Thursday, May 6, 2010

On the Concept of Social Abstraction and Lack Thereof in Social Media

For those who read my last post, you will remember that I created this blog with the intention to emphasize the different layers of technology and their interaction and interdependence in social media. One of the first things you learn in computer science is the fundamental concepts of programming. Taken directly from Structure and Interpretation of Computer Programs, those concepts are primitive expressions, means of combination, and means of abstraction. The last one is of issue in this post. Means of abstraction is the ability to give names to compound elements. For example, imagine you have a shopping list of items. The ability to take that shopping list as a whole with all of its items and manipulate it with one name is abstraction. And of course, a programmer must realize that there is a point where abstraction stops, and it is no longer proper or efficient to combine and abstract items. What some do not realize, however, is that abstraction does not just apply to shopping lists or computer programs, it happens in real life, going as high as social media itself. In today's world, it is a lack of abstraction, or rather a lack of proper abstraction, that is causing the numerous rhetorical fires on blogs across the Internet.

Referring to the most heated company in the new divide and conquer era of social networking, Facebook has been quietly active in both destroying and creating abstraction. Referring to the former, Facebook has been participating in horizontal integration. They want their logo everywhere in every part of the industry. This is evident with the social plugins, customized third-party services, and so on. The problem with this integration is simple: Facebook is not the center of the Internet. It is virtually impossible to compound the Internet into one object and manipulate it from there. In other words, you simply cannot abstract the entire Internet. Imperialism like this will not work in the end, because it ends up locking out viable customers who do not want to succumb to the impending dictatorship. The takeover is tantamount to the United States taking over the entire world, or at least establishing a controlling force in every country. (Boy would international social plugins be an interesting concept.) And the best part of this, for those who recall the beginning of this paragraph, is that Facebook is creating abstraction at the same time. It's Open Graph Protocol, which some have mistaken for a Facebook-centric protocol, is actually a decentralized standard that helps to break up the single-company monopoly on social activity.

However, there is one vital flaw with all of this: nobody is hitting the target. Just look at all the attempts of proper abstraction that have been lurking around: OpenGraph (as aforementioned), XAuth, OpenID, the list goes on. All of these concepts have been invented with the idea of making the user the center of the Internet, making the user that compound object that can be manipulated by multiple social networking companies. And when you think about it, the concept makes sense: why identify a person based on their social network when you can identify a person based on the actual person. But then why has nobody actually succeeded in decentralizing the Internet? Why is Facebook still in charge? Why, you ask. It's because nobody has got it right. XAuth, for example, is useless without another standard on the back end (such as XAuth+OAuth). By not fully abstracting, the service is almost dead. OpenID almost hit the spot, allowing users to log in with their single central identity, but failed to account for the fact that companies would all give out OpenIDs, yet nobody (or at least nobody important) would accept identities hosted on competing services. In both of these cases, attempts at abstraction failed as portions of the protocol went missing or unaccounted for. But the latest and greatest of these is OpenGraph.

OpenGraph is quite ridiculous. Seriously, it's the incorporation of metadata into a web page. News flash, the "meta" tag has been in HTML for quite a while, and for exactly that purpose. All OpenGraph does is define a few specific tags and what Facebook thinks they should mean. I do not think this is even abstraction or decentralization at all, because it has nothing to do with who is accessing the metadata nor who is creating it. I could probably have drafted OpenGraph in a few hours after school if I really wanted to. So if all of these services don't make the cut, then what does the Internet really need to finally properly abstract itself, where are we heading in terms of privacy and centralization, and what comes next? To tell you the truth, chances are nobody will ever come to an exact answer. Even my own proposals will be only as good as my conception of the Internet is, which is not great for any human being let alone a teenage blogger with less than a decade of experience in the field. However, I do believe developers can sit up in their chairs and think for a few seconds.

What we really need to do is have a completely abstracted and completely decentralized system. In the current system, a user is identified by their unique ID in the service's database. There needs to be a unique ID that is unique among all services, and that any service could recognize just by fetching that ID. We need a system where one social network can pass a single HTTP request to another social network and be able to immediately interact, as if the user was there the entire time. It is the ability to manipulate the user separate of the social network that makes or breaks the deal. So here is my proposal: certificates. Imagine each and every user had their own encryption certificate, something with a unique fingerprint that proves who the owner is. A user would register with a social networking service by submitting their public key, part of the certificate. Since certificates are used for encryption, users could easily log in with their private key, thus eliminating passwords (a nice side effect). If Facebook wanted to throw a user over to Twitter, all that would have to happen is for Facebook to send over the public key, and it's done. Now whenever Alice signs a post with her private key, both Facebook and Twitter will be able to recognize it. For those who are confused, imagine it this way: you have a picture of yourself. Nobody else can duplicate that picture or say that that picture is them. You register with Facebook by giving them your picture. Facebook hands your picture to Twitter automatically. So if you wander over to Twitter and show your picture, it's as if you were there the whole time. Furthermore, if you write a post and attach your picture to it, both Facebook and Twitter will be able to recognize your picture and post your post.

Obviously, the security implications of this need to be worked over, and I'm tinkering with the idea in gedit as I write this post, but I think some kind of concept even remotely related to this, where a user can prove who he or she is independent of a website, is necessary for proper abstraction of the Internet. In conclusion, this is only a baby idea, and I wrote this post in hopes that a fraction of my readers would come back and at least make a useful comment that could help to propagate the concept. (I already have an XML document outlining how two social networking sites would communicate.) Thoughts?


  1. You still have no comments here, that's crazy.
    Have you checked out ? What do you think?

  2. Seems interesting. I guess we'll have to wait until September to see what happens.

  3. Someone would still need to issue the certificates and allow the user to manage their virtual profiles. Who would that be? VeriSign?

    And what if I don't have my certificate with me at a given moment? How do I send a signed post to Twitter?

  4. Well, nobody issues your certificate. It is generated on your own computer. Having it generated online would be a security risk.

    And for not having your certificate with you: well, unfortunately, you'd have to use the old username-password system. In this case, your individual posts will not be signed, but everything will still work fine as long as Twitter does not sabotage your data.

  5. > unfortunately, you'd have to use the old username-password system

    So, you'll still need to have a username/password combination generated for every website you use?

    Overall, the idea is nice, but would be quite hard to implement for the mass market.

  6. The point of the system is not to get rid of usernames and passwords (that's an entirely different monster), but rather decentralize the idea of social networking, making it focused around the user rather than the service.

    And it should not be that hard, considering most people access their social networking services on two computers: their home computer and mobile device. And accessing your social network anywhere else is as easy as attaching a USB device to your keys. Theoretically, it should be extremely difficult to not remember your certificate.