There’s hidden plumbing behind our online lives. As we link our online accounts to one another, it’s easy to lose track of what’s connected to what. Social sites make it easy to inadvertently share content with an audience you didn’t know you had. Social sites that want to quickly generate the appearance of traffic mine all our online accounts in search of things to include in status updates.

Which can have some awkward consequences.

Syndication is a land grab

Every online platform I use is desperate to pull in data from elsewhere. In the land grab for social media, each site wants to be the consolidator of my digital life. To do this, it needs content. So Facebook pulls in activity from all over the web; Linkedin, Friendfeed, and dozens of other sites all syndicate one another.

When I first enroll in a social platform, I link it to other sources of data. Initially, that system may be something personal; but online applications have a habit of changing, and something I once thought was just for me may one day become a shared system, dragging with it all of the links between systems that I once set up.

Inadvertent sharing

These forgotten social links show up in unexpected places. I was reminded of this–somewhat forcefully–when, a few months ago, I left myself logged into Flickr at a friend’s house. He thought it would be funny to upload something inappropriate (Really, really inappropriate. Don’t try to find this. Trust me.) to my account, not realizing it was linked to other social services:

Soon, Jesse Robbins let me know about the problem. I was unaware of how intertwined all these services were beforehand: a breach in one site can have far-reaching repercussions across all others.

This is happening right now with Google Buzz. Our email and Google profile was fairly private and controlled. GMail and its related services were for managing our own data, or sharing it with a small part of the world. In terms of social networks, Google was a walled garden. Social relationships were symmetric, in contrast to the asymmetry of a microblogging site like Twitter, where stalking is easy and even encouraged.

Twitter’s growth has encouraged many other social sites to open up. Facebook has made profiles public, amidst much furore over privacy controls. Google’s Buzz is having a similar effect. Here’s an example of Mathew Ingram inadvertently buzzing something he’d uploaded a year earlier:

This is a new kind of opt-out marketing for which we don’t have good guidelines.

(A bit of background on opt-out marketing: When you sign up for on less scrupulous sites, a box saying you’re willing to receive emails from them is already checked. You have to remember to opt out of receiving a message in order to avoid mails. It’s generally considered sleazy: opt-in marketing, where you need to explicitly declare your willingness to hear from them, is the right way to do it.)

Being transparent about what’s shared

Some of the big players have built a degree of control into their tools. Here’s what Google Buzz does:

And here’s Facebook’s configuration:

To their credit, both companies make it pretty easy to see what’s being shared and where it comes from, and to stop it. It’s not clear how many of their users know these screens exist, however. We’re not forced to look at them when we enroll. In our eagerness to help computers understand what we’re doing, we may inadvertently be telling the rest of the world more about ourselves than we realize.

While the two screens above are commendable, remember that these are the big, legitimate social networks–and even then, it took considerable pressure from users to get Facebook to properly enforce privacy.

Some guidelines for republishing syndicated feeds

We live in the Overshare Generation, and smaller, less established sites, desperate for attention, may take advantage of that in ways that are hard to track down. Just as marketers have set up guidelines for good mailing practices, so social sites need guidelines for linking vestigial social feeds to newly-public features. Some suggestions:

• The buck stops at the publisher: all third-party feeds should be turned off initially as new features are introduced.
• Be transparent about what’s shared: there should be a clear overview of what feeds are connected to a social site and whether they’re published.
• Make it possible for users to trace & troubleshoot: online platforms need a consistent API so a user can crawl them and determine any links that exist.
• The permissions need to live with the content, not the republisher. I want to flag an image as private once, and have those permissions travel with the content regardless of where it winds up.

In the social media rat-race, that sounds like wishful thinking. It may take legislation similar to the CAN-SPAM act to make it a reality.