I really don't see his point. He says Facebook is too big to fail, and compares it to AOL. Yeah, AOL is still around, but it is no longer seen as a controlling force in the ISP industry. The goal of Diaspora has never been to wipe Facebook off the face (no pun intended) of the Earth - but to stop it from being such a controlling factor in social media. If Diaspora causes Facebook to become as popular as AIM is now (which, for the record - I don't think will happen, at least not just because of Diaspora), then it will have caused far more damage than anyone anticipated.
I agree. Sure, if we define "failure" as something as embarrassing as "bankruptcy", maybe Facebook won't "fail". But if we define failure as "starting to decline instead of inflate, after years of unchecked growth", well, maybe that's what Diaspora is actually after.
I think the article's other points are equally invalid... How can Facebook's "500 million user" base be the impediment to people adopting Diaspora? Surely, if his logic was correct, then no one would've ever moved to Facebook from MySpace. I would argue that the only reason Facebook has so many users is precisely because a strong competitor like Diaspora isn't here yet.
What's more, his idea that "Facebook gets more users every year, ergo Facebook users don't care about privacy" isn't too valid. How many of those users despise Facebook, but join anyway? How many of those users publish only what they would on a public service like Twitter, keeping their private lives off the web?
There is too much weaseling in this article for me to count it as valid.
How can Facebook's "500 million user" base be the impediment to
people adopting Diaspora?
Because you're going to stay where your friends are, unless it's really easy to switch. It's not going to be easy to switch to Diaspora when you have to host your own node. Then when you do switch, you won't be able to find any of your friends. Diaspora has no solution to the discovery problem. There's no way to search for people, you'll have to ask all your friends where their node is; It will be like exchanging emails again. Sounds like a lot of hassle for not much gain.
Why make it necessary to switch? Make it an adjunct to FB. The more secure super-hip adjunct. I can imagine someone getting their circle of hip friends on FB because they want to share some racy stuff, and they no longer trust FB. It's entirely plausible that they could still keep track of their school chums and parents on FB.
People in protest movements would gravitate toward such software. They have reason to be paranoid about a centralized corporate service.
Everything still stands. It's too much effort for normal people to host their own node and you won't be able to find anyone else on it. They have to solve discovery before it will even come close to useful.
I'm sure there are a number of groups waiting for September 15th to pounce on the opportunity to provide this service: Inexpensive (or free) Diaspora hosting, that's transparent and easy to manage.
@what, I understand the basis of the argument, I just don't think it's logical. Of course popular social services fail, regardless of their user base at time X.
My point -- and I apologize if it was not clearly made -- was not that Facebook can't be beaten, but that Diaspora isn't the product to do so. My position isn't that there isn't dissatisfaction with Facebook, simply that for all the hue and cry about privacy, I don't think intuitive privacy controls are going to be what makes a mass number of average users switch.
Facebook beat MySpace ultimately by being easier to use, with a cleaner interface. It also struck at a time when social networking technology (and broadband access) had matured to the point necessary for mass public acceptance. The normal lifecycle for every major social network before Facebook was about 18 months -- that's about the span of time MySpace was king of the hill.
I in fact predict that Facebook will eventually fade to AOL-esque irrelevance. I just don't think Diaspora has the right value proposition to slay the Facebook dragon.
"The two major points of differentiation between Diaspora and Facebook are
1) Diaspora gives you more intuitive and effective control of your data privacy settings and
2) Diaspora is self-hosted, so you ultimately control all your own data.
According to the blogosphere, these two points are precisely
what the public is crying for and the exact recipe
necessary to finally break Facebook’s nefarious deathgrip on
social networking. This, alas, is the social media/tech-blog
echo chamber once again confusing its own desires with what
the general public wants. "
This is the main point of the article. And, IMHO, the reason why projects like Diaspora are doomed to fail. For the general public, convenience will always trump privacy. If it's not easy to use, it's not used.
How many "normal" users encrypt their emails?
How many set an Administrator and User accounts on their windows machines?
how many members of the general public even know what encrypted emails or admin/user accounts do for them? or even know that those things exist?
i think i'd make the argument that it could be successful because of the publicity of the product educating the public.
edit: really? downvoted? i had to talk someone through the concept of a "password" the other day. average people just don't know about granular privacy/security concepts.
> Second, I’m not convinced the average user gives a damn about privacy.
When I see stories about teens using steganography to escape the eye of their parents[1], I'd say the average user cares a lot. I think the main problem lies in the way the general public sees Facebook itself. Either they trust the company too much, or they're not aware of the full extent of Facebook's abilities regarding personal data. If they listened to Eben Moglen[2], many would probably reconsider.
I'm an avid reader of Bruce Schneier's blog, and not even I gave a crap about Facebook's privacy. Then one day, my Dad added me as a friend. September 15th can't get here soon enough.
His analogy is confusing. But the argument remains. It simply because you cannot beat the current product by building a better one. You have to build a destructive product in order to gain the critical mass. From the extensive coverage, I can only see a clone of Facebook as Diaspora. Like you cannot build a better search engine to kill Google, you cannot just build a better SNS service to kill Facebook.
Offline access will be the killer app. If Facebook let me download an XML dump of all my data, I wouldn't feel the need to switch. Open data is vital. Source is less important.
The problem that I have with Diaspora is that they haven't said how they're going to solve the two problems I find interesting. Specifically, Diaspora says that you'll be in charge of your data and that it will be "encrypted at every leg". The problem is that I can't see how Diaspora will address those issues (and I'll explain why).
First, they say that they're going to put you in charge of your data. If you post something that you want to take back, you can delete it. However, how would that work on a distributed network? Let's say that you use Goodbook and I use Ultrabook and we're friends. I post something on Ultrabook and Goodbook grabs it to show in your newsfeed. Then I delete it from Ultrabook - it was embarrassing. Goodbook still has it stored. You can have a good-faith "please delete this" but that doesn't stop another party from keeping it. So, there's actually little control that one can exert over their data in a distributed network and it relies on us trusting not only the provider we've chosen, but the providers of all our friends.
Second, the end-to-end encryption promised doesn't seem so likely. For example, if Goodbook grabs my status in encrypted form and they can unencrypt it, that doesn't make the encryption worth anything. For encryption to be worth something, it needs to be unencrypted by the end user. However, I don't see how they'd do that. Browsers don't integrate this functionality and one could write a plugin, but that's a big barrier to adoption. I could store my public key with my Ultrabook account and then Goodbook could push your status updates to me encrypted with my public key that I could then decrypt using my private key, but that seems like it wouldn't be the most seam-less experience without additional software.
That also ignores the much larger storage cost of storing a message encrypted once for each friend you want to send it to (say, 500 times) rather than storing it one time for everyone, but that's a scaling problem that could be overcome.
If another service provider can unencrypt the updates, you're in a worse position than with Facebook. Right now, I only have to worry about Facebook being evil. In that scenario, I'd have to worry about a bunch of service providers and hope none of them are evil. Likewise, if they're able to store the updates on their server, I'm no longer in control of my data. My provider might have a reason to put me in control (keep me as a user), but I'm likely to be unaware of what other providers are doing and have little recourse (other than de-friending everyone using their service).
I think it's possible to compete with Facebook. It does have a huge barrier to entry, but big companies have been toppled before. No one thought AOL would be relegated to what it is today either. No one thought an upstart like Google could topple the old guard. Frankly, Facebook came in and toppled MySpace. It happens. But I don't think Diaspora has even addressed two of the the fundamental issues they claim to be solving. That's what will stop Diaspora from toppling Facebook - they have yet to really talk about how to solve the two major problems they face.
*Also, if someome has an idea of how to address those two things, I'd love to hear it!
For encryption to be worth something, it needs to be unencrypted by the end user. However, I don't see how they'd do that. Browsers don't integrate this functionality and one could write a plugin, but that's a big barrier to adoption.
I'm not sure why a plugin is necessary. Javascript can do encryption. Actually, I'm not even sure why airtight end-to-end encryption is necessary. Most people will use a "standard" install. The "standard" install will honor the good-faith deletion requests. Those not using a standard install are SOL. Those who have gotten hacked -- there will be a continual arms race just as there is now. This is nothing new. It's still a far cry better than Big Company Has All Your Data Just Trust Us.
So all these different 'book sites are going to send javascript decryption code with their pages? And how exactly would you prevent one from just stealing your password or being modified in transit?
The reason Javascript won't do the trick is that in order to send the correct Javascript, the server needs to have all the information necessary to decrypt all the content anyway. So there's no point in the encryption at all, because the information will pass through the server unencrypted at some stage and can be captured.
If this were implemented as a browser feature or plugin, machines with the user's key information installed would be the only devices capable of decrypting the content sent by the server.
My point is also that there's (almost) no point in the encryption at all. If Diaspora is going to be P2P, then any compromised node can hijack the data. The only point of encryption would be to protect information enroute. Once information gets to a node, you either need trust, white box encryption, or hardware based DRM.
I don't think you can revoke a signature in a way that allows repudiation. You can only say, "I no longer stand by what I said," not "I never signed this."
I could be wrong, though. If you have links demonstrating this, please post them.
If the key is revoked, the digital signature done with this key is effectively revoked, since it no longer establishes identity. Look how CRLs work in PKI.
Then I delete it from Ultrabook - it was embarrassing. Goodbook still has it stored. You can have a good-faith "please delete this" but that doesn't stop another party from keeping it.
How's this different from Facebook and someone saving an embarrassing photo that you deleted?
So? Diaspora (as I understand it) isn't supposed to topple Facebook. It's a solution for the people who want to opt out of FB badly enough that they will install the tools to do so.
The average user may not think about security, but the average user isn't likely to go to even moderate lengths to install social-networking software.
I feel like they would have said 'too big to fail' about myspace, too, but Facebook won because there was social cachet in being 'exclusive' and because myspace pages were butt-ugly (too much user control). You never know what's going to or not going to be the achilles heel. Perhaps, in the end, people simply yearn for change and any excuse will do, informed or otherwise.
Does anyone remember what happened to Myspace? Of course it was complicated, but I think the primary driver in the exodus from Myspace to Facebook were the perceived privacy benefits of Facebook. People do care about privacy, but will only act on it if there is a reasonably convenient alternative - if Diaspora can make itself convenient, I think it has a chance.
Also, add in a slow news week with some sensationalized mainstream stories about privacy that mention Diaspora, and I think the odds increase even more. People love to have something to be paranoid about with their friends.
I think the primary driver in the exodus from MySpace to Facebook was the Feed. The experience of Facebook is just so much more "social" because of it. Other things like design/perceived professionalism/etc didn't hurt either, of course.
Yeah, I agree that those were important, maybe more important factors too. But I know alot of my non-tech friends made the move largely because they were sick of myspace spammers constantly contacting them.
The Facebook privacy debacle isn't about privacy, it's about trust. Facebook is a company people trusted to keep their party photos private among a close group of college friends, then one day their aunt says she can see those photos. All of them. "Why??? I didn't change any settings????"
"Third, the opportunity to host my own social networking server is one that appeals only to the smallest fraction of the social networking marketplace."
this argument seems really short sighted to me. If disapora takes off I expect social networking accounts will be like email accounts. There will be several dedicated hosts that serve the majority of users (like gmail, yahoo, etc.), but there will also be thousands of other smaller options (including self hosting) that savvier users choose as they see fit.
I don't think Diaspora's goal is to topple Facebook. I think their goal is to offer an alternative, and I think they'll succeed at that.
Perhaps the media-invented goal is to topple Facebook, and I do think the Diaspora team is very likely fail at meeting objectives that they themselves have not set! I have never heard the founders say that they want to topple Facebook ... but maybe I wasn't listening closely enough?
It does not matter if Disapora "fails." It's a really important problem they are working on and as long as they release some code and it gets people thinking and talking about how to solve the problems surrounding secure distributed systems it will be time and money well spent. I look forward to seeing the code they release and what they were able to accomplish this summer.
37 comments
[ 4.3 ms ] story [ 82.1 ms ] threadI think the article's other points are equally invalid... How can Facebook's "500 million user" base be the impediment to people adopting Diaspora? Surely, if his logic was correct, then no one would've ever moved to Facebook from MySpace. I would argue that the only reason Facebook has so many users is precisely because a strong competitor like Diaspora isn't here yet.
What's more, his idea that "Facebook gets more users every year, ergo Facebook users don't care about privacy" isn't too valid. How many of those users despise Facebook, but join anyway? How many of those users publish only what they would on a public service like Twitter, keeping their private lives off the web?
There is too much weaseling in this article for me to count it as valid.
People in protest movements would gravitate toward such software. They have reason to be paranoid about a centralized corporate service.
Facebook beat MySpace ultimately by being easier to use, with a cleaner interface. It also struck at a time when social networking technology (and broadband access) had matured to the point necessary for mass public acceptance. The normal lifecycle for every major social network before Facebook was about 18 months -- that's about the span of time MySpace was king of the hill.
I in fact predict that Facebook will eventually fade to AOL-esque irrelevance. I just don't think Diaspora has the right value proposition to slay the Facebook dragon.
How many "normal" users encrypt their emails?
How many set an Administrator and User accounts on their windows machines?
Etc...
i think i'd make the argument that it could be successful because of the publicity of the product educating the public.
edit: really? downvoted? i had to talk someone through the concept of a "password" the other day. average people just don't know about granular privacy/security concepts.
When I see stories about teens using steganography to escape the eye of their parents[1], I'd say the average user cares a lot. I think the main problem lies in the way the general public sees Facebook itself. Either they trust the company too much, or they're not aware of the full extent of Facebook's abilities regarding personal data. If they listened to Eben Moglen[2], many would probably reconsider.
[1]: http://www.zephoria.org/thoughts/archives/2010/08/23/social-...
[2]: http://www.softwarefreedom.org/news/2010/feb/01/freedom-clou...
First, they say that they're going to put you in charge of your data. If you post something that you want to take back, you can delete it. However, how would that work on a distributed network? Let's say that you use Goodbook and I use Ultrabook and we're friends. I post something on Ultrabook and Goodbook grabs it to show in your newsfeed. Then I delete it from Ultrabook - it was embarrassing. Goodbook still has it stored. You can have a good-faith "please delete this" but that doesn't stop another party from keeping it. So, there's actually little control that one can exert over their data in a distributed network and it relies on us trusting not only the provider we've chosen, but the providers of all our friends.
Second, the end-to-end encryption promised doesn't seem so likely. For example, if Goodbook grabs my status in encrypted form and they can unencrypt it, that doesn't make the encryption worth anything. For encryption to be worth something, it needs to be unencrypted by the end user. However, I don't see how they'd do that. Browsers don't integrate this functionality and one could write a plugin, but that's a big barrier to adoption. I could store my public key with my Ultrabook account and then Goodbook could push your status updates to me encrypted with my public key that I could then decrypt using my private key, but that seems like it wouldn't be the most seam-less experience without additional software.
That also ignores the much larger storage cost of storing a message encrypted once for each friend you want to send it to (say, 500 times) rather than storing it one time for everyone, but that's a scaling problem that could be overcome.
If another service provider can unencrypt the updates, you're in a worse position than with Facebook. Right now, I only have to worry about Facebook being evil. In that scenario, I'd have to worry about a bunch of service providers and hope none of them are evil. Likewise, if they're able to store the updates on their server, I'm no longer in control of my data. My provider might have a reason to put me in control (keep me as a user), but I'm likely to be unaware of what other providers are doing and have little recourse (other than de-friending everyone using their service).
I think it's possible to compete with Facebook. It does have a huge barrier to entry, but big companies have been toppled before. No one thought AOL would be relegated to what it is today either. No one thought an upstart like Google could topple the old guard. Frankly, Facebook came in and toppled MySpace. It happens. But I don't think Diaspora has even addressed two of the the fundamental issues they claim to be solving. That's what will stop Diaspora from toppling Facebook - they have yet to really talk about how to solve the two major problems they face.
*Also, if someome has an idea of how to address those two things, I'd love to hear it!
I'm not sure why a plugin is necessary. Javascript can do encryption. Actually, I'm not even sure why airtight end-to-end encryption is necessary. Most people will use a "standard" install. The "standard" install will honor the good-faith deletion requests. Those not using a standard install are SOL. Those who have gotten hacked -- there will be a continual arms race just as there is now. This is nothing new. It's still a far cry better than Big Company Has All Your Data Just Trust Us.
If this were implemented as a browser feature or plugin, machines with the user's key information installed would be the only devices capable of decrypting the content sent by the server.
You can revoke your signature for that message, where it effectively ceases to be yours.
I could be wrong, though. If you have links demonstrating this, please post them.
How's this different from Facebook and someone saving an embarrassing photo that you deleted?
The average user may not think about security, but the average user isn't likely to go to even moderate lengths to install social-networking software.
Also, add in a slow news week with some sensationalized mainstream stories about privacy that mention Diaspora, and I think the odds increase even more. People love to have something to be paranoid about with their friends.
this argument seems really short sighted to me. If disapora takes off I expect social networking accounts will be like email accounts. There will be several dedicated hosts that serve the majority of users (like gmail, yahoo, etc.), but there will also be thousands of other smaller options (including self hosting) that savvier users choose as they see fit.
Perhaps the media-invented goal is to topple Facebook, and I do think the Diaspora team is very likely fail at meeting objectives that they themselves have not set! I have never heard the founders say that they want to topple Facebook ... but maybe I wasn't listening closely enough?