Angus Logan on the Windows Live Blog writes:
Last week Omar Shahine blogged about our new privacy features in Windows Live, where we’ve made some improvements that we hope you will appreciate and find both powerful and easy to use. We also recently announced Windows Live Messenger Connect, an exciting new feature set that enables you to easily connect to Windows Live from third party applications and lets you take your Windows Live experience and data, with your consent and at your discretion. Additionally, we also announced the new Messenger (try it now), which provides the most complete picture of what your friends are doing across your social networks and other sharing sites, including comprehensive integration with Facebook, LinkedIn, and MySpace.
We believe that you should be able to choose to take your Windows Live data with you when you travel the web. Messenger Connect allows you to do that by providing a way to sign in to third party web and client applications using your Windows Live ID. Messenger Connect allows you to bring your Windows Live profile and contacts with you; easily share with your friends and enable Windows Live Messenger-based chat within third party applications; and access your photos, calendar, and more. In order to enable third party applications to ‘connect’ and interact with Windows Live accounts, we needed to design to help to ensure that customers’ data is protected and accessed in a manner consistent with customers’ expectations and desires, as well as enable great partner experiences. These principles guided our design work:
Principle 1: Data portability (you own your data)
As a top-level principle, we believe that customers own their data. Your identity and profile, your address book, your newsfeed, your photos, your documents: as a Windows Live customer, you own all that data. So you should be able to take that data with you. Our role is to help you protect your data, help you make informed decisions about how your data is accessed and updated, and help you port your data to other places like the PC. That means that if you would like to access your Windows Live data from a different third party service, or even take your data completely to another service, you should be able to do that. To enable this, we give you ways to export your data from Windows Live into common formats, so that you can import it to wherever you like, as well as in many cases make this more seamless with direct integrations with partners. In a world where people are connecting services back and forth from each other, this can be complex. Just to be clear, when you connect one of your social networks (like Facebook, MySpace, and LinkedIn) to Messenger, any of your data or your friends data made available to Messenger via those connections is governed by our partners’ policies and our agreements with them.
Principle 2: You have control over your data
As Omar discussed in his post, customers should be able to easily control who has access to their data in Windows Live. You entrust Windows Live with your data, and it is only available and accessible within Windows Live. But we also know that you may want to be able to access your Windows Live data in the third party applications or websites you use. For example, you may want to share your photos or other non-public data with your friends. We make it possible for you to do so, but you have to give us your consent first. And, if at any point, you decide you would like to revoke a partner’s access to your data – you should be able to easily do so.
Principle 3: Right data for the right scenario
We believe that third party applications that access Windows Live should only access the minimum amount of user information required to complete the desired scenarios. For example: if a web site only needs permission to publish social updates, they shouldn’t also request permissions for reading photos.
Messenger Connect: Making my data and my friends data available in a responsible manner
There are cases where challenges and tradeoffs between privacy and data portability exist. An example of this tension is where a customer would like to share their complete address book with a third party, and that address book contains information such as email addresses and phone numbers. The contents of my address book are a combination of “my information” as it is “my address book” but may also include my friends’ email addresses and phone numbers. These shared data ownership scenarios are complex and have informed our design choices.
Independent of the information type or service access being made available, we have been working to replace unauthorized “screen-scraping” models, which require customers to share their usernames & passwords (“credentials”) in an unsecure manner with many sites, with the use of safer, legitimate APIs. The use of legitimate APIs and clear user consent flows have been important across the industry as they provide a safer alternative to requiring customers to share their credentials with third parties. Moving third parties away from screen scraping and the practice of asking users for their credentials without the use of APIs that use delegated authentication (more info) is important because when you share your credentials in the clear these websites can now act on your behalf. Even if a web site is not malicious, your credentials could be exposed if the third party service is compromised. Use of APIs helps to promote customer credential security, enables selective disclosure of information and the ability to revoke access.
To help us safeguard customers’ privacy and enable partner scenarios, we’ve created two distinct tiers of partner access policies. Both tiers require explicit customer consent, and follow the same security model, but are available for different group of third parties.
- Restricted APIs: Our “Restricted APIs” allows third parties to access more sensitive information on behalf of customers. Therefore, these APIs are reserved for a select group of third parties explicitly approved by Microsoft, and meet clear and consistent criteria.
It is worth noting that within each policy tier, we have provided many ‘granular access scopes’, which allow third parties to request access to specific sets of data to complete a specific scenario. You can learn more about these scopes here.
So, let’s take a quick look at what the experience looks like when connecting with third party applications through Messenger Connect.
The initial screen provides you with the ability to sign in with your Windows Live ID, and learn about the level of access the third party application is requesting.
Making informed decisions. When you click the “What will I share?” link, you get detailed information about the specific pieces of data and capabilities the application is looking to access.
Managing access to your data. At any point, you can edit your permissions for any third party application within Windows Live and revoke its access to your data.
Reporting abuse. In addition, we provide “Report abuse” links from the Windows Live services so that you can inform us of any application that may be violating our Terms of Service, or generally behaving in a way you find inappropriate. In extreme circumstances, we also have the ability to suspend or revoke a third party application’s ability to use Messenger Connect, thus automatically revoking any permissions a customer granted the third party.
I hope this post has given you some insight into how we approach your privacy in Messenger Connect. As Omar previously noted, this is a challenging problem with many complex dimensions, and one that many in the industry continue to struggle with and refine. We are committed to continuously listening to our customers and partners, and together improving the experiences, technologies, and policies.