A Genuinely Social Network

Social networking sites should be called “social databasing sites”. They aren’t networks at all, but centrally controlled repositories of as much of their users information as they can get their hands on. Rarely a week goes by that I don’t get 3 or 4 invitiations from various friends to add myself to a social networking site (of course, they all use a different one, and the systems don’t interoperate).

Users want to share their information with each other, professional, personal, photos, etc, and trusting it all to a third party seems the easiest way to do it.

Trusting such personal things to a third party is bad for a lot of different reasons. I won’t argue them here, but let me say : AOL search fiasco, single point of failure, illegal government wiretaps, spammers, indian call centers selling identities, profiling, genocide….

If Knowledge is Power, and Power corrupts and Absolute Power corrupts absolutely, then maybe we should be shying away from providing any third party with absolute knowledge.

I think I started getting a bit concerned about all this when I was about 16 and discovered how easy it can be sometimes to go from knowing next to nothing about someone to knowing their address, what school their children go to, (sometimes their passwords), previous girlfriends, unusual habits, and much more, all with information publicly available on the internet. This was all before Flickr and MySpace and blogging…. Sometimes I do a bit of this as an experiment and every time it disturbs me. If you’re prepared to go a little bit further, I am sure that you can find out much, much more.

All the benefits of social databasing (or building up a complete profile of who a person is, has done and what and whom they know) can be ours without giving up the power over our own destinies.

What we really need is a true social network. Independant nodes, run by diverse organisations and individuals, all talking a common protocol with only a part of the picture. This is the internet way.

The machine that contains all the personal details about yourself can be under your own (or a company representing you as a customer) control. Access to different types of information would be on the level appropriate for your relationship with the person requesting access, with access enforced by public/private key encryption. People contacting you via another, would be able to provide a node address of your common friend, and you could check the recommendation automatically with your friends node.

Your node would also contain authentication mechanisms, a computer readable picture, fingerprint, pin, passwords and phrases, etc. It would provide authentication for a third party if it supported the mechanism, or if they had the appropriate priviledge, provide the data for them to do the authentication. E.g. the airline wants to do a face match. You enter a pin, which allows them access to your standard passport type photo, or their system asks yours if the photo they just took matches.

Each piece of information stored in your node could be certified by another individual/organisations node.

Types of trust network would be available. For example, I trust this man as a host for a good evening out, but not as a business partner. So, I’ve travelled to the other side of the world on business, and would like to meet up with someone in the evening for a chat and drink. I want to search for friends of my friends who are good hosts and friendly, and live in the city I’m visiting. These recommendations are stored on my friends nodes, and I can ask them for info. They will give it if my friends trust me enough, but the matches that my friends give might be completely different if I want to find someone to do business with. What they return from the search would not be any personal information about the target, but a node address within the system. Before a node address is returned, permission to do so would have been requested from that node. My node would contact that node, giving the friends node as a referer, and that node would determine how much information to share based on how much they trust our common friend.

Such a system could also easily incorporate a community credit system.

Routing information would be stored in a distributed hash table, not a central repository, and most people would get two servers providing their information in case of problems with one. This way, you can share your diary with people who should know about your diary, your photos with people you want to know about your photos, your career information, your medical information, your bookmarks. All these social networking sites could continue to exist, and would plug into the same web of personal information, but it would also be easy to run your own, and each social networking site would not actually have all information. The point is that you should have your own control over this data. Ideally, even governments access to your data should be on a need to know basis, and controlled by you.