User interaction and engagement on SAFE websites

I’ve been thinking about the potential for different types of user interaction and engagement, which can be implemented on SAFE, but are either not practical or impossible on other networks. Maybe the way SAFE stores and permissions data could allow for new types of interactions and user engagement.

Have a read through this thread (especially the first post): This post is a continuation of that discussion, drawing out some of the ideas I thought were important - basically about the way SAFE stores and permissions data.

Current clearnet websites have different levels of user interaction or engagement, each requiring different levels of user data. Generally, the more data a user gives, the useful a service can be. Thats why Facebook and Google are so successful, because they have the most user data. However, sites which you visit once or twice have low levels of interaction and engagement. Those sites don’t have your data and you don’t want to sign up just to read an article.

The SAFE has a very different model because data is distinct from the web services that use or produce the data. Without user data, SAFE websites would return generic information. With user data a website can become more dynamic and tailored for individual users.

Users could collect and own rich information based on their interactions with applications and websites. This is a little like a browsing history logs, but I envision it would be more like a collection of standard data formats. For example if go to a blog and read a post, then the site might store an object recording that interaction in my private data, using some kind of standard format.

Sites which would usually have low user interaction, will be able to engage their users in new ways, because they can have access to user information which would otherwise be locked up in individual websites. Suppose you go to another blog and allow that site to access your past blog reading history. The blog could dynamically display only the posts which would interest you.

There an obvious question: even in sandboxed browser environments, what risks are there for allowing relatively unknown sites to read and potentially write to our private data? I can think of at least three and I’m sure there are more:

  1. A malicious site writes fake or dangerous objects to your private data. Maybe an unsandboxed native app could then be used to leak your private data or compromise a computer.
  2. A badly written site creates incorrectly formated objects, wasting space.
  3. A website leaks your data out by exploiting a bug in the browser, or tricks the user into sharing their data, rather then just allowing the website to use it.

To start the discussion:

Have I complete misunderstood the role of private data?
What kinds of private data could make websites more dynamic?
What are the risks of trusting untrusted websites with trusted data?