There’s a thought I’ve been walking around with for a while now: For most users, privacy and security are mutually exclusive. That is why most users willingly surrender their personal data to corporations like Facebook. That is why 99.9% of email goes unencrypted. That is why most users don’t bother to check their privacy settings and ultimately, Facebook get’s to reap the benefits of the disclosure of user’s personal data.
The reason why I believe that for the average user, security and privacy are mutually exclusive is that the large majority just can’t be bothered to read into the technical details and acquire the knowledge that is necessary to set up proper security measures that do not compromise their privacy. Most users want turnkey solutions that provide them with some security (and arguably, in most cases the illusion of security might suffice). That is why I believe that any distributed system that aims at replacing Facebook – nota bene Diaspora Project, which should really reconsider their name – will need a turn-key, easy to use, set-up that just works for the majority of users while allowing advanced users to fine-tune their settings or even host it themselves.
Here’s my public key – Your public what?
Most users depend on software solutions as is. They have no desire to read into elaborate or even minuscule technical details. Point in case: email encryption. Email has been around like forever. Everybody knows that emails are easily intercepted. Yet almost nobody actually encrypts their emails. Why is that? Because it’s a pain in the ass.
I’m using a Macbook Pro for little over 2 years now, and I must say I’m pleased with the experience. It’s got a nice GUI, most software is quite amazing, and there’s tons of resources that tell you how you can modify those little parts of the OS using terminal to streamline your workflow. There’s only one thing that’s bugging me: I can’t, for the love of God, get mail.app to consistently and reliably use GPGmail.
Email encryption is such a no-brainer that it hurts to see that Apple, for instance, still hasn’t implemented it, or given documentation on the mail.app API, to make it easy to use. Don’t even get me started on the lack of encryption for emails on the iPhone. Further, why doesn’t GMail allow for email encryption on their web-interface? Surely that would be a way to attract customers and set its own service apart from the competition. Further, it would strongly improve the recognition of their human rights claims that have been scrutinised given the latest events in China.
I presume a lot of other people think like that. How else would it be that I rarely get email with a public key attached? So the thing is: even though I know I really should use encryption for my email conversations, the facts that
- it is not possible to properly implement without giving up my current workflow and requirements and
- of no use without convincing my friends and communications partners to do the same
Closed systems reduce complexity – that’s why they work
The beauty of closed systems is that they reduce complexity for the users. Facebook sees this currently. as the complexity for the user rises because of Facebook’s pursuit of opening its platform to the rest of the web (or taking over the web, as the pundits might have it.) The thing is: many users are willing to give up their personal data and surrender their privacy for ease of use and the illusion of security. Now, we all know that storing that data on centralised servers is not really secure, after all the attacks on the major German social networks StudiVZ and SchülerVZ have shown drastically that security on centralised servers can be breached.
However, if we were to have this thought experiment, I’d argue that if users were to host this information themselves, they might have more control over their privacy settings, but their information would be even less secure. How do I come to this conclusion? One of the prime examples for this seems to be WordPress.
WordPress has a beautiful model. The software is relatively open, everyone can download it for free and host it on their own servers. And then there’s the hosted models, for which you either pay or have less control over your site. WordPress has grown so popular in fact that it is now a major target for attacks. Which results in a lot (and I mean a LOT) of WordPress sites ending up infected and delivering malware. This rarely happens on blogs hosted on WordPress.com though. Now why is that? People trade a level of control over their site to the reduced complexity of having Automattic take care of the security of their site. They don’t have to worry about uptimes, performance and security breaches.
That is why closed systems, albeit being the pronounced opponent of the openness of the web, work. It’s only after a technology has grown to widespread adoption and has been around for long enough that enough people venture out there as they have gained sufficient technical skills to have outgrown the comfort of the closed environment. That’s basically the story behind the rise and fall of AOL.
So where does that leave us?
Coming to terms with this paradox is not exactly easy. There are a lot of trade-offs to be made. And not all of these will turn out in favor of strengthened data protection. I wish the folks of Diaspora Project the best of luck, as we clearly need an alternative to Facebook. But it bears being reminded that complexity is the enemy of any widespread adoption. And I’d really like to be able to encrypt my email now…
∞
I’m sorry, but why are closed systems reducing complexity? Facebook is actually a very good example of a closed system that doesn’t reduce complexity. It’s the opposite. Users can’t properly manage their privacy settings not because they’re not interested in them, but because it is so complicated to adjust them and because Facebook doesn’t make the implications of the settings obvious to the user. It’s a broken, closed system.
Microsoft Windows and whole bunch of other closed software applications are immensely complex and aren’t perceived by the user as something superior to open software.
The WordPress isn’t a good fit either. Yes, WordPress does offer a self-hosted and a cloud solution. Obviously, they’re interested in keeping their servers up to date and they do have people who will manage that. The fact that WordPress blogs are such a big target for maleware is because there are so many of them out there. Why is that? Because it’s so easy to install one. That’s how WordPress grew to a company that actually later launch a hosted service for users. Not the other way around.
Reducing complexity isn’t about closed or open, it’s just making the right decisions. Why is it that the Internet functions so well, if it’s so anti-closed? Because people are able to make good, open decisions. Millions of open code are being used every day by millions of people – let’s not pretend that Apple’s software is the only one that actually … you know … works.
Sorry for being so harsh here, but I do have a very strong opinion on this one.
Oh, and I’ve written something about Facebook, Diaspora and the future of browsers that you might find interesting: http://www.wiredvanity.com/articles/59/we-need-better-browsers-not-better-social-networks
(A little spoiler: it’s about an open solution that will reduce complexity.)
Please don’t get me wrong here, I’m not arguing in favour of closed systems. I’m merely arguing that for the majority of users, you know, those who use windows and might be stuck with IE6 still, some open systems are just too much to handle.
I definitely agree that Facebook right now is a broken, closed system. But this stems from the fact that the company right now does manage the balance between openness of information and closed-ness of the platform very well. When Facebook was still a very tightly closed system, as the privacy timeline (http://mattmckeon.com/facebook-privacy/) shows, it was manageable.
I’d love to see an open system that reduces complexity for the users, that offers turn-key solutions that match those of closed services or are even better, while at the same time providing users with the benefit of actually using an open system. The thing is: I don’t see it yet.
The other question is: why are so many people on the internet? And clearly, AOL, as closed as it might have been, had a huge role in that.
As for social being managed in the browser, I love that approach. However, I think it is not sufficiently fit for the problems that lie ahead of us and reach far beyond just managing my social content.
I strongly favor open systems, and I believe that this needs to go further than just open social systems (VRM and the Fourth Party may be a good vision here, http://blogs.law.harvard.edu/vrm/2009/04/12/vrm-and-the-four-party-system/). We’re just not there yet, in terms of widespread user adoption.
Switching from IE6 to Firefox isn’t really hard and the fact that Firefox gained an almsot 30% market share is a good example for that. Microsoft is profiting highly from restricted, corporate environments that dictate the user what browser he should use. Also: it’s Microsoft and it’s closed system that doesn’t give the user the possibility to use the right application not the other way around. Or did you hear from a lot of people who actually switched back from Firefox to IE? ,)
Facebook profits a lot from sociality, not from its closeness. People are using it because most of their friends are on Facebook. The viral expansion loop is a powerful instrument and it works very well in a community that has reached such a high popularity. At this point the sociality factor overcomes practically every thing that is broken about Facebook and that’s why they are still out there. But that’s also why it is so important that so many people are writing about Facebook’s missteps right now. Their closed system won’t save them, if there is enough social pressure.
AOL was a big part of the consumer based internet, sure. Simplicity was very important, because nobody knew how to do this shit and everything was going very, very fast. People burned a lot of money, because they didn’t really knew what they where doing. Thing is, users aren’t dumb and at some point they’ve decided that a closed version of the Internet in which they can’t access everything they want wasn’t enough for them and they moved out, socialized and got used to the openness of the Internet.
Same thing happens right now with the socializing and the mobilizing of the Internet. Both is very new, very scary and people are still trying to find out how to do it right. It’s a learning process, but if we keep in mind what is important Apple and Facebook will end up exactly as AOL and Microsoft.
That’s exactly what I’m saying: This stuff is pretty new, and most people can’t really handle it. But once people learn it and get sufficiently tech-savvy, Facebook will see itself caught between a rock and a hard place.
People will increasingly learn the values of open sociability, of open data, just as they learned to value the open web as opposed to AOLs walled gardens. But AOLs walled gardens were necessary to get people accept the initial technical step and dive into that completely new environment.
I agree that we need to keep the pressure on to open things up. (And Facebook’s recent flaws were actually a pretty good spark to fire up the discussion again…) As for mobile, we may not forget that Android itself has a lot of shortcomings with regard to openness (http://www.visionmobile.com/blog/2010/04/is-android-evil/). With regard to social, we need to figure out how to put users in control without adding complexity. A very hard task indeed.
And we need to find out how we can put individuals in general in better control over their data. One thing that ProjectVRM approaches pretty well, but still lacks proofs of concept. (http://blogs.law.harvard.edu/vrm/) We need to do this, as the next wave of innovation is already gathering speed. And we want the user in control when it comes to his travel patterns, his spending and consumption patterns, and all kinds of ambient and implicit data. Because that’s an area where I’d rather AOL not happen. The only way to achieve this, though, is to implement open systems in a way that they, for average Joe, are just as usable as AOL or early-stage facebook. Which is to say, our inner geek will have to step back a bit.