Slashdot Mirror
Decentralized Social Networking — Why It Could Work
In an article last month, I argued that users would be better served by a centralized social networking system where users could store profiles on a server of their choice, rather than a centralized system like Facebook that stores everyone's accounts for them. My main point was that if you could switch your account easily between different hosting providers (preferably if the protocol allowed you to link your account to a domain name that you own, the way that website owners can easily switch from one hosting company to another if they own their own domain name), then it would be much harder to censor content in a distributed system. If a hosting provider removed your content or threatened to kick you off unless you removed it yourself, you could just migrate your profile to a new hosting provider, and all of your existing links to friends/groups/events would continue to work.
Many commenters raised objections, some of which I think can be countered fairly simply, and others that raise more complicated issues. I usually don't do follow-up articles addressing all of the objections to a previous article (unless I'm running a contest asking people to submit the best arguments against an idea of mine), but I think the migration to an open social networking protocol is such an important long-term goal, that I want to give voice to the objections and present what I think is the best counter-argument against each of them.
The skeptics' questions fell into two categories: (1) Why would anybody ever switch away from Facebook to trying out the new system? and (2) Even if people did switch, would the new distributed system be better? ("Better" both in the short term -- would trial users see enough benefit to get them to keep using it regularly? — and in the long term — would spammers and other attackers be able to undermine it?)
To begin with the question of why anybody would switch: I don't think that most people would switch because they had analyzed the arguments for and against a distributed vs. centralized system. I think the only reason most users would ever try a social networking site other than Facebook, would be because a trendy company like Google launched it and threw their weight behind it. Why else have 400 million people signed up for Google+, almost half as many as are on Facebook? Despite the hype about features like "circles", I think it's safe to say that most of people jumped on board because Google launched it and gave it a big push, and Google is cool. (As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)
So imagine if, at the same time that Google had released Google+, they had also released an open source server package that anybody could use to set up their own Google+ node, completely interoperable with all Google-hosted accounts, and where the user could have complete control over their hosted content. Presumably those 400 million users who signed up with Google+, would have still signed up for this hypothetical "open Google+", since it does everything that the real Google+ does. Some of those users would have taken the option to run their own nodes, if it had been available. And then you'd have additional users who didn't sign up with the real Google+, but who would sign up for an "open Google+" precisely because they would have control over all their own content.
Of course, even if Google+ had been launched as a distributed platform, users would still have the option of signing up for an account hosted on Google's servers, and indeed that would probably be the default choice for most people. (This answers the objection, raised by "0racle", "Havenwar", and others, that it would be "too complicated" for users to sign up for such a service. Certainly most users would not be expected to host and maintain their own nodes in the distributed system. Most of them would just sign up for an account with the largest node, like Google+.)
So that answers the question of how to get people to try it out. The continued relative obscurity of the Diaspora Project — the largest existing open social networking system — does not mean that the idea itself doesn't have merit, or that users wouldn't sign up for such a system if it were launched and promoted by a big company. The second challenge would be to get people to stay, something that users apparently did not do after trying out Google+.
Which brings us to the next set of objections, most of which asked: Would the new distributed system really be better than a centralized one? A big enough improvement to get people to keep using it, and to withstand attacks by spammers and other abusers? In this category of objections, there are some that I think can be answered easily, and some that are hard. So, the easy ones first.
A few users ("Havenwar", "tonywestonuk", and others) said that a distributed protocol would be inferior without integrated support for games or payments. But there's no reason a distributed protocol couldn't include support for other games or other types of apps to be built on top of it. An app could be installed to your profile and, using an API supported by the networking protocol, could send data over the Internet to your friend's profile on another server, if they had the same app installed, allowing you to make "moves" in a game you were playing against your friend. And you could specify which, if any, of your data you wanted the app to have access to. Similarly, if a developer wanted to charge money to users for installing an application, they could just give users a link to a third-party payment system like Paypal where the users would pay in order to download or activate the app. (Yes, people could download pirated versions of the app from BitTorrent sites and install them to their own server for free, but that's a problem for anyone selling commercial software.)
Other users (such as "History's Coming To" and one Anonymous Coward) said that the system I've described was essentially the same as the Web or the blogosphere (perhaps focusing on how I described the "news feed" aspect of a distributed system, which would pull in updates from all of your friends, much like Facebook's news feed does today). I disagree for two reasons: (1) it's much easier to sign up for a social networking account than it is to set up your own website or your own blog, so the proportion of high school students who have their own Facebook is much higher than the proportion that ever had their own Web page; and (2) the Web and the blogosphere do not allow for the creation of objects such as "groups" that you can join and send group messages to, or "events" where you can set a date and a time and invite friends and send messages to all of the invitees, or "games" that allow you to connect your profile with those of your friends and exchange data with them in an application-specific manner. These are all features I would hope to see in an open social networking protocol (although I could live without games).
Now for the harder objections. User "Requiem18th" pointed out that in a distributed system, if you chose to share anything only with your friends (who could access it through their profiles on their own servers), then an attacker could steal the data by attacking the least secure of any of your friends' servers. Even worse, if you'd chosen to share data with "friends of friends", then the attacker could get it by attacking the least secure of the servers of all of your friends-of-friends. True, but generally if I've shared something with all of my friends on Facebook (and even more so if I've shared it with all of my friends-of-friends), I consider that data to have been "compromised" in a certain sense already. If I had shared anything that I wanted to keep private, I'd be far more concerned about one of my so-called "friends" intentionally sharing it beyond the intended audience, than about their account being hacked. We know from hacks of people's email accounts that when attackers gain control of someone's account, they generally don't go through looking for private information, they just spam all of that person's friends with some Viagra ads and then move on.
Some users might have only a limited circle of friends on this distributed-social-networking system, and would share only very private information with them, and in that case their privacy concerns would be more serious. But users who were being that cautious, could set extra privacy on their accounts so that non-friends cannot see who is in their friends list. That would make it impossible for an attacker to spider their list of friends and then try to attack the friends with the least secure servers.
What about spam, fake accounts, and unwanted porn showing up in your news feed? A few commenters ("jeffmeden", "Havenwar", and another Anonymous Coward) said that there's a good reason, after all, that Facebook removes some content and terminates some people's accounts. Impersonation is an interesting problem in this context. There would be no technical barrier to stop someone from creating an account pretending to be someone else. If the impostor hosted the account on their own server, then they would get caught if the police got involved (or their upstream provider might cut them off if someone complained). But the impostor could also just try out many different profile hosting companies on the web, and create the impostor account with the hosting company that seemed to be the most lax about responding to abuse reports. If they use an anonymizing service like Tor to create and log in to the fake account, there's no evidence trail leading back to them at all.
Let me first point out, though, that the same is true for email -- I can create a Hotmail or Gmail account claiming to be anyone I want, and write to friends of that person hoping that they won't notice the message coming from a new email address. In fact, it would be easier to get away with this trick in email, because if I want to pretend to be Alice and send a message to Bob, all I have to do is create an account with Alice's first and last name, and send Bob a message hoping he doesn't notice that it's not coming from Alice's usual email address. If I wanted to do the same thing on an open social networking protocol, on the other hand, I would have to create my fake Alice account and then send a message or a request to "Bob". If Bob is already friends with the real Alice, he'll think it strange that he's getting a request from another "Alice" account, or a message from a user identifying as "Alice" but where the message is flagged as not coming from someone already in his friends list. Plus, once you have a friend relationship with the fake Alice, if your friends list is public, other users may notice the new "Alice" account and warn you about them. (With email, by contrast, no one else would ever see that you're in a thread with a fake "Alice" account, and wouldn't have a chance to warn you.)
So for all of these reasons, I would think that impersonation would be a bigger threat in email than it would be in an open social networking protocol. And yet, I never even heard of any of my friends being taken in by someone impersonating one of their acquaintances by email. However much it was ever happening in the world, it certainly wasn't enough for people to propose moving email to a centralized system where everyone used the same server and rogue accounts could be shut down.
What about spam from strangers? (A good deal of the spam would be porn, so I'm considering the "porn" objection to be a subset of this. If you're seeing porn in your feed because you opted in to see it, that's a feature, not a bug!) The mechanism of the "spam" would depend on whether the open protocol would allow non-friends to send you messages. On Facebook, if you send a message to a non-friend, it gets routed not to your Inbox but to a folder labeled "Other", where it's far less likely to be seen. (The Facebook interface and phone app won't notify that user that they have a new message in that case.) The only type of Facebook communication that you can send to a non-friend that Facebook will actually notify them of, is a friend request. Now, if our new open protocol allows for messages from non-friends to be delivered to your "Inbox", then spammers would indeed probably bombard users with spam. On the other hand, if the only communication we allow from non-friends is friend requests, then the spam would come in the form of the friend requests themselves (many guys would probably accept a friend request from a hot girl, even if the social networking protocol dutifully warned them that they had no friends in common). Even if you were smart enough to realize that most "friend requests" from unknown hot women were fake, they could still clog up your friend request queue and make you more likely to miss requests from real users.
The simplest solution would seem to be that if Bob starts getting too many spam requests, he can turn on a feature that requires other users to complete a CAPTCHA before being able to send Bob a friend request. (And users would also have to complete a CAPTCHA to send Bob a message if they weren't already in his friends list.) After enabling the CAPTCHA feature, all of Bob's existing friend relationships would remain in place, but the CAPTCHA barrier would stop spammers from clogging up his inbound friend request queue. With the CAPTCHA barrier in place, we could even allow non-friends to send Bob a message without it being dumped into his "Other" folder.
What if Bob's account gets hacked and his account starts spamming his friends, where the messages would not be stopped by any CAPTCHA barrier because Bob is already friends with all of those users? Much as people's existing Hotmail and Gmail accounts often get hacked, and the perpetrator immediately spams everyone in that person's address book — and that type of spam often gets through spam filters, because it's coming from someone that you've corresponded with, from a server that you generally trust. Of course those spams are annoying, but they haven't gotten to the point of making email unusable. And if a user in this distributed social system has hundreds of thousands of friends or "fans" — so that someone who hacked their account would be able to reach a large audience — then presumably they would be able to afford the security measures to keep their accounts safe. Much in the same way that many websites and blogs get hacked every day, but if you run a blog or a website that reaches millions of people, it behooves you to use tighter security measures than the average webmaster, and most people in that position can afford to do so. Nobody thinks that Web and email are unusable (or should be moved to a centralized system) just because websites and email accounts get hacked.
In sum, I don't think of the objections raised are fatal to the whole concept, although some of the objections made me think of improvements to the original idea (e.g. an API to build games and apps that could communicate over the Internet with other installations of the same app, or the use of CAPTCHAs to stop spam). The real barrier, as I've said all along, is that nobody would join in the first place, unless the project was launched by a company so popular that they could get new users to sign up just by announcing it. So there's not much that I, or anybody else outside of those behemoth companies, can do except to sit back and wait for someone like Google to try it. All we can do is lay out the case for why, if they did, it would change everything. Not to mention, if they made their own servers the largest node for hosting free ad-supported accounts under this open social networking protocol, it would make them a lot of money at the same time.
Why'd someone invest money to build it? How do you squeeze money from it? How do you sell demographics, how do you spy on your users?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
(As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)
Right, the first rule of Google Wave Club is you do not talk about Google Wave Club.
My work here is dung.
If it's such a good design, where's the prototype?
Give me Classic Slashdot or give me death!
But don't we already have a decentralized social network called the internet?
Wasn't this what it was supposed to be?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Here is my proposal. You got a minute?
DeCenSocNet would be a Decentralized Social Network Consisting of Biological Humanoids (people) arranging themselves, more or less, in close proximity to one another. Friend requests will be made by pressing the palm of their upper appendages together and articulating upward the sides of their facial orifice.
These biologicical beings would use auditory signals and advanced parsing to communicate with one another. Caffeinated and/or alcoholic potions would intensify the communications protocol.
-badford
If a hosting provider removed your content or threatened to kick you off unless you removed it yourself, you could just migrate your profile to a new hosting provider, and all of your existing links to friends/groups/events would continue to work.
In an ideal world where all you're worried about is censorship then, sure, whatever that might work. The problem is that I am virtually unconcerned with Facebook censoring me as it's never happened. What I'm concerned with primarily is Facebook selling my data to shady people. Oh, I just move my profile from that server after concerns of shadiness arise? Yeah, I bet they hurry up real fast and delete that data that they could turn around and sell to marketers.
My biggest concern arises from reading the book Beautiful Data (and reviewing it here on Slashdot) and remembering how Facebook dealt with its earliest problems of big data and content delivery networks (CDNs).
I just watched a video of my cousin on Facebook training a horse halfway across the country. Now, let's say she or someone near her was running their Google+ node or whatever you want to call it. How would that be propagated to a CDN like Facebook has done with her media that I'm viewing?
Furthermore, CDNs have solved a lot of issues and also relieved localized strain from, say, all the traffic from NYC going to LA (and vice versa) through the Series of Tubes that stretch across the country for every imgur and flickr and youtube video out there. Isn't that a step backwards in the sense of providing snappy response times on large objects?
My work here is dung.
Your ISP would pay for it. It would be a value-added feature.
Getting critical mass would be difficult, but large company promotion isn't the only way it could happen. Using the "killer app" concept, you might encourage usership by providing a feature that Facebook or Google+ don't provide, or better yet, can't provide. Figuring out what that is I'll have to leave as an exercise for the reader because I haven't figured it out. You would probably want to spend time contemplating the unseemly side of possibilities.
When Slashdot needs a meandering wall of text, there's only one man that can get the job done!
[female singers] BENNETT HASSLETON!
(A smart car vrooms through an intersection, crushing JON KATZ who is walking across the street at the time). BENNETT jumps out of the car and pushes his huge nerd glasses back up on his nose.
BENNETT: 'Sup, motherfuckers? I heard you needed some BORING-ASS NAVEL-GAZING! (winks at camera)
[female singers] BENNETT HASSLETON!
(-1, Raw and Uncut is the only way to read)
I was just thinking the same thing. Decentralized social networking is a really good idea, but the problem is that noone will bother enough to run their own server. Like email these days, people just use most convenient option- gmail/hotmail/whatever, and don't care about security/privacy implications.
Of course you can implement it in a way that every client is also a server, but then: * If you stop your client/server, your data must be distributed 3rd party nodes, that are owned by onknown people, so you don't get 100% guarantee your data is available if you close your client. * You won't be able to use this social network if you only have a browser, or if everything except HTTP traffic is blocked. * Add the usual about network effects, about how noone will switch because all their friends are already on facebook, etc. Also, NAT and piercing NATs is still an issue, especially if you are running something like this on your mobile.
Long story short, this would make a really nice project, but I don't see how it can become widespread. Maybe we should start selling people home entertainment appliances/home servers that run social network for entire family as well as one of the features? A server for every home, that could be somewhat hardened and keep all the family email/social networking/movies/etc in place, while keeping the privacy? But only people who care enough about privacy and geeks would buy it, which is a small market.
--Coder
When I read the following, I started to think the author might not be quite connected with reality:
Failing to account for the vast disparity between signups and activity is a serious flaw in his argument - especially when he charges to growth to "marketing"... rather than the forced conversion and signups from people who already had Google accounts and those who obtained them via Android phones. (He does mention, dismissively, the lack of staying power later... and the lets this critical issue drop.)
But when I read this the following, I really should have stopped as he's clearly headed off into cloud cuckoo land.
But they didn't. And there isn't going to be a decentralized social networking system that allows access to anything resembling Google's ecosystem. He also claims that most people won't switch because of an analysis of the value of distributed v. centralized - but then sets up and knocks down a set of strawmen that require potential users to to make such an analysis.
I'll just put this bluntly - if don't know enough to think of a game or apps API, or how users interact using them... You shouldn't be answering objections about a social networking system, because such interactions are part and parcel of social networking.
I use a decentralized social networking tool called email
It lets me send out a message -- with pictures and all!-- to a bunch of friends. And they can all see it and comment on it and share it with other friends. Pretty cool, huh?
I have been thinking about this for months now. If I were to build a decentralized social network, I would construct it as a peer to peer network, where your account information is mirrored by enough peers to be accessable around the clock. Public key encryption would be used to protect account details that are only visible to friends, that way people can mirror your private info without being able to read it. This design would make it difficult to sensor, difficult for big brother to sift through, and spare people from needing to run a dedicated server for their account. Unfortunately, I have a lot of reading (about encryption) to do if I were to persue this project, but if anyone is interested, we can toss some ideas around here.
We already have a decentralized social network, it's called GPG/PGP. The only problem is that not everyone wants to use the emule network to get their friends' updates.
Facebook has critical mass despite being a puss bucket, there needs to be a reason that common people can understand for them to migrate to p2p and public/private key encryption.
To encourage users to join, I recommend implementing the following killer features:
-enable user to run faster than a speeding bullet
-enable user to leap tall buildings with a single bound
-enable user to shoot laser beams from eyes
-free sex with hot chicks
-free money spigot
The PeerSoN project (http://www.peerson.net/) did some research on this topic already, but not all problems are out of the way yet for a feasible implementation.
Second, I have seen the progress of these networks. Facebook, in my experience, took over from myspace because kids in middle school began to create facebook accounts instead of myspace accounts. This meant by 2010 that firms that wanted to reach the 18-24 demographic had better have a presence on facebook. It is that simple. Kids that want to keep up with friends from high school or college are going to have a Facebook account. Advertisers who want to build a relationship with these people who do not necessarily watch as much TV as the older generation are going to go to facebook as an alternative option.
Oh, and in case it was not clear, most middle school kids have not funds, ability, nor do they care, about acquiring a domain name. They are just looking for cool stuff that is free and allows them to do stuff without parental permission. They are experimenting with a new freedom, but not yet secure enough to actually defy the parental unit. One is free to build a social network for adults, but it won't compete with facebook based on the decentralization.
So what are the problems with facebook? First, their demographic is aging, in other words moms are signing up to monitor their kids, socialize with their friends, and generally make facebook uncool. This not only makes kids less likely to sign up than they would be a few years ago, but also dilutes the demographic. There are cheaper ways to reach moms than facebook, and even dads.
Second is the lack of mobile platform. Kids are more likely to interact with the internet using a small screen, and facebook does not know how to leverage that. So the kids are not being monitored as they used to be. Decentralization will not solve this problem.
So any new platform is going to have give the 13-20 year old kid a better product. If someone did, in four years Facebook would as much toast as myspace. Decentralization is not going to do this.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Social networking is no longer new; whether you consider it to have started with online communities in the mid-90s or with the beginnings of sites many people still use today.
I consider it to have started with Usenet. Based originally on UUCP, it was first connected to the ARPAnet in 1980 and flourished at an exponential rate along with it. It was not only a distributed social network but a fully decentralized, fully replicated one.
It was emphatically not supported by advertizing. The most infamous attempt to exploit its open nature for advertizing purposes was by American immigration lawyers Canter and Siegel in 1994, who managed to offend everyone on Usenet and were rapidly quashed. Still, a track record of 14 years of civilized use of a digital commons tells us that such projects can be eminently successful on their own merits.
Parity: What to do when the weekend comes.
Without an easy migration from FB and Tewwter any solution is DOA.
An interoperable layer is needed to post to those other systems and slowly wean end-sheep off the services to the decentralized versions.
I really like the idea of not giving up my privacy controls to some 3rd party trying to sell my information or "page views."
I will happily run my own server and allow 50 friends and family to use it. They will be able to trust that their data isn't stolen or sold unless they setup the privacy to allow it.
Running the server will be easy for me. I'm not using FB or Tewwter today, so there isn't any migration necessary. I'm already running 15 other servers, so the financial aspects aren't any issue, though I will probably ask for $2/month from each user to cover normal expenses. Mom doesn't have to pay. My network blocks most ad networks completely and many web crawlers. We don't want 3rd parties to see this data anyway. In fact, perhaps a white list of allowed subnets would be a better way to go.
Hummmm.
if the organisation or some other hardware company sold a super cheap board with open source federated social networking software on it and supported it they would do very well perhaps.
they are basically value adding.
its easy for people.
they buy the hardware, its delivered and they plug it in and then fill in a few details and thats it.
i really think this is the way to get it of the ground.
Raspberry Pi foundation of some other foundation can do this.
--
Other hardware makers will see it take off and can do the same.
---
Will there be forks by other hardware companies ? Sure there will.
But in order to be attractive to end users, people will buy a fork that is HTTP API compatible with the other forks.
I think one of the web standards is the Social API or something ??
https://wiki.mozilla.org/Labs/SocialAPI
If they dont, then there offering will be much less attractive.
Eventually things will just work,
g
you see, the internet is like a series of tubes...
Some of these concerns have already been addressed and solved. Check out Tonika which uses crypto front-to-back, for example. They've already solved problems I'd never even understood to be present.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Yeah, CDNs are a Facebook-proprietary-technology that no other website in the world could possibly ever hope to use.
...email servers and clients pretty much handle the technical side already. All you need is a new "social" interface.
This about it. A social network needs first and foremost a list of contacts, their unique identifiers, and lists that partition your big "everyone I know list" into smaller lists like "friends" or "coworkers" or "SPAM/blocked/ex-friends/people I know but just hate". The address book is also the most basic, not-strictly-necessary feature of any email client.
You would like to be able to push data (updates, tweets) to everyone who matters instantaneously, or in a very quick, timely manner. This is the main point of email. A social network website just stores your mailing lists and fills in the "to" field for you.
In a distributed version of such a network, there are additional complications and benefits. You have to have background processes to poll other servers (nodes) to fetch data, to make sure that all archives stay in agreement and don't lose data, that there are fail-over and reconciliation mechanisms for when communication is not possible (there may or may not be new data that I'm missing). This isn't trivial to implement, but it's also not foreign ground. It's not too different from what a news group client does, with a little torrent-like dynamic peer management. Newsgroup readers are generally built and bundled with the software that had the most interface and back-end similarities to it... the email a client. You would have a lot of data to collect from new friends, but the fact that you actually know each poster means that the more of the data pulled will be relevant to you than it was back in the newsgroup days.
You would like to be reminded or actively informed of certain information (birthdays, events). Calendars are built into every modern mail system, as is the ability to invite/require people at meetings and events.
You would like to play games and compare scores with people you specifically know. All of Facebook's games are flash-based (run on the local machine anyway) with some state information (scoreboard) tied to a third party server. Other than the fact this is a browser job more than a mail client job, this is already mundane, and nothing would change on a new system except for better visibility into the API, and control over what servers you connect to and what data you release. You could store a small, cookie-like fie for each game which friends could compare to their own to dynamically generate a "my friends only" scoreboard for them to compare to, if you for some reason don't want to expose your friend list to a particular game. In other words, games are "least facebook-y" aspect of facebook.
You would like to be able to set up "public" pages not tied to any person (groups, events). To continue the email metaphor, this is just a mass email chain with a specific subject line. The network makes sure that reminders are enforced, people don't "fall off" the chain (the only valid reply to a group-style message is "reply all"), and you have a body of data (history) that you want to be available to people who join later. The last bit produces some overhead, as the group is essentially a "pseudo-friend", whose friend list is identical to the member list. In a distributed system, multiple nodes will have to have to responsibility of maintaining this data, so that it's not lost if some large number of nodes decide to drop it simultaneously -- for example, if every such node is actually a user running his own server, and all of them leave the group simultaneously. This is not trivial, but is also not impossible. It will take some basic management (no more members = no more group) and perhaps some interface changes ("This event is two years old. Can we delete this stuff yet? )" or "do you want to archive this event to your local machine permanently?") but it can be done.
Furthermore, everyone today has an email client. Each of those is tied to a server that receives and stores data even when the client is not connected. So long as each message
Usenet in regards to social interaction. So maybe its time for an upgrade from text based???
The down side, unlike facebook that only allows "like" biasing it towards the positive, usenet history is filled with negative bias... Message boards can also result in negative interaction.... showing the maturity level of the social network perhaps needs positive bias type of constraints to offset the kids egos.
Dude, Captchas don't really accomplish much. They're sloppy security, and they're hacked around all the time. In China, they have whole rooms of people that do nothing but fill out captcha forms all day for spammers. Sure, it's useful for the one off, but it's not a long term security fix. It's invasive to your user experience, and it's fundamentally flawed in that it only stops pure, script based robots. You're leaning on Captchas as a security solution, but you're making a serious mistake if you do that. If you're popular, someone will either figure out a way around the captchas, or they'll figure out a way around your captchas. Either that, or you create a captcha so good, that no human can read it either. And then you have no problem at all, because you'll have no users.
I really wish people would get more creative with this, and realize that captchas are not a silver bullet. They're a makeshift solution, that's good for when your site is getting bombed by bots. Beyond that, you need to think about real solutions that don't hurt your user experience, but still keep spammers gone. There are many of them out there. There are other practices that work. Slashdot has a marvelous system of limiting spam. The only time you ever see a cpatcha here is when you sign up. Why not learn from that?
This signature intentionally left blank.
Yeah, CDNs are a Facebook-proprietary-technology that no other website in the world could possibly ever hope to use.
Um, you really miss the core concepts of CDNs. It's not that everyone can't use them, it's that you have to pay to use them and then after that, you're just handing all your personal data over to $SOME_BIG corporation and *TADA* you're back to the original problem of why you moved away from Facebook ...
In a world where you weren't a selfish prick, you'd be worried about Facebook censoring *other* people, exposing users to stalkers, to governments and other entities which object to criticism and/or oversight, controlling who can interact with their families or not, and puncturing the anonymity balloon in general.
But it's all me, me, me, isn't it? Never mind, that was purely rhetorical.
noone will bother enough to run their own server.
Disagree. I think almost every company and big web site would not only run their own server, they would run servers many people use (just as they all provide email); and most any tiny hobby web site would run it (just as many small web sites host blogs & RSS feeds).
I'd love a distributed social network, and yes the Internet is supposed to be that. There are two things missing with the Internet as a social network:
* Stream aggregation
* Publishing to a circle only
Stream aggregation is easily overcome, simply use an RSS feed reader and implement a single stream algorithm like a Goolge+ does or a facebook does. Done!
* Publishing to a limited circle means you need to authenticate (exchange securely some keys) and authorize (add the key holder to a circle). and then publish the limited content in a separate feed authenticated by the key. As long as the keys are protected on the recipient side by a key management with a secure pass(word/phrase) you are good agains intrusion and stealing in most cases.
** By the way, you could set up the feed you share with circle member, so that there is a cache flag, which means the partner is not supposed to cache the content but always read it when needed from your serve. That way an intruder to the weakest link can only see some hooks into your content, but not access it w/o unlocking the exchanged key. You could also store the content encrypted, having mostly the same effect.
In terms of making this popular? Don't create a new system. Integrate it instead into existing publishing platforms, such as Wordpress, etc. You reach the most serious audience, serial publishers that publish publicly and I'm sure would see the value in having exchange circles and using integration between reading their social feed and writing in their publishing tool. From there it'll spread automatically and Wordpress.com or Tumblr would love to replace a central facebook or Google+
Another feature that is needed is to integrate the different identities one has on the web, such as the guest posts on a company blog, the personal blog, the article author in a magazine, the commentator on slashdot, etc.
So now there are 400 million Google Plus users?
I had no idea the number was so high. Surely now they are a big threat to Facebook?
A lot of people are very annoyed with Facebook's constant alterations to their privacy settings, sacrificing the happiness of their users for some short-term growth. If Facebook concede number 1 spot to Google, they are gone in the same way as Myspace.
P.S.: Cheap security against loosing one's disks, one's hosting provider or account access, could be achieved by sharing the content in a private encrypted form with all readers (limited amounts, distributed) and the ability to pull it back when one has the right key to request it. It's like a distributed backup.
Holy wall of text, I'm not reading that. Quick, someone give me a two sentence summary so I can make broad generalizations without having to know the details.
hollywood gets to be into it from the get go...it is one reason public torrenting is pwned....
all that stupid writing and you are already lost....go back to letting hollywood see you are the pirate bay hosted on PRQ that likes advocating child molestion advocacy groups
Multimedia Decentralized Social Networking will be the real next step.
And scientists are already planning for the "3D Mobile Multimedia Decentralized Social Networking".
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Facebook is rather complicated, but I think Twitter would be easier to replace due to its very public nature. Everyone sets up their own RSS feed (on whatever server they like) with an interface that makes it very easy to add to, and then your Twitter feed is simply an RSS aggregator which sorts entries chronologically and displays them inline.
Dude, edit it down.
Start with a summary short paragraph. No more than 3 paragraphes with 9 reasonable sentences. Link to a well written white paper for those who want more.
What if a user had the choice of being on Facebook or Google+ and could simply migrate their content seamlessly to the provider of their choice? Would this not mostly satisfy the core desire to be distributed? If any media provider could implement a core set of web utilities/API to make it possible to connect between Social Media sites then the users would have more choices and the media providers would be merely services trying to get you to reside inside their user base. No content could be held hostage, or censored. If you didn't like any service provider you could simply boot your own service providing that same API and serve your own profile and send your own events to the other providers users to whom you are linked. Everyone could connect to anyone, on any system, and no provider would have the upper hand to force users to do anything undesired or even censor their content beyond what they were willing to do. Don't like Facebook any more? Push a button and migrate to another provider in less than 10 minutes!
Not only should a social networking platform be decentralized, but also peer to peer (ie serverless). It is possible, and you can make it happen (yes you)
but the problem is that noone will bother enough to run their own server. Like email these days, people just use most convenient option- gmail/hotmail/whatever, and don't care about security/privacy implications.
That's ok. The key is being able to move your profile from one service provider to another. As long as you are able to do that, there is no problem.
I guess it's too bad no one has invented a way to encrypt HTTP connections.
Also, it's not like you can't host your own CDN. I do.
I miss nightly sync'ing, and modem chirps... Bring back Fidonet, I want to post on my SIGs.
Hell, Agora would be great... Social Media... Heh...
If it's private... then should it be social?
I've been contemplating how to design such a thing myself.
I think the key is not to think about it as FaceBook or Twitter or some service like that. More a glorified mailbox and phonebook that shares its data with friend's mailboxes.
My extremely naive notes can be pulled from github:
https://github.com/derickdressel/OpenBook/blob/master/brainstorm/derick/notes.html
Upcoming Javascript APIs are extremely exciting.
A javascript cryptography API is being layed out be the w3c.
http://www.w3.org/TR/WebCryptoAPI/
webRTC enables peer to peer connections over HTTP as well as media streaming.
http://www.webrtc.org/
But my Mom is on Facebook...
Going back brom big data to small shared data is the way to go. There are many ways that this could be done. The discussion of distributed trust could be an long (and good) and be taken from any Bruce Schniders latest books. If you read them then you have a good start on how the problem can be solved. TIP: Technology is not always the answer.
Luck is opportunity meets preparation, lets get lucky
Also, it's not like you can't host your own CDN. I do.
So let me get this straight. You have your own servers collocated in NE USA, SE USA, SW USA, NW USA, Canada, Mexico, China, etc etc etc etc etc? For the sole purpose of hosting your own social networking node so that people can access your stuff faster?
There's soooo much to say on this topic. This is doable, on the cheap if not free, but it'll be a LOT of work. First, this system has to be made more modular to contain complexity and allow it to become more useful over time than Facebook. The bottom layer should be a generic peer-to-peer platform, one that makes writing peer-to-peer apps as simple as client/server apps. On top of that, I'd want an open-source social networking app. Games and such could be simple peer-to-peer apps that work with the social network app when present. This structure would promote security, flexibility, and enable expermentation with a whole new world of potential social applications.
Applications could be developed to help answer many (all?) of the challenges described. For example, who pays for this thing to run? Most users will simply host their data on the most popular server, privacy be damned. An advertising app could enable hosts to make a profit. How do you deal with payments? A Paypal-like service (possibly actually Paypal) could be a known identity on the system, and deal with credit card and e-money transactions. Accepting money from people should be as easy as connecting to a web site. Add a web-of-trust app to the social network, and you can do more. A super-cool P2P money system called Ripple could run on such a network. If successful, it could enable micropayments between peers for just about everything. Want to send me an e-mail, but I don't know your P2P identity? Just pay me $0.01. Goodbye spam. Want to support legal content, while discouraging copyright violation? Sign up to remove content declared illegal by a source of my choice, similar to how Ad Block Plus and spam blacklists work.
With a solid base layer managing the P2P network and applications, a lot more than social networking could move from the "cloud" onto servers we trust (like the one in my closet). Such services include gmail, Google Docs, Dropbox, multi-player gaming, group voice chat, remote backup, and website hosting. Done right, it would work with ISPs to improve network caching, reduce latency, save money, make self-hosting services easier, and enable discovery and delivery of applications under Linux, Windows, Mac OS X, and Android (all the GPL3 compliant platforms). It could support freedom of speech with secret identities, like Superman/Clark Kent, without requiring a network like Tor that primarily supports illegal file sharing, and malicious attacks.
The individual pieces are involved. However, solid separation between the P2P platform, and the social apps that will run on top, is key. Lack of such system partitioning is why I lost interest in Diaspora early on. This is an idea I've been fleshing out, which is why I recently retained the PeerWeb.net domain. I've got maybe 1/4 of a peer-to-peer scripting/debugging tool written which I'm imagining embedding in the P2P platform layer. If anyone is interested in discussing the topic, email me at waywardgeek@gmail.com, and put "social networking" in the subject. I'd love to help free services from the clould, and put our data where it belongs: on our own machines. Diaspora is cool, but it's not going to get us there. It wasn't built right.
Celebrate failure, and then learn from it - Nolan Bushnell
Presumably any site that receives enough traffic to necessitate a CDN is going to be able to afford to do just that, or even as-is-needed.
In fact, I do use a CDN (albeit a paid 3rd party in this case) to run a social networking site: http://rok.yt/
And I run another myself where I have servers in Europe connected via a VPN to the application servers, whose resources they cache.
In either case, it's trivial and low-cost.
Google+ looked great at first, but then they did a complete overhaul of the interface and messed it up so bad that nobody I know uses it anymore. Lessons to learn:
1. Make social network UI changes gradually-- a complete overhaul is guaranteed to piss off a lot of users, no matter how much YOU like it. Change is a bad thing for many people. Facebook has already learned this one, for the most part.
2. Clean chronological sorting is a necessity, and if you can't decide whether to use the OP date or the last comment date, offer both.
3. Don't presume that your mobile users have any other computer.
A distributed social network without any central server would certainly work: just look at Bitcoin.
When you start up the Bitcoin client, you can securely transfer Bitcoins to other clients. The Distributed social network client would instead of transfering Bitcoins, transfer social information (pictures, messages). Instead of replicating transactions as Bitcoin does, it could replicate the state of all of the connections ('friends') of the person running the client. That friends could replicate the state of the person as well, so when you'd have enough friends you wouldn't have to worry about backups.
(-% TwistedMind %-)
I have already made a wonderful core for a system like this, in a completely unexpected and terribly useful form, and plan to come out with it shortly! I don't know what our exact strategy for approaching the public is (out of many), so i haven't revealed any details publicly. We are a two person company built around this concept, so we felt it best to complete the thing before we started waving it around (or at least, get close enough to see the end, which is why i can even post this, today).
We would like to talk with people seriously interested in solving this problem (and problems that have not been discussed here yet), and who think as we think. Emailing me through slashdot, for today, would be a way to establish a connection with us (weeds out trolls, if nothing else). We are at the forefront of a new technology.
CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
"In an article last month, I argued that users would be better served by a *centralized* social networking system where users could store profiles on a server of their choice, rather than a centralized system like Facebook that stores everyone's accounts for them."
Should be "decentralized" or "distributed".
See also my post here: ..."
"Raising the bar to a Social Semantic Desktop"
http://slashdot.org/comments.pl?sid=3161201&cid=41545181
"Here are some general thoughts about how Diaspora might relate to the Semantic Web and a Social Semantic Desktop, and how that might make it even more awesome to encourage everyone to migrate to it.
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Right now the trend is towards outsourcing email services to the likes of Google and Microsoft, simply because of the ease-of-use and low maintenance.
It won't work because there is no money to be made in it. Who will invest into development of this? And even if a group of enthusiasts will spend their time to implement something like that, implementation is the least of the problems. Who will spend millions promoting altruistic system where you don't own anything and can't sell anything? Solve this problem and options will follow...
* If you stop your client/server, your data must be distributed 3rd party nodes, that are owned by onknown people, so you don't get 100% guarantee your data is available if you close your client. * You won't be able to use this social network if you only have a browser, or if everything except HTTP traffic is blocked. * Add the usual about network effects, about how noone will switch because all their friends are already on facebook, etc. Also, NAT and piercing NATs is still an issue, especially if you are running something like this on your mobile.
If the servers are set us as bittorrent nodes, or something similar, with redundancy built in, that should address the issues you raise.
The original post is 1/3 of the entire page!
THINK! It's patriotic
More or less everyone connects to the internet through an ISP. Besides basic internet connectivity, most ISPs also offer webmail, POP3 mail, and some free web space, which most people never use. These ISPs are the ideal type of companies to host nodes of the Decentralized Social Network (DSN): they can thus provide more value to their customers, they get to route a decent amount of traffic internally, (many people's friends are on the same ISP,) they gain revenues from advertising, and they get the chance to advertise their services to their own customers and to their social network friends. (It is kind of funny how, once you have signed up with an ISP, you hardly ever interact with them in any way other than paying the bills. When was the last time you saw your ISP's home page? I am sure your ISP would like the opportunity to interact with you every once in a while.)
Many people would sign up with a DSN out of sheer detestation towards facebook and Zuck's annoying face. I, for one, would. Of course, in order to be successful, a DSN would have to integrate with facebook, meaning that my updates should be automatically cross-posted to facebook, and I should be able to view my friends' updates from within my DSN account. With a bit of luck, over time, facebook would turn into nothing but just one of the nodes of the DSN.
This guide is definitive. Reality is frequently inacurate. (from THHGTTG)
God damn, I got mentioned in a featured article and didn't notice until 2 days later (ages ago by Internet standards).
Soulskill, your answer is unsatisfactory. If I just wanted to have "something like facebook" the best and less painful way is to get on facebook. The motivation here is to stay away from facebook. I'm explaining you about ways my posts/profile information can leak to facebook. You dismiss my claim as a non-issue:
Here I'm assuming you didn't meant Facebook but Diaspora (or equivalent). Basically if I share something to my extended network I should have no qualms with facebook reading it. Fair enough, but then I lose all motivation to avoid signing up on facebook.
On a side note this claim is false:
You are forgetting CC numbers, SS numbers, home addresses and passwords. Attackers do look up for these strings. But we are talking about facebook, the guys that build ghosts profiles on non-users and correlate them with news papers articles and other 3rd party sources. There's a snowball-in-hell chance that they won't scan anything available in my nicely formatted Diaspora profile to build up my ghost facebook profile.
Then you address the conservative case:
No you can't. You cannot enforce shit on behalf of your friends' pod provider. Even if you trust your friends you also have to trust their service provider, one of which will be facebook, or Google or Twitter or some other CIA front. I know, this sounds paranoid, who needs this level of privacy? If you are doing something you don't want Eric Schmidt to know maybe you shouldn't be doing it, etc. Which are valid objections but defeat the purpose of not going with the flow and signing up on facebook.
In fact you give me an extra valid reason to trust facebook more than your proposed decentralized social network:
Holy cow! You want to know what friends we have in common? Even with the use of hashing algorithms it seems impossible to not leak your friend list with every friend request you make, making it trivial to rebuild your social graph. Consider this snippet: <img src="mydiasporaprovider.com/add-friend?url=http://evil.com/om-nom-nom" />. Unless my diaspora provider is very careful, will leak my friend list to whoever controls evil.com.
I'm not completely negative, not completely. But I'm very serious about keeping my personal information outside of the reach of 3rd parties. The best solution I can come up with is one that doesn't give access to my friends' service provider. Take a look at http://owncloud.org/.
We need a home server revolution. We need it NOW.
But... the future refused to change.
somebody's going to do it, eventually, if it hasnt already been done (and just not taken off yet). The person who does it probably wont be concerned with monetizing it, at least first, just like many other great creations.
There was (its been apparently abandoned) a low level research project called DSNP that sought to create the core of a distributed social networking system with a protocol that used encryption and public keys to allow secure, distributed social networks. Its a shame it has not gone anywhere (yet)... if I had the time and resources I would implement something on top of it. But alas, my "day job" doesn't care about such things..
-- Senior Software Engineer, Attorney appearance services, locallawyerapp.com.
What about these guys: http://pplsnet.com/ They offer decentralized social networking clients and hosting.