There’s a lot of controversy over the politics of DiggBar — over ownership of the content and control of the landing URL.  However, I don’t really see it so much as a political issue as it is a technical problem.   The fact is there simply isn’t a good way of overlaying 3rd party functionality into the browsing experience without resorting to a plugin install or hijacking the outbound link like the DiggBar does.  I don’t really believe it is Digg’s intention to steal anybody’s “link juice”, but their actions result from a technical limitation—either they settle for an install, which would have appalling uptake, or do the nasty iframe.  What’s a potential technical solution?  We need a new class of browser plugins that 1) activates immediately without install 2) dispatched from the cloud, thus portable outside of a single browser installation, and 3) protected from malicious cross-site-scripting

A new class of browser plugins

What I’m really describing is really a fast, safe, and fully managed framework for accomplishing cross-site-scripting, a concept generally associated with malicious deeds but is also the underlying functionality most social toolbars are trying to accomplish.

To distinguish these from regular browser plugins, I will henceforth refer to them as XSS (cross-site-scripts):

Now how do we achieve instant-on without install (criteria #1)?  I think this is the easiest of the three, as the Greasemonkey architecture already allows you to instantly enable functionality overlayed over 3rd party sites.  While Greasemonkey scripts are limited to Javascript injections and lack the full power of Firefox plugins, I’d argue that most of the battle is already won with just JS.  You can implement a variety of content and functionality overlays including the DiggBar, StumbleBar, and even the Meebo chat bar.

The portability criteria (#2) is based on the idea that each XSS is a piece of enhanced functionality sanctioned by a particular user, and thus should be attached to that user wherever he goes, NOT attached to the browser installation.  By electing to allow the DiggBar to appear over other web sites, I’m really setting a browsing preference for my Digg user account, not a preference within the browser.  When I logon to Digg from a friend’s or a public computer, that functionality should follow me, and the opposite should be true when a friend borrows my computer and signs on with his credentials.  That means we need a web service to manage a user’s libary of XSS and dispatch/activate them all at once whenever a user logs in from a different computer.  If I want a Meebo bar, a Digg button in the context menu, and a Gmail notifier, I shouldn’t need through the motion of signing into all three to enable that functionality!

Ensuring safety is probably the hardest one, and is the one thing that can make this whole idea buckle.  I can suggest a few precautions, but I most certainly wouldn’t catch all the corner cases.  Functionality of XSS should be limited to approximately what Javascript can do.  That means XSS should live in a runtime that cannot access the file system (but a sandboxed DB can come in handy ala Google Gears) nor touch the local OS in any way.  To prevent theft of sensitive data, all XSS should be turned off by default for https pages.

User choice

Another benefit of this XSS model is that it shifts the choice back to the user in terms of what kind of enhanced functionality should be activated.  I really like the SnapShots popups, and I have deployed them on this site as the webmaster.  But it what if I, as a visitor wants the same functionality on other sites?   Sure I can go install the Firefox plugin, or worse the Explorer plugin in .exe form, but I belive this will never become standard behavior for non-techies.  To drive uptake rates, we should start pushing browser functionality and behavior preferences into the cloud as well.  With something like the Meebo chat bar , I find it rather backwards that site owners have the burden and choice of implementing what is essentially an overlay interface, when it fact, it makes much more sense as the users’ choice.  The browsing experience is increasingly comprised of multiple content & service providers cohabiting a single tab/frame.  Thus far, this kind of mashup experience is initiated and implemented by the site owner.  With a plugin framework that has a real shot of getting installed by the masses, we can have a real user-selected mashup experience.

Yes, there’s a deluge of data from social media, and people are clamoring for proper filtering mechanisms. Before you even start a conversation about filters, there’s a quick-win to reduce the noise: collapsing identical shares from multiple sources. As I comb through my daily news sources, I’m starting to bump into the same news entry or awesome-must-see-video! from different people or blogs. Now, if all those shares happen to be on Friendfeed, then it’d collapse all of them into a single line item and just credit that share to multiple sources. This needs to happen everywhere for any post that is essentially an redirect (in other words, a link to the content without any real additional content or commentary). This is especially necessary on Twitter where I hear about the same viral link multiple times from different people, often days apart!

There’s two ways to fix this. The temporary patch is to have smarter aggregators that can spot non-unique or “redirect” content and collapse them, but that’s hard work and isn’t 100% accurate. The squeeky-clean solution is to develop formal, machine-readable conventions for labeling this type of content, but requires essentially adding meta-data baggage to things as simple as tweets =(

Quake Live: say the technology matures, and scales.  How hard will it be to fork the game and bring back the old mods?  And if so, could they create a marketplace for modders and collect reve-share ala iPhone App store?  Best part about this is that  the Quake 3 mods already exist, the experiment is in porting over and launching a market where real-money is spent on these mods.  The one other site doing something similar, but with flash games is Whirled.

I have a simple feature request for browsers: a visual indicator for which tabs are playing music

Between Hype Machine, The Next Big Sound, and The Sixty One, I use my browser increasingly more as a music player; and managing music vs content tabs is a rather unrefined art.  Too bad though, for as far as I know, this is technically quite challenging for even a FF plugin to do as it requires tapping into the Flash plugin’s run-time environment.  Another reason why the browser UI needs an overhaul and become as robust as that of an OS.

I’m totally digging the concept of a MySpace email product.  I’ve expressed before the importance of bridging social networks with day-to-day communication, and we’ve heard before that Mark Zuckerberg identies Facebook as primarily a communication tool.  What traditional social network provides is a form of what I’d call “passive” communication—users generating feeds of information and consuming it in a distributed and asynchronous fashion.  Email, on the other hand, is active communication—with people usually addressing one or few individuals with a direct message.

But why are they separate?  Its clear that either form can benefit immensely from being connected to a social graph!  Email can be prioritized by the graph, or it can generate a prioritization based frequency and reciprocity of contact.  New forms of direct messaging that used to clog up the inbox can be categorized and presented in new UI regimes: for example event invitations can be pulled out of the inbox and into a calendar layer, social game envents (like being bitten by yet another vampire) can be grouped into its own river of minor news, messages can be easily visualized by contact.  Here’s another idea: imagine adding pictures and videos to email without the the dreaded “attachment”  process—just pull content from the network’s internal libraries.

Social networking will be the best thing that ever happened to email (since webmail), and vice versa.