Thursday 30 November 2017

Distributed social networking in 2017: a review

Abstract

In just the past ten years or so, use of social networking sites has grown to the stage where the market leaders can claim billions of active users. In some areas, social networks go far beyond simply connecting friends, but are users' primary source of news. Some social networks can even drive the traditional news, having a measurable effect on emerging events.

Suffice it to say, then, that social networking is perceived as being as essential to many users as access to a TV, radio and landline phone would have been to our parents' generation. Yet a growing number of influential commentators and individuals are belatedly starting to realise that there is a data privacy trade-off inherent in using social network sites. Some networks (Google, Facebook, Twitter) are so ubiquitous that they are able to track users' activity on sites across the web, even when the user is not logged in, and sell this browsing data to advertisers. We are encouraged to share more and more personal information with these sites, on the basis that this allows our friends to connect with us better and for more targeted suggestions of other content (i.e. adverts). This is known as "surveillance capitalism".

Beyond the privacy issue, there are concerns that old, potentially embarrassing data may resurface in the future and can never be truly deleted. There are concerns that the algorithmic selection of what to show in a user's feed means that people's perception of world events is being warped (called a "filter bubble"). There are concerns about centralising data in a country with extensive state powers to access that data covertly. And there are concerns that data is being used in inappropriate ways; for example, personal photos appearing as an integral part of an advert, to falsely imply a personal endorsement.

What if there a way of keeping the features of a social network that make it useful to people - for example, the instant ability to make all your friends jealous of your holiday - but bake in privacy and control, to eliminate the types of undesirable behaviour listed above? Actually, we can already do this. The method is called distributed social networking, also known as decentralised or federated social networking. It's not well-known outside of a few niche circles, but it exists, under active usage and ongoing development.

This review looks at two of the most mature distributed networks in an attempt to determine whether they will meet the needs of an average user.

Background

Anyone who has read any mainstream media recently will know social networking is responsible for making millennials stupid [citation needed], and is only ever used for broadcasting pictures of our breakfasts and / or our own legs in front of a tropical sunset #SoBlessed #AnotherPinaColadaPlease #PleaseLikeThisSoICanFeelValidated. A growing number of people are starting to recognise the uncomfortable privacy trade-off inherent in social networking as well: that we freely give up our personal information in exchange for access to a proprietary, closed communications system that, by design, spies on our most intimate moments, thoughts and preferences. They do this in order to sell us things and even to influence our own core beliefs.

I downloaded my personal Facebook archive. I'd consider myself a light user, yet the archive exceeded 40MB and more than a thousand files. That's not including all the analytics data, the proprietary decision-making processes that enable Facebook to determine what kind of advertisers might be interested in reaching me. The archive contains all of my contacts (current and deleted), all of the events I've attended or ignored, all of the private message threads that I've participated in over more than a decade. It contains every ill-judged "joke" and comment, every embarrassing photo in which I have been tagged. It contains adverts I've recently clicked on (usually by accident).

I don't mean to pick on Facebook, whose enormous success is down to many factors, including having engineered the most advanced software platform of any social network in the world. When my friends and I use Facebook, it is because it fulfils a useful function for us. We generally ignore the downsides, much like a meat-eater can put to the back of his mind the harsh realities of an abattoir. However, it is telling that the Wikipedia article entitled Criticism of Facebook runs to some 20,000 words in length, excluding its references.

It doesn't have to be that way. It is possible to have all the features we understand as being necessary to a social network, but free. That's free as in "beer", free as in "speech", free as in "you can leave whenever you want", and free as in "won't insinuate itself into your conversations, shouting at you to buy stuff."

There are a number of open-source software projects that do social networking in a way familiar to any user of Facebook or Twitter. Some are thin veneers over other systems, offering additional functionality or some privacy protection but communicating over the underlying closed platform. Others are complete clones or imitations: Mastodon, for example, is basically the same as Twitter, except that the leader of the free world isn't doing diplomacy via Mastodon. And Mastodon has one huge privacy-friendly feature that Twitter doesn't have, and which we will be discussing in depth in this article: federation.

How is this possible? Surely Twitter's unique selling point is that it is, in fact, unique? Well, yes, kind of. If you are looking to interact with celebrities (or, indeed, just your own friends), then clearly you need those celebrities (or your friends) to be on the same platform, or at least, on one that is compatible. In that sense, Twitter is unique.

But when the tabloid press regularly blame social networking for all the world's ills, the key mistake that they make is to view all social media as some kind of ultra-advanced technology, only really understood by the kids. It isn't. Use cases vary, of course, but in principle a social network platform is simply a communications tool that allows ordinary users to upload "content" - words, pictures, videos - and for other users to respond in kind. Most newspaper websites' comments sections can do that. Simple blog software like WordPress can do that. But these other sites haven't scaled to build vast communities out of their contributors. The thing that really makes the major social media platforms work is that they are monopolies. And like any monopoly, especially one with shareholders, they can be abusive.

(It's worth considering how they became monopolies, too, and think of all the other potential monopolies we might have had instead. Friends Reunited, Bebo and MySpace all had a far richer feature set than Twitter did at launch. Famously, most of Twitter's most well-known features, such as the convention of hashtags, were developed spontaneously by users as a workaround to the platform's own shortcomings.)

There are alternative approaches to subverting this model. One way would be to develop software modelled on the features of, say, Facebook, but without centralising all the data in a way that makes it ripe for exploitation. Another way would be to build tools that minimally interact with the platform but which exercise additional controls over the top.

I've already hinted at the solution. WordPress proves that the publication technology not only exists (for free), but can be packaged up for novice users to install on their own websites. It's a small step from there to building a trusted network of virtual publications, whose users can interact with one another. This is software that doesn't just connect publishing platforms together, but manages contacts, interactions and content permissions in a way that preserves the user's preferences and privacy, while also providing near real-time updates to contacts on other sites and networks.

In this model of federated content platforms, users can choose to host their own servers if they feel strongly about privacy and have some technical skills, or they can choose to sign up to a server that somebody else is hosting already. For the purposes of this review, I looked at two of the biggest projects offering this model: Diaspora and Friendica. These two networks can be federated together, so somebody on Diaspora can be friends with somebody on Friendica. This became very handy for testing. They aren't exactly identical, however, so this review will attempt to identify the strengths and weaknesses of each. Also, both projects are under active development, so features will change and improve over time.

How it works

Both networks have a similar sign-up procedure. As a user, you can go to a list of nodes on the network (Diaspora calls them "pods"), select one you like the look of, and sign up. You might choose it because it's based in the same country or because it's been recommended to you or because it has useful plugins or because the graphics are pretty. But you definitely don't have to choose it on the basis that your friends are on the same pod already: all of the nodes communicate with one another.

Or, if none of the nodes take your fancy, you can build your own. Download the software, install it, configure it. You, and you alone, are then responsible for the node's security and all of your own content. You can choose whether to let other people use your node or you can keep it for yourself.

For testing purposes, I created an account on a Diaspora node based in Norway, and an account on a Friendica node based in Germany. I quickly discovered that having two accounts with the same real person name made for headaches when pinging test messages back and forth, so I doubled-down on this mistake by creating two more accounts with an identical pseudonym. My fictional friend Felicity and I, and my other fictional friend Felicity, and the other I, all became friends with one another and then spent a couple of weeks posting content back and forth between our two Diaspora and two Friendica instances. Yes, I spent a fortnight talking to myself for the purpose of this review. It is possible that I need more real-world friends.

Usability

Both Diaspora and Friendica use familiar timeline-based activity streams. Both allow more stream management than Facebook does. For example, depending on how you have classified your contacts, you could view just your family's posts, or just your colleagues' posts; or all public material on a particular topic; sorted by most recent or by most relevant; and so on. It's much more flexible than Facebook's curated approach and, of course, you definitely won't have third-party adverts appearing in the stream, masquerading as content.

This works the other way as well - whenever you post, you can choose which groups or individuals should see your posted content. You can even have multiple personal profiles reflecting different elements of your life, and you can configure your account to work either symmetrically (for example, friends who mutually share with you, as in Facebook) or asymmetrically (for example, for fans to "follow" your work, without you following them back, as in Twitter).

Friendica offers some more functionality than Diaspora, but it's sometimes a bit clunky. Here are some features that Friendica has that Diaspora does not:

  • Calendar and shared events
  • Photo albums
  • Edit existing posts
  • Threaded conversations under posts
  • Subscribe to RSS feeds
  • Move accounts between nodes (this feature is described as "experimental", and did not work very well when I tried it towards the end of testing; it did not deactivate the old account, so that I ended up with two functional instances of the same account)

Features of Diaspora that Friendica does not have:

  • Private messaging to multiple recipients at once (Friendica's UI doesn't support this, but the protocol does - so perhaps it is coming soon)
  • Built-in instant message (XMPP chat) support, integrated to Diaspora contacts

Both networks allow you to plug in or connect to other platforms. For example, you can cross-post from Friendica to Facebook or Twitter. In the other direction, I tried a WordPress plugin that posts blog entries straight to Diaspora, and it worked fine. The import and export services available on any given pod or node will differ according to the node admin's preferences and patience.

Look and feel

In my view, Diaspora has a more professional appearance, but also a more austere one. Friendica's interface is a bit friendlier but seems unfinished in places.

The software versions of the two Diaspora instances I tested were different, but the overall look and feel was very similar. There are some basic customisation options for colours and layouts.

Conversely, the two Friendica instances I tested had quite significantly different default themes, despite being on the same version of the software. Friendica also allows customisation of colours according to pre-defined templates or even custom colours for basic page elements.

As part of testing, I installed Android clients for both networks. Both of the Friendica ones I tried were simply terrible - unfinished, unreliable and ugly. The main Diaspora app is a thin veneer over the website. It works well enough, except that it thoughtlessly draws over the website's perfectly functional notifications area with a tool bar in which notifications don't work. In other words, the experience is better on the websites of both Diaspora and Friendica than in their apps. Both websites have mobile modes and respond well to smaller screens.

Security

All your contacts can be assigned to a group (Diaspora calls them "aspects") such as Friends, Family, Work. You can choose which posts are visible by which of your contacts or groups, or you can post publicly.

I found the default permissions on Friendica to be a bit misleading at first - although some of this was simply down to my lack of familiarity. Once I'd realised my mistake, I also found that retrospectively changing the permissions caused some strange side effects, including content disappearing for some of my established contacts. Additionally, some activity that I erroneously posted publicly remained visible after I deleted the associated content.

Your profile information and comments will always be available publicly if you respond to a public post.

Reliability

In the course of my testing, I took pages of notes. It would not be particularly interesting to relate all of the bugs I found. Both platforms had their share of quirky behaviour, but they generally worked as intended (once operator error was eliminated). Friendica had a couple of incidents in which post edits weren't saved, which is partly what leads me to believe Diaspora is marginally more robust.

Some functionality did not appear to work at all, but this could be a problem with the individual instances. For example, Diaspora includes a chat widget but I could not get this to work, which I suspect is a problem with my particular pod's XMPP configuration.

Federation

Contacts on Diaspora and Friendica, along with certain other platforms, can communicate with one another natively, although within the feature constraints of the respective platforms. For example, Diaspora users won't see threads in comments under posts, and won't see shared calendar events.

Some of the differences between the platforms are much more frustrating and there are no obvious workarounds. For example, a photo published on Friendica as anything other than fully public will not appear on Diaspora, even if embedded as part of a larger post that is visible to contacts. The Friendica and Diaspora permissions models are not compatible. In contrast, Diaspora makes photos available via a secret URL; anyone with the URL can see the photo. Therefore, Friendica users can see Diaspora photos.

Other than that issue, generally, Diaspora seems better at receiving and caching data from other nodes. This makes it more resilient to nodes becoming temporarily unavailable. By contrast, Friendica tends to assume that content on other nodes will always be available; if a node becomes unavailable for some reason, then profile and content on that data will temporarily disappear from feeds on other nodes.

There are some particular quirks around subscriptions to public posts. Diaspora users subscribe to topics of interest using a hashtag and will see public posts with those tags in their timeline. But the exact posts seen vary by pod. For example, both Felicity and I subscribed to #italy and our timelines were similar, but not identical. I understand this to be a peculiarity of the way that Diaspora federates public posts that aren't from users being directly followed.

Diaspora also suffers from moderate levels of pseudo-spam in the form of unwanted public posts. It's easy to block a user, but I wonder whether this will escalate in future. Spam posts may be from well-meaning but prolific users who have tagged their content badly; or it may be that I am being too general in subscribing to a generic term like #technology. There are also "bot" accounts on Diaspora that take content from third-party sites, attempt to classify it, and then re-publish it, with mixed results.

Self-hosting

In signing up to a node hosted by someone else, you are placing your trust in them. They are probably hosting the node for their own fun and education. They probably don't have a complaints department when things go wrong. There is a chance that they will lose your data or simply shut down without warning.

For the privacy-conscious user, the ultimate goal of joining a federated social network must be to take personal control of a node and all its content. I did not test this, but did read through the instructions for installing both. I am personally comfortable working on a LAMP stack, as used by Friendica; but less familiar with the Ruby framework on which Diaspora is built. The Friendica instructions are written in plain English and targeted at the level of someone with familiarity with configuring WordPress, Drupal or similar on a shared hosting package. Overall, the Diaspora instructions felt rather more complex and the system pre-requisites greater. I do not believe that Diaspora could be installed successfully on a shared hosting account; a VPS would be the minimum requirement.

It is not clear to me how much system resources (hard disk storage and bandwidth) each network would consume. It is also not entirely clear to me how the administrator of a node would set about moderating content, ensuring legal compliance etc. For these two reasons, were I to set up a personal node, I would not allow the public to sign up. I appreciate that this attitude is not strictly in the collaborative spirit of these networks, especially as I have taken advantage of four nodes whose admins have been willing to do exactly that.

The effect of other users on the same node can be unexpectedly far-reaching. The administrator of one of the nodes on which I have an account posted a public message to the effect that the Diaspora-to-Twitter connector would no longer function. One of the pod's users had breached Twitter's Ts&Cs and now all users from that pod were blocked. I think this is a clear over-reaction from Twitter, who would have had the individual user's credentials and could have blocked just that user, but it demonstrates a level of brittleness in the component model.

Volume, reach and retention

It is extremely hard to quantify how many active users are on each network. There is a site that attempts to collate these statistics, called the-federation.info. Its headline figures are deeply disappointing. Friendica shows 403 active users. That's not a typo; there are no missing thousands or millions here. Diaspora has more at around 16,000, of whom more than a quarter are on a single pod.

The problem with collating this data is that it relies on statistics collected across a federated network. Not all nodes provide accurate data, or any data at all. I think we can safely say that the-federation.info is underestimating the number of active users. However, even at our most optimistic, we are still many orders of magnitude away from the reach of the centralised leaders.

Worse, the number of active users vs total registered users shows that the vast majority of people who sign up do not stick with it long-term. If they cannot retain early adopters - the most privacy conscious people, or those who have been nudged into joining via their communities of interest - then it seems unlikely that the networks will grow in the long term. (Some Friendica servers automatically delete non-active users, so the numbers of active and inactive users tend to track one another.)

Yet when signing up for a Diaspora account for Felicity, it actually took a number of attempts to find a valid username that had not already been taken. Felicity is not exactly a common name in Germany, where the pod is located. This is consistent with large numbers of no-longer active users; perhaps those who, like me, signed up out of curiosity but without a long-term intention to stay.

Friendica has a centralised directory of people who have chosen to opt-in to sharing their details. Again, it's a depressingly small volume, measured in the hundreds. Of these, the largest population is from Germany. Unsurprisingly, a large fraction of those in the directory have #linux in their profile. In fact, Linux is a good analogue for Friendica: it's mature enough to be functional, free (beer / speech), yet fails to appeal to the mass population. Linux has been consistently touted as being ready for widespread adoption for years. Similarly, Diaspora and Friendica have both been touted in the (technology) press as being good alternatives to centralised social media since at least 2012, but have apparently not made the impact they deserve.

Use cases

I don't personally use social media for consuming world news. I use it to stay in touch with friends, especially those with whom I used to be close, but now live far away or are busy with families and work. My main criterion for connecting with someone on Facebook is: if I met up with this person tonight, would I offer to buy them a beer? I don't, personally, expect to reach large audiences of strangers through social media, largely because I don't want to end up on either side of a political flame war. I'm certainly not going to win thousands of followers on the strength of this blog or my so-called poetry.

Sometimes I want to share pictures of my family in a way which preserves our privacy. In the past, I have done this through a personal website with password protection. This still seems to be the favoured approach for my technology-literate friends at the time of a major family event such as a wedding. In this case, you don't need to authenticate particular users, merely restrict access to those who know the password. Diaspora and Friendica would fail in this use case, because they would require each contact to sign up to a service that they don't really want. Also, due to the way federation works, they would have to become a mutual contact before publishing any useful information; it is not possible to view information published before the sharing relationship began.

In the workplace, we use several different social / content platforms. Each is a walled garden. SharePoint for corporate data; Confluence for engineering data; both Skype and Slack for instant messaging. Lacking the more persistent content management aspects, Diaspora and Friendica would fail this use case, too (although the Friendica-related Hubzilla project might be worth a look).

There may be niche areas where the federated approach helps to protect the identities of activists and whistleblowers, putting them out of reach of the (mainly US) legal system. The ugly flipside of this anonymity is that they would also offer a haven for criminal activity. And the distributed nature of the network doesn't necessarily help here either: it would be far easier for a legal authority to block a Friendica node on the basis of alleged illegal activity, than it would be for it to take down the whole of Twitter. I cannot test this, of course, but I suspect Diaspora's sharing model to be slightly more robust against this eventuality than Friendica's.

After much thought, then, I have yet to come up with a compelling use case that not just caters to ordinary users, but would attract them to switch away from the incumbents in large numbers. Indeed, the only way I can see either network really turning their meagre toehold into the critical mass that they deserve is if a large, federated organisation suddenly decided to endorse the network. For example, we might imagine a scenario in which the National Union of Students mandates each member union builds and maintains a Friendica node. Students could sign up to their local node to stay in touch with friends at other universities. When they leave the university, they could migrate their profile to an alumni node or their own preferred server. This hypothetical growth would nicely mirror the original growth of Facebook, which started off as an invitation-only network in US universities.

If you regularly cross-post to several social networks, and consume RSS feeds, then you could consider signing up for an account on one of the platforms to use as your main publishing home. Perhaps, in the future, more people will migrate and you might make some new friends on the platform.

For everybody else, and with some regret, I must conclude that Friendica and Diaspora are just not ready for you to use in earnest. Not because the software is immature or non-functional, but simply because your friends aren't ready to follow you there.

Credits

Many thanks to the owners / admins of the open sign-up servers that I used during testing, who are paying for my experiments in terms of bandwidth and storage costs. Those servers were: EgeLand (David, Diaspora, monkey avatar); JoinDiaspora.com (Felicity, Diaspora, Fio avatar); friendica.me (David, Friendica, Buddha statue avatar); and nerdica.net (Felicity, Friendica, Ronja avatar).

Further reading: perspectives on using Friendica in conjunction with established networks

Linux Magazine, "Developing for a Post-Facebook World" by Bruce Byfield. Comments from the lead developer of Friendica: "I currently interact daily with friends on Facebook, Twitter, Diaspora*, Identi.ca, and Friendica - all from within Friendica. I also have friends in my stream who only have email addresses and RSS feeds ... It shouldn't matter if your friends use Facebook or Google+ or Friendica or Diaspora or anything else. They're all just pieces of software you use to access your social communications. We want to break down the walled gardens and show them for what they are: corporate walls that were built for business goals and actually prevent you from communicating with friends, unless you become a member of every different service."

Clear Linen Tea blog, "Friendica" by Sonata Green. Relatively recent (2016) blog post argues that Friendica offers a superior and functional way of connecting social networks together, as well as outlining some of the objections raised above. "Friendica can, like Diaspora*, post to traditional social networks. Unlike Diaspora*, though, Friendica can read from them as well. This two-way connection means that, using Friendica, I can engage in conversations with people on Twitter and tumblr and Diaspora*, all through a single unified interface on a single site that I control. Furthermore, these different networks aren't just collated - they're integrated. Because my Friendica is connected to both my Twitter and my tumblr, this means that my Twitter and my tumblr are - through Friendica - connected to each other."