The last couple weeks have seen me make some pretty amazing progress with the new version of Geon. I’ve settled on a name for the service, managed to get a 4 letter TLD to host it under and the Silverlight client has seen a massive redesign that drove a complete rework of the underlying API. It’s been quite a learning experience and I’ve encountered quite a few problems along the way that have served to give me some insight into the issues that the big guys probably had when they were first starting out. Whilst the system currently only has a user of one (well 3, the Anonymous user, myself and a friend’s identity I stole to test out some features) I still got to thinking about the authenticity of my data and how I was going to manage that.
I first encountered this when I was coding up the login system for Geon. Originally it was based around the built in Windows Communication Framework Authentication Servicewhich, whilst being a down right pain to get working initially, provided all the necessary security for my web application without me having to think about how it got the job done. Unfortunately though this wouldn’t work too well when I moved away from the .NET platform, namely to either Android or the iPhone, as they don’t have any libraries that support this. So as part of my complete client redesign I thought it best to not rely on anything that I couldn’t use on my other platforms and that meant building the Silverlight client as if it was a mobile phone.
In all seriousness I would’ve been completely lost if I hadn’t stumbled upon Tim Greenfield’s blog, specifically this postwhich outlined the core ideas for implementing a secure login system that uses RIA services. After doing some rough designs and mulling the idea in my head for a couple weeks I got a working implementation of it a couple weeks ago, allowing a user to login without having to rely on the built in Microsoft frameworks. Initially everything was looking good and I went ahead coding up the other parts of the application thinking that my bare bones implementation would suffice for the use cases I had in mind.
However after a while I began to think about how easy it would have been to a nefarious (or just plain curious) user to be able to wreck untold havok on my system. You see the login function needed 4 parameters: the user name, password, IP address and whether or not this session should be remembered next time the user visits the page. The IP address was for security as if someone manages to get your session ID they could theoretically use that to hijack your session and do all sorts of mean things with your account. In my implementation the IP address was passed up as part of the request which meant that anyone looking to perform a session hijack would simply have to pass up the valid IP for that session and I’d be none the wiser. Realising that it would be an issue I implemented server side IP detection which would make it quite a lot harder to get the magic combination session ID and IP address correct, making my service just that more secure.
This got me thinking about the authenticity of the data which I was going to be collecting from my users. I’m not putting any limitations on where people can post but I’m going to be flagging people as “out of area” when they’re posting or responding to something that’s not near their current location. However since I want to make the API open I have to make the co-ordinates part of the update request which will unfortunately open it up to the possibility of people faking their location. Not that there would be a whole lot to gain from doing so but if my feed reader has taught me anything recently its that the geo-social networking space is constantly grappling with this issue and there’s really no good solution for it.
There seems to be two schools of thought on the idea of data authenticity when it comes to the location space. The Foursquare approach is one of mostly indifference as whilst they have a cheater code to deal with people trying to get that elusive mayor title they seem to have no problem with those who check-in where their friends are or if you create a fake venuefor others to check in to. I’m not surprised at their reaction as both of those kinds of behaviour mean people are using their service and are finding new, inventive ways of using it which could potentially translate into new features for their service. The second is of strict “no fakery here” policy that Gowalla has taken with their 6 commandmentsof their API. Whilst they’re still opening themselves open to abuse the no tolerance policy on it suggests that they value data integrity much higher than Foursquare. Clamping down on fake check-ins would mean that their data is more reliable and thus more valuable than Foursquare’s but that comes down to what you’re using it for, or who you’re selling it to.
Personally I’m in favour of the Gowalla route but only because there’s little value in faking location data in my application. Sure there are potential scenarios where it might be useful but since I’m not placing any restrictions (only identifying out of area people) I can’t really see why anyone would want to do it. That might change when I put in the social game mechanics in and I actually get some users on the service but that’s a bridge I’ll cross when I come to it. Right now the most important thing is trying to get it out the damn door.
I’m hoping that will be soon as once I get the core in I get to buy a Macbook Pro to code on, yay! 😀
If there’s one trendthat I’ve noticed about any of the successful Internet businesses of the past decade or so is that they tend to be platforms on which others can build their business. Sure there are many highly successful companies that operate in a closed fashion but the trend towards a more open web is undeniable. Nearly every successful Internet based company allows some form of interoperability with the wider world allowing anyone to leverage the platform for their own purposes. Thus today for any fledgling start up the choice on whether or not to open up your service for others to use has already been made for you, but that doesn’t necessarily mean its a bad thing.
There are many great examples of companies as a platform dating back to the early days after the dot com bust. One of the examples that sticks in my mind is eBay which started out as a simple way for anyone to sell their unwanted goods online. Quickly though people realised that eBay was in essence a cheap online shop front, much cheaper than many of the alternatives available at the time. This quickly snowballed and many niche businesses found their home on eBay using the brand to get exposure and the platform to grow a business that wouldn’t have been possible before.
The examples flow thick and fast for nearly all of the current Internet giants. Facebook has shown that whilst its core of replicating your friendship online remains it’s now a gaming platform and promotion network. Twitter owes quite a lot of success to its wide open API which has generated hundreds of quality applications, drove adoption of the service and makes it the de facto target for any Internet mash-up (even Geon!). So why does being an open platform do so much for driving adoption of a service?
Primarily it appears to be due to the amount of free development that one can receive by making their services available to developers. Twitter for the longest time didn’t have an official mobile application, arguably the killer app for something that’s based around short frequent updates. Still that didn’t mean there were a lack of clients available for it like Echofon, Tweetdeck and Brizzly. Opening up their API meant that they could focus more on improving the service and developing new ideas rather than having to spend additional resources bringing their platform to where it was needed. This forms a positive feedback loop that enables the underlying platform to improve whilst ensuring that it still remains relevant to its users.
Of course this all relies on the idea that your service provides something of value to your users. For a lot of companies the services that they provide start out closed off in order to ensure that it functions as expected. Early on development time is at a premium and the additional resources required to ensure the platform is stable can outweigh the potential benefits of doing so. However once a critical mass of users is crossed it makes sense to open it up in order to drive adoption. A great example of this is Gowalla who only recently released a full API after being available for about 2 years.
For someone like myself who is seeking Internet fame and stardom the idea of being a platform underpins many of the decisions I make when developing a service. You see whilst I may think I know what people might want there are so many things that I just don’t think of when I’m elbow deep in my code. In fact about half of the features in the current version of Geon have come just from talking the idea over with my friends and people who’ve been in the business for some time. Keeping my service open means that should an enterprising user find something lacking they’re able to build it hopefully bringing more users to my service and giving them a little Internet e-cred.
Does this mean that every service that isn’t a platform is doomed to failure? Absolutely not. There are many things where an open API simply isn’t required like if the company themselves provides products that cater to their user’s needs succintly. Still the writing is on the wall for those who build things on the Internet and the more open your application is the more likely it will be picked up by the wider world. Google VP Andy Rubin said it best with the words “Open usually wins” and the recent decade of the Internet seems to agree with him.
I’d like to think of myself as knowing a bit about the geo space and how it can be used as a basis for new applications or how it can augment existing ones. I’ve been elbow deep in developing such an application for over 6 months now and I’ve spent the last couple months checking out every service that could possibly be considered a competitor to me (there’s not many, if you’re wondering). Because of this I’ve started to notice a couple trends with up and coming web applications and it seems that the social networking world is going ballistic for any service that incorporates the idea of “check ins” at any location around the world. After spending some time with these applications (even ones that are still in private beta) I can’t seem to get a hold of why they’re so popular. Then again I didn’t get Facebook for a long time either.
The basic idea that powers almost all of these applications is that you use your phone to determine your location. Based on that the application will then present you with a list of places which you can “check-in” to. If your friends on the application they’ll get a notification that you’ve checked in there, presumably to get them to comment on it or to help you arrange with getting people together. It’s a decent trade off between privacy and letting people know your location as you control when and where the application checks in and most of them allow you to share the updates with only your friends (or no one at all). The hook for most of the services seems to be the addition of some kind of game element to it, with many of them adding in achievements and points. For someone like me it falls into the “potentially useful” category, although my experience with them has led me to think that saying “potentially” was probably being kind.
The services themselves seem to be doing quite well, with Foursquare and Gowalla both managing to wrangle deals with companies to reward users of their applications. In fact it seems that check-in based services are the latest darling child for venture capitalists, which funding flowing thick and fast for any and all services that implement this idea. For the most part I’d attribute most of their success with their ability to hook into Facebook through Connect, as building a user base from scratch for a social networking based site is nigh impossible lest you tangle yourself up with Zuckerberg’s love child. It also helps improves user trust in the application, although that benefit is on shaky ground as of late.
Still though the value they provide seems to be rather limited. After hearing that a couple of my tech inclined friends had ventured onto Foursquare (and I got bored of reading about them every day on my RSS reader) I decided to download their iPhone app and give it ago. The integration between other social networking services was quite good and it instantly picked up a couple people I didn’t know where using Foursquare. Playing around with it I began checking in to various places, accumulating points and my first badge. Still I didn’t feel like I really got anything out of using the application, apart from some virtual points which don’t appear to be worth anything to anyone (although the same could be said of Xbox GamerScore and PSN Levels). This hasn’t stopped Foursquare from reaching over 1 million users in just over a year which is quite impressive when compared to the current giants (Twitter took twice as long to reach a similar milestone).
It’s no secret that I’ve shied away from calling Geon a social networking application, despite the obvious social implications it has. Primarily this is because I don’t want to be lumped in as yet another social app but more and more I find myself needing to incorporate such features into the application, as that’s what people are coming to expect. There’s also the point that many of the ideas make a lot of sense when translated properly into my application. Two recent suggestions were a kind of rework of the Twitter trending topics and the other being the ability to follow people and locations. The first wouldn’t exactly be considered a social networking feature but the latter is pretty much the bread and butter of many social networking services. Still I don’t think people will be looking for check-ins in up and coming social apps, even after Facebook introduces their Foursquare killing service.
It’s true though that although I might not get it that doesn’t matter when so many others do. For as long as I develop Geon I’ll be keeping an eye on these services to see how they evolve as their user base grows, mostly to see if there’s anything I should be doing that I’m not already. It’s going to be interesting to see how this all changes when Facebook finally unveils its location based service to the world and you never know, I might have the penny drop moment that so many people seem to be having about check-ins.
Until then however my Foursquare app will be little more than an interesting talking point to bring up amongst friends.