Decentralized Social Networking — Why It Could Work

Decentralized Social Networking — Why It Could Work 128

Posted by Soulskill on Friday October 05, 2012 @11:56AM from the keeping-your-face-off-the-books dept.

Slashdot contributor Bennett Haselton writes with "a response to some of the objections raised to my last article, about a design for a distributed social networking protocol, which would allow for decentralized (and censorship-resistant) hosting of social networking accounts, while supporting all of the same features as sites like Facebook." Social networking is no longer new; whether you consider it to have started with online communities in the mid-90s or with the beginnings of sites many people still use today. As its popularity has surged, it has grown in limited ways; modern social networks have made communication between users easier, but they've also made users easier to market to advertisers as well. There's no question that the future of social networking holds more changes that can both help and harm users — perhaps something like what Bennett suggests could serve to mitigate that harm. Read on for the rest of his thoughts.

In an article last month, I argued that users would be better served by a centralized social networking system where users could store profiles on a server of their choice, rather than a centralized system like Facebook that stores everyone's accounts for them. My main point was that if you could switch your account easily between different hosting providers (preferably if the protocol allowed you to link your account to a domain name that you own, the way that website owners can easily switch from one hosting company to another if they own their own domain name), then it would be much harder to censor content in a distributed system. If a hosting provider removed your content or threatened to kick you off unless you removed it yourself, you could just migrate your profile to a new hosting provider, and all of your existing links to friends/groups/events would continue to work.

Many commenters raised objections, some of which I think can be countered fairly simply, and others that raise more complicated issues. I usually don't do follow-up articles addressing all of the objections to a previous article (unless I'm running a contest asking people to submit the best arguments against an idea of mine), but I think the migration to an open social networking protocol is such an important long-term goal, that I want to give voice to the objections and present what I think is the best counter-argument against each of them.

The skeptics' questions fell into two categories: (1) Why would anybody ever switch away from Facebook to trying out the new system? and (2) Even if people did switch, would the new distributed system be better? ("Better" both in the short term -- would trial users see enough benefit to get them to keep using it regularly? — and in the long term — would spammers and other attackers be able to undermine it?)

To begin with the question of why anybody would switch: I don't think that most people would switch because they had analyzed the arguments for and against a distributed vs. centralized system. I think the only reason most users would ever try a social networking site other than Facebook, would be because a trendy company like Google launched it and threw their weight behind it. Why else have 400 million people signed up for Google+, almost half as many as are on Facebook? Despite the hype about features like "circles", I think it's safe to say that most of people jumped on board because Google launched it and gave it a big push, and Google is cool. (As one commenter "DragonWriter" pointed out, Google had earlier launched or collaborated on some projects for open social networking -- but none of these were ever given the big push that accompanied the release of Google+. So that's probably why we never heard of those other projects, not because of any intrinsic merits of the ideas themselves. To get people using something, Google would have to launch it and promote it — but if Google does do those things, people will sign up.)

So imagine if, at the same time that Google had released Google+, they had also released an open source server package that anybody could use to set up their own Google+ node, completely interoperable with all Google-hosted accounts, and where the user could have complete control over their hosted content. Presumably those 400 million users who signed up with Google+, would have still signed up for this hypothetical "open Google+", since it does everything that the real Google+ does. Some of those users would have taken the option to run their own nodes, if it had been available. And then you'd have additional users who didn't sign up with the real Google+, but who would sign up for an "open Google+" precisely because they would have control over all their own content.

Of course, even if Google+ had been launched as a distributed platform, users would still have the option of signing up for an account hosted on Google's servers, and indeed that would probably be the default choice for most people. (This answers the objection, raised by "0racle", "Havenwar", and others, that it would be "too complicated" for users to sign up for such a service. Certainly most users would not be expected to host and maintain their own nodes in the distributed system. Most of them would just sign up for an account with the largest node, like Google+.)

So that answers the question of how to get people to try it out. The continued relative obscurity of the Diaspora Project — the largest existing open social networking system — does not mean that the idea itself doesn't have merit, or that users wouldn't sign up for such a system if it were launched and promoted by a big company. The second challenge would be to get people to stay, something that users apparently did not do after trying out Google+.

Which brings us to the next set of objections, most of which asked: Would the new distributed system really be better than a centralized one? A big enough improvement to get people to keep using it, and to withstand attacks by spammers and other abusers? In this category of objections, there are some that I think can be answered easily, and some that are hard. So, the easy ones first.

A few users ("Havenwar", "tonywestonuk", and others) said that a distributed protocol would be inferior without integrated support for games or payments. But there's no reason a distributed protocol couldn't include support for other games or other types of apps to be built on top of it. An app could be installed to your profile and, using an API supported by the networking protocol, could send data over the Internet to your friend's profile on another server, if they had the same app installed, allowing you to make "moves" in a game you were playing against your friend. And you could specify which, if any, of your data you wanted the app to have access to. Similarly, if a developer wanted to charge money to users for installing an application, they could just give users a link to a third-party payment system like Paypal where the users would pay in order to download or activate the app. (Yes, people could download pirated versions of the app from BitTorrent sites and install them to their own server for free, but that's a problem for anyone selling commercial software.)

Other users (such as "History's Coming To" and one Anonymous Coward) said that the system I've described was essentially the same as the Web or the blogosphere (perhaps focusing on how I described the "news feed" aspect of a distributed system, which would pull in updates from all of your friends, much like Facebook's news feed does today). I disagree for two reasons: (1) it's much easier to sign up for a social networking account than it is to set up your own website or your own blog, so the proportion of high school students who have their own Facebook is much higher than the proportion that ever had their own Web page; and (2) the Web and the blogosphere do not allow for the creation of objects such as "groups" that you can join and send group messages to, or "events" where you can set a date and a time and invite friends and send messages to all of the invitees, or "games" that allow you to connect your profile with those of your friends and exchange data with them in an application-specific manner. These are all features I would hope to see in an open social networking protocol (although I could live without games).

Now for the harder objections. User "Requiem18th" pointed out that in a distributed system, if you chose to share anything only with your friends (who could access it through their profiles on their own servers), then an attacker could steal the data by attacking the least secure of any of your friends' servers. Even worse, if you'd chosen to share data with "friends of friends", then the attacker could get it by attacking the least secure of the servers of all of your friends-of-friends. True, but generally if I've shared something with all of my friends on Facebook (and even more so if I've shared it with all of my friends-of-friends), I consider that data to have been "compromised" in a certain sense already. If I had shared anything that I wanted to keep private, I'd be far more concerned about one of my so-called "friends" intentionally sharing it beyond the intended audience, than about their account being hacked. We know from hacks of people's email accounts that when attackers gain control of someone's account, they generally don't go through looking for private information, they just spam all of that person's friends with some Viagra ads and then move on.

Some users might have only a limited circle of friends on this distributed-social-networking system, and would share only very private information with them, and in that case their privacy concerns would be more serious. But users who were being that cautious, could set extra privacy on their accounts so that non-friends cannot see who is in their friends list. That would make it impossible for an attacker to spider their list of friends and then try to attack the friends with the least secure servers.

What about spam, fake accounts, and unwanted porn showing up in your news feed? A few commenters ("jeffmeden", "Havenwar", and another Anonymous Coward) said that there's a good reason, after all, that Facebook removes some content and terminates some people's accounts. Impersonation is an interesting problem in this context. There would be no technical barrier to stop someone from creating an account pretending to be someone else. If the impostor hosted the account on their own server, then they would get caught if the police got involved (or their upstream provider might cut them off if someone complained). But the impostor could also just try out many different profile hosting companies on the web, and create the impostor account with the hosting company that seemed to be the most lax about responding to abuse reports. If they use an anonymizing service like Tor to create and log in to the fake account, there's no evidence trail leading back to them at all.

Let me first point out, though, that the same is true for email -- I can create a Hotmail or Gmail account claiming to be anyone I want, and write to friends of that person hoping that they won't notice the message coming from a new email address. In fact, it would be easier to get away with this trick in email, because if I want to pretend to be Alice and send a message to Bob, all I have to do is create an account with Alice's first and last name, and send Bob a message hoping he doesn't notice that it's not coming from Alice's usual email address. If I wanted to do the same thing on an open social networking protocol, on the other hand, I would have to create my fake Alice account and then send a message or a request to "Bob". If Bob is already friends with the real Alice, he'll think it strange that he's getting a request from another "Alice" account, or a message from a user identifying as "Alice" but where the message is flagged as not coming from someone already in his friends list. Plus, once you have a friend relationship with the fake Alice, if your friends list is public, other users may notice the new "Alice" account and warn you about them. (With email, by contrast, no one else would ever see that you're in a thread with a fake "Alice" account, and wouldn't have a chance to warn you.)

So for all of these reasons, I would think that impersonation would be a bigger threat in email than it would be in an open social networking protocol. And yet, I never even heard of any of my friends being taken in by someone impersonating one of their acquaintances by email. However much it was ever happening in the world, it certainly wasn't enough for people to propose moving email to a centralized system where everyone used the same server and rogue accounts could be shut down.

What about spam from strangers? (A good deal of the spam would be porn, so I'm considering the "porn" objection to be a subset of this. If you're seeing porn in your feed because you opted in to see it, that's a feature, not a bug!) The mechanism of the "spam" would depend on whether the open protocol would allow non-friends to send you messages. On Facebook, if you send a message to a non-friend, it gets routed not to your Inbox but to a folder labeled "Other", where it's far less likely to be seen. (The Facebook interface and phone app won't notify that user that they have a new message in that case.) The only type of Facebook communication that you can send to a non-friend that Facebook will actually notify them of, is a friend request. Now, if our new open protocol allows for messages from non-friends to be delivered to your "Inbox", then spammers would indeed probably bombard users with spam. On the other hand, if the only communication we allow from non-friends is friend requests, then the spam would come in the form of the friend requests themselves (many guys would probably accept a friend request from a hot girl, even if the social networking protocol dutifully warned them that they had no friends in common). Even if you were smart enough to realize that most "friend requests" from unknown hot women were fake, they could still clog up your friend request queue and make you more likely to miss requests from real users.

The simplest solution would seem to be that if Bob starts getting too many spam requests, he can turn on a feature that requires other users to complete a CAPTCHA before being able to send Bob a friend request. (And users would also have to complete a CAPTCHA to send Bob a message if they weren't already in his friends list.) After enabling the CAPTCHA feature, all of Bob's existing friend relationships would remain in place, but the CAPTCHA barrier would stop spammers from clogging up his inbound friend request queue. With the CAPTCHA barrier in place, we could even allow non-friends to send Bob a message without it being dumped into his "Other" folder.

What if Bob's account gets hacked and his account starts spamming his friends, where the messages would not be stopped by any CAPTCHA barrier because Bob is already friends with all of those users? Much as people's existing Hotmail and Gmail accounts often get hacked, and the perpetrator immediately spams everyone in that person's address book — and that type of spam often gets through spam filters, because it's coming from someone that you've corresponded with, from a server that you generally trust. Of course those spams are annoying, but they haven't gotten to the point of making email unusable. And if a user in this distributed social system has hundreds of thousands of friends or "fans" — so that someone who hacked their account would be able to reach a large audience — then presumably they would be able to afford the security measures to keep their accounts safe. Much in the same way that many websites and blogs get hacked every day, but if you run a blog or a website that reaches millions of people, it behooves you to use tighter security measures than the average webmaster, and most people in that position can afford to do so. Nobody thinks that Web and email are unusable (or should be moved to a centralized system) just because websites and email accounts get hacked.

In sum, I don't think of the objections raised are fatal to the whole concept, although some of the objections made me think of improvements to the original idea (e.g. an API to build games and apps that could communicate over the Internet with other installations of the same app, or the use of CAPTCHAs to stop spam). The real barrier, as I've said all along, is that nobody would join in the first place, unless the project was launched by a company so popular that they could get new users to sign up just by announcing it. So there's not much that I, or anybody else outside of those behemoth companies, can do except to sit back and wait for someone like Google to try it. All we can do is lay out the case for why, if they did, it would change everything. Not to mention, if they made their own servers the largest node for hosting free ad-supported accounts under this open social networking protocol, it would make them a lot of money at the same time.

This discussion has been archived. No new comments can be posted.