Sunday, December 7, 2014

A simple proposal to fix the Internet

I've developed a really simple theory about why the Internet is so messed up, and how we can fix it.

The Internet is fundamentally broken because all the power is held by the services you use.  And that's working out about how you'd expect, with this asymmetric control leading to all kinds of nasty problems -- for example, privacy abuse, mass surveillance, and censorship.

But what's the source of that power imbalance?  It's your identity.  Specifically, it's the fact that the Internet is designed so that user identity is owned by the service provider, not the user. And it's what drives the bizarre condition where you need to give your stuff away to strangers for it to be useful to you.

My theory is that's all you need to fix.  Below I will propose a free and open cloud service that lets you manage your own identity, and keep all your stuff private.  That fixes all the problems above instantly.  More importantly, you'll discover that your stuff is waaaay more valuable to you when you don't give it away.

Imagine this simple cloud widget:
This service empowers you to manage your OWN identity on the Internet, instead of letting strangers do it for you. Let's call it a cloudspace. It's completely free, and works exactly like all the cloud services you use today, except it's all in one simplified place.

The key difference is that, when you sign up, instead of adding your stuff to some big shared database, the service creates a private database just for you.  That's your cloudspace.  It's where you stash all the digital stuff you now scatter all over the place. And since the cloudspace is also your communication app, it saves data from all your interactions going forward.

Your cloudspace is completely private; it's encrypted with a key only you possess, so even your cloud service provider can't see anything inside.  You own this database -- both legally and administratively -- so you can move it anywhere you want, including to competing services.  And since everyone's cloudspace is encrypted separately, there's no central point for anyone to spy on, censor, or attack.

Today most of your digital stuff is generated by interactions.  Therefore your cloudspace acts as your personal interface to the Internet -- to other cloudspace users, as well as the Web. It's designed so you can explicitly declare your identity for any interaction; you can even have multiple identities, or remain completely anonymous.

Cloudspaces can "friend" each other, permitting people to self-assemble into any (private or public) networks they choose. All the social/communication modalities you use today are supported, only better, because (among other things) all interactions between cloudspace users are encrypted. And organizations and businesses can also participate, so your cloudspace enables you to manage all those relationships in one place.

Your cloudspace is radically programmable, which is what enables it to perform any social or collaborative function, including future innovations. Anyone can write a Facebook-like or Twitter-like app, for example.  What's different is that apps can only read/write to your cloudspace, not take your data away to some place you don't control. Rich open APIs, and the breadth and depth of your data, will drive amazing solutions, all for your sole benefit as data owner.

The cloudspace software uses existing cloud technology.  Its core design is open source and open standard, so no one can ever own or control it. Economically, it removes all those perverse incentives that have screwed up the Internet, all while keeping it free for you and me.

But most importantly, it restores privacy as the default condition for human identity on the Internet.
----------------------------------------------

The narrative above is derived from a simple insight I had in late 2013, when I was thinking about all the bad things we suffer on the Internet today.  Instead of viewing these problems separately, I scanned for a common weak link, and it kind of jumped right out. The age-old identity weakness -- represented by the humble login/password paradigm -- drives everything from privacy abuse, surveillance, and censorship, to cybercrime, to everyday pains like password management and data backups.

In May I wrote this idea up and published it here on the blog, where nobody would see it.  I’ve had opportunity to refine and update that piece since.  That's the definitive document with the white paper-y treatment, including the technical specifics (spoiler alert: it's a standard JSON database with an API wrapper).

Below I will summarize the main points of the theory; this should enable you to start seeing the world as it would be with a user-centric identity model in place.  If you are like me, you will have a moment every day that proves the value in fixing identity.

-----------------------------

Here’s the opportunity, in a nutshell:

Instead of accepting a state where our identities are created and managed by others, we simply need to claim control of our own.

As I noted above, the root problem is the login/password paradigm.  It’s a model that dates to the earliest mainframes.  It’s been that way for so long that we simply don’t question it: our presumption is that the host is responsible for the creation and management of its users and identities.

But that model means that, once we create an account and start putting our data somewhere, it becomes impossible to move or in many cases even retrieve our data.  And if our friends have accounts with the same services, that raises the exit cost substantially too. And in cruel irony, this multi-account complexity is so painful, it's sparked the emergence of the "Login with Facebook/Google" buttons... quite possibly the worst idea ever, since it merely grants more data to the corporations that represent the biggest problems already.

That's why these services can continuously turn the screw on us in their Terms of Service (ToS) updates.  Facebook, for example, now tracks you across the Web and by your physical location.

But does it have to be this way?  Actually, not at all, especially in the era of the API Economy, Semantic Web, and Internet of Things.  With Cloud Composable Apps, that's not even a very hard technical problem anymore.

The cloudspace represents a new class of Internet “endpoint,” one that exists solely to represent the interests of the end user.  (You and me.)  The cloudspace is designed with two major concepts in mind:
  1. It’s a single place to store your “stuff” -- everything from files and videos, to your social interactions, to the data generated by your Fitbits and Nests and the coming Internet of Things.  It's completely private, except for the things you explicitly and precisely share.
  2. It’s your entry point to the Internet, where all interactions with others, and with companies and services, and any digital artifact, can be done in context of your own definition of who you are, not someone else’s (partial/corrupt) image of you.
The changes from adopting this model are instantaneous and dramatic:
  • Nobody can see your stuff anymore except you, and even your interactions with others can only be seen by participants.  That kills privacy abuse, surveillance, and censorship in one shot.
  • You no longer rely on third parties to facilitate interactions; these happen directly between users, with complete privacy. The result is a new “atomic Internet,” where you're logically equal to every user, and to the services you choose to use.
  • With a framework in place that supports authenticated, secure interaction between any two parties, you gain abilities to dramatically improve everything from commerce to content rights to legal arrangements (e.g., no more “contracts of adhesion”).
  • Because only a free and open source approach can deliver this framework, it insures against anyone having the ability to ever again assert control over your identity.
We've all heard the experts say "there's no technical solution to these problems."  I call BS.  As a product guy, I know you've just got to find and exploit your natural leverage.  In this case the end user has it, as the creator of the data.  The cloudspace simply asserts this leverage, and puts it to work for the benefit of the end user.

I know that a lot of people -- I'd say most people I know -- would love a solution to the Internet's problems of privacy abuse, surveillance, and censorship.  I think I've envisioned one that works, and actually does a lot more than that.

But as I also stated in my earlier post, my sole objective is to initiate this conversation and drive people to recognize the root problem of digital identity.  If we can fix that, I am convinced we can literally fix the Internet. I'm happy to hear any thoughts that help us toward that outcome.

No comments:

Post a Comment

Play nice please. Mean stuff will be deleted.