Blog

Decentralized Social Platforms

A response to Richard’s post:

One thing I still haven’t “got” is how the distributed model of buddycloud, diaspora, etc, actually works, i.e. what is the user experience like. I suspect that’s also the challenge they face, getting the public to understand, if they are to be successful. Do you “get it” yet? If so, can you explain it to me!

I’ll try …

The first question is, should we be worried about a commercial company owning our social graph and the events we’re publishing through it?  This is a serious question.  If the answer is no, then my current belief is that the main drivers for decentralization (or federation) disappear.  Are people happy for this data to be exploited if it means targetted ads (and that’s the main driver, at least currently) promoting stuff we really are interested in?  In my personal life, I’m letting Google have a different but similarly exploitable set of data.  The difference is perhaps that with, for example, Google we have more control over our data (more customer-focussed Ts & Cs and hopefully it’s more secure) whereas with Facebook, we sign up to Ts and Cs that hand it over to them (it’s neither private nor, apparently, secure).

Back to Richard’s Yam: the user experience should be very similar to now.  However, if we do care about privacy, and because of its close ally security, then federating the networks allows us to not just give the illusion of privacy but have a pretty good chance of securing that privacy.  In fact it offers the possibility of having differing levels of security, which you might be willing to pay for.  In the extreme case, I could maintain my own social network holding only my full social picture.  My friends (simply a list of unique identifiers) is held by me and I choose what events are published to those friends or subsets of those friends.  I may choose, for example, to bounce an incoming friend-of-a-friend (FOAF) request and have all manner of other controls available to me.  I could pay for a high-end software server (assuming there are options, e.g. from a technology perspective accredited commercial Java vs open-source PHP or from a feature perspective an advance-user ability to block FOAF requests); secure the physical server (we know this is non-trivial) and use other measures, for example a separate firewall, reverse proxy or even a packet sniffer (e.g. a separate XML parsing server) to double-check what is leaving and arriving at my secure boundary.

The technology is a challenge but the user experience must be right.  From Facebook’s “experiments” with privacy, we know the user experience has to be bang on and not too complex.  It’s no good having a privacy setting on all of my profile fields represented as a superset of each of the relationships I’ve categorised – this would alienate most users.

The other opportunity separation gives us is that, given I own my social data, I can move it to another “provider” that is more secure, or more resilient (I had two Twitter fail-whales this week), more performant, has more features or better integrates with the services I care about.  I could even delete it.  Diaspora calls the social data a Seed.  Seeds can be moved between Pods, or social data containers.

What I’m surprised about is the relatively small amount of work going on in this area.  Perhaps we don’t care that Facebook and others own our social data.  Stuart also raised the issue of monetization.  How do you exploit a secure private network?  Lots to think about technically but the “social policy” issues are also still playing out.  I think we’ve talked about the blog post and comment scenario.  I blog, you comment, who owns what?  This is even more complex with a wiki page.  How about a photo on Flickr?  If you upload a photo and I download it to my harddrive, who owns it?  If you choose to delete it, should you be able to delete it from my machine?  Technically this could perhaps be done, but what’s the requirement?  What’s the social contract?

Fascinating stuff that we’ll all get a chance to be involved in and hopefully drive forward.  My current thinking is that one of the platforms built on XMPP is going to win the game (if there is a game to be won) and that BuddyCloud is currently best setup to do this.  What doesn’t ring true is that Facebook et al., with all their money and clever people, don’t appear to be concerned about the work going on in this space, at least outwardly.  Perhaps there isn’t an issue on the Internet.  We know there are issues in this space on the Extranet.