[Three years ago](http://blog.unto.net/work/delancey/) I launched a little service called [Delancey][]. Delancey was an early [del.icio.us][] mashup that kept track of how many times you clicked on each bookmark. This usage metadata was valuable because with it you could sort your bookmarks in order of how often they were used, making for a simple but powerful default browser homepage that learned from your behavior.
In designing Delancey I made several decisions that I knew might eventually cause a maintenance challenge, but I felt that they were justified at the time because of the benefit that they offered.
The first design decision was that users of Delancey would be able to "claim" their del.icio.us account so that they, and only they, would be able to access or update their personal click data. Given that a standard mechanism for claiming external identities was [still in its infancy][openid launch], I hacked together a technique by which a signed-in del.icio.us user would automatically bookmark a secret claim URL that the Delancey application would verify and then delete. It was a surprisingly effective approach that created a strong verifiable claim over a del.icio.us identity without the Delancey application ever requesting the del.icio.us user's password. However, it took advantage of how the del.icio.us front-end was implemented at that particular moment, and hence it was unlikely to remain stable forever.
The second design decision was that the Delancey application would never store a user's del.icio.us username or the URLs of the bookmarks the user accessed. This wasn't strong security, as both were stored as simple one-way md5 hashes of the plaintext data, however it prevented casual abuse as reversing the associations would require a complete dictionary of del.icio.us usernames and the bookmarked URLs. (A truly secure system would require a secret key for each Delancey user and a mechanism to encrypt the data on the client side -- a reasonable exercise, but overkill for this type of application.) This kept your data private (even from Delancey itself), but it meant that exporting it would be more difficult down the road.
Then del.icio.us relaunched as delicious.com this fall. I suspected that Delancey would break during the transition, but I couldn't find a migration guide for del.icio.us developers so I wasn't exactly sure what to be on the lookout for. So I shelved the project for a while longer and hoped that nothing serious was broken.
This weekend I had the opportunity to investigate, and sure enough, a few of the features that made Delancey possible were no longer supported. Most critically, the automatic bookmarking trick that Delancey used for claim verification was rendered ineffective because the new delicious.com front-end signs (with a key or nonce) the form used to post new URLs, thus blocking Delancey's attempt to mimic the POST request via an external page. This is a perfectly reasonable decision on the part of of the delicious team, but without it Delancey would need a new mechanism for account verification.
The [Delicious API][] does provide a way of posting new bookmarks, and hence a backdoor mechanism for account verification. However, the official API relies on HTTP Basic auth, which would mean the user would be presented with an unexpected browser-based interstitial login box if Delancey were to use it. Or worse, Delancey application could itself request and proxy credentials for the del.icio.us user -- exactly what I was trying to avoid. The latter technique is a form of the [password anti-pattern][], and I couldn't in good faith implement that anti-pattern myself. Fortunately, either (or both) of [OpenID][] and [OAuth][] would be sufficient for verifying the account claim if delicious supported them. Unfortunately, Delicious currently supports neither OpenID nor OAuth as far as I can tell. While I'm reasonably confident that I could come with some other hacked-together solution on top of the current delicious.com front-end, I don't feel comfortable again investing in a solution that isn't officially supported.
So with that as background, I've decided to sunset Delancey. I don't have a hard date as to when I'll shut it down, but I won't be adding new features, nor will I be fixing any bugs beyond those that I fixed today. I promise not to take it down for another 90 days (through the end of March, 2009), but after that I may turn it off completely to save bandwidth. However, before I take it down I will provide links to export your existing click data. That said, since the bookmark URLs are stored as hashes only, you will need to do some work on your end to associate the underlying URL with the click counts. (This is possible because you know your own username and you can easily retrieve a list of all of your bookmarks from delicious.)
For those that want to start extracting their data now, you can play around with the auto-documented [Delancey API][]. For example, to see a list of your tags, you can use the /delancey/tags/{username} method (e.g., [as YAML](http://delancey.unto.net/delancey/tags/delancey) or [as JSON](http://delancey.unto.net/delancey/tags/delancey?format=json)). And you can retrieve your click counts via the /delancey/bookmarks/{username}/{tag}/ method (eg. [as YAML](http://delancey.unto.net/delancey/bookmarks/delancey/delancey) or [as JSON](http://delancey.unto.net/delancey/bookmarks/delancey/delancey?format=json)). (You'll note that the latter API call automatically does the hash association with the public bookmark data -- if the del.icio.us account is private, or if the bookmarks are deeply buried, then the titles and the URLs are unavailable. The full Delancey export will contain on the (hash, count) tuple.)
Going forward, if Delicious implements OAuth or OpenID in the next month or two I may change my mind and get this running again, perhaps by porting it over to Python and App Engine in the process (a port I started a while back but never completed). If not, then I hope people understand my reasons for shutting down this service. It was a fun app to build, and if you used it I hope you found it valuable for what it did. I still believe that there is great opportunity in the social bookmarking space, and whether it is to be found the relaunched delicious.com, at a site like digg.com, or at a site yet unseen, I look forward to whomever pushes the technology forward next.
[del.icio.us]: http://del.icio.us/ "del.icio.us"
[delancey]: http://delancey.unto.net/ "Delancey"
[openid launch]: http://community.livejournal.com/lj_dev/684200.html
[delicious api]: http://delicious.com/help/api
[oauth]: http://oauth.net/
[openid]: http://openid.net/
[password anti-pattern]: http://adactio.com/journal/1357
[delancey api]: http://delancey.unto.net/delancey/api/
[delancey old source]: http://svn.unto.net/svn/public/delancey/trunk/
[delancey source]: http://code.google.com/p/delancey/