Slashdot Mirror
Decentralized Social Networking — Why It Could Work
In an article last month, I argued that users would be better served by a centralized social networking system where users could store profiles on a server of their choice, rather than a centralized system like Facebook that stores everyone's accounts for them. My main point was that if you could switch your account easily between different hosting providers (preferably if the protocol allowed you to link your account to a domain name that you own, the way that website owners can easily switch from one hosting company to another if they own their own domain name), then it would be much harder to censor content in a distributed system. If a hosting provider removed your content or threatened to kick you off unless you removed it yourself, you could just migrate your profile to a new hosting provider, and all of your existing links to friends/groups/events would continue to work.
Many commenters raised objections, some of which I think can be countered fairly simply, and others that raise more complicated issues. I usually don't do follow-up articles addressing all of the objections to a previous article (unless I'm running a contest asking people to submit the best arguments against an idea of mine), but I think the migration to an open social networking protocol is such an important long-term goal, that I want to give voice to the objections and present what I think is the best counter-argument against each of them.
The skeptics' questions fell into two categories: (1) Why would anybody ever switch away from Facebook to trying out the new system? and (2) Even if people did switch, would the new distributed system be better? ("Better" both in the short term -- would trial users see enough benefit to get them to keep using it regularly? — and in the long term — would spammers and other attackers be able to undermine it?)
To begin with the question of why anybody would switch: I don't think that most people would switch because they had analyzed the arguments for and against a distributed vs. centralized system. I think the only reason most users would ever try a social networking site other than Facebook, would be because a trendy company like Google launched it and threw their weight behind it. Why else have 400 million people signed up for Google+, almost half as many as are on Facebook? Despite the hype about features like "circles", I think it's safe to say that most of people jumped on board because Google launched it and gave it a big push, and Google is cool. (As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)
So imagine if, at the same time that Google had released Google+, they had also released an open source server package that anybody could use to set up their own Google+ node, completely interoperable with all Google-hosted accounts, and where the user could have complete control over their hosted content. Presumably those 400 million users who signed up with Google+, would have still signed up for this hypothetical "open Google+", since it does everything that the real Google+ does. Some of those users would have taken the option to run their own nodes, if it had been available. And then you'd have additional users who didn't sign up with the real Google+, but who would sign up for an "open Google+" precisely because they would have control over all their own content.
Of course, even if Google+ had been launched as a distributed platform, users would still have the option of signing up for an account hosted on Google's servers, and indeed that would probably be the default choice for most people. (This answers the objection, raised by "0racle", "Havenwar", and others, that it would be "too complicated" for users to sign up for such a service. Certainly most users would not be expected to host and maintain their own nodes in the distributed system. Most of them would just sign up for an account with the largest node, like Google+.)
So that answers the question of how to get people to try it out. The continued relative obscurity of the Diaspora Project — the largest existing open social networking system — does not mean that the idea itself doesn't have merit, or that users wouldn't sign up for such a system if it were launched and promoted by a big company. The second challenge would be to get people to stay, something that users apparently did not do after trying out Google+.
Which brings us to the next set of objections, most of which asked: Would the new distributed system really be better than a centralized one? A big enough improvement to get people to keep using it, and to withstand attacks by spammers and other abusers? In this category of objections, there are some that I think can be answered easily, and some that are hard. So, the easy ones first.
A few users ("Havenwar", "tonywestonuk", and others) said that a distributed protocol would be inferior without integrated support for games or payments. But there's no reason a distributed protocol couldn't include support for other games or other types of apps to be built on top of it. An app could be installed to your profile and, using an API supported by the networking protocol, could send data over the Internet to your friend's profile on another server, if they had the same app installed, allowing you to make "moves" in a game you were playing against your friend. And you could specify which, if any, of your data you wanted the app to have access to. Similarly, if a developer wanted to charge money to users for installing an application, they could just give users a link to a third-party payment system like Paypal where the users would pay in order to download or activate the app. (Yes, people could download pirated versions of the app from BitTorrent sites and install them to their own server for free, but that's a problem for anyone selling commercial software.)
Other users (such as "History's Coming To" and one Anonymous Coward) said that the system I've described was essentially the same as the Web or the blogosphere (perhaps focusing on how I described the "news feed" aspect of a distributed system, which would pull in updates from all of your friends, much like Facebook's news feed does today). I disagree for two reasons: (1) it's much easier to sign up for a social networking account than it is to set up your own website or your own blog, so the proportion of high school students who have their own Facebook is much higher than the proportion that ever had their own Web page; and (2) the Web and the blogosphere do not allow for the creation of objects such as "groups" that you can join and send group messages to, or "events" where you can set a date and a time and invite friends and send messages to all of the invitees, or "games" that allow you to connect your profile with those of your friends and exchange data with them in an application-specific manner. These are all features I would hope to see in an open social networking protocol (although I could live without games).
Now for the harder objections. User "Requiem18th" pointed out that in a distributed system, if you chose to share anything only with your friends (who could access it through their profiles on their own servers), then an attacker could steal the data by attacking the least secure of any of your friends' servers. Even worse, if you'd chosen to share data with "friends of friends", then the attacker could get it by attacking the least secure of the servers of all of your friends-of-friends. True, but generally if I've shared something with all of my friends on Facebook (and even more so if I've shared it with all of my friends-of-friends), I consider that data to have been "compromised" in a certain sense already. If I had shared anything that I wanted to keep private, I'd be far more concerned about one of my so-called "friends" intentionally sharing it beyond the intended audience, than about their account being hacked. We know from hacks of people's email accounts that when attackers gain control of someone's account, they generally don't go through looking for private information, they just spam all of that person's friends with some Viagra ads and then move on.
Some users might have only a limited circle of friends on this distributed-social-networking system, and would share only very private information with them, and in that case their privacy concerns would be more serious. But users who were being that cautious, could set extra privacy on their accounts so that non-friends cannot see who is in their friends list. That would make it impossible for an attacker to spider their list of friends and then try to attack the friends with the least secure servers.
What about spam, fake accounts, and unwanted porn showing up in your news feed? A few commenters ("jeffmeden", "Havenwar", and another Anonymous Coward) said that there's a good reason, after all, that Facebook removes some content and terminates some people's accounts. Impersonation is an interesting problem in this context. There would be no technical barrier to stop someone from creating an account pretending to be someone else. If the impostor hosted the account on their own server, then they would get caught if the police got involved (or their upstream provider might cut them off if someone complained). But the impostor could also just try out many different profile hosting companies on the web, and create the impostor account with the hosting company that seemed to be the most lax about responding to abuse reports. If they use an anonymizing service like Tor to create and log in to the fake account, there's no evidence trail leading back to them at all.
Let me first point out, though, that the same is true for email -- I can create a Hotmail or Gmail account claiming to be anyone I want, and write to friends of that person hoping that they won't notice the message coming from a new email address. In fact, it would be easier to get away with this trick in email, because if I want to pretend to be Alice and send a message to Bob, all I have to do is create an account with Alice's first and last name, and send Bob a message hoping he doesn't notice that it's not coming from Alice's usual email address. If I wanted to do the same thing on an open social networking protocol, on the other hand, I would have to create my fake Alice account and then send a message or a request to "Bob". If Bob is already friends with the real Alice, he'll think it strange that he's getting a request from another "Alice" account, or a message from a user identifying as "Alice" but where the message is flagged as not coming from someone already in his friends list. Plus, once you have a friend relationship with the fake Alice, if your friends list is public, other users may notice the new "Alice" account and warn you about them. (With email, by contrast, no one else would ever see that you're in a thread with a fake "Alice" account, and wouldn't have a chance to warn you.)
So for all of these reasons, I would think that impersonation would be a bigger threat in email than it would be in an open social networking protocol. And yet, I never even heard of any of my friends being taken in by someone impersonating one of their acquaintances by email. However much it was ever happening in the world, it certainly wasn't enough for people to propose moving email to a centralized system where everyone used the same server and rogue accounts could be shut down.
What about spam from strangers? (A good deal of the spam would be porn, so I'm considering the "porn" objection to be a subset of this. If you're seeing porn in your feed because you opted in to see it, that's a feature, not a bug!) The mechanism of the "spam" would depend on whether the open protocol would allow non-friends to send you messages. On Facebook, if you send a message to a non-friend, it gets routed not to your Inbox but to a folder labeled "Other", where it's far less likely to be seen. (The Facebook interface and phone app won't notify that user that they have a new message in that case.) The only type of Facebook communication that you can send to a non-friend that Facebook will actually notify them of, is a friend request. Now, if our new open protocol allows for messages from non-friends to be delivered to your "Inbox", then spammers would indeed probably bombard users with spam. On the other hand, if the only communication we allow from non-friends is friend requests, then the spam would come in the form of the friend requests themselves (many guys would probably accept a friend request from a hot girl, even if the social networking protocol dutifully warned them that they had no friends in common). Even if you were smart enough to realize that most "friend requests" from unknown hot women were fake, they could still clog up your friend request queue and make you more likely to miss requests from real users.
The simplest solution would seem to be that if Bob starts getting too many spam requests, he can turn on a feature that requires other users to complete a CAPTCHA before being able to send Bob a friend request. (And users would also have to complete a CAPTCHA to send Bob a message if they weren't already in his friends list.) After enabling the CAPTCHA feature, all of Bob's existing friend relationships would remain in place, but the CAPTCHA barrier would stop spammers from clogging up his inbound friend request queue. With the CAPTCHA barrier in place, we could even allow non-friends to send Bob a message without it being dumped into his "Other" folder.
What if Bob's account gets hacked and his account starts spamming his friends, where the messages would not be stopped by any CAPTCHA barrier because Bob is already friends with all of those users? Much as people's existing Hotmail and Gmail accounts often get hacked, and the perpetrator immediately spams everyone in that person's address book — and that type of spam often gets through spam filters, because it's coming from someone that you've corresponded with, from a server that you generally trust. Of course those spams are annoying, but they haven't gotten to the point of making email unusable. And if a user in this distributed social system has hundreds of thousands of friends or "fans" — so that someone who hacked their account would be able to reach a large audience — then presumably they would be able to afford the security measures to keep their accounts safe. Much in the same way that many websites and blogs get hacked every day, but if you run a blog or a website that reaches millions of people, it behooves you to use tighter security measures than the average webmaster, and most people in that position can afford to do so. Nobody thinks that Web and email are unusable (or should be moved to a centralized system) just because websites and email accounts get hacked.
In sum, I don't think of the objections raised are fatal to the whole concept, although some of the objections made me think of improvements to the original idea (e.g. an API to build games and apps that could communicate over the Internet with other installations of the same app, or the use of CAPTCHAs to stop spam). The real barrier, as I've said all along, is that nobody would join in the first place, unless the project was launched by a company so popular that they could get new users to sign up just by announcing it. So there's not much that I, or anybody else outside of those behemoth companies, can do except to sit back and wait for someone like Google to try it. All we can do is lay out the case for why, if they did, it would change everything. Not to mention, if they made their own servers the largest node for hosting free ad-supported accounts under this open social networking protocol, it would make them a lot of money at the same time.
Why'd someone invest money to build it? How do you squeeze money from it? How do you sell demographics, how do you spy on your users?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
(As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)
Right, the first rule of Google Wave Club is you do not talk about Google Wave Club.
My work here is dung.
But don't we already have a decentralized social network called the internet?
Wasn't this what it was supposed to be?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Here is my proposal. You got a minute?
DeCenSocNet would be a Decentralized Social Network Consisting of Biological Humanoids (people) arranging themselves, more or less, in close proximity to one another. Friend requests will be made by pressing the palm of their upper appendages together and articulating upward the sides of their facial orifice.
These biologicical beings would use auditory signals and advanced parsing to communicate with one another. Caffeinated and/or alcoholic potions would intensify the communications protocol.
-badford
When Slashdot needs a meandering wall of text, there's only one man that can get the job done!
[female singers] BENNETT HASSLETON!
(A smart car vrooms through an intersection, crushing JON KATZ who is walking across the street at the time). BENNETT jumps out of the car and pushes his huge nerd glasses back up on his nose.
BENNETT: 'Sup, motherfuckers? I heard you needed some BORING-ASS NAVEL-GAZING! (winks at camera)
[female singers] BENNETT HASSLETON!
(-1, Raw and Uncut is the only way to read)
I was just thinking the same thing. Decentralized social networking is a really good idea, but the problem is that noone will bother enough to run their own server. Like email these days, people just use most convenient option- gmail/hotmail/whatever, and don't care about security/privacy implications.
Of course you can implement it in a way that every client is also a server, but then: * If you stop your client/server, your data must be distributed 3rd party nodes, that are owned by onknown people, so you don't get 100% guarantee your data is available if you close your client. * You won't be able to use this social network if you only have a browser, or if everything except HTTP traffic is blocked. * Add the usual about network effects, about how noone will switch because all their friends are already on facebook, etc. Also, NAT and piercing NATs is still an issue, especially if you are running something like this on your mobile.
Long story short, this would make a really nice project, but I don't see how it can become widespread. Maybe we should start selling people home entertainment appliances/home servers that run social network for entire family as well as one of the features? A server for every home, that could be somewhat hardened and keep all the family email/social networking/movies/etc in place, while keeping the privacy? But only people who care enough about privacy and geeks would buy it, which is a small market.
--Coder
When I read the following, I started to think the author might not be quite connected with reality:
Failing to account for the vast disparity between signups and activity is a serious flaw in his argument - especially when he charges to growth to "marketing"... rather than the forced conversion and signups from people who already had Google accounts and those who obtained them via Android phones. (He does mention, dismissively, the lack of staying power later... and the lets this critical issue drop.)
But when I read this the following, I really should have stopped as he's clearly headed off into cloud cuckoo land.
But they didn't. And there isn't going to be a decentralized social networking system that allows access to anything resembling Google's ecosystem. He also claims that most people won't switch because of an analysis of the value of distributed v. centralized - but then sets up and knocks down a set of strawmen that require potential users to to make such an analysis.
I'll just put this bluntly - if don't know enough to think of a game or apps API, or how users interact using them... You shouldn't be answering objections about a social networking system, because such interactions are part and parcel of social networking.
I use a decentralized social networking tool called email
It lets me send out a message -- with pictures and all!-- to a bunch of friends. And they can all see it and comment on it and share it with other friends. Pretty cool, huh?
Just what I was going to say.
You don't get anything done by designing it. Most programmers with the technical knowledge to implement could come up with a passable design for a decentralised social network.
It's not going to exist until someone actually creates it.
Social networking is no longer new; whether you consider it to have started with online communities in the mid-90s or with the beginnings of sites many people still use today.
I consider it to have started with Usenet. Based originally on UUCP, it was first connected to the ARPAnet in 1980 and flourished at an exponential rate along with it. It was not only a distributed social network but a fully decentralized, fully replicated one.
It was emphatically not supported by advertizing. The most infamous attempt to exploit its open nature for advertizing purposes was by American immigration lawyers Canter and Siegel in 1994, who managed to offend everyone on Usenet and were rapidly quashed. Still, a track record of 14 years of civilized use of a digital commons tells us that such projects can be eminently successful on their own merits.
Parity: What to do when the weekend comes.
...email servers and clients pretty much handle the technical side already. All you need is a new "social" interface.
This about it. A social network needs first and foremost a list of contacts, their unique identifiers, and lists that partition your big "everyone I know list" into smaller lists like "friends" or "coworkers" or "SPAM/blocked/ex-friends/people I know but just hate". The address book is also the most basic, not-strictly-necessary feature of any email client.
You would like to be able to push data (updates, tweets) to everyone who matters instantaneously, or in a very quick, timely manner. This is the main point of email. A social network website just stores your mailing lists and fills in the "to" field for you.
In a distributed version of such a network, there are additional complications and benefits. You have to have background processes to poll other servers (nodes) to fetch data, to make sure that all archives stay in agreement and don't lose data, that there are fail-over and reconciliation mechanisms for when communication is not possible (there may or may not be new data that I'm missing). This isn't trivial to implement, but it's also not foreign ground. It's not too different from what a news group client does, with a little torrent-like dynamic peer management. Newsgroup readers are generally built and bundled with the software that had the most interface and back-end similarities to it... the email a client. You would have a lot of data to collect from new friends, but the fact that you actually know each poster means that the more of the data pulled will be relevant to you than it was back in the newsgroup days.
You would like to be reminded or actively informed of certain information (birthdays, events). Calendars are built into every modern mail system, as is the ability to invite/require people at meetings and events.
You would like to play games and compare scores with people you specifically know. All of Facebook's games are flash-based (run on the local machine anyway) with some state information (scoreboard) tied to a third party server. Other than the fact this is a browser job more than a mail client job, this is already mundane, and nothing would change on a new system except for better visibility into the API, and control over what servers you connect to and what data you release. You could store a small, cookie-like fie for each game which friends could compare to their own to dynamically generate a "my friends only" scoreboard for them to compare to, if you for some reason don't want to expose your friend list to a particular game. In other words, games are "least facebook-y" aspect of facebook.
You would like to be able to set up "public" pages not tied to any person (groups, events). To continue the email metaphor, this is just a mass email chain with a specific subject line. The network makes sure that reminders are enforced, people don't "fall off" the chain (the only valid reply to a group-style message is "reply all"), and you have a body of data (history) that you want to be available to people who join later. The last bit produces some overhead, as the group is essentially a "pseudo-friend", whose friend list is identical to the member list. In a distributed system, multiple nodes will have to have to responsibility of maintaining this data, so that it's not lost if some large number of nodes decide to drop it simultaneously -- for example, if every such node is actually a user running his own server, and all of them leave the group simultaneously. This is not trivial, but is also not impossible. It will take some basic management (no more members = no more group) and perhaps some interface changes ("This event is two years old. Can we delete this stuff yet? )" or "do you want to archive this event to your local machine permanently?") but it can be done.
Furthermore, everyone today has an email client. Each of those is tied to a server that receives and stores data even when the client is not connected. So long as each message
We're on a diplomatic mission to Diaspora!
Do not meddle in the affairs of geeks for they are subtle and quick to anger
There's soooo much to say on this topic. This is doable, on the cheap if not free, but it'll be a LOT of work. First, this system has to be made more modular to contain complexity and allow it to become more useful over time than Facebook. The bottom layer should be a generic peer-to-peer platform, one that makes writing peer-to-peer apps as simple as client/server apps. On top of that, I'd want an open-source social networking app. Games and such could be simple peer-to-peer apps that work with the social network app when present. This structure would promote security, flexibility, and enable expermentation with a whole new world of potential social applications.
Applications could be developed to help answer many (all?) of the challenges described. For example, who pays for this thing to run? Most users will simply host their data on the most popular server, privacy be damned. An advertising app could enable hosts to make a profit. How do you deal with payments? A Paypal-like service (possibly actually Paypal) could be a known identity on the system, and deal with credit card and e-money transactions. Accepting money from people should be as easy as connecting to a web site. Add a web-of-trust app to the social network, and you can do more. A super-cool P2P money system called Ripple could run on such a network. If successful, it could enable micropayments between peers for just about everything. Want to send me an e-mail, but I don't know your P2P identity? Just pay me $0.01. Goodbye spam. Want to support legal content, while discouraging copyright violation? Sign up to remove content declared illegal by a source of my choice, similar to how Ad Block Plus and spam blacklists work.
With a solid base layer managing the P2P network and applications, a lot more than social networking could move from the "cloud" onto servers we trust (like the one in my closet). Such services include gmail, Google Docs, Dropbox, multi-player gaming, group voice chat, remote backup, and website hosting. Done right, it would work with ISPs to improve network caching, reduce latency, save money, make self-hosting services easier, and enable discovery and delivery of applications under Linux, Windows, Mac OS X, and Android (all the GPL3 compliant platforms). It could support freedom of speech with secret identities, like Superman/Clark Kent, without requiring a network like Tor that primarily supports illegal file sharing, and malicious attacks.
The individual pieces are involved. However, solid separation between the P2P platform, and the social apps that will run on top, is key. Lack of such system partitioning is why I lost interest in Diaspora early on. This is an idea I've been fleshing out, which is why I recently retained the PeerWeb.net domain. I've got maybe 1/4 of a peer-to-peer scripting/debugging tool written which I'm imagining embedding in the P2P platform layer. If anyone is interested in discussing the topic, email me at waywardgeek@gmail.com, and put "social networking" in the subject. I'd love to help free services from the clould, and put our data where it belongs: on our own machines. Diaspora is cool, but it's not going to get us there. It wasn't built right.
Celebrate failure, and then learn from it - Nolan Bushnell