[iDC] Replacing Facebook

Elijah Saxon elijah at ucsc.edu
Sun May 23 06:57:45 UTC 2010

On 05/22/2010 03:12 PM, Andreas Schiffler wrote:

> What is needed technically in my view, is a personal, encrypted,
> portable virtual machine (VM) with preinstalled "seed" software
> supported by readily available hosting services or personally owned 24/7
> connected internet devices.

That is certainly one option, but one that I don't think will pan out in
the long run. The reason is that people will not use a system that is is
prone to corruption and downtime. Anyone who has run their own server
knows that they require skill, labor, and regular maintenance to keep
running smoothly.

Happily, I think there is a secure compromise: put the encryption
responsibility on the client (a desktop app, a phone app, or even a
html5 app running in the web browser), and then offload the storage to a
cloud server that only stores encrypted fragments of data. There are a
couple applications that work this way now, like the free software
Mozilla Weave, and the proprietary Wuala.

This puts the uptime responsibility on the sysadmins, where it can
actually be handled, and allows you to access and sync your data on
multiple devices and location.

Anyway, if anyone is interesting in the technical debates going on right
now around turning social networking into a general protocol of the
internet, you might want to read the archives of this list:


I think at least one person from every significant free software project
in this space is subscribed to the list.

The archives are really long, really technical, and really political.
There are few other technologies where everyone agrees that every design
decision has huge political implications.

Here is a wiki page with what is probably the web's most comprehensive
breakdown of current free software projects in this realm, and also the
relevant protocols:


> And one more really disturbing thing: If we really want to keep control
> over our bits, we would need digital rights management (DRM) for _all_
> the content. Because without DRM, it is virtually impossible to delete
> something from a p2p system or public cloud.

I think the situation is not so dire. First, it is certainly possible to
cryptographically grant access to a resource and then to later remove
access to a resource. True, the recipient may have made a copy in the
mean time, and you may want very much to destroy their copy. I think
this is somewhat of an edge case, and not worth building an entire
social protocol around. If you did want to encorporate DRM-like expiry,
researchers have been successful at creating self-destruct messages
using the entropy of p2p distributed hash tables.


Elijah Saxon
Sociology PhD Student
University of California, Santa Cruz

More information about the iDC mailing list