Blog:
Login, profiles and authentication: JanRain, the Journalism Accelerator and you
Transparency around how we are tackling technology, building community and enabling connection is a core value of the Journalism Accelerator. Our intention is to clarify the thinking behind the JA’s authentication process, so you can feel informed in your decision to participate on the site. And be comfortable knowing what information you are sharing with the JA when you join the community. When you join the Journalism Accelerator community, we ask you to share who you are. Some members have asked about our thinking behind that. We believe how you technically connect to this website affects how you connect as a person to the living, breathing community the site gathers and reflects. We asked our technology advisor Jeff Lennan to tell you more about the login system we use and why.
Connection and Conversation
The Journalism Accelerator aspires to connect people and promote conversation around questions and resources to enrich the new media news ecology. In addition to running technology for the JA, I’m a community organizer. In that role I also aim to create new connections and conversations, while working through the opportunities and challenges of bringing people together.
I think in terms of people working together, in their mutual self-interest, often in new and unexpected ways.
As a technologist, I know that systems and networks help make this possible. We now have opportunities and capabilities for this that simply did not exist only a few years ago. Platforms, tools and devices have restructured and redefined communication, community and commerce.
It is clear that the Internet age has changed everything, including how we think about who we are and what we want. One important way that people shape and experience this is with their online identity. From a teenager agonizing over his relationship status on his Facebook profile to a job-seeker revising, then re-revising her LinkedIn profile, the Internet is a real-time identity workshop.
For those who choose to interact and connect on the web, the profile(s) we create are how we reference ourselves. Our online identity defines who we are in terms of what we do, what we say and who and what we are connected to. While many choose a pseudonym as their profile, rather than their “real name,” that profile is still attached to what that person says, does, and IS on the web. It is this association that provides authenticity, which enables relationships, conversation and connection.
Making the Journalism Accelerator Useful
The primary goals of the Journalism Accelerator are to deepen connection, conversation, network confluence and collaboration.
The Journalism Accelerator’s sign-on system achieves these goals, based on three key assumptions:
- You work to shape at least one profile on the web that you believe best represents you and is optimized to achieve your objectives. Most people have or can easily create one on a current major social platform (Google, LinkedIn, Twitter or Facebook), and find it convenient to choose one to connect and participate here.
- Connecting in a way that allows others to learn who you are and get to know you through your conversations, work, products and expertise is a useful way to expand your network, broaden your knowledge and fuel experimentation.
- The process is easy (just one click), because simple is good. Busy people avoid creating new accounts, retrieving passwords or answering security questions.
This last assumption, simple matters, may just be the most important reason of all. We believe the best technology is the technology that works and doesn’t get in your way.
So far, our system of connecting people through their “real identities” is succeeding. New people joining, returning site visitors, comments, and JA community members choosing to share additional background such as their websites, a brief bio, and expertise areas in their profiles, have all increased dramatically with the ability for you to participate in the JA using your preferred web profile.
JanRain and the Journalism Accelerator
The Journalism Accelerator uses JanRain Social Login. This is how the Journalism Accelerator is able to use one of your existing web profiles on Google, Facebook, Twitter or LinkedIn.
This system provides a number of important benefits for you:
- Security: We believe that the major identity providers like Google, Facebook, Twitter and LinkedIn are better suited than we are for managing (and protecting) your identity on the web. When you connect to the Journalism Accelerator, you do so on the secure servers of those platforms.
- Ease of use: Your initial connection only requires one click, and when you return if you are not already connected, you can do so again, that’s right, with just one click.
- Track Record: Big brands use it because customers like it.
The system also significantly protects the community against spam, which means conversations in the forum are able to remain open, as the topics they cover continue to unfold over time. And, as we have detailed above, it lets you know who you’re talking to!
Your Privacy: What the Journalism Accelerator Does with Your Information
Providers like Google, LinkedIn, Twitter and Facebook give access to a fixed set of information when you connect to other sites using your profile. To see a list of what information your provider allows, visit JanRain’s Provider Guide.
We apply a subset of this information, far less than what the providers offer. To give you an idea of what this looks like, here is what we store, by provider.
The Profile Data We Use
Our policy is to only store a very limited set of information when you connect to the Journalism Accelerator. In other words, we do not see or store nearly all the information available from the providers.
Facebook: Display Name, Profile Photo, Verified Email
Twitter: Display Name, Twitter handle, Bio, Profile Photo, Website
LinkedIn: Display Name, Twitter, Handle, Profile Photo, Position, Website
Google: Display Name, Verified Email
While Facebook and Google provide an email address, if you connect using LinkedIn or Twitter, the Journalism Accelerator will ask you for one. Google is the only platform that does not provide a photo. If you connect using Google, we ask you to edit your profile and upload an image to use on the Journalism Accelerator.
Why JanRain?
There are a number of ways to integrate social login into a website. Here are some things that informed our decision to use JanRain.
Pros
We chose JanRain because it gives us a simple way to provide social login via most major social networks, without the requirement to code to each one. A major challenge of social login is making sure the mix of social logins functions effectively with all of the other parts of your website. JanRain makes sure social login works across all major networks, which frees us up to make sure the Journalism Accelerator works for our site visitors. With JanRain, we are free to use our own profile-based functions on the site, like comment threads and “voting up” content, instead of having to plugin various third-party applications for these features that are fundamental to the utility of our site and our project.
Cons
In order to use JanRain the way we do on the Journalism Accelerator, we do need to do some coding. We are integrating the social login services of JanRain with BuddyPress, a WordPress plugin that powers the profiles that you see under the people tab on the site. While JanRain provides a WordPress plugin, this is for a much more basic level of WordPress site, and we definitely have had to modify the plugin. Another significant factor is cost. In order to achieve what we needed with social login, we had to buy an enterprise license for JanRain, which costs around $3,000/yr. At $250/month, this level of software is simply out of reach for many site operators and projects.
There may be something you’ve realized as you read this that will help you think through your own project, website, or other work. Let us hear your response to the choices we’ve made around identity and authentication! You thoughts feed the JA community evolution. We’ll keep reporting on that here as it continues to unfold.
About the Author
Jeff Lennan consults for the JA on technology, strategy, and site creation. He is experienced in both the development and use of Web applications for communications, advocacy and activism. He is a partner at Red Hot Penguin, an open source technology development outfit based in San Francisco.
Weigh In: Remember to refresh often to see latest comments!
15 comments so far.
-
Gary Wolf says:
December 9, 2011 at 4:53 pm
-
Jeff Lennan says:
December 12, 2011 at 11:17 am
-
Emily Harris says:
December 12, 2011 at 1:56 pm
-
Gary Wolf says:
December 12, 2011 at 2:03 pm
-
Emily Harris says:
December 12, 2011 at 8:56 pm
-
Jacob Caggiano says:
January 26, 2012 at 3:57 pm
-
Jacob Caggiano says:
January 26, 2012 at 4:00 pm
-
Jeff Lennan says:
January 26, 2012 at 4:04 pm
-
Jacob Caggiano says:
January 26, 2012 at 4:21 pm
-
Michael Skoler says:
December 1, 2011 at 4:21 pm
-
Jeff Lennan says:
December 2, 2011 at 9:20 am
-
Steve Smith says:
November 16, 2011 at 2:10 pm
-
Jeff Lennan says:
December 2, 2011 at 9:22 am
-
Kari Chisholm says:
November 14, 2011 at 12:35 pm
-
Kari Chisholm says:
November 14, 2011 at 12:38 pm
| ParticipantsThank you Jeff for posting details about the login and profile choices you are making. Since I’m sure you are still in the stage of actively evaluating your decisions and trade-offs, I’d like to say thank you for offering multiple choices of social media profiles for authentication. Beyond the advantages and disadvantages of any particular platform, the existence of a choice is _itself_ important. Corporate ownership of the “social” seems, on its face, to be a danger to public conversation, both in the practical sense of vulnerability to censorship and in the “meta” sense of weakening the concept of the public. But one practical step technologists who support our public conversations can take is to resist the temptation to foster dependence on any one privately owned platform for authenticating our identities. I deeply appreciate having this choice! Thank you!
Hi Gary. Thank you for your comment and we agree with you regarding a need to avoid dependence on one privately owned platform for identification. We also very much appreciate your input and attention to this post and the site. Please keep in touch and let us know any feedback you can share.
Hi Gary,
Thanks for this feedback. As you know, the push toward identifying yourself online is in part to try to avoid the vitriol that anonymity can allow – and make conversations more valuable by giving people participating the chance to connect. With id, you may have a greater sense that you are communicating with other people. However, as you have so rightly pointed out, and Jeff reiterates, there are risks of depending on private companies to essentially play the gatekeeper role to public conversations. Besides offering multiple choices, what other solutions might you suggest that are worth exploring?
Hi Emily! I’m happy to see how Jeff is doing it. I piped up only say thanks for offering more than one choice, after noting that Blue Oregon went Facebook only. As long as we are going to be relying on private companies to validate identity, options are important. For various reasons I’ve myself chosen Twitter as a general social identity – it’s remains the least intrusive claimant, I think. But it would be as much of a mistake to go Twitter only as Facebook only.
That was clear! I was just wondering if there was more we could do!
I have much to say about the subject of digital identity and the consequences of corporate vs. personal vs. community ownership of the legacy we weave across the web. I think it’s great, Jeff, that you took the time to be open about how you manage the information of your users, including the ups and downsides of your chosen approach.
One of the fundamental unsolved challenges of the internet thus far has been establishing a true identity layer that is interoperable across web, yet still centrally managed by the user. It’s more than just the inconvenience of remembering multiple passwords and the fatigue of “yet another thing to sign up for.” It’s about knowing the footprint you leave behind and being able to access and manage the trail you wish to blaze forward.
I’d like to point out two projects spearheaded by Mozilla that I hope will inspire people to care about this issue and appreciate the possibilities of a federated web ( http://blogg.forteller.net/2011/think-internet/ is a MUST read)
1. The Open Badges Project — https://wiki.mozilla.org/Badges
The idea is to be able to build and demonstrate skills and learning achievements across the web, with badges that are standardized and accepted across multiple sites. Currently, Open Badges are in the works of being built into the Peer2Peer University platform, and the MacArthur foundation (along with other partners) has put up sizeable chunk of cash to have other learning communities design and pilot their own badges in the form of a contest
2. BrowserID — http://BrowserID.org
Sort of renewed attempt to do what OpenID has been trying to do for a while, but much simpler. You authenticate your email and create a password JUST ONCE. For everything.
Thanks for your comments Jacob – I love brainstorming with people – especially you on this topic and I value your input. Its interesting to me to watch Google, and in particular their announcement this week about “simplifying” their privacy policy. In a way, they are going at this from the other side, using their platform to cover so many critical web apps that you’ll have a unified login by only using Google :0
Yes, the new Google privacy policy is coupled with another change that all new Gmail users must create a Google Plus profile. I believe the terms of Google Plus are one profile per person, so I’m wondering if this would effectively restrict you from having multiple gmail accounts from here on forward.
Also RE: the JanRain solution. I have to be honest that I wish there was an option to use something other than The BIG 4, but I see the reasoning behind your approach as far as technical simplicity and more reliable backend security. At this point all my marbles are on Twitter (though the recent news of their global censorship policy is disappointing) Wonder if OpenID or BrowserID is possible at some point for JA via JanRain.
One question. For Twitter log-on, you ask for permission to send tweets from my account. Why?
Hi Michael. Thank you for the heads up. This is a setting that we can set to either ‘read/write’ or ‘read only’ and we didn’t realize that it was set to ‘read/write’. We have updated it to ‘read only’. The authentication process will no longer ask for permission to send Tweets on your behalf and we will never do so.
We have found Janrain to be a great company to work with on a few projects. Fully managed (no worries about FB Connect changes) single API, but also giving the user choices other than FB for connectivity. Their sharing functionality is also very solid.
Thanks for the comment Steve. Would love to talk with you more about your experience with their sharing tools. We have not implemented this and would like to hear your thoughts on this vs implementing individual services’ scripts or other 3rd party apps like Add This etc.
Good stuff, Jeff.
More than a year ago, we made the same choice at BlueOregon.com. BlueOregon is a site for progressive politics, particularly for and about Oregon. And like most online sites, especially political ones, we were overwhelmed with trolls, spammers, and jerks – all using the shield of anonymity to throw their stinkbombs.
We decided to use Facebook, exclusively, as our authentication mechanism. In our view, Facebook was (and is, with the possible exception of LinkedIn) the only authentication mechanism that is easy for users, widespread, and nearly guaranteed to be real identity. (Twitter is great, but there’s lots of anonymity on Twitter, and there’s much less 1:1 correspondence between user accounts and actual humans.)
(cont’d…)
As a result, we have seen a drop in the number of comments to BlueOregon. Where once 60-70 comments per post was typical and 100+ was a weekly occurence, we now see 8-10 as typical and 40+ happens once a week or less. But the quality of the comments has improved dramatically. That’s apparent to anyone, and we hear about it from our readers all the time.
Facebook, of course, has its own challenges. They’re constantly changing things and some readers (esp. of a progressive political blog) are concerned about their privacy practices.
And it is true that we do miss out on some of the more lively political gossip.
But ultimately we believe that our community is one that should be built on trust. And trust comes from identity.
Good luck with this experiment.