Options Beyond #DeleteFacebook : GDPR and Diaspora

I want to point to two things that exist already, and only need more adoption, that seem like the right direction after Cambridge Analytica and Facebook’s phone-scraping practices. One is legal (the GDPR), and the other is technological (Diaspora).

Neither of them seems likely to become part of modern American life overnight, but I think it is important to continually be trying to imagine the world as you wish it were.

1. America Needs Something Like the EU’s General Data Privacy Regulation. 

For the last year and a half, every company in Silicon Valley has already been scrambling to increase their ability to give users more choice, control, and specific rights regarding how their data is used. Unfortunately, the protections are only for users in the EU. That is because the EU passed a extraterritorial (meaning applies to anyone in the world) privacy law, the General Data Protection Regulation, that applies to anyone processing personal data, but that seems extra-targeted toward social networks.

It is a rather large piece of legislation, and would be more than what I intend to tackle in a short blog post to say that the United States needs to copy it verbatim. However: it is already been operationalized; everyone in the industry is familiar with it; it’s better than what we have now. So it would be a good starting point for anyone looking for what strong privacy protections the United States might look like.

One of its particular clauses that I think would have prevented some of the damage from the Cambridge Analytica situation is that users have to give “specific consent” for each use of their data. That means that for each particular use that a company wants to apply user data to, they have to get a specific checkbox or other indication that the user agrees to it; you cannot bury it all in the privacy policy or terms of service. That might be more difficult to pass in the United States where the lobbying power of Facebook and Google would likely be turned against it, because it affects their profitability. After all, who is going to specifically consent to have targeted ads? (Maybe they could pay users a piece of the approximately $80 per U.S. user per year that Facebook gets, mostly from advertising revenue.)  On the other hand, if Facebook was thinking very long-term and wants to regain users’ trust, perhaps it would not be so opposed after all. If you want to read more about this this post on PageFair gives some additional information on how GDPR is likely to affect Facebook.

2. The World Needs A Decentralized Social Media Platform (Like Diaspora, Perhaps)

The operational model of email is a good example of network decentralization, which creates a market that buffers against the sort of monopolization that Facebook has. Right now there’s a lot of people who are angry at Facebook, but they find they are tied to it because there is nowhere to go; it is the primary data source for all of the social connections in our world.

Compare that to how email works. Email was designed by academic institutions and the government, and the design contains no interest in making it an exploitable resource. It’s decentralized and standardized, creating a true market for email. If you don’t like Yahoo mail, move to Gmail. If you don’t trust Google or Yahoo or your ISP, host your own on AWS, Linode (my personal choice), or on a computer in your basement. Email data storage, transmission, and synchronization are based on standards (IMAP, SMTP, maildir, etc.) so that you can transfer your existing data from one provider to the next. Even if Google’s email server and my email server are running different software, they can still send each other messages. If you want to move all your messages from one server to another, it is pretty easy to engineer.

Social media is not much different from email, but with slightly more complex access arrangements: some information is public, other information is only for a certain audience. I am sure there are technical difficulties, especially with more complex things like commenting, but it’s doable and is not rocket science.

As far as I can tell, the current technology that is closest to taking that this is Diaspora, a distributed social network that looks a lot like Facebook. It’s not widely adopted, and it seems entirely plausible that it will be the Betamax to Facebook’s VHS — a superior technology that didn’t get enough critical mass — but if nothing else it is an important demonstration of what we should hope social media would look like.

How Diaspora works.

Functionality-wise, Diaspora looks a lot like Facebook, except there are no ads, and some of the technology seems a few years old, like there is ability to host video within it.

You identify yourself to others using something that looks like an email address, like I set up an account as jomo@diasp.org. But it’s not an email address, it’s a Diaspora identifier. Just like with email, the first part is a username and the second part is the server, or “pod” where it is hosted. You can share things with users on other pods, with access by group permissions: similar to Facebook “shared with friends”, although it allows asymmetrical relationships, so a bit more like Google+. The server for diasp.org is hosted by some random guy in Portland who likes cats, but to be honest at this point I trust some random guy in Portland who likes cats more than Facebook, Inc.  If it really started to be something I use all the time, I’d probably move to another pod, or host one myself.

The magic is that you don’t have to be using the same server to interact or be “friends” with someone.  The Diaspora protocol takes care of all the sharing-permissions stuff so that I still see all my friends post’s in my feed (if, of course, I had any actual friends on Diaspora). You don’t have to worry about the different servers any more than you do when you email someone.

One nice feature about Diaspora that makes it actually useful right now is that you can use it to push things to other platforms: you can make a post in Diaspora and have it automatically appear in Facebook and Twitter. So while the lack of a critical mass of users means it is not (yet) useful for communicating directly with people you know in real life, can be a place to initiate tweets and Facebook posts. And maybe some people will actually show up within Diaspora to see the posts there.

Diaspora Limitations. Its main limitations are:

  1. A still-limited user base.
  2. It is difficult to find your friends without actively messaging them to tell them you are on Diaspora; because of privacy concerns you can’t search for users based on existing networks or even email. I think an opt-in to a Diaspora-user-finder tool would be helpful, but right now no such thing exists.
  3. It doesn’t have true data portability (yet).

Because of his limitations Diaspora is not a drop-in replacement for Facebook. Your friends will mostly not be there. But then, not everyone was on Facebook when it started out either. First and foremost, I think Diaspora stands as a functional example of what we should aspire for our social networks to look like. But . . it actually works. Like many things it is a collective action problem. Kicking the tires to see how it works — which, really, is all I’m doing with it as this point — at least informs your imagination about what could be possible instead of Facebook.

With a distributed model like Diaspora, there would be a true market for providing social media services. Today, if you want to get rid of Facebook the company, you really can’t do that without getting rid of Facebook the service. It’s designed to make it difficult to leave. They will give your data, but there’s no other service where you can upload it. It doesn’t interoperate with any other service, because the entire system is proprietary.

Is distribution a panacea? No. I’m sure there will be other hackers and spammers who would try to exploit Diaspora if it were big enough to warrant it. However, there are shared spam-fighting tools that work with email and other distributed systems, and at this point I think I prefer the devils of decentralized social media that I don’t know to the devils of Facebook that I do know.

If I hypothetically had a grant-making foundation that wanted to address social media monopolization, I’d put it into creating and promoting a Diaspora pod operated by a nonprofit foundation, sort of like what Signal/Open Whisper Systems has done as a non-corporate WhatsApp, to help it getting to a bigger critical mass. The product is decent enough other than the lack of people and the difficulty in re-establishing your social network there. Another interesting opportunity would be for someone like Google, otherwise a tech behemoth but who has been second-tier in social media, to engineer Google+ to support an open protocol like Diaspora. Unlikely, as it all is, but a guy can dream.