I want a distributed Facebook.
March 10, 2013 11:02 PM Subscribe
I want a distributed Facebook. What necessary pieces are already available, and what work would need to be done to integrate currently available necessary pieces?
The basic idea:
Users must have their own web space. User data (pics, posts, etc.) are stored locally on the user's own web space. A list of other users and their access permissions is also stored locally.
A central service keeps a list of all users for verification purposes, along with an index to the local user sites. (So that users only have to log in once, rather logging in separately at each of their friends' sites.)
Comments on user posts could be dealt with in one of two ways: (i) comments are "owned" by the user whose content the comment is associated with; (ii) comments are just another type/category of post with a link. Users could enable tracebacks to semi-effectively create comment threads (this would be a bit ungainly; I'd prefer option (i)).
News/RSS type feed that automatically updates each user on their friends' selected activity when said user logs in to their own node. (Ideally, this could be a one-stop feed for everything the user is subscribed to: the distributed social network, Twitter, news feeds, podcasts, etc.)
The client interface must be secure (grar WordPress!), doesn't have to be super customizable (grar WordPress themes!), but does have to do all the basic social network stuff (let you post text, photos, videos, sound, and links; be searchable (keywords would be a nice addition); let you manage who can see and/or comment on which posts). I have a preference for open source projects, as well.
Are Diaspora hubs far enough along in development that they could be used in this way (if, for example, someone volunteered the web space to host a central index), or do they also rely on all data being stored on central servers? What options are available currently that do (all or) parts of this? For example, you can get extensions for WordPress that allow user management and access control locally, but there's no central registry of all users or the sort of indexing I'm thinking of. And there are security issues with the community (yet not open-source) development model for themes and other extensions. Other CMSystems, like Drupal, or courseware type content delivery systems, like Moodle, are similarly non-networked (though maybe more secure?). There maybe seem to be some identity verification type options - something about avatars?? - that such an application might be able to piggy back off of?
In summary:
1. What pieces of the puzzle are currently available?
2. What work would need to be done to integrate these pieces? (Eg. a standard, well-vetted theme for WordPress or Drupal or something, together with a wrapper/central verification and RSS service that would hide the login details for each individual blog site, make the user experience seem like a unified social network rather than accessing individual blogs, and allow for a news feed on their friends' activity.)
The basic idea:
Users must have their own web space. User data (pics, posts, etc.) are stored locally on the user's own web space. A list of other users and their access permissions is also stored locally.
A central service keeps a list of all users for verification purposes, along with an index to the local user sites. (So that users only have to log in once, rather logging in separately at each of their friends' sites.)
Comments on user posts could be dealt with in one of two ways: (i) comments are "owned" by the user whose content the comment is associated with; (ii) comments are just another type/category of post with a link. Users could enable tracebacks to semi-effectively create comment threads (this would be a bit ungainly; I'd prefer option (i)).
News/RSS type feed that automatically updates each user on their friends' selected activity when said user logs in to their own node. (Ideally, this could be a one-stop feed for everything the user is subscribed to: the distributed social network, Twitter, news feeds, podcasts, etc.)
The client interface must be secure (grar WordPress!), doesn't have to be super customizable (grar WordPress themes!), but does have to do all the basic social network stuff (let you post text, photos, videos, sound, and links; be searchable (keywords would be a nice addition); let you manage who can see and/or comment on which posts). I have a preference for open source projects, as well.
Are Diaspora hubs far enough along in development that they could be used in this way (if, for example, someone volunteered the web space to host a central index), or do they also rely on all data being stored on central servers? What options are available currently that do (all or) parts of this? For example, you can get extensions for WordPress that allow user management and access control locally, but there's no central registry of all users or the sort of indexing I'm thinking of. And there are security issues with the community (yet not open-source) development model for themes and other extensions. Other CMSystems, like Drupal, or courseware type content delivery systems, like Moodle, are similarly non-networked (though maybe more secure?). There maybe seem to be some identity verification type options - something about avatars?? - that such an application might be able to piggy back off of?
In summary:
1. What pieces of the puzzle are currently available?
2. What work would need to be done to integrate these pieces? (Eg. a standard, well-vetted theme for WordPress or Drupal or something, together with a wrapper/central verification and RSS service that would hide the login details for each individual blog site, make the user experience seem like a unified social network rather than accessing individual blogs, and allow for a news feed on their friends' activity.)
Best answer: The keyword you are looking for is a federated social network.
posted by devnull at 6:03 AM on March 11, 2013 [1 favorite]
posted by devnull at 6:03 AM on March 11, 2013 [1 favorite]
I've thought an awful lot about this, even returned early from christmas for 29c3 to gain a better feel for related existing tools.
I dislike federated social networks like Diaspora because their "distributed" means less secure :
How does one solve this problem?
There are cloud storage systems such as Tahoe LAFS that provide real end-to-end encryption, meaning the storage server cannot read the data, maybe they cannot even easily know what data blocks belong to what files. So one should implement a social network application as local software that stores it's database as XML files in Tahoe LAFS or similar. Always meant to craft an post here about Tahoe LAFS, but never quite managed.
Why doesn't anybody do this?
At present, there is afaik no such system with anonymized billing, although one could be built with the Lucre library used by Open Transactions.
At present, these cloud storage systems like Tahoe LAFS have no notion of append-cap[abilitie]s, making it difficult to implement discussion threads, send friend requests, etc. In fact, append-caps sound easy to build, but the world experts here are all suck in an academic "best is the enemy of the good" moment. I lurk on their mailing list, occasionally noticing positive noises.
Would that work?
Not quite. You'd need the billing system running over Tor hidden services. If you want quasi-real time discussion threads, you need at least some storage transfer running over Tor too, but this leaks traffic information at the server and requires a delicate touch elsewhere. There is an exceedingly young project called Pond that seeks to do this correctly for emails that live only one week.
So I'd currently envision using roughly Pond for messaging and persistance and some future append-caps based variation on Tahoe LAFS for storage and archival.
What would it look like?
I'd envision basically a non-hierarchical file system browser with a IM style chat column associated to the currently selected folder or file. So, if you drag you photos, music, or movies into the cloud, then all your friends can download them and comment directly on the media or comment on the xml files representing your wall or whatever. If a friend drags your 1TB movie folder into their folder, they simply store the access keys rather than downloading and reuploading, also they keep the same discussion threads, and their client starts helping you pay for the storage. Interestingly, the more you share the cheaper it gets, but share too widely and DMCA takedowns start deleting anything you pirated. Accounts are simply stored xml files so you can make as many as you like presenting yourself in different ways.
Why so complicated?
There is a fundamental problem that social networking means encapsulating a wide swath of "what people do online" into single tools. Ain't so easy building such a broad tool but it's worse building one that doesn't leak when used in very different usage modes, like chat vs. storage.
posted by jeffburdges at 6:08 AM on March 11, 2013 [3 favorites]
I dislike federated social networks like Diaspora because their "distributed" means less secure :
How much of my information can my pod administrator see?Imagine I'm an Iranian official responsible for spying on dissidents. I'm annoyed that Facebook and Google+ refuse me the access they grant the U.S. government or even China. I therefore convince the youth that Diaspora is better than Facebook or Google+, especially a couple front pods I secretly control. Savvy dissidents join foreign pods, but some friends join my Iranian pods, maybe we've the best Persian language lolcats. So I may access those dissidents' accounts.
Communication *between* pods is always encrypted, but the storage of data on pods is not encrypted. If they wanted to, the database administrator for your pod could access all your profile data and everything that you post ..
Can the administrators of other pods see my information?
Once you are sharing with someone on another pod, any posts you share with them and a copy of your profile data are cached on their pod, and are accessible to that pod's database administrator. ..
How does one solve this problem?
There are cloud storage systems such as Tahoe LAFS that provide real end-to-end encryption, meaning the storage server cannot read the data, maybe they cannot even easily know what data blocks belong to what files. So one should implement a social network application as local software that stores it's database as XML files in Tahoe LAFS or similar. Always meant to craft an post here about Tahoe LAFS, but never quite managed.
Why doesn't anybody do this?
At present, there is afaik no such system with anonymized billing, although one could be built with the Lucre library used by Open Transactions.
At present, these cloud storage systems like Tahoe LAFS have no notion of append-cap[abilitie]s, making it difficult to implement discussion threads, send friend requests, etc. In fact, append-caps sound easy to build, but the world experts here are all suck in an academic "best is the enemy of the good" moment. I lurk on their mailing list, occasionally noticing positive noises.
Would that work?
Not quite. You'd need the billing system running over Tor hidden services. If you want quasi-real time discussion threads, you need at least some storage transfer running over Tor too, but this leaks traffic information at the server and requires a delicate touch elsewhere. There is an exceedingly young project called Pond that seeks to do this correctly for emails that live only one week.
So I'd currently envision using roughly Pond for messaging and persistance and some future append-caps based variation on Tahoe LAFS for storage and archival.
What would it look like?
I'd envision basically a non-hierarchical file system browser with a IM style chat column associated to the currently selected folder or file. So, if you drag you photos, music, or movies into the cloud, then all your friends can download them and comment directly on the media or comment on the xml files representing your wall or whatever. If a friend drags your 1TB movie folder into their folder, they simply store the access keys rather than downloading and reuploading, also they keep the same discussion threads, and their client starts helping you pay for the storage. Interestingly, the more you share the cheaper it gets, but share too widely and DMCA takedowns start deleting anything you pirated. Accounts are simply stored xml files so you can make as many as you like presenting yourself in different ways.
Why so complicated?
There is a fundamental problem that social networking means encapsulating a wide swath of "what people do online" into single tools. Ain't so easy building such a broad tool but it's worse building one that doesn't leak when used in very different usage modes, like chat vs. storage.
posted by jeffburdges at 6:08 AM on March 11, 2013 [3 favorites]
Haven't tried it myself but GNU MediaGoblin might be of interest.
If your user base is sufficiently technical, Monkeysphere might eventually be of interest for authentication. The piece you'd probably be interested in, server-side validation of HTTPS clients, unfortunately isn't implemented yet. But once that's available you might also be able to use standard PGP keysigning and trust mechanisms for some of the social networking stuff, which evidently was part of earlier planning for Diaspora but was abandoned, maybe?
posted by XMLicious at 7:33 AM on March 11, 2013
If your user base is sufficiently technical, Monkeysphere might eventually be of interest for authentication. The piece you'd probably be interested in, server-side validation of HTTPS clients, unfortunately isn't implemented yet. But once that's available you might also be able to use standard PGP keysigning and trust mechanisms for some of the social networking stuff, which evidently was part of earlier planning for Diaspora but was abandoned, maybe?
posted by XMLicious at 7:33 AM on March 11, 2013
The founders of Diaspora seem to have given up on it. I don't know if there's been enough community uptake to keep it moving forward.
There are probably a bunch of similar projects to this, but one that I know of is called tent.io, which is just a minimal protocol for a federated social network. It's up to you to build something that implements the protocol. The people behind it have created a site that implements it, called tent.is.
From what I understand, there's no central service in this. I'm not sure how friend-discovery works in it (which is the one aspect of federated social networks that seems hard to crack). My guess is the tent creators would say something like "you can create a tent-user search engine and let tent users ping it to make themselves findable." Sort of like Technorati worked for blogs.
posted by adamrice at 8:07 AM on March 11, 2013
There are probably a bunch of similar projects to this, but one that I know of is called tent.io, which is just a minimal protocol for a federated social network. It's up to you to build something that implements the protocol. The people behind it have created a site that implements it, called tent.is.
From what I understand, there's no central service in this. I'm not sure how friend-discovery works in it (which is the one aspect of federated social networks that seems hard to crack). My guess is the tent creators would say something like "you can create a tent-user search engine and let tent users ping it to make themselves findable." Sort of like Technorati worked for blogs.
posted by adamrice at 8:07 AM on March 11, 2013
Response by poster: It surely is helpful to have the right search term!
posted by eviemath at 3:11 PM on March 11, 2013 [1 favorite]
posted by eviemath at 3:11 PM on March 11, 2013 [1 favorite]
Response by poster: It looks like there are a couple of these federated social networks that do what I want, or have plans to do what I want. Friendica seems to be the farthest along of projects with currently active development teams, that has the features I'd like. Anyone have any experience with it?
posted by eviemath at 3:56 PM on March 11, 2013
posted by eviemath at 3:56 PM on March 11, 2013
This thread is closed to new comments.
posted by jacalata at 11:20 PM on March 10, 2013 [2 favorites]