Geoffrey Meredith

My previous post about the Internet Operating System compared the Internet's structure and operation to a stand-alone computer.  In this post I want to take that another step further.

I have the feeling that the state of the Internet now is much like stand-alone computers were just before the introduction of the IBM PC in 1981.  A lot of the pieces of the PC revolution were there, but no one had quite put them all together.  What the PC did was put control of serious computing resources into the hands of individuals.  We are now waiting for the Internet analog to this revolution.  I think that will happen when people control their data own on the internet.

That data control is not just in the "Data Portability" vision of being able to copy data from one walled garden to the next, but in the ability to store your data in a single datastore of your choosing and that you control completely. You can then allow selective access to to your data by external services that you want to use.  I think that Amazon.com's S3 is the start of the kind of service where you could store data.  Not that S3 has the complete functionality required to support this model but it could be based on top of S3.  Having your own datastore is like being in control of the hard drive on your computer.  You load applications and tell those applications what data to work with.  In that same way, you could allow a web based service such as Adobe Photoshop Express, to access some photos in your datastore, do some online processing and after it's done, store the results back to your datastore.  You can already do this with your photos stored on Flickr and a couple of other photo sites.  Adobe's got the right idea but there is no open protocol for that would allow them to reach the photos on my own personal server.

In a similar vein, we have Facebook, Google, Yahoo, Microsoft and many smaller players fighting over control of "the social graph".  The "right" way to handle this is to allow me to store and control my part of the social graph and then selectively allow other services to have access to that.  There would no longer be a need to give some new tool your account credentials to your GMail, Facebook, and other services.  Just point them at your datastore and tell your datastore what personal data that the service can have.

This model really is the holy grail social computing from a user's perspective.  It's deadly to a social aggregator's perspective (such as Facebook) as there isn't much left for them once they the user gets rescued from their lock-in.  I also see this as a significant component of the next version of the Internet Operating System.

I've been following the various conversations about data portability between the various big social networks.  This is definitely a hotly debated space right now.  The funny thing is that there is this one tiny piece of information, a person's email address, that is really at the center of the controversy but no one has really brought up why.  The only reason that we don't want our email to get out there in an aggregated way is that the technology behind email can't really control how it is used.  So when our email address gets out there, we get spammed.  This is a highly emotional issue for a lot of people.  If it were possible to positively identify the sender of email, we would get very little spam (and those that did spam us would be blocked quickly) and we would not care nearly as much how this piece of data is distributed.  It's funny that an email address is specifically designed to be published so that others can find it and send us messages but we now want the publishing of that email address to be tightly controlled and describe it as data that we "own".  It would be so much better if we did not need to control how that is published because it's use would be controlled.

In the context of the social networks, many people (that do not have a vested interested in a social network) say that an email address is our own data and that we should have the right to control it.  The problem is that for it to be a useful piece of data is has to be freely available.  What's happened with Facebook this week is that although they have been pretending to be opening up their network, they realize that combination of the social graph and email address is the basis for their walled garden.  If that gets away, other social networks can reproduce the Facebook network and undermine it's value.  What I see as significantly more important is the social graph itself.  If we had a messaging identifier that was spam proof, then this would not need to be protected data.  We would want to be careful about allowing other to know who we know and interact with, at least at a real world level.  There is no value to society (except for sociology research) in having any one company build a social graph and there is a lot of harm can come from it (McCarthyism).  There is a value to that company in that they can use this social graph to advertise to you and in building walled gardens.  I prefer a model where my piece of the social graph lives completely in my control and I only provide that information when and to who I chose to, from time to time.  Just like it used to before Friendster and Facebook.  Humans just work that way.

I don't use the word "hate" very often.  I reserve that work for things that I dislike with a real passion but email is becoming one of those things.  If you attempted to follow my previous posting about Controlling SPAM you can guess why I have this passion.

I wish that I could give up email altogether.  I think that this will happen in the next few years but at least at this point, there is not a better alternative for most of the people that I communicate with.  I have found that Twitter and IM have become integral parts of my communications infrastructure but it doesn't and will never come close to replacing the majority of my communications needs.  The long breaks in my blogging record suggest that blogging is not a good communications mechanism for me.  Most of the social networks out there just seem to add to the spam and privacy problems and don't really add much positive to my communications.  I'm just stuck with email for a while.

There are some good technologies out there to "fix" email.  DomainKeys and Sender Policy Framework (SPF) are two technologies that could to a lot to climate the problems with SPAM but there is just too much inertia in the install based of technology and administrator skill sets to actually get a critical mass of adoption.  If the weight of spam has not overcome this inertia by now, I don't think it ever will.

I think that the only thing that will fix the spam problem is something new that replaces email.  That new techology must have obvious benefits and have spam resistance built in from the beginning.  Earlier adopters will legitimize the technology and will eventually drag the rest of the world into using that technology.  We are seeing these kinds of shifts with the use of Facebook and Twitter but the closed, centralzied nature of both these system make them inappropriate for mass adoption that the internet infrastucture level that is required to really replace email.  By the way, when I speak of "email" here, I'm refering to SMTP email.  I think that we will always have email as in electronic mail but it may be based on completely different underlying technology than the SMTP that we see today.

What will replace SMTP email?  That's a pretty tough question.  There doesn't seem to be anything with momemtium on the horizon yet.  It is something that I've been thinking about and does tie into the OpenPersona idea that I've been playing with.  Maybe it will come out of that effort.

There has been a lot of talk lately about being in control of your own data online. This talk has arisen due to the various websites that revolve around the concept of a social network. MySpace and Facebook are the two best known of these websites but this is just the tip of the iceberg. Social networking online is not a new concept. To varying degrees, forum websites and going back further, BBSes, Compuserve, The Well, and Newsgroups are all instances of very successful social networks. They may not have been as focused and structured around the networking aspects as such websites as Frendster, LinkedIn or Plaxo but they still provided that functionality.

What is different now, especially when looking at a tool such as Facebook, is the shere amount of concentrated data that a single company has collected about a large segment of the online population. That scares a lot of people. It scares me and is the reason that I've minimized my exposure to Facebook. To a lesser degree, I have this same issue with Google as well, particular with respect to GMail.

I've been talking, although not blogging, about this issue for a couple of years and would have expected some serious progress towards addressing this issue by now. I often hear the mantra about "owning ones own data" but I have not seen a lot of progress other than being able to import/export data from various online tools and some ideas being generated on DataPortability.org.

So what have I been hoping to see develop in this space? I've been using the term "Persona" to describe a structured set of data and services that represent me or any individual online. I want my Persona to be completely under my control or delegated to a trusted service organization. Think "data analog to the banking system". I want that Persona to be my proxy to the online world as well as provide a window onto other Personas that interest me and provide a place for us to communicate and collaborate.

In a very real sense, I want to see the business model that Facebook is using turn it inside out. I want to see a lot of smaller service providers that make it their business to protect the Personas that have been entrusted to them. I want protection from spammers, data identity thieves and from marketing messages that are not of interest to me. If I'm particularly paranoid or technically savvy, I want to be able to host and operate my own data and services so that I don't have to trust anyone.

This is just a first entry in what I hope will be a long series of posts on the topic of Persona. Stay tuned!

I've been amazed at the progress of the OpenID and the lesser known Yadis open specifications over the last year or so.  While not talked about too much, I think that the Yadis standard really help to bring various parties to the table around the concept of using a URI (or URL) as a basic identifier for people.  Yadis provides a simple way to allow a single URI to be used for many different identity and even non-identity services.  I have a sense that as Yadis become more widely used, it will unleash the floodgates for new kinds of networked applications will make Web 2.0 look quaint in comparison.

The podcast, The Story of Digital Identity has been a great inspiration for ideas on this subject.