Domain: diasporaproject.org
Stories and comments across the archive that link to diasporaproject.org.
Stories · 4
-
Decentralized Social Networking — Why It Could Work
Slashdot contributor Bennett Haselton writes with "a response to some of the objections raised to my last article, about a design for a distributed social networking protocol, which would allow for decentralized (and censorship-resistant) hosting of social networking accounts, while supporting all of the same features as sites like Facebook." Social networking is no longer new; whether you consider it to have started with online communities in the mid-90s or with the beginnings of sites many people still use today. As its popularity has surged, it has grown in limited ways; modern social networks have made communication between users easier, but they've also made users easier to market to advertisers as well. There's no question that the future of social networking holds more changes that can both help and harm users — perhaps something like what Bennett suggests could serve to mitigate that harm. Read on for the rest of his thoughts.In an article last month, I argued that users would be better served by a centralized social networking system where users could store profiles on a server of their choice, rather than a centralized system like Facebook that stores everyone's accounts for them. My main point was that if you could switch your account easily between different hosting providers (preferably if the protocol allowed you to link your account to a domain name that you own, the way that website owners can easily switch from one hosting company to another if they own their own domain name), then it would be much harder to censor content in a distributed system. If a hosting provider removed your content or threatened to kick you off unless you removed it yourself, you could just migrate your profile to a new hosting provider, and all of your existing links to friends/groups/events would continue to work.
Many commenters raised objections, some of which I think can be countered fairly simply, and others that raise more complicated issues. I usually don't do follow-up articles addressing all of the objections to a previous article (unless I'm running a contest asking people to submit the best arguments against an idea of mine), but I think the migration to an open social networking protocol is such an important long-term goal, that I want to give voice to the objections and present what I think is the best counter-argument against each of them.
The skeptics' questions fell into two categories: (1) Why would anybody ever switch away from Facebook to trying out the new system? and (2) Even if people did switch, would the new distributed system be better? ("Better" both in the short term -- would trial users see enough benefit to get them to keep using it regularly? — and in the long term — would spammers and other attackers be able to undermine it?)
To begin with the question of why anybody would switch: I don't think that most people would switch because they had analyzed the arguments for and against a distributed vs. centralized system. I think the only reason most users would ever try a social networking site other than Facebook, would be because a trendy company like Google launched it and threw their weight behind it. Why else have 400 million people signed up for Google+, almost half as many as are on Facebook? Despite the hype about features like "circles", I think it's safe to say that most of people jumped on board because Google launched it and gave it a big push, and Google is cool. (As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)
So imagine if, at the same time that Google had released Google+, they had also released an open source server package that anybody could use to set up their own Google+ node, completely interoperable with all Google-hosted accounts, and where the user could have complete control over their hosted content. Presumably those 400 million users who signed up with Google+, would have still signed up for this hypothetical "open Google+", since it does everything that the real Google+ does. Some of those users would have taken the option to run their own nodes, if it had been available. And then you'd have additional users who didn't sign up with the real Google+, but who would sign up for an "open Google+" precisely because they would have control over all their own content.
Of course, even if Google+ had been launched as a distributed platform, users would still have the option of signing up for an account hosted on Google's servers, and indeed that would probably be the default choice for most people. (This answers the objection, raised by "0racle", "Havenwar", and others, that it would be "too complicated" for users to sign up for such a service. Certainly most users would not be expected to host and maintain their own nodes in the distributed system. Most of them would just sign up for an account with the largest node, like Google+.)
So that answers the question of how to get people to try it out. The continued relative obscurity of the Diaspora Project — the largest existing open social networking system — does not mean that the idea itself doesn't have merit, or that users wouldn't sign up for such a system if it were launched and promoted by a big company. The second challenge would be to get people to stay, something that users apparently did not do after trying out Google+.
Which brings us to the next set of objections, most of which asked: Would the new distributed system really be better than a centralized one? A big enough improvement to get people to keep using it, and to withstand attacks by spammers and other abusers? In this category of objections, there are some that I think can be answered easily, and some that are hard. So, the easy ones first.
A few users ("Havenwar", "tonywestonuk", and others) said that a distributed protocol would be inferior without integrated support for games or payments. But there's no reason a distributed protocol couldn't include support for other games or other types of apps to be built on top of it. An app could be installed to your profile and, using an API supported by the networking protocol, could send data over the Internet to your friend's profile on another server, if they had the same app installed, allowing you to make "moves" in a game you were playing against your friend. And you could specify which, if any, of your data you wanted the app to have access to. Similarly, if a developer wanted to charge money to users for installing an application, they could just give users a link to a third-party payment system like Paypal where the users would pay in order to download or activate the app. (Yes, people could download pirated versions of the app from BitTorrent sites and install them to their own server for free, but that's a problem for anyone selling commercial software.)
Other users (such as "History's Coming To" and one Anonymous Coward) said that the system I've described was essentially the same as the Web or the blogosphere (perhaps focusing on how I described the "news feed" aspect of a distributed system, which would pull in updates from all of your friends, much like Facebook's news feed does today). I disagree for two reasons: (1) it's much easier to sign up for a social networking account than it is to set up your own website or your own blog, so the proportion of high school students who have their own Facebook is much higher than the proportion that ever had their own Web page; and (2) the Web and the blogosphere do not allow for the creation of objects such as "groups" that you can join and send group messages to, or "events" where you can set a date and a time and invite friends and send messages to all of the invitees, or "games" that allow you to connect your profile with those of your friends and exchange data with them in an application-specific manner. These are all features I would hope to see in an open social networking protocol (although I could live without games).
Now for the harder objections. User "Requiem18th" pointed out that in a distributed system, if you chose to share anything only with your friends (who could access it through their profiles on their own servers), then an attacker could steal the data by attacking the least secure of any of your friends' servers. Even worse, if you'd chosen to share data with "friends of friends", then the attacker could get it by attacking the least secure of the servers of all of your friends-of-friends. True, but generally if I've shared something with all of my friends on Facebook (and even more so if I've shared it with all of my friends-of-friends), I consider that data to have been "compromised" in a certain sense already. If I had shared anything that I wanted to keep private, I'd be far more concerned about one of my so-called "friends" intentionally sharing it beyond the intended audience, than about their account being hacked. We know from hacks of people's email accounts that when attackers gain control of someone's account, they generally don't go through looking for private information, they just spam all of that person's friends with some Viagra ads and then move on.
Some users might have only a limited circle of friends on this distributed-social-networking system, and would share only very private information with them, and in that case their privacy concerns would be more serious. But users who were being that cautious, could set extra privacy on their accounts so that non-friends cannot see who is in their friends list. That would make it impossible for an attacker to spider their list of friends and then try to attack the friends with the least secure servers.
What about spam, fake accounts, and unwanted porn showing up in your news feed? A few commenters ("jeffmeden", "Havenwar", and another Anonymous Coward) said that there's a good reason, after all, that Facebook removes some content and terminates some people's accounts. Impersonation is an interesting problem in this context. There would be no technical barrier to stop someone from creating an account pretending to be someone else. If the impostor hosted the account on their own server, then they would get caught if the police got involved (or their upstream provider might cut them off if someone complained). But the impostor could also just try out many different profile hosting companies on the web, and create the impostor account with the hosting company that seemed to be the most lax about responding to abuse reports. If they use an anonymizing service like Tor to create and log in to the fake account, there's no evidence trail leading back to them at all.
Let me first point out, though, that the same is true for email -- I can create a Hotmail or Gmail account claiming to be anyone I want, and write to friends of that person hoping that they won't notice the message coming from a new email address. In fact, it would be easier to get away with this trick in email, because if I want to pretend to be Alice and send a message to Bob, all I have to do is create an account with Alice's first and last name, and send Bob a message hoping he doesn't notice that it's not coming from Alice's usual email address. If I wanted to do the same thing on an open social networking protocol, on the other hand, I would have to create my fake Alice account and then send a message or a request to "Bob". If Bob is already friends with the real Alice, he'll think it strange that he's getting a request from another "Alice" account, or a message from a user identifying as "Alice" but where the message is flagged as not coming from someone already in his friends list. Plus, once you have a friend relationship with the fake Alice, if your friends list is public, other users may notice the new "Alice" account and warn you about them. (With email, by contrast, no one else would ever see that you're in a thread with a fake "Alice" account, and wouldn't have a chance to warn you.)
So for all of these reasons, I would think that impersonation would be a bigger threat in email than it would be in an open social networking protocol. And yet, I never even heard of any of my friends being taken in by someone impersonating one of their acquaintances by email. However much it was ever happening in the world, it certainly wasn't enough for people to propose moving email to a centralized system where everyone used the same server and rogue accounts could be shut down.
What about spam from strangers? (A good deal of the spam would be porn, so I'm considering the "porn" objection to be a subset of this. If you're seeing porn in your feed because you opted in to see it, that's a feature, not a bug!) The mechanism of the "spam" would depend on whether the open protocol would allow non-friends to send you messages. On Facebook, if you send a message to a non-friend, it gets routed not to your Inbox but to a folder labeled "Other", where it's far less likely to be seen. (The Facebook interface and phone app won't notify that user that they have a new message in that case.) The only type of Facebook communication that you can send to a non-friend that Facebook will actually notify them of, is a friend request. Now, if our new open protocol allows for messages from non-friends to be delivered to your "Inbox", then spammers would indeed probably bombard users with spam. On the other hand, if the only communication we allow from non-friends is friend requests, then the spam would come in the form of the friend requests themselves (many guys would probably accept a friend request from a hot girl, even if the social networking protocol dutifully warned them that they had no friends in common). Even if you were smart enough to realize that most "friend requests" from unknown hot women were fake, they could still clog up your friend request queue and make you more likely to miss requests from real users.
The simplest solution would seem to be that if Bob starts getting too many spam requests, he can turn on a feature that requires other users to complete a CAPTCHA before being able to send Bob a friend request. (And users would also have to complete a CAPTCHA to send Bob a message if they weren't already in his friends list.) After enabling the CAPTCHA feature, all of Bob's existing friend relationships would remain in place, but the CAPTCHA barrier would stop spammers from clogging up his inbound friend request queue. With the CAPTCHA barrier in place, we could even allow non-friends to send Bob a message without it being dumped into his "Other" folder.
What if Bob's account gets hacked and his account starts spamming his friends, where the messages would not be stopped by any CAPTCHA barrier because Bob is already friends with all of those users? Much as people's existing Hotmail and Gmail accounts often get hacked, and the perpetrator immediately spams everyone in that person's address book — and that type of spam often gets through spam filters, because it's coming from someone that you've corresponded with, from a server that you generally trust. Of course those spams are annoying, but they haven't gotten to the point of making email unusable. And if a user in this distributed social system has hundreds of thousands of friends or "fans" — so that someone who hacked their account would be able to reach a large audience — then presumably they would be able to afford the security measures to keep their accounts safe. Much in the same way that many websites and blogs get hacked every day, but if you run a blog or a website that reaches millions of people, it behooves you to use tighter security measures than the average webmaster, and most people in that position can afford to do so. Nobody thinks that Web and email are unusable (or should be moved to a centralized system) just because websites and email accounts get hacked.
In sum, I don't think of the objections raised are fatal to the whole concept, although some of the objections made me think of improvements to the original idea (e.g. an API to build games and apps that could communicate over the Internet with other installations of the same app, or the use of CAPTCHAs to stop spam). The real barrier, as I've said all along, is that nobody would join in the first place, unless the project was launched by a company so popular that they could get new users to sign up just by announcing it. So there's not much that I, or anybody else outside of those behemoth companies, can do except to sit back and wait for someone like Google to try it. All we can do is lay out the case for why, if they did, it would change everything. Not to mention, if they made their own servers the largest node for hosting free ad-supported accounts under this open social networking protocol, it would make them a lot of money at the same time.
-
Bring On the Decentralized Social Networking
Frequent contributor Bennett Haselton writes: "The distributed-social-networking Diaspora Project recently announced that their software will be released as open source. I don't know if Diaspora specifically will be the Next Big Thing in social networking, but I hope that social networking moves to a decentralized model within the next few years, where anyone can set up and run a hub to administer profiles for themselves and their friends or clients, and where profiles can interact with each other in a distributed fashion instead of on a centralized system like Facebook." Read on for Bennett's thoughts on how that model could work. A decentralized social network infrastructure would bring a number of benefits, such as:- the end of horror stories about accounts and company pages being shut down arbitrarily by Facebook
- privacy settings that give you fine-grained control, and that are not forcibly changed for you
- an ad-free viewing experience (depending on the policies of the node hosting your profile), and
- the easy implemention of desirable features in the interface, without waiting for a single company like Facebook to adopt them.
(Not to mention an interface that stays relatively stable until you decide you want to change it -- no more waking up to find out you've been "timelined".)
Consider the main things that we use Facebook for today:- Finding old friends and re-establishing contact with them.
- Receiving a stream of updates from your friends, viewing photos, posting comments, etc.
- Creating events and inviting friends.
- Creating branded pages for your company or product that other people can "like," and receiving updates from pages created around other people's companies or products.
There's no particular reason why any one of those functions could only be carried out on a centralized system. I can envision a distributed protocol with many different servers, or 'nodes,' run by different hosting companies, and each 'node' can be used to store many accounts; users pick a hosting company and a node to create their new account, and their account on that node could be used to store their friends list, their photos and status updates, and any events and groups that they had created. I'll get to the protocol design in a second, but let me emphasize something more important first: to make the protocol censorship resistant, it would have to be possible to move your entire account from one node to another node at a completely different company, without breaking any of the existing links with friends, your events, etc. That way, the node hosting your profile wouldn't be able to lean on you by saying, "Delete that one photo you posted, or I'll delete your entire profile and you'll lose all the friend links and events that you created."
To make a profile "seamlessly portable" in this manner, my suggestion would be to have the profile associated with a domain name owned by the user, with a URL like http://yourdomainname.com/profileprotocol/yourusername/. The domain name could be hosted with any hosting provider, as long as you paid their hosting fee (or as long as you were willing to display their advertisements to people who viewed your profile). But if your hosting company ever kicked you to the curb, you could simply change the domain name to point to a different hosting provider, and be back up and running after just a few hours of downtime (assuming you had backups of all of your data!).
No one would be able to shut down your profile permanently, unless they wrested control of your domain name away from you, or convinced every hosting provider in the world not to host you. (A user who didn't want to bother with their own domain name, could still host a profile under someone else's domain. This would probably be the default option for most casual high-school users, and thus companies like Facebook could still exist to serve them by helping them create new profile accounts in two minutes. But then those users would have to accept the risk that the domain name owner could shut their profile down.)
Thus I'm distinguishing here between two levels of censorship-resistance that could be provided by a distributed model. In the weaker type of censorship-resistance, profile-hosting companies would compete for your business by providing more permissive hosting policies, which would enable people to post edgier content than Facebook currently allows -- but once you're hosted with a given company, you couldn't easily switch without breaking all of the inbound "links" from your friends' accounts, so your hosting company could force you to self-censor, by threatening you with the loss of your account. In the stronger type of censorship-resistance that I'm advocating, you could switch seamlessly from one hosting provider to another, as long as you kept control of your domain name.
Of course this is exactly the type of "censorship resistance" enjoyed by people who run their own websites under their own domain names. The challenge would be to bring the same freedom to an open social networking protocol, but I see no technical reason why it couldn't be done.
Consider a protocol where "Bob" creates a new account on a social networking hosting node (together with a public/private key used to authenticate his actions to other nodes — if you're not a crypto geek, don't worry about that, it just means that users wouldn't be able to forge friend requests, "likes," event invites, etc. from other people). "Bob" could then find the profiles of his friends, and add them to his own "friends list" (which would be stored on his node). If Bob adds Alice as a friend, then Bob's node can also download Alice's current friend list (unless Alice has disabled this feature, or unless Alice has customized her friend list so that only portions of her friends list are viewable to other users — something not currently possible with Facebook). That way, when Bob searches for new names of users to add as friends in the future, the search will first default to searching the friends-of-friends lists that he's downloaded from his own friends.
When Bob signs in to his account on his node (either through a web interface, or a dedicated application, or a mobile app), his "news feed" consists of the comments, photos, and other items that have been published from his friends' accounts. He can post comments on any of his friends' items, which are then transmitted to his friends' accounts and stored on their node along with their content, unless they choose to delete the comments. And of course he can publish his own photos and status updates just like we all do on Facebook today, which would be downloaded to his friends' news feeds. (I'm hand-waving over whether the notifications would be "pulled" by users' nodes periodically polling the nodes of their friends to check for new content, or by their friends' nodes "pushing" the content to all known subscribers.)
Alice could meanwhile create an "group" of users would would be stored as an object on her node, and invite other users to join the group. Then any messages or content posted to the group would show up in the news feeds of all users who had joined. And Alice could create "events" which are also stored as an object on her node, and send out invites to her friends or other members of her groups. Pretty much any Facebook feature could be duplicated in this distributed system, with the benefit that users wouldn't run up against aggravating limitations imposed by Facebook — like the fact that Facebook used to block you from messaging the guests of your own event after it reached 5,000 attendees, and then removed the ability to message guests of an event entirely.
There's only one Facebook feature that I think could not be implemented on a distributed social networking protocol, and that's the practice of accruing hundreds of thousands of fans for your company fan page, basically as a form of "social proof" to show potential new customers that you're serious. Under Facebook's model, if you see a fan page with hundreds of thousands of fans, your first instinct is to assume that the company must be doing something right in order to be that popular, since Facebook makes it difficult for a company to create hundreds of thousands of fake users just to be fans of their product. On the other hand, in a distributed model, suppose I run across a company's fan page which claims to have 1 million fans. It's not just a case of the company lying about having 1 million fans — you could use digital signatures to verify that 1 million "users" really are "fans" of the product — but since anybody can set up a profile hosting node, you have no way of knowing how many of those 1 million "users" are real. "Acme Soda Company" could have just set up a dozen profile hosting nodes and created 100,000 fake users on each one, and have each of them sign up as "fans" of their product. (I just made up that company name, but this is incidentally something the real Acme Soda Company is apparently not doing.)
But how useful is it for regular users, after all, to see that a company has hundreds of thousands of fans? I've never assumed that a company makes a quality product just based on the number of Facebook fans that they have. I'd be more interested in checking out a company if a high proportion of my own social networking friends are fans of the product — and that is something that could still be implemented in a distributed model, since if a company claims that 3 of my 100 friends are fans of their page, I could use their digitally signed "fan" relationships to verify that this is true.
So I hope that the future of distributed social networking arrives soon. It may or may not be in the form of the Diaspora Project (in true Dr. Evil fashion, their most recent press release announced that they've already attracted "thousands" of users), but there's no particular reason that a distributed protocol would have to be a grass-roots effort. My guess is that if it took off, it would have to be started as a side project by an established company that gave it name recognition, and which could possibly provide free hosting for the first wave of users. Google+ never gave most people a compelling reason to switch, but imagine if it had been released not as a website but as an open protocol, complete with an open-source implementation that could be installed anywhere. Thus, complete freedom to create pages with whatever content you want, to amass as many fans and subscribers as you could legitimately earn, without having to worry about it all being controlled by a single entity who could mine your data or delete your content. I definitely would have given it a closer look. -
GNU Media Goblin 0.3.0 Released
A mere year since the Mediagoblin photo/video sharing project was started, the project has hit version 0.3.0. Release highlights include: a rewrite of the database from MongoDB to SQL (via SQLAlchemy, making it much easier to install), audio support (using the HTML5 <audio> tag), a first take on a mobile interface, and smarter video buffering. Not content to sit idle, the developers are starting work on Salmon protocol support to federate with software like Diaspora in the next release. -
Larry Page Issues Public Update On Google Changes
itwbennett writes "Larry Page just wants to be loved. Well, he wants 'Google to be a company that is deserving of great love,' Page wrote in a public letter. But he also wants to offer the kind of personalized service that the requires trampling on your privacy. 'The recent changes we made to our privacy policies generated a lot of interest. But they will enable us to create a much better, more intuitive experience across Google — our key focus for the year,' Page wrote." From the letter: "Think about basic actions like sharing or recommendations. When you find a great article, you want to share that knowledge with people who will find it interesting, too. If you see a great movie, you want to recommend it to friends. Google+ makes sharing super easy by creating a social layer across all our products so users connect with the people who matter to them." With all the claims of altruistic intent in the open letter, one might wonder why Google has to push their own social network instead of working on open protocols for sharing.