ListenLog Meeting Notes: Difference between revisions

12/12

Parking Lot

• Where is data stored? Does it sync locally?
• Is there any concern from collaboration stations and partners that there's no exclusive access to data / analytics?
• What do we capture? Application behavior data in addition to basic listen data? What about rating data? Location data?
• Security / encryption on the stored data? Which bits?
• How best to communicate and promote the ListenLog concept and where the key benefits and differentiators are? How do we address naysayers and differentiate from alternative approaches, e.g. APML?
• How do we do identity? How do we make it swappable? Do we use icards, openID, Oauth?
• How do we start the service without identity? (e.g. access to device ID?)
• Do users have control over what's stored?
• What's the absolute minimum of device-side functionality?
  • Opt-out(?)
  • Change repository
  • Assign identity
• Where does legal and TOS come in? (see rights and contracts below)
• Does anyone enforce standards compliance?
• Who does the work / coding?
  • PRX + who?
• Do we think about revenue / sustainability? PRX has two roles here - one to build codebase and standards for storage, the other to think about services and how we'd use the data.
• Do we do opt out for data capture? (probably yes)
• Do we provide "public by default," e.g. ubiquitious, anonymous access to the data out of the box (probably no)
• Can we open source iphone bit? Publicly available libraries?
• What's in the first release?
  • Should we provide ability for users to release data? How and to whom? What capacity for sharing? What terms? Anon vs. nonanon?
• Does there need to be database legal protection underlying data rights access to drive user terms?

12/13

• How do we make the data inherently more anonymous?
  • Match account data between logs
  • Make timestamp and LAT-LONG fuzzy?
• What data rights can a user authorize for third parties?
  • propagation rights (can I give this to someone else?)
  • public rights vs. directed/assigned rights (e.g. for anyone to use vs. for specific entity to use)
    • anon/non-anonymous
    • Most rights issues/rats nests are associated with assigned rights
  • How long you can use the data for? Keep the data?
  • Rights to cease use, remove data(?) + confirmation(?)
  • Can't use this to try and find/identify someone - reverse-engineering rights
  • commercial/non-commercial?
  • Contact me (e.g. DNC)
  • Compare to IRB
• Contract rights
  • Investigate proactively - what is it that pandora might want to do? What is reasonable?
    • give me audio recommendations
    • use for product development
  • Don't cross-correlate/aggregate (e.g. social network correlation, Ben Laurie) - piercing identity/privacy data
  • Endorsement / assignment to my identity

Core Requirements

• what data is going to be captured
• where is it stored and in what format
• how does one identify oneself / assign identity
• what's the minimum functionality that needs to live on the device
• what's the minimum functionality that needs to live remotely
• additional / core functionality to prove value necessary?
• Determine protections for communication and storage between client app and repository authenticated, encrypted, etc.
• Draft requirements