A new protocol for social interaction
Sun Sep 19 01:31:00 -0700 2010
In my last post I discussed the bubbling up horrors of having our online identity controlled by faceless mega-corporations. But it didn’t really provide any useful direction. This is my attempt to fill that gap. Specifically, how should we go about sharing our thoughts and emotions online, without having to give up the ownership of our data to a centralised body? These are my thoughts.
I think there are four central tenants which any information sharing protocol should subscribe to.
These are;
- Ownership of data should belong to those the data is of.
- Authenticity of data should be ascribed by the owners of data.
- Durability of data should be as long as the owners please.
- Sharing of data should not circumvent the first three principles.
When a protocol for information sharing be developed that guarantees the above four rules, then we will have social networks without an ever present demon of profitability and balance sheets hovering over us.
But let me take a moment to explain what the above four rules would mean.
1. Ownership of Data
Your information is yours. This is where Diaspora are generally on target, despite any other failings. You should be able to post information to some location, somewhere in the world, and have complete control over that data. At no time should it be possible for someone (or something) else to claim rights to your data.
This flies in the face of the Facebook privacy agreement. Go read it if you haven’t yet. At least skim through it. The only place where they mention ownership of your data is the last paragraph of section 6, specifically that they reserve the right to sell your data to whom ever buys them.
Awesome.
Google’s privacy policy also has very little to say about ownership. In fact, it has nothing to say about how much of your data you own. Which means you have nothing to say about it using your data in whatever way it pleases.
The Apple’s iTunes privacy policy, that’s right, the one you click through every time there is an update to iTunes, also has a glaring, sun-flare type lack of information ownership.
The crazy thing is, we all don’t care. Or at least we have been conditioned to not care.
With the seemingly endless stream of platitudes coming from the mega-corporations murmuring that they will look after us, our information is safe, they will only use it to help us; it is no wonder that all of us don’t care. But go back and have a look at all of those “privacy policies”. None of them say they will look after your data. In fact ALL of them explicitly state that if they screw up and release all your data, that you waive them of any liability.
So Ownership of data is king. And the only way to ensure ownership is, well, have possession of it! There is a great old legal saying, harking back to the early 1700s that states “Possession is nine points of the law”. Over the centuries since this has become “Ownership is nine tenths of the law” and it is true!
So for you and me, the key would be for us is ownership data. Have control of our own micro information nodes that store, backup but most importantly, own our data.
Achieving this would be relatively simple, at least in the scale of the other three items in my proposal. We would all own a micro server which had our information crown jewels locked up some how. Each one of these little islands of personal information would then hand out tidbits of information to those that came, offering as much or as little as we wanted, while at the same time stamping each byte of data with it’s stamp of authenticity.
2. Authenticity of Data
The next key point would be the owner’s ability to say “Yes, this data about me is correct”. Maybe the second most important thing would be preventing any one else from saying “This bit of data about that person is authentic” without the owner agreeing.
Being able to authenticate that data belongs to you, grants you the ability to revoke that authentication, but why is this important?
I touched on it in my last post, the ability (and natural right) of a human to reinvent themselves, to start over, to become more than they ever were. Without the ability to say “That is what I did before, sure, but that is not me now. Now I am this.” then I am not quite sure what you or I are bothering to live for? As human beings we all have the intrinsic ability to start a new life, turn over a new leaf and spin up any number of clichés that allow us to change our demeanour.
But the current social networks don’t allow that. USA President Obama stated to a group of kids that they should be careful what you post on Facebook. And he couldn’t be more correct. Because once you post that, then Facebook are the ones who are stating that information is true about you. Not you.
Is it really fair to say that taking a video of someone being stupid at age 17, and then posting this on Youtube, should then define that person for the rest of their lives? No. Of course not. But you and I can see it. It is there. In video. So it MUST be TRUE!
Says who?
Have you seen a hollywood movie lately? Avatar anyone? Can you seriously tell me that if I took a clip from Avatar and decreased the resolution to Internet standards, that you would be able to prove to me that it was not live footage of an actual planet? No. Of course you couldn’t. And that is the point.
If we are to live in a sane and free world, then you and I should be able to stamp information about ourselves as true. And other information not. Then the viewer of that information could then (at their discretion) validate that data with your server, getting a confirmation.
Now before you go off at me about the possible legal consequences of people covering up their crimes by “deauthenticating data”. Remember people, we are talking about social networks. If the police want to collect a file about your actions and prove that it was you who robbed the bank, then fine, they can do that and the whole beyond reasonable doubt thing.
But remember in the old days, if you really screwed up your life, you could get up and move town and START AGAIN. This is the whole point. You should be able to revoke information and start over. Information about yourself should only exist for as long as you allow it to.
3. Durability of Data.
Go do a google search of your name. Don’t do it as an ego trip, just do it to be shocked (like I was). You will find information about you posting to mailing lists that have stopped sending mail almost a decade ago. You will find all sorts of information that you never thought would be there. And maybe you find something that you don’t want to be there.
This data exists as long as Google feels like persisting it. Not a minute more. And more importantly, not a minute less.
Sure, you MIGHT be able to get hold of them and delete information from caches and data stores. But they have no legal obligation to do as you ask. And even if they wanted to, what profit is there in doing so? None. Without keeping information about you and your actions, they have nothing to offer any customer, period. Their whole business model is defined by who did what when and allowing you to find out about it.
Now, don’t get me wrong. Google has a place. It provides an incredible research tool for our generation. When I was at school you actually had to go to the library and lookup encyclopaedia if you wanted to see information about a famous discovery. Now you can just google it. It is incredible and provides us with unparalleled expansion of knowledge.
However, research data, and what you had for lunch, are two very opposite ends of the information super highway. An information sharing protocol should allow the owner of data to decide when data is no long deemed necessary to be kept, and so allow it to be destroyed. Not made “anonymous”. Not “archived”. Simply nuked.
If you want to keep some information around for the future generations, print it out and store it in a air tight safe. If you want to start a new life, format your information node, and start a new one.
Or, if you are happy with your life and what you are doing, keep it online, and share it with your friends.
4. Sharing of Data.
The last point is probably the hardest to get right. Ownership can be handled by having your own private server. Authenticity could be resolved with todays public/private key authentication. Durability can be handled with a combination of ownership and invalidating the authenticity of data. But sharing, now that is tough.
Because the problem presents itself, whom do you share data with? And why?
Does Facebook really need to know how old you are? I mean, sure, they need to know you are of legal age to prostitute your personal life to the Facebook gods, but do they need to know that in March I will be celebrating yet another year of being on the far wrong side of 30? No. Don’t think so.
What about iTunes? Asking your date of birth “For security reasons”… O.o
Right.
Being able to share your data would take concepts like OAuth to their logical conclusion. Instead of allowing Google et al to be our authentication “proxy”, we would delegate this to our information nodes, each allowing anyone to say “Hey Joe, this character is claiming to be you, is he?” and get a definitive “yes” or “no”.
The same information node could provide things like “Yes, my owner is over 18” or “You want his postal address? One sec, I’ll check.”
There is little to no need for Facebook, iTunes or many other companies to know where I personally live. They already have my credit card data, what more do they need? They might need my postal address to send me an invoice, sure. But anything else? Nope.
Providing a smart way to share data would provide us with the opportunity to be so granular with our information sharing that the existing corporate efforts would just be a proverbial bull in a china shop.
And it would scare the life out of them.
Imagine if you will, Facebook trying to drum up more business when it could not sell targeted ads, down to a suburb, for goods and services? Imagine google only being able to shoot gun advertise? Imagine the empowerment we would gain as a human collective, together, breaking free of the psycho targeted marketing campaigns that assault us daily?
Nice thoughts aren’t they?
So being able to share data in a controlled and defined manner is just as important as the other three combined.
Summary
So these are my thoughts and my views of a future social information sharing protocol. What do you think?
I hope I have delineated them sufficiently.
If you feel strongly about it, please spread the word. This sort of discussion needs more voices than mine. I intend to work on such a protocol, I have no idea how or where such work will take me, but I really think that personal information needs to be under the above four tenets; Ownership, Authentication, Durability and Sharing.
Simple really.
blogLater
Mikel Lindsaar
Leave a Reply
Latest posts
- Encrypting Another Partition Using FileVault 2 on OSX Lion
- Installing Home Folder on Second Drive on OSX Lion
- undefined local variable or method `version_requirements'
- A New World of Resources
- Rails Static Pages
- Twitter Replacing Rails? So?
- Engine Yard Cloud Backups Generating Zero Length Backups
- Our Rails Rumble Entry - StillAlive.com
- Renaming a controller and redirection in Rails 3
- Updating RailsPlugins.org to Rails 3 - Part 1
- What is a distributed social network?
- Bundler and Public Git Sources
- Getting Heroku, memcached and Rails 3 working
- Why Bundler?
- Rails Commit Access
- Introducing TellThemWhen
- rake RSpec & Cucumber uninitialized constant Rails::Boot::Bundler
- This Relationship is Worth Nothing
- Thank YOU...
- Inline Attachments for ActionMailer
- Upgrading RailsPlugins.org to Rails 3 - Part 1
- Stripping dollar signs and commas from a string
- Getting Rails 3 Edge with jQuery, RSpec and Cucumber using RVM
- Action Mailer, go Proc thyself
- The Real News Donation Drive
- ActionMailer ScreenCast and Article
- Installing RSpec for Rails 3
- I am speaking at RailsConf 2010
- Rails 3 Session Secret and Session Store
- If you're lazy and you know it write your specs!
- Bundler - uninitialized constant ActionController
- Bundle Me Some Sanity
- How to use Mail / ActionMailer 3 with GMail SMTP
- Put your mailer where the action is!
- Why Force a Choice?
- How to make an RSS feed in Rails
- Rails 3 Routing with Rack
- Bundle me some Rails
- Helping out in Haiti
- Watch your self
- Is Rails 3.0 a Game Changer?
- Where did the scripts go?
- validates :rails_3, :awesome => true
- New Rails Version 3.0 Guides Online
- New ActionMailer API in Rails 3.0
- Mail gem version 2 released
- How to rename a Rails 3 Application
- Rails 3.0 Examples
- DECCA Driving Day
Latest comments
- http://bit.ly/zqUBit
I forgot to say that, I don't r...
- ökostrom preise
Thanks a lot for this wonderful...
- Gainesville Computer Repai
I love its culture,the sakura t...
- Collector Credit AB
Great site and a great topic as...
- Hur Mycket Skatt
The blog was absolutely fantast...
Categories
Tag Cloud
AJAX ARGH! ActiveRecord Ajax Apache Apple Asterisk Australia Copy Database Development Feedburner Gem server Google Human Rights Javascript L. Ron Hubbard MS SQL Server MacOSX Mail Mephisto Not Programming OpenBSD Opensource Performance Personal Integrity PostgreSQL Programming Prototype Puzzle RDoc REST RESTful Rails RSPec RSpec Rails Rails Tips Rspec Ruby Ruby on Rails Ruby on Rails Tips Ruby on rails Tips SQL SQLServer SVN Scientologist Scientology Site Stats Soekris Soekris net5501 TMail Textmate Tips Windows World about mikel anti drug apache contributing daemon documentation drugs illustrator javascript lambda mail mephisto newspapers nitro open source opensource photoshop productivity programming railscasts rspec ruby ruby on rails rubyforge scientology seo sitemap sqlserver tips tmail tom cruise unix tricks vector graphicsArchives
- November 2009 (1)
- October 2009 (2)
- September 2009 (2)
- August 2009 (0)
- July 2009 (1)
- June 2009 (0)
- May 2009 (1)
- April 2009 (0)
- March 2009 (0)
- February 2009 (0)
- January 2009 (2)
- December 2008 (0)
- November 2008 (5)
- October 2008 (0)
- September 2008 (1)
- August 2008 (0)
- July 2008 (2)
- June 2008 (13)
- May 2008 (7)
- April 2008 (18)
- March 2008 (8)
- February 2008 (5)
- January 2008 (7)
- December 2007 (20)
- November 2007 (22)
Tue Oct 12 07:58:31 -0700 2010
I think people don’t care as the majority of people don’t have anything to hide…once personal information has been bought (like knowing my username is associated an email address to a real name…) what harm would it cause?
Should comment forms like this one have some sort of ownership confirmation as who owns this data I’m writing now?
Good post though.
Tue Oct 12 07:58:49 -0700 2010
I think people don’t care as the majority of people don’t have anything to hide…once personal information has been bought (like knowing my username is associated an email address to a real name…) what harm would it cause?
Should comment forms like this one have some sort of ownership confirmation as who owns this data I’m writing now?
Good post though.
Tue Nov 08 19:34:21 -0800 2011
Sensible ideas, incredibly difficult to monitor and enforce. The internet is a beast which was born before its habitat was suitable matured, all we can do now is chase it round with a tranquilizing dart and hope for the best.
Wed Oct 20 22:36:54 -0700 2010
An anonymous agent server (from time to time called a web substitute) by attempts to anonymize entanglement surfing. There are different varieties of anonymizers. Only of the more garden variations is the free proxy. Because they are typically difficult to track, introduce proxies are especially fruitful to those seeking online anonymity, from political dissidents to computer criminals. Some users are essentially interested in anonymity for added custody, hiding their identities from potentially malicious websites instead of instance, or on principle, to assist constitutional kind rights of range of philippic, representing instance. The server receives requests from the anonymizing proxy server, and then does not profit advice about the intent user’s address. However, the requests are not anonymous to the anonymizing proxy server, and so a rank of certainty is donation between the delegate server and the user. Diverse of them are funded sometimes non-standard due to a continued advertising affiliation to the user.
Access hold sway over: Some representative servers gadget a logon requirement. In unrestrained b generally organizations, authorized users obligated to log on to gain access to the web. The organization can thereby track manipulation to individuals.
Some anonymizing factor servers may forward evidence packets with header lines such as HTTP_VIA, HTTP_X_FORWARDED_AGAINST, or HTTP_FORWARDED, which may make known the IP address of the client. Other anonymizing factor servers, known as elite or superior anonymity proxies, not subsume the SLIGHT_ADDR header with the IP give a speech to of the agent server, making it evident that the delegate server is the client. A website could unruffled suspect a proxy is being old if the patient sends packets which encompass a cookie from a prior afflict that did not use the tipsy anonymity surrogate server. Clearing cookies, and in any way the cache, would decipher this problem.
get on facebook at school
Sat Sep 18 20:46:03 -0700 2010
hey Mikel,
Great post. I have some thoughts on the topic, but amusingly enough, I’m not sure I want them out there right now :-)
I do think this is an important topic and hope more will talk and think about it as time goes on.
BTW, have you read Daemon? I think it and its sequel Freedom™ might be interesting to you, especially in these times.
best,
j
Sat Sep 18 11:01:20 -0700 2010
Hi Mikel,
I read this post with interest, as I’ve had similar thoughts (well they are common sense I guess) regarding private webservers and public/private keys.
It seems from a technological point of view, most of the requirements for such interactions are already tried and true concepts.
However what’s key here I think, is that even if people start to realize the implications you described through you last two posts, unless the service in itself can match what made Facebook so successful, they won’t consider changing their ways. And I think that’s namely free of charge, ease of use and adoption.
The free part seems especially difficult. Making data avialable to the world can be one of two ways, host it locally, or in the cloud. Whichever you go for there will be drawbacks compared to current social networks (less availability or cost respectively).
Anyway, thinking about a protocol seems like the way to go about this, abstracting implementation and focusing on infrastrucutre and interactions.
There should really be a place to discuss and share ideas on the matter though.
Please do keep posting your thoughts on the subject, I’m looking forward to reading on the work you’re planning !
Best,
Julien.
Sun Sep 19 09:24:48 -0700 2010
Good continuation to the previous one
Mon Sep 20 06:01:38 -0700 2010
Did you look at Salmon Protocol and Status.Net?
On the same topics that you are mentionning here about data ownership, I would love to have a review of http://bit.ly/freedata which is about data independence.
There are data and augmented data. All the things such as comments, tags, etc. that you could add on content you have created. It’s not an easy issue at all. Maybe one of the issues is related to a unique copy of data. When I send an email. You have a copy in your Inbox and I have a copy in my sent box. If one of us erase it, the thing still stays with us. It is part of our own digital memory. In some circumstances, people would want to have all copies erased. There is a trade-off in between the two.
For example this exact comment I’m writing here, there is no way in the current architecture of blogs that I can have a copy on my own machine except if I cut and paste the text. There should be a way where we could have clients making it possible to plug to a blog and then comments, keeping them in a Sent Comment box.
Wed Sep 22 04:18:20 -0700 2010
Much like @Julien is saying, how do you expect people to subscribe to such protocols when they have been “conditioned to not care”?
How does one divulge the bubbling up horrors of what 500 million people take for granted as the hub of their social life?
How does one shed light on these pitfalls when nobody believes anything anything bad can happen to them, until it does?
Considerations of cost and availability will simply fall away when one does understand the implications and it won’t matter if it’s a locally hosted micro-server or in the cloud.
I think people naturally have social tendencies and will be willing to spend big bucks on social interaction provided that these protocols do not conflict with these tendencies.
The first step is waking the masses to these troublesome factors, and make people understand why these protocols are imperative for any social interaction.
This is an advocacy that deserves more voices than just a few.
Wed Dec 08 12:03:22 -0800 2010
Mike: fabulous article. I love the concept of developing a widely-accepted protocol for the propagation of social data across the internet. The Rails community has benefited profoundly from community-wide standardization of best practices and this seems like a good place to start for the treatment of data itself on the web.
The sharing issue is indeed a tricky one. It seems that you’d need something akin to a personal datastore for all of your personal tidbits to which you’d generate bit.ly-like urls/hashes then propagate to whatever number of social media, which would then interpret those urls on the fly to format, validate, and interpret that data. Perfect use for node.js?
Social networking sites, then, could work more as aggregators than originators of data, and the ownership over said data would always originate with the user, leaving him/her the ability to revoke/destroy/modify said data at whim.
We could also consider, perhaps, a new data format just for determining whether data is destructible, editable, etc. for sites that depending on certain characteristics of the data such as persistence and immutabiltity.
Hmm, lots to think about here, but it all seems pretty interesting…
Thu Jan 27 14:30:56 -0800 2011
Hi Mikel. This is great! Facebook is just not my cuppa tea and its great to see your alternative ideas. Makes a lot of sense.
Sat Mar 05 02:16:44 -0800 2011
Hallo to all. Great article. One objection, though to some considerations, expressed before.
The data of some value must not be FREE of charge.
Live example: There is a US based company bearing the name “Maglar” (!) that claims to be in the first four in the IT business and actively tries to employ programmers in Ukraine at the moment. Go to Facebook, and you will find absolutely NO useful info about this company and its owner. Of course, it stinks, but when you live in a country like Ukraine you are inclined to dream about the good things because the bad things around you would soon drive you into committing a suicide.
I would pay $1 (I think) to get some substantial and useful info about this employer.
I don’t care much, how these data were obtained. Suppose it is a fraud? If so, I personally deny the intrinsic right of the company founders to “move town and start all over again or what-they-may-call-a-new-life”. Not with me, at the least.
And here we run into a big problem. There is no authority on Earth able to fulfill this assignment.
If I were to draw a conclusion out of this statement, it would sound like, say:
“Let the data speak for itself.”
I absolutely care not who the owner really is and how legitimately he sells or shares the data. Only quality of the data counts, in the end. This model should be data-centric and data quality must be the priority number one.
Or, alternatively, the Internet will become a Universe of repeatedly misleading or misleadingly repeating, data. It moves in this direction actually.
Let’s put it another way:
Who in the whole world cares who am I? Not a person. They care for my “valuable output” which is represented by the data I possess. If I was to sell these data I would do it anonymously and not once in a lifetime. It naturally increases my profit.
So, for me, a system that evaluates and helps me sell my data anonymously and with profit would be of great help. I personally need no social life and I believe that 80% of people using social networks do it BECAUSE this socializing is VIRTUAL.
But the CONTENT of DATA is not virtual. It must have some connection to the real life to be of some use. Therefore, my belief is that the whole system must be data-centric, not ownership- or identity-centric.
Imagine a search-machine that outputs the very solution to the problem you were looking for. Exactness, efficiency, speed. And as a result of this increased efficiency – a possibility to turn your back to the computer and spend more time wandering wit your kid in the wood, the weather permitting..
Mon Mar 28 14:39:12 -0700 2011
Sensible ideas, incredibly difficult to monitor and enforce. The internet is a beast which was born before its habitat was suitable matured, all we can do now is chase it round with a tranquilizing dart and hope for the best.
Many companies would pay a lot of money to make this inconvenient debate go away, so it is indeed our duty not to let them have their way.
I’m just incredibly glad that the internet wasn’t around when I was young, because I was even more of an idiot then, luckily I can keep those memories for my entertainment only.
Wed Sep 28 11:51:19 -0700 2011
It makes a lot of sense, at least for me, I am a little worried spreading my info online, specially on Facebook, they know All about me and my family, and I don´t like that.
Sun Feb 05 20:22:10 -0800 2012
Great post. I have some thoughts on the topic, but amusingly enough, I’m not sure I want them out there right now :-)is pneumonia contagious sd pneumonia symptoms