Decentralized social networking using web intents

August 11, 2011 | Leave a comment

Connect with meI believe that web intents are the last missing piece for decentralized social networking. (Previously I’ve talked about creating a social web architecture using Activity Streams and OAuth; this builds on that idea.)

Picture this chain of events:

  1. I visit your website, and see that you have a “connect to me” button[1].
  2. I click the button, launching the “social-connect” web intent.
  3. If I have web intents, my browser “logs me in” to your website via OpenID, silently passing the URL of my identity site[2]. I never have to manually log in with a URL, which has been the main criticism of OpenID. (If I prefer, I can have my browser log in via Facebook, Twitter, Microsoft Live ID, etc etc.)
  4. If I don’t have web intents, your website falls back to prompting me to connect using any of its supported schemes.
  5. In the handshaking process, your site assigns my identity a unique token, or a unique token is obtained from my identity (depending on authentication scheme). Either way, you end up with an internal token that represents my identity, which both your website and my identity site know.
  6. My identity site determines the locations of your Activity Streams, RSS feeds, etc, in the usual ways.
  7. You receive a notification that I’ve connected with you, and can now place me in an access group via a visual interface. Think Livejournal’s friends lists, Elgg’s friends collections, or Google+’s circles. When you post new content, to your site, you can restrict it to any combination of those groups.
  8. My identity site periodically makes requests to your website for new content, signing it with my token.
  9. I read new content and activity from a central reader panel attached to my identity site.

Of course, technologies like Portable Contacts, OAuth and even FOAF can have a place here: this simply provides a loose connection mechanism for nodes. I also feel like the “social-connect” intent could trigger an OStatus subscribe action, although I’d like to see signed requests so that access permissions can be enabled.

Needless to say, web intents can help a great deal for other parts of the process, for example clicking on “share” or “comment” on a piece of content. I also think Creative Commons licenses have a part to play here when it comes to sharing and resharing content across the decentralized social web, but that’s a story for another day.

The connect to me button should be distinctive. You should see it and automatically know that you can connect socially with this website. I’m thinking something obvious and instantly recognizable, akin to the RSS icons, or the star that now ubiquitously means “bookmark this”. I’ve illustrated this post with a quick Sharpie prototype, but it’s not really meant to be a recommendation. (Nonetheless, I’ve shared it under a Creative Commons license.)

Your identity site could be self hosted, or it could be a Google Profile, a WordPress.com site, or any commercial profile. Needless to say, everyone can have more than one identity site, and there’s no reason why your identity platform couldn’t support pseudonyms, alter egos and access-restricted profiles.

Where to find me at SXSW

February 27, 2011 | Leave a comment

I’m stoked to be at this year’s South By Southwest Interactive festival in Austin.

As well as enjoying the talks, attending events and enjoying wandering around one of my favorite cities in the world, I’m appearing as part of two panels:

The Why & How Of Decentralized Web Identity with Blaine Cook and Christian Sandvig (March 12, 11am in the TX Ballroom 2-4 at the Hyatt)

Wikileaks, the Web, and the Long, Strange Journey of Journalism with James Moore and Scott Braddock (March 15, 9:30am in the Town Lake Ballroom at the Radisson)

Power!In both cases, these are part of a stream. If you’re interested in decentralized identity, you’re probably going to want to start with Federating the Social Web, a panel with Status.net’s Evan Promodou, TummelVision’s Kevin Marks and Socialcast’s Monica Wilkinson, which starts at 9:30am in the same room. Meanwhile, if you want to hear more about Wikileaks, you may want to stick around for Wikileaks: The Website That Changed the World?, with Guardian editor-in-chief Alan Rusbridger, Vanity Fair contributing editor Sarah Ellison, and ProPublica managing editor Stephen Engelberg, which takes place in the Town Lake Ballroom at 12:30pm.

I’m very excited about working with the participants at both events. I’m pleased to say that James Moore, my co-panelist for the Wikileaks event, is a colleague at Latakoo, and it’s a pleasure to have found another way to work with him. You may know him best for his book Bush’s Brain, about George W. Bush and Karl Rove’s role in his presidency; he’s made a name for himself as an incisive political commentator in print, on television and in documentaries like Fahrenheit 9/11. Here are his not inconsiderable contributions to the Huffington Post. For his Wikileaks panel, he’s brought Edward R Murrow award-winning investigative journalist Scott Braddock on board, and I’ll be there to provide technical and web culture context.

Blaine Cook, meanwhile, was the primary author of both OAuth and Webfinger, which are two of the most important building blocks for the decentralized social web; they’ve been influential in how web applications have been designed and built over the past few years. Formerly lead developer at Twitter, he’s now part of Osmosoft, a part of British Telecom that works on open source, web-based collaboration tools. As well as kindly asking me to join him on his panel on decentralized identity, he’s secured the wisdom of Christian Sandvig, who is Associate Professor at the University of Illinois at Urbana-Champaign, as well as a Faculty Associate at the Berkman Center for Internet & Society at Harvard University.

Finally, although I won’t be speaking at this one, my colleague at the Edinburgh Festivals Innovation Lab Rohan Gunatillake will be speaking with the Edinburgh Festival Fringe Society’s CEO Kath Maitland about Edinburgh, Austin and the Future of Festivals on March 14th. If you’re interested in digital and the arts, or my work as Geek in Residence at the festivalslab, this will be worth your time.

If you’re in Austin this March, I’d love to see you at either of these events, or anywhere else. I’ll be heavily using Twitter during the festival, so you can always message me there, or drop me a note here in the comments. It should be a lot of fun.

Keeping the web decentralized

November 20, 2010 | 2 comments

3Com Campus in Massachusetts: 1999Tim Berners-Lee has an article in December’s Scientific American about the future of the web. It serves, in many ways, as a list of baselines – things that should be obvious to anyone who’s worked with the web for any real length of time. He argues for net neutrality, for open standards, and for the decentralization of web-based functionality; all things that I agree must be fundamental to the platform if it is to have a healthy future. It’s required reading, and worth sending to all your non-technical friends who use websites as part of their lives.

Decentralization is another important design feature. You do not have to get approval from any central authority to add a page or make a link. All you have to do is use three simple, standard protocols: write a page in the HTML (hypertext markup language) format, name it with the URI naming convention, and serve it up on the Internet using HTTP (hypertext transfer protocol). Decentralization has made widespread innovation possible and will continue to do so in the future.

[…] Several threats to the Web’s universality have arisen recently. Cable television companies that sell Internet connectivity are considering whether to limit their Internet users to downloading only the company’s mix of entertainment. Social-networking sites present a different kind of problem. Facebook, LinkedIn, Friendster and others typically provide value by capturing information as you enter it: your birthday, your e-mail address, your likes, and links indicating who is friends with whom and who is in which photograph. The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site. Each site is a silo, walled off from the others. Yes, your site’s pages are on the Web, but your data are not. You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site.

The full article is over here.

I’m waiting for an application layer to emerge that embodies these traits (here are some ideas about how to make it a reality), but funnily enough, most web companies don’t seem to like the idea of letting go of their proprietary databases and competing on features rather than lock-in. Of course, the likes of Status.net and Diaspora are making a go of it, but in both cases, the applications create communities in themselves (which are interoperable with other communities) rather than single, WordPress-style nodes with social hooks that sit directly on the web.

In some ways, these applications aren’t directly social at all – certainly not in the “social networking” sense. There don’t have to be profiles, friends lists, or even direct sharing. They might be social in the sense that they are web applications – by definition, applications that are connected to the web (and therefore the billions of people who now use it). They provide notifications to their operators, allow access to content to be controlled according to a standard access control list, and allow that content to be commented on and relinked elsewhere. The “decentralized social web” is really just an evolved form of the standard publish-and-read model we’ve been using with blogs for over a decade, combined with the linked data concepts Berners-Lee champions.

So when do we get to use it? Well, to be honest with you, it’s kind of irritating. This is one of those inventions that are discovered rather than created as such: I have a complete picture of how this software would work in practice, and I understand how to create a business model that would render the software both widely attractive and financially sustainable. At some point I’ll give up on waiting for it to magically emerge and set to work – right now there is no competition (aside from other, different communication models), and a bunch of real-world problems that it would solve.

What kind of problems? Here’s a hint. Stop thinking in terms of publishing on the web, and start thinking in terms of distributed communications, and distributed, open markets. (Not just markets of ideas, but also tangible business markets.) Stop thinking about software and data, and start thinking about empowering people who are striving to bypass the gatekeepers in their way and connect, directly, with each other. Stop trying to own peoples’ lives, experience, skills and information, and put them in full control to let them talk, share, create and do business with each other.

Photo of Tim Berners-Lee by Jim Grisanzio, released under a Creative Commons license.

Twitter DoS and single points of failure

August 6, 2009 | 9 comments

Twitter went down today at the hand of a denial of service attack (alongside Facebook and Livejournal; the latter has also reported an attack). In the old days, you’d shrug it off and go and look at something else. Today, Twitter is such an integral part of the landscape, and some people’s businesses, that it made BBC News and was commented on all over the Internet.

The headlines are highly strung to say the least:

The stress of it all made TechCrunch come over all Mr Humphries:

Meanwhile, away from the hilarity, Dave Winer’s developing rssCloud and people are beginning to talk about Laconi.ca. The only model that makes sense is a distributed one: it’s a fundamentally harder problem to bring down a decentralized network, because there isn’t a single point of failure. So far, for example, DNS has remained pretty robust. As regular readers will know, I strongly believe there are very solid business and development reasons for going decentralized, too.

The web is becoming social, and those conversations are becoming more and more important. A malicious user or group shouldn’t be able to take down our conversation platform – or have the ability to dictate its direction. It’s time to think about a better way to build the social web.

« Previous PageNext Page »