The limits of transparency

It sounds as though Ray Ozzie may decide to use his weblog more actively:

In reply to Jon Udell , who has carried my question into the zone of scoped zones of collaboration : Your continuing thoughts in this area, as well as the fascinating klog discussions, as well as a number of encouraging emails over the past 24hrs, lead me toward the conclusion that I should indeed expand my dialog into this new zone. (By the way, could you have been looking for this , or this ?) [ Ray Ozzie's Weblog ]

I'm subscribed! This process of mixing public and private communication opens up all sorts of tricky issues, and having the world's preeminent groupware architect thinking about them can only be a good thing.

Here's one of those tricky issues. I suspect that some Radio users may not realize that not only are their own referral logs public, but so are everyone else's. Here's mine. Here's Ray's. (Note, in passing, that Ray's is still accessible via usernum 0100813 even though he's switched to an FTP upstreaming host at; the same will be true for me when I switch to an InfoWorld FTP host.)

Here are my top 3 referrers at the moment:

1. 28
2. 24
3. 23
4. 16
5. 12

Here are Ray's:

1. 146
2. 51
3. 45
4. 23
5. 16

Most Radio users are fine with this. But when commercial interests rub elbows in blogspace, this much transparency might be too much. The names of referring URLs, and the numbers attached to them, represent a kind of information leakage. is not accessible to outsiders, of course. But its existence, and its level of interest in Ray's blog experiment, are charted for all to see.

Reading a bit further down Ray's page, we find:

In other words, the folks at Traction Software have blogged Ray's experiment to a Traction project called Competitor. Again, outsiders have no access to that project, but its existence is revealed, and that's a kind of information leak.

I dealt with the same issue in my book:

Subtle issues arise when you use Collabra to mix email and conferencing modes in this way. For example, although I can invite my extra-departmental colleagues into one of the staff-wide discussions on our intranet server, I can't invite them to join my own department's newsgroup if it's configured - as it should be - to admit only members of my team. Nothing prevents me from trying to do this. When I post the message to my project newsgroup, I can cc an extra-departmental colleague. That person will receive the hybrid email/news message, and can read it. The email thus successfully notifies the recipient about the contents of the message. But in this situation it's inappropriate to have invited someone lacking access to my project newsgroup to join in a discussion there.

What happens if I do issue this kind of invitation? If my project newsgroup is properly configured to refuse access to nonmembers, clicking the newsgroup name in the message's Newsgroups: header will produce an NNTP authentication dialog box. Lacking access to the newsgroup, this will only confuse and frustrate my extra-departmental colleague. But something else happens here that shouldn't. The existence of my project team's newsgroup, which we've said proper scoping should hide from the rest of the company, is revealed.

I don't think these issues are showstoppers. They were, and are, solvable. Netscape could have suppressed the Newsgroups: header in messages going outside the local mail domain. Intranets could cloak HTTP_REFERER.

We haven't dealt with these subtleties yet because, I think, we don't have enough experience inhabiting multiple overlapping scopes. So we lack a clear sense of which kinds of transparency are desirable, which kinds are not, and what to do about it.

Former URL: