data hosting

The peril of the Facebook anti-privacy pattern

There's been a well justified storm about Facebook's recent privacy changes. The EFF has a nice post outlining the changes in privacy policies at Facebook which inspired this popular graphic showing those changes.

But the deeper question is why Facebook wants to do this. The answer, of course, is money, but in particular it's because the market is assigning a value to revealed data. This force seems to push Facebook, and services like it, into wanting to remove privacy from their users in a steadily rising trend. Social network services often will begin with decent privacy protections, both to avoid scaring users (when gaining users is the only goal) and because they have little motivation to do otherwise. The old world of PC applications tended to have strong privacy protection (by comparison) because data stayed on your own machine. Software that exported it got called "spyware" and tools were created to rout it out.

Facebook began as a social tool for students. It even promoted that those not at a school could not see in, could not even join. When this changed (for reasons I will outline below) older members were shocked at the idea their parents and other adults would be on the system. But Facebook decided, correctly, that excluding them was not the path to being #1.

Topic: 

Data Hosting architectures and the safe deposit box

With Facebook seeming to declare some sort of war on privacy, it's time to expand the concept I have been calling "Data Hosting" -- encouraging users to have some personal server space where their data lives, and bringing the apps to the data rather than sending your data to the companies providing interesting apps.

I think of this as something like a "safe deposit box" that you can buy from a bank. While not as sacrosanct as your own home when it comes to privacy law, it's pretty protected. The bank's role is to protect the box -- to let others into it without a warrant would be a major violation of the trust relationship implied by such boxes. While the company owning the servers that you rent could violate your trust, that's far less likely than 3rd party web sites like Facebook deciding to do new things you didn't authorize with the data you store with them. In the case of those companies, it is in fact their whole purpose to think up new things to do with your data.

Nonetheless, building something like Facebook using one's own data hosting facilities is more difficult than the way it's done now. That's because you want to do things with data from your friends, and you may want to combine data from several friends to do things like search your friends.

One way to do this is to develop a "feed" of information about yourself that is relevant to friends, and to authorize friends to "subscribe" to this feed. Then, when you update something in your profile, your data host would notify all your friend's data hosts about it. You need not notify all your friends, or tell them all the same thing -- you might authorize closer friends to get more data than you give to distant ones.

Topic: 

Why facebook wants you to open up your profile

There is some controversy, including a critique from our team at the EFF of Facebook's new privacy structure, and their new default and suggested policies that push people to expose more of their profile and data to "everyone."

I understand why Facebook finds this attractive. "Everyone" means search engines like Google, and also total 3rd party apps like those that sprung up around Twitter.

Topic: 

Data hosting could let me make Facebook faster

I've written about "data hosting/data deposit box" as an alternative to "cloud computing." Cloud computing is timesharing -- we run our software and hold our data on remote computers, and connect to them from terminals. It's a swing back from personal computing, where you had your own computer, and it erases the 4th amendment by putting our data in the hands of others.

Topic: 

Data Deposit Box instead of data portability

I've been ranting of late about the dangers inherent in "Data Portability" which I would like to rename as BEPSI to avoid the motherhood word "portability" for something that really has a strong dark side as well as its light side.

But it's also important to come up with an alternative. I think the best alternative may lie in what I would call a "data deposit box" (formerly "data hosting.") It's a layered system, with a data layer and an application layer on top. Instead of copying the data to the applications, bring the applications to the data.

A data deposit box approach has your personal data stored on a server chosen by you. That server's duty is not to exploit your data, but rather to protect it. That's what you're paying for. Legally, you "own" it, either directly, or in the same sense as you have legal rights when renting an apartment -- or a safety deposit box.

Your data box's job is to perform actions on your data. Rather than giving copies of your data out to a thousand companies (the Facebook and Data Portability approach) you host the data and perform actions on it, programmed by those companies who are developing useful social applications.

As such, you don't join a site like Facebook or LinkedIn. Rather, companies like those build applications and application containers which can run on your data. They don't get the data, rather they write code that works with the data and runs in a protected sandbox on your data host -- and then displays the results directly to you.

To take a simple example, imagine a social application wishes to send a message to all your friends who live within 100 miles of you. Using permission tokens provided by you, it is able to connect to your data host and ask it to create that subset of your friend network, and then e-mail a message to that subset. It never sees the friend network at all.