Occupy Facebook: innovation in the era of social protest

December 29, 2011 | Leave a comment

Occupy UMWired reports that a group involved in the Occupy movement is working on its own decentralized social networking platform:

“I don’t want to say we’re making our own Facebook. But, we’re making our own Facebook,” said Ed Knutson, a web and mobile app developer who joined a team of activist-geeks redesigning social networking for the era of global protest.

Dave Winer notes that it probably won’t succeed:

There is no market for that. Facebook is the Facebook for the 99 percent. The goal should be to make something open and non-monolithic that provides many of the most valuable services of Facebook without the silo walls. It should not be something that an individual does, or a small group laboring heroically, rather it should be something that the Internet does.

In principle, I agree with Dave. It’s a fundamental mistake that a lot of people make when they build a social site. I used to spend a fair amount of my time at Elgg dissuading people from trying to make the new MySpace (which was the hot thing at the time), and inevitably, none of the neo-MySpace generic social networking sites worked out. Where open social networking did work out was for specific use cases: connecting people inside charities, providing platforms for reflective learning in education, rallying around causes or products.

However, that’s also an argument for why a social engine for Occupy might succeed. If it’s geared specifically at the needs for protest, while using existing technologies and simple solutions where appropriate standards don’t exist, it may become the first broadly-adopted decentralized social platform. From the backbone of Occupy using it, I can easily imagine other progressive organizations and individuals picking it up, eventually spreading through the academic sector – until it finally reaches the commercial world. Sure, there’s no market for that, but there’s a drive and motivation.

In an age where laws like SOPA are considered – where the threat of sites being yanked off the Internet without due process is real – decentralization in platforms underpinning progressive causes makes a lot of sense. You can easily imagine the “retweet” or “reshare” feature found in the likes of Twitter or Tumblr being used to create a copy of information so that it spreads across the network like an old-school Usenet post; a kind of social multicast which ensures that nothing really dies. Some nodes may live in the cloud, some on dedicated server clusters, and others on always-on home computers linked via a Comcast router; the same free speech, everywhere, indelible and impossible to control.

That’s a future I can get behind, and a platform I’d love to be involved with. In comparison, taking on Facebook just seems so small.

Occupy photo by Sasha Y. Kimel, released under a Creative Commons license.

Is it time to revive the Bill of Rights for Users of the Social Web?

September 25, 2011 | 2 comments

DataSharingSummit group photo

In some ways, the web industry seems to have lost its way. From empowering users and smashing incumbent gatekeepers, the emphasis is now on how to raise the next round of funding and convert active users into their maximum possible value..

My piece about Facebook, contextual identity and radical transparency continues to get a lot of attention, and the conversation continues. Dave Winer urged his readers to log out of Facebook, and Nik Cubrilovic countered that logging out doesn’t help. In short, when you log out, Facebook continues to remember who you are, and your account details are still sent whenever you access a Facebook resource (like a page or facebook.com or a Like button anywhere). He goes on to say that:

Privacy today feels like what security did 10-15 years ago – there is an awareness of the issues steadily building and blog posts from prominent technologists is helping to steamroll public consciousness. The risks around privacy today are just as serious as security leaks were then – except that there is an order of magnitude more users online and a lot more private data being shared on the web.

It’s clear that privacy is becoming a business factor as well as something that some of us care about from an ethical standpoint, and that’s in large part due to Facebook bringing it to the public’s attention. I’m reminded of the Bill of Rights for Users of the Social Web, from 2007, which many of us signed as part of Marc Canter’s Data Sharing Summit. It was intended to address many of these issues before they became wider problems.

The meat of the Bill of Rights is:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

Ownership of their own personal information, including: their own profile data; the list of people they are connected to; the activity stream of content they create;

Control of whether and how such personal information is shared with others; and

Freedom to grant persistent access to their personal information to trusted external sites.

At the meeting, a large and influential (at the time) web corporation suggested that the word “ownership” was a step too far, and that it should be enough for users to simply have control. Since then, I think it’s become acceptable to suggest that users own their data (as in the course of using a web service, a reasonable person would assume that he or she already does); instead, web services are granted an irrevocable license to use it.

Given this, and given the conversations we’ve been having as a community, perhaps the time is right to revive aspects of this document, and bring it up to date for 2011?

Photo: the Data Sharing Summit group, September 8, 2007. A prize for the first person to identify 90% of the people in the picture.

Danger in the cloud: a proposal

October 12, 2009 | 8 comments

In response to recent events, I’d like to propose a different kind of web service that overcomes the privacy and reliability issues with cloud web applications, while providing a solid business model for both application developers and service providers, as well as a seamless, easy-to-use experience for end users.

The T-Mobile storm

Over the weekend there’s been a storm surrounding the T-Mobile Sidekick, which is produced by Microsoft’s Danger subsidiary. It turns out the device stores the primary copy of data like calendar and address book information in the cloud rather than on each device; perhaps a fair proposition if you knew you could trust Microsoft’s servers. Unfortunately, said servers went down last week, and Microsoft didn’t have a working backup. Sidekick users suddenly found themselves without their personal information.

Is cloud computing safe?

Understandably, this has sparked a wider conversation about computing in the cloud. AppleInsider summed it up:

More immediate types of cloud services take away users’ control in managing their own data.

While Ina Fried over at CNet noted:

The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud–Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers.

The issues surrounding cloud computing have been discussed for a while, and aren’t limited to these sorts of accidents; here’s a post I wrote in 2007 about the rights we ought to have over our cloud data. Partially because of the risks involved, and the risk of leaky data, some kinds of organizations and enterprises simply can’t use cloud computing services. (In the UK, for example, check out the requirements imposed by the Data Protection Act.) At the same time, the Sidekick debacle shows there are clear risks to end-user consumers too.

Despite this, the benefits of cloud computing are obvious, particularly for the organizations that can’t use them: device-independent applications and data we can access and use from anywhere.

Can we have the best of both worlds?

The personal computing model is relatively secure: you install applications on your computer, and they sit on your local hard drive, along with your data. Assuming there hasn’t been a security breach, or you haven’t explicitly provided access to your data over a network or through a direct action like emailing it, it’s safe.

On the other hand, because your applications and data are locked away on your hard drive, you generally have to have direct access to it in order to use them. There are remote desktop solutions like VNC, but these are clunky and fairly useless over a low bandwidth connection.

Web applications that store their data in the cloud overcome this obstacle, but lose the security of sitting on your own computer.

What if there was a halfway house between these two situations?

The personal web server that works

Theoretically, anyone can run their own web server, right now, that allows them to install web applications in a more secure, controlled environment and access them from anywhere. But there are some very good reasons why they don’t:

  • You need system administrator skills, usually on top of Linux skills, to do it.
  • Web applications – even relatively easy-to-install ones like WordPress or Elgg – are fiddly. There are configuration files, directory permissions and (potentially) source repositories to contend with.
  • The web applications you can install on your own server are often not as good as the ones you can get in the cloud.
  • When something breaks, it’s your own responsibility to fix it.
  • Servers are expensive.

What if we could fix all of these things at once? Enterprises, organizations and individuals could have their own, more secure environment that would allow them to use the cloud applications they needed with fewer security risks, while enjoying the ease-of-use and immediacy that the cloud provides.

One of the reasons everyone’s leaping to copy the iPhone’s app store business model is that it just works. Sure, you’re forced to delegate root control of the phone to iTunes, and the operating system places some seemingly arbitrary restrictions on what applications can and can’t do. But the handset works, and installing software is easier than on any other platform. The truth is, most ordinary users don’t care about those restrictions. Hell, I’m a computer scientist software developer entrepreneur power user, and I’m just happy the thing works. (Context: my previous phone ran Windows Mobile, which doesn’t.)

Imagine if you could get your own server environment that was as easy to use as the iPhone. It would look something like this:

Front end & business model

  • You sign up for the service, possibly for a small monthly fee, possibly for free (depending on the service provider). Alternatively, if you’re more technical / an enterprise / an organization, you install it on your own infrastructure. The platform is available for free and could be open source.
  • From a secure web-based admin panel, you can add and remove users (although the platform optionally also supports Active Directory and similar standards, as well as OpenID), and install / uninstall applications from a centralized app store with the usual features: ratings, search, similar apps, etc. Installation is one-click, and upgrades are similarly seamless. (That WordPress “what, I have to upgrade again?” problem: solved.)
  • Much like the iTunes app store, applications may be free, or may cost a small amount. Applications may impose licensing restrictions based on number of users: for example, the app costs $4.99 for up to 5 users, $19.99 for up to 25, etc.
  • As with the iTunes app store, the application store provider takes a cut – and so does the service provider. This creates a strong incentive for multiple vendors to provide hosted services for little cost. It also effectively creates a discount for enterprise, organizational and technical users, who can bypass a service provider. The payment to the web application developer also, for the first time, creates a solid commercial marketplace for high quality web application products, while the free option allows open source vendors to distribute as normal.

Technology

  • Behind the scenes, the server runs existing open source technology: Apache, Tomcat, PHP, Perl, Python, Ruby on Rails, MySQL, Postgres, etc. However, there are restrictions on how applications must be structured, behave and share their data. This allows the one-click install and upgrades to function correctly. Importantly, though, users of the system need never worry about the underlying framework.
  • The platform has a central data store that all applications may access via an API. This data store is fully exportable, allowing (for example) a datastore stored with a service provider to be moved to an internal setup as an organization expands. As with the iTunes app store, applications are linked to a store account rather than a physical machine, so the application licenses are portable too.

Of course, this wouldn’t replace standard web servers. What it does provide, however, is a simple cloud operating system that simultaneously works in a more secure, dependable way than existing services, would be more acceptable to many organizational users, and provides a genuine business model for web application developers.

The web is now an end user application platform, but still behaves like a lightweight document store. To obtain the level of software customization we all enjoy on our home PCs, a much higher level of technical competence is required. I strongly believe that this situation must change for the web to be a viable commercial application framework.

Building the user-centered web

July 1, 2009 | 8 comments

The following post contains my notes for a talk I gave at the Hauser Center for Nonprofit Organizations at Harvard University on June 25, 2009.

What is a social network?

I would like to reclaim some language:

Social is an adjective that means relating to human society and its members.

A network is an interconnected system of things or people.

Therefore, I’d suggest that we can define a social network as just being an interconnected system of people.

The audience of this talk is a social network; so are your friends, colleagues, interest groups and so on. Social networking tools facilitate social networks. The universe of social tools certainly includes web applications with social functionality, but it also includes structured face to face interactions, telephone, post, SMS, email. In other words, the web is just one possible tool for this purpose – albeit a very effective one.

If you build it, they will come

You can’t install a social networking tool and instantly expect usage: Field of Dreams is not a good model for community development. The web is littered with ghost sites created using Ning, Elgg and more that have been established in the hope that a user-base will magically appear; however, if your main selling point is the social network itself, nobody’s going to join until that network of people exists and is actively using it. It’s a chicken-and-egg problem.

Therefore, you either need to have an existing network of people to facilitate interactions between (for example, when Facebook launched at Harvard) or compelling functionality that is useful without a network of existing users (for example, Delicious).

If we’re creating a tool that’s useful for the first user who signs up, without a pre-existing social network, then what we’re really talking is a software application that uses the web as an interface, and happens to have social functionality as one of its features.

The web as applications

When the web was conceived, it consisted of documents and pages linked with hypertext: linked words and phrases that, when clicked, would load another, relevant document. Each page had its own Uniform Resource Locator, which allowed you to return to that specific page at any time. Each page could be a destination in itself, and although the sites (collections of pages) could be linked together through hypertext, each one had no need to know about your activities elsewhere on the web. Why would they? Documents don’t have memory; their role is simply to impart information.

Step forward to today, and the web is not entirely made of pages: applications now represent a large amount of the web. (Princeton WordNet defines an application as “a program that gives a computer instructions that provide the user with tools to accomplish a task”; Google Docs, Remember The Milk, Flickr, Delicious etc are all applications by this definition.)

The benefits are tangible: you can access an application’s functionality from any web-compatible device, anywhere in the world. You’re no longer bound to the software you happen to have installed on a particular machine, and you no longer need to worry about whether you’ve remembered to save a particular file onto a particular drive. Because of historic resource limitations, web applications tend to be easier to use, and entirely bypass the need for IT departments, which have unfortunately earned a reputation for being obstacles to productivity in many organizations.

This change of web usage has been reflected in the ongoing development of HTML, the markup language that all web interfaces are written in. The first four versions were largely orientated towards documents; however, HTML 5, currently in development, is the first version that explicitly contains functionality to support web applications. That includes offline storage and usage, sessions, and more advanced interface features. However, aspects of the document-orientated model remain.

Silos of information

Each application is its own atomic destination with its own URL, and is by default only aware of data created within it. That means we need to register for each application we want to use, fragmenting our accounts over potentially hundreds of products and company data centers, and that the documents, files and data we create within them can’t easily be shared with other applications. On my desktop, I can write a document in Word and open it in OpenOffice, or take a Paint doodle and load it in Photoshop, but there’s no easy, generic way to take my bookmarks from Delicious into another bookmarking tool, or to take my Google Docs and open them in Acrobat.com.

Currently, each web application is like a silo: they exist on their own, and if they interoperate at all, it’s through specific links between applications that have to be individually developed. Certainly, data created in an application stays in that application; sometimes you can check your GMail address book for contacts in order to find existing friends on a service you’ve just signed up to, for example, but it’s rare that you can actually export data fully into another product. As many of these services are free, a significant portion of their business models revolve around being able to control user-contributed data, keep users coming back, and sell user-generated activity data for marketing purposes. (One has to question whether the market for personal details will continue to be profitable, or whether, like the web advertising market before it, it will saturate and crash.)

In a social networking tool, the site model means that your contacts, the information you share and any detailed access permissions all relate solely to the application they were created in. However, collaborative spaces in social web applications are like documents: they’re one of the currencies of the social web. Just as I need to be able to use my wordprocessor of choice to edit a document, I need to be able to use my social tool of choice to collaborate with others.

Turning the model upside down

Right now, we have to register with each application we want to use. What if we required each application we used to register with us, in digital identities under our own control?

What if, using these identities, anyone could connect to anyone else, and anyone could store their data anywhere as long as the storage provider followed the same broad standards?

The web itself would become a social networking tool.

This is far more flexible, and future-proof:

  • Your ability to collaborate is not subject to a single company’s success: social functionality and application infrastructure are inherent in the web itself
  • The possibilities for collaboration are not subject to technology beyond common open standards, which can evolve
  • A wider range of application possibilities is ensured, because web applications gain the ability to interoperate in a general way
  • Privacy and user control are established by allowing a person to determine which application has access to which data

By establishing a general standard for social application interactions, the services and technologies used to make connections become less relevant; the Internet is people, one big social network, and users no longer have to worry about how they connect. We can all get on with communicating and collaborating rather than worrying about where we connect.

User-centered identities

Under this model, providing the software that hosts your digital identity becomes big business. This hasn’t gone unnoticed by the main service providers, and they’re already fiercely competing to be your identity on the web:

  • Facebook wants your central identity to be a Facebook account (and arguably have made the user-centric model for the web part of their strategy for a very long time)
  • Google wants it to be a Google account
  • Twitter wants it to be a Twitter account
  • Microsoft wants it to be a Live ID
  • OpenID want it to be any OpenID-capable URL

Because I use all of these services, the result is a very complicated identity space. These are a subset of my profiles:

For identities to be usable as a generic standard, you should be able to use any of these – or all of them. Nobody has just one facet (or persona) comprising their identity; everyone has a collection, representing the different parts of their lives. Ben Werdmuller the web strategist for hire doesn’t need to be connected to Ben Werdmuller the Doctor Who fan, who in turn doesn’t need to be connected to the Oxford resident. They can be connected if I choose to make them, but separating parts of your life is part of a user’s control over their identity.

However, that needs to be context-specific, not application-specific. Currently, for example, my Facebook account tends to be personal, while my Twitter tends to be professional. That doesn’t make sense: in order to write personally on Twitter, I either have to accept the collision of those two parts of my life, or I need to create an entirely separate, fragmented Twitter account. Wouldn’t it be better to be able to control who sees which interactions, and choose tools based on the functionality they add to a conversation? Otherwise you have the situation I present above: one identity per communication context per application. That will quickly become unmanageable, and the web will be littered with dead profiles.

Conversely, I believe the future of the web is in atomic digital identities based on permissive, open standards, linked together as an application framework.

How do we make this work?

Problem to solve: user control

First and foremost, the framework for decentralization must be established – in other words, the actual social mesh standards that will make it possible.

Technical mechanisms need to be established for controlling access to a resource or collaborative space, which should be easy to use without removing any of the flexibility of the platform, and should allow for the maintenance of multiple personas.

Another part of access control is allowing a resource to expire gracefully. It’s important to know when to lose data: sometimes documents, resources, spaces, personas or entire identities may be transient and only required for a certain length of time. There’s no need for everything on the web to exist indefinitely; currently, rigorous indexes like Google ensure that much of it does.

Finally, the tools and standards we create must be permissive of goals, content and structure that we might not have thought of. There certainly doesn’t need to be an overarching structure or taxonomy between individual identity spaces, and constraining the technology to a rigid set of activities and data types would limit the scope of the platform.

Problem to solve: ownership

Existing web applications tend to have a single-ownership model for resources. However, Silona Bonewald rightly pointed out to me that this isn’t always the case, and in a free-flowing social mesh, multiple ownership needs to be represented. For example, all collaborators on a resource should have ownership access, unless they explicitly choose to rescind that right.

In a company environment, a user’s employer may have shared ownership (or full ownership, with author access available to the employee). The same may be true with students in a university environment. On sites like Facebook, the service owner may in reality have some ownership rights over the content.

How can we maintain this granularity, but also retain user control?

Problem to solve: privacy & transparency

There is a very public attitude of "when you put something online, it’s published" in some parts of the software development community, which is a useful concept that gives developers carte blanche to share data freely. In a fully user-controlled environment, this public-or-completely-private binary situation can no longer be the case; a resource may have been published to a few select people. Ignoring this trait disallows the platform’s use in important environments like enterprises or public bodies.

When you sign up to a service, you agree to that service’s terms and conditions and privacy policy. However, your data may be farmed out to a collection of other, secondary services via APIs, without your knowledge or consent.

An important aspect of user control is knowing how your data is used and where it is transmitted by the applications you use, so I propose a simple, human-identifiable and machine-readable mark that:

  1. Applies permissions to how my data can be used by applications (like Creative Commons does for shared content)
  2. Tells you in a visual way what happens to your data when you visit a site
  3. Incorporates multi-ownership

It may be that these issues are addressed within the terms and conditions of a service. However, it’s very unlikely that a user will actually read the full contract. Therefore, a simple graphic icon with a link to a plain-English description, with an underlying microformat for machine-readable use, would be a welcome addition to the user experience. As the web becomes more mesh-like and data moves around more freely, conveying what happens to data owned by less-technical end users will become more and more important.

Problem to solve: platform

Finally, while it’s great having a conversation about this, these ideas aren’t useful to anyone unless someone goes ahead and builds it.

There are some existing projects and thinkers who are on these tracks:

  • The Diso Project is turning the WordPress open source blogging tool into a decentralized digital identity through an array of open standards, and the project’s Chris Messina has a lot of wise things to say about its development.
  • Laconi.ca is a decentralized microblogging platform, whose Open Microblogging standard may be adaptable into a more widely-scoped technology.
  • The Open Stack is a set of developing technologies that address some of the issues.
  • Marc Canter’s Open Mesh treatise goes into detail on many of the issues.

All of these are important contributions that strongly address some of the issues; however, we’re still a long way away from the vision of an open, social web.

Conclusion

I believe strongly, for the reasons stated above, that a decentralized, user-centered model for the web is the best way to advance it as an application platform.

Needless to say, I have my own ideas about how to actually build the platform, based on my Making the most of the web principles. However, it has to be a collaborative process: there’s no sense in building an open collaborative standard by yourself. My main concern is that the platform is created and works in an open, lightweight, flexible, easy-to-develop-for way while remaining secure and yielding control to the main user. The result will be an entirely new kind of platform, and presents a unique opportunity for anyone who wants to jump on board.

Images:

  • WOW! My 1000 Friends by Cavin was released under a CC Attribution Generic 2.0 License
  • Lonely Tree by Jule Berlin was released under a CC Attribution Generic 2.0 License
  • Logo 2.0 part II by Stabilo Boss was released under a CC Attribution-Noncommercial-Share Alike 2.0 Generic License
  • Upside Down by Johnny Jet was released under a CC Attribution Generic 2.0 License
  • Pro Control 24 by Aud1073cH was released under a CC Attribution-Share Alike Generic 2.0 License
Next Page »