyist phase.  A lot of blinking lights and personal tinkering and vision of the future, but not a lot of real utility and tangible benefits.

Don’t get me wrong – I really like the concept of personal clouds.  I like the promise of  better privacy, better personal control over my information, easier to use Identity and payments infrastructure and unifying functionality in a virtual container in the cloud. I salute those who are working to transform vision into reality.

But at this time in my life, I tend to be impatient. I want my MacBook Air when all that is available is Nixie tubes and rotary phone dials.   I’d like to see the next Apple emerge or some stodgy old IBM-like company leverage their market presence and offer Personal Cloud infrastructure that is really easy to use and really useful to old fogies like me.

Who will it be?

Now, in honor of my post about Personal Clouds - the philosophy of Frank & Ernest:

I think I inadvertently touched a nerve today.

After reading the post “Why the ‘i’ in iPhone Will Stand For ‘Identity’“, I tweeted an interesting statement from the middle of that post:

“Establishing one’s company as the de facto digital identity layer is the single biggest business opportunity” http://t.co/OGboZREiTj

Almost immediately, @windley re-tweeted my post and @dsearls responded:

@mgd … and a huge mistake, again, because identity is personal: http://t.co/Ip1VubbY8E #vrm

After reading Doc’s rebuttal to the iPhone paper, “Identity is Personal,” and his earlier post, “Identity systems, failing to communicate,” which speaks to why our current Identity systems are so abysmal, and a third post, “People will do more with Big Data than big companies can,” which predicts that personal clouds will emerge this decade as the best solution to the identity problem, I tweeted this question:

@dsearls Who do you predict will host the personal cloud(s) that will resolve our identity challenges?  #vrm #PersonalCloud

Doc’s answer:

@mgd People themselves, and/or fourth parties they choose. Read @Windley for more on this. #personalcloud #vrm

Doc is right.  Phil Windley has written some excellent posts on the subject.  Some recent ones, in chronological order:

1. Own Your Identity: Important Principles
2. Build the World You Want to Live In
3. Pot Holes and Picos
4. IMAP as the Proto Personal Cloud
5. Personal Clouds and the Future of the Web

I do like the concept of personal clouds.  I have experimented a little bit with Phil’s personal cloud infrastructure at Kynetx.  The orange SquareTag in the upper right area of this blog is an artifact of my little experiment to tag my social media places with SquareTags and connect them to my personal cloud hosted by Kynetx.

But my question still remains: What companies will emerge as the leading hosters of personal clouds?  I don’t want to host my own; I don’t think my wife, as bright as she is, would learn how to do it.

I would like my personal cloud to be hosted by a capable institution I trust. I would like Identity credentials I select from my personal cloud to be recognized by every website I choose to visit, and I would like the payment method I choose from my personal cloud to be accepted by every vendor I purchase things from.  That will require broadly accepted standards for Identity and payments and the large-scale infrastructure to make it work.

I tend to think that it will take some pretty large organizations to pull that off.

My vote for an institution to host my personal cloud?  My bank.  It already has a vault full of things that are like analog personal clouds – safe deposit boxes.  I choose what goes in my box and what comes out.  The bank can’t get it without my key.

Plus, my bank provides a whole litany of payment options. And, I tend to trust them to take are of my money. Perhaps I could trust them with my digital safe deposit box as well.  I’d even be willing to pay for it.

Will they do it?  That is another question.

The annual Verizon Data Breach Investigation Report  was recently published. The opening statement really tells the story:

Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage. But rather than a synchronized chorus making its debut on New Year’s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year. And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune. As a result—perhaps agitated by ancient Mayan doomsday predictions—a growing segment of the security community adopted an “assume you’re breached” mentality. (emphasis added)

The post I made a few minutes ago about 94% of healthcare companies suffering a breach is certainly in line with this attitude.

What is one to do?  I liked the way Verizon concluded the report.

We worked with the recently formed Consortium for Cybersecurity Action (CCA) and mapped the most common [VERIS] threat action varieties to their Critical Security Controls for Effective Cyber Defense … Most organizations should implement all 20 of the Critical Security Controls to some level.

The following diagram shows the Critical Security Controls mapped to the top VERIS Threat Actions:

Enterprises must implement comprehensive, end-to-end security.  It’s not easy, but we must do it.

The most intriguing thing to hit my desk today was the announcement of the new Mammoth service to ”save links, add notes, and selectively grab content from multiple webpages into a single, shareable, organizable document.” 

I followed a tweet from @paulmadsen and reserved my name.  You can reserve your name, too, by clicking here, or on the image below.  If you click here and reserve your name, you will be in line to use the service, and I will be one step closer to getting my account activated (I need a couple more friends to click through). We will both be one step closer to testing how to collaborate on Mammoth.  Thanks for clicking!

I do think these guys understand privacy.  See below the image for more …

I like the sound of what they say about security and privacy:

security and privacy are top of our list …

We want to make sure nothing gets leaked unless you specifically expose it to the world. So no, no social networks to login, no weird permissions to manage, no scary dreams of that weird things you like making it out into the world. Its just simple. …

Our entire business is based on your trust – why would we screw with that? To put simply, we don’t have any reason to misuse any information we collect. And we only capture data thats needed to enable a feature for you, nothing else.

Could this be a “personal cloud” that I can really use?  It has my name on it.  It sounds like it will be secure. I look forward to checking it out.  

XRI - An extensible resource identifier (abbreviated XRI) – a scheme and resolution protocol for abstract identifiers compatible with uniform resource identifiers and internationalized resource identifiers, developed by the XRI Technical Committee at OASIS. 

i-name - a human readable XRI intended to be as easy as possible for people to remember and use.

I recently received an email from Drummond Reed with his usual =drummond signature at the bottom.  It made me remember that I had once registered my own ii-name, “=mgd”.  I had never really used it, but still see it as an intriguing concept – my own, persistent identifier that aligns nicely with my Twitter handle, @mgd.  (I still regret that I didn’t register the mgd.com domain when I had a chance.)

So, now =mgd is alive and active, registered at 1id.com.  You can request contact with me by clicking on the =mgd link here or on the =mgd icon in this post or on the sidebar.

I’m still not certain how I’ll use =mgd beyond this, but Drummond told me some interesting things are on the near horizon.

By the way – clicking on my other i-name, =markdixon, will take you to my about.me page.  I’m slowly trying to weave my social media presence together.

Last week, T.Rob Wyatt authored an intriguing post, “Futurist’s Groundhog Day.” I found it by following Phil Windley‘s tweeted recommendation:

Futurist’s Groundhog Day: http://t.co/pq75vMPZsS #vrm

It wasn’t long before Doc Searls tweeted,

The best #VRM post, ever: http://t.co/IiQrMR12Ox, by @tdotrob, honored here: http://t.co/xERNWkA6Sp

I agree that the post addressed the VRM concept very well, but I particularly liked T.Rob’s description about how technology, once broadly accepted, “disappeared into the fabric of life.”

First, a historical observation:

The first electric motors were envisioned to replace steam motors within the same architecture: one big motor, lots of belts and pulleys. But what actually happened was that electric motors disappeared into the fabric of life. There’s one on my wrist as I write this. There are roughly 30 within arm’s reach of my chair. Electric motors are invisible. We don’t think of them as motors, we think of them as a watch, hard drive, CD/DVD player, printer, sprinkler valve, drill, toy, fan, vacuum cleaner, etc.

Next, a prediction:

In the near future a “smart switch” will just be a switch. A “smart” anything will just become that thing and the old version will become a “dumb thing.” The instrumentation will no longer be a novelty but will recede invisibly into the fabric of life. When steam engines were replaced by electric motors, it was hard to imagine a time when motors would fit on your wrist. It’s just as difficult today to imagine why we’d want sensors and actuators in all our devices and objects but let’s table that and stipulate that it happens.

And further observation about when sensors become ubiquitous:

In the very near future your casual behavior and activities will be trackable with the precision and detail only possible today in the confines of a lab. Every device, object or surface will potentially be a sensor. The physical constraints assumed by the current legal framework and that balanced the power of individuals against corporate and government interest are disappearing. The digital representation of you that was once a rough tile mosaic is coming into focus for vendors and government as a hi-def, crystal image.

In my lifetime, it has been great to see so much technology emerge as novelty and then become commonplace. Think pocket calculators, microwave ovens and mobile phones.  Now, the Internet of Things, including ubiquitous sensors, is emerging.  We can expect IoT to grow, become commonplace and then ”recede invisibly into the fabric of life.”

Hence, T.Rob’s challenge:

IoT is coming so embrace it.  It is inevitable and it is closer than you think.  If you start with 50 billion instrumented things (or trillions if you are ambitious) and work backward, what do we need to build to pave the road between here and there?

Exciting stuff.  Just think – every one of those billions of devices will have an identity (or identifier, depending on your point of view).  Sign me up for the journey.

Make no mistake.  I am honored when people choose to endorse me on LinkedIn.  I appreciate them taking a few moments to click the button and send a message my way that they think I have a certain positive capability.  I always try to respond in kind.

However, LinkedIn could certainly take lessons from Connect.me, or better still, use Connect.me, when it comes to vouching for and cataloging a person’s capabilities.  Here are some deficiencies in the LinkedIn approach that are much better implemented in Connect.me:

Whom have I endorsed?  On LinkedIn, I have no way to review the people I have endorsed or what capabilities I have endorsed.  I would really like to step through a list of my contacts, see which ones I have endorsed, and for what.

Who has endorsed me? On LinkedIn, there is no way I have found to review a list of my contacts and know if they have endorsed me or what they have endorsed me for.

In your face, with limited information.  I resent that each time I access LinkedIn, I am presented with a grid of four people, each with one capability, asking for me to endorse them. There are two problems here.  First, I link to endorse people as a conscious action, not upon an impulse.  Second, I should like to consider multiple endorsements of a person, rather than just the one LinkedIn suggests.  This often results in a scattered sequence of individual endorsements, rather than a cohesive set of endorsements.

Ease of use.  When LinkedIn does suggest a person to endorse, I can’t easily go to his or her profile page to do a multiple endorsement set.  I must type in his or her name to reach the profile page.

Well, there my rant.  It’s doubtful that LinkedIn will listen to me … but hopefully they will fix their reputation system just the same.