Building a Better Social Network

Sourced from Wikimedia Commons

Sourced from Wikimedia Commons

One of the biggest limitations of using a blog to own your own content is that you more-or-less give up controlling access to your content. Everything is out in the open by default. The workarounds are to either secure individual posts with a password or force registration on your site to secure posts. Both methods are cumbersome and awkward. Social networks have largely risen by attempting to provide a fix for that issue. Unfortunately, the trade-off is you give up ownership of your content. Social networks also tend to be very noisy since while you can control who sees your posts, you have very little input as to which posts of someone else’s you want to see beyond “all or nothing”. These issues are easily fixable.

The most widely recognized way to secure any data which should have a limited audience is with public key cryptography. Each individual would distribute a public key that can be used to encrypt a message for their eyes only. They would then use their private key to decrypt the message for their viewing. In the real world, most messages are encrypted with a symmetric key which is then put into a digital envelope with the public keys of anyone who should be able to read the message. It’s very fast and allows multiple recipients. This has been used with encrypted email for over two decades.

It wouldn’t take too much to extend this to blogs. RFC2440 and RFC4880 both specify standard ways in which public keys can be published. As part of a blog setup, the blogging engine could generate a public-private keypair, put the keypair in your browser, and publish the public key on an embedded keyserver. The SKS keyserver has the added benefit of replicating the key to other keyservers and being able to looking against them. This makes discovery of public keys, either your own or those of people you want to share with, very easy.

As a real-world example, let’s say you want to write a post about your top-secret award-winning macadamia nut clusters and only want to share it with your friends Alice and Bob. You don’t want Carol to know about it because the two of you compete for “best baked goods” at the church social every year. When you publish your post, it gets encrypted with a symmetric key. That symmetric key is then encrypted with your public key and the public keys of Alice and Bob (cue maniacal laughter from Yzma here). Carol won’t be able to see the post because her public key wasn’t used to encrypt the symmetric key. This gives you iron-clad guarantees of privacy because unless you add Carol’s public key to the list, she’ll never be able to read the post.

Blogs also make an ideal platform for solving the noise problem. Every single post gets placed into one or more categories with tags to further refine what the content is about. (Dear haters of tags: shut up. Machines are still not smart enough to determine content relevance without them. Facebook’s news feed is a prime example.) One you’ve chosen who to share your content with, those individuals can then filter based on category or tag so that they’re only seeing the content they want. Prime example: if you want me to shut up about politics, you could create a filter that anything I post tagged with politics is filtered out. It still relies on the publisher to tag their content, but it definitely provides much more control than Facebook, Twitter, or Google+.

Now how do you view all of this content? Just bust out your trusty RSS reader. Yes, Google Reader died, but a dozen or more companies have taken its place. I’m personally very happy with Tiny Tiny RSS. It would be a small thing to add a basic RSS reader into a blogging platform to complete upgrading blogs into a real social network.

I know you’re probably thinking this seems like an awful lot of work, but there’s a number of reasons why this makes sense. Facebook has been steadily trying to “smartly” filter your news feed, but it often ends up frustrating users beyond belief. Brands who use Facebook have seen engagement levels steadily drop as Facebook tries to shake them down for advertising dollars. RSS is guaranteed delivery to a reader; Facebook is not. Twitter has a tendency to be far too noisy and conversational. Most posts there end up being time-sensitive and fall off quickly, so it’s easy to miss things. And as much as I like Google+, it’s real power is as a way to influence the search results of other people.

You’ll notice that none of the major social networks really care about noise. For those that offer any kind of privacy or sharing options (Facebook and Google+), you’re also explicitly trusting those companies to be in on each and every posting. There have also been many high-profile examples of the privacy controls failing. Creating sharing standards which can be implemented by various platforms and placed under your total control is the only long-term solution to all problems.

You may also like...

3 Responses

  1. David says:

    WordPress has a number of RSS Reader plugins that could address (or begin to address) that aspect of your idea for a distributed blog-based social network solution. There is also a PGP Key Generator plugin (https://wordpress.org/plugins/pgp-key-generator/) that might be a foundation for your post-encryption idea.

    In order for such an individually controlled social network to succeed you would need to grow a sufficiently large population of users. I think there are two keys to making such a network feasible.

    First, make it inter-operable with existing social networks – in other words, make it possible to publish to other networks (the way WordPress and Blogger can now) lest the whole idea atrophy from lack of use. Facebook grew organically before there was a truly established social network ecosystem. Google+ succeeded because Google already had so much name recognition and it was integrated with their existing services that had large, active user bases.

    Second, make it nearly as simple to set up as joining Google+ or Facebook. A plugin or set of standardized plugins for WordPress would be a good approach. You could make it possible to install WordPress with those plugins already enabled or to download and activate that set of plugins for users with an existing WordPress powered site. If the plugin(s) were available on WordPress.com blogs you would instantly have millions of potential users who could activate the features and join network with sites they are already actively using. This would give it sufficient use to be a viable social network.

    If you figure out a setup that seems to meet your stated design goals I’d be happy to try it out.

    • Jesse says:

      It seems like this is something that needs to be standardized and then baked into the core. In the meantime, there really should be a plugin that covers the basic pieces of functionality (key generation, key publication, key management, and RSS reader). You’re right that this is something that has to be seamless to the user. One possibility is to allow securing the private key via an OAuth token so that you could use an existing account (Facebook, Google, Twitter) to create it and host the private key somewhere (Google Drive, Dropbox, etc).

      I think the next step is drafting a standard and submitting it to the community at large for feedback. I’d want this to be something that any CMS could implement.

      • David says:

        I definitely agree that this should be something any CMS could implement although I’m not convinced that it needs to be baked into the core. Certainly some CMS(s) could opt to do that.

        I think a proof of concept would go a long way towards getting feedback and buy-in from the community at large.

Leave a Reply