Re-democratising the Internet

· by Steve · Read in about 9 min · (1881 Words)

Web 2.0. It’s a horrible, marketing-speak term that deserves the unending derision it is generally given by techs the world over, but nevertheless it’s stuck. Depending on who you ask, Web 2.0 either means the technology that make current darlings like Facebook and GMail work (such as AJAX), or the underlying principles of the regular users of websites having a more direct community involvement in the shaping of content they view. I guess it’s actually both. People have heralded this progression as a new renaissance for the Internet - personally I just see it as a natural incremental progression of technology and not the sea change that it is often sold as, there were pockets of the Internet doing this stuff long before the term was coined, it’s just more mainstream now.

However, there’s a trend that I’ve seen arise from Web 2.0 which I find a little disconcerting, and that’s an increasing centralisation of control and increasing reliance by the Internet-surfing public on a small number of technology players. On the one hand, we have personally hosted blogs, forums, comments etc where content is truly democratic / meritocratic; no-one controls what I say or do on this blog but me, and I expose precisely what I want to and no more. On the other hand, you have corporate players who provide hosted services, and increasingly this is what’s becoming what most ‘normal’ people associate with Web 2.0 - sites like Facebook, YouTube, Bebo, GMail are all controlled by corporations who make their money by attracting eyeballs. The content may be user-generated, but control over that content once posted is very much centralised and divested from the point of origin - convenient for sure, but what exactly are we giving up by being so dependent on them?

Freedom of speech has been one of the core tenets of the Internet from its inception. However, corporations have vested interests and potential exposure to litigation, so any service they host must be regulated, which is at odds with this principle. The result is of course censorship, often harsh and unilateral (particularly if Viacom took a dislike to you) and it has plagued most of the big names at one time or another. It’s because there’s a fundamental conflict of interest here - the corporations hosting these services make their money by hosting user content, but some of that content can get them into trouble, or ruffle feathers that it is not in their business interests to ruffle. Sure, these centralised sites can pretend to be the voice of the people, but they’re really not - they’re just corporations who have figured out how to make money by being a conduit for people’s Internet behaviour. In the end, despite the rethoric they’re ultimately not there for the individuals, or to make the world a better place, they’re there to make money - and individuals and content that isn’t compatible with that model can and will be excluded.

There are other issues too, probably the most important one being privacy. Protection of personal data from corporate exploitation has always been a serious issue in the UK (let’s ignore for a second privacy from our own governments which has gone backwards in recent years) but increasingly people are giving away their personal information to companies hosted in regions which have little or no such protection. Sure, a site may have a privacy policy, and perhaps give you supposed control over who you’re exposing the information to, but if they’re negligent and allow your data to slip into the wrong hands, there’s really very little statutory recourse, meaning data protection can never truly be a top priority for these companies, not compared to shoehorning in new features to beat the competition or to find ways of generating revenue. With identity theft on the rise, it’s alarming that so many people are willing to risk entrusting their personal information to third parties in juristictions with flimsy protections, and to companies who can sometimes pay lip service to privacy.

My opinion on this is that these problems are inherent to using third parties to act as hosts for our information, or rather allowing those third parties to control how the information is stored and regulated (and if you think that interface on your Facebook profile is true control, think again - at the end of the day your data is sitting unencrypted in a datacenter somewhere and is far from secure). They’re never going to care as much about our information as we do - with millions of users and a business to run, how could they? Maybe you don’t care that much since you’re just using these sites for personal photos and simple information, but I think this is a slippery slope. Do you know where the dividing line is between facts you’d be happy to be accidentally exposed by a server breach, and those you would not? Perhaps it isn’t a line, maybe it’s more of a grey area, since it’s increasingly possible to take a bunch of disparate information and piece together a greater profile from that? And can you deny that more and more of your life is transitioning to the internet, and that at some point you might look at everything you’ve given to the likes of Facebook and wish you hadn’t? And, what if you find that you can’t delete it?

Web 2.0 and the current vision of what ‘the cloud’ should be tends to revolve around technology companies holding repositories of information which we all must feed in order to form these rich online information exchanges. However, I really don’t believe this is necessary. Yes, there is a need for ‘hubs’ in the Internet, focal points where people can discover each other and connections. However, there’s really no reason why all our potentially private data needs to be centralised, under someone elses control. Right now it’s the only way for most people, because rolling your own hosting requires more technical knowledge and resources than most people have at their disposal, and ‘connecting the dots’ can only currently be done on centralised sites. I think we should be working towards developing technologies that make it easier for individuals to be in charge of their own information, not to give it away to third parties, and to form and be in control of their own connections - directly, not just via some centralised site which provides a mere illusion of control.

Personally, I see the current situation as a step on the path, and that the eventual goal should be to ’re-democratise' the Internet, where users are once again in full control of their data, exposing and exchanging only what they want to, directly with their trusted contacts and not via an untrusted middle man. Every Internet user has an ISP, and that ISP generally provides them with additional services like a mailbox and some variable amount of web hosting. All these technologies are based on standardised protocols and well-known principles, and generally are delivered via open source software. They’re true commodities - and what’s surprising is that this base feature set has barely changed in over a decade, and yet the way people use the Internet has changed almost beyond recognition. Imagine this - what if, as part of your ISP service, you were provided not just with simple web hosting, but a local version of Facebook? One where all the data you post is held locally on the ISP’s server (with appropriate quotas, but hey, disks are cheap), and preferably encrypted. Let’s now say that you can syndicate / exchange elements of that information to third parties that you trust over standardised protocols - exchanged over a secure channel if desired and the source / destination verified using digital signatures or common authentication systems like OpenID. All those updates you usually post to a central site can easily be desemminated directly in an ad-hoc fashion to your friends in a push model, or in a pull model for new joiners. But, you may ask, even with the automated syndication / synchronisation, how do you find your friends in the first place without a central system? Well, via the search engines we’ve all used for years - you will obviously need a regular public profile web page for unvalidated users to land on, and automated search engine submission; there’s no reason why specialist networking providers like Facebook couldn’t still act as hubs for just the public information to allow this discovery to happen, without having to hold sensitive or personal data.

In a nutshell the advantages of this approach over current centralised services include:

  • Control of personal data remains in your own hands; you can choose what to give out, control encryption etc
  • No censorship
  • No need to maintain multiple profiles in many different systems
  • No dependence on third parties, they are a value-add, not an inherent requirement
  • Security based on open standards, transparency and trust are key

Much of the technology required to do this already exists, and has done for years, what’s needed is the vision and development effort to pull it all together and make it truly usable for the mass-market. If something like this is to fly, it has to be as easy to use as Facebook even though the underlying tech to make it happen is a lot more complex (as any decentralised system is). I think it’s an effort worth making though; personally I strongly believe that we’re setting ourselves up for a fall by entrusting too much of our data to third parties, and that in years to come, as people look to put more and more of their personal and business lives up on the Internet, eventually people will be crying out for a way to wrench control of their information back. Think of the web-of-trust systems we rely on for PGP communications, and now imagine that extended to a social network model, peer to peer, decentralised control, encrypted and validated via trusted signatures, not some self-appointed third-party web site.

The hard part is finding a business model to support it, because to do something this ambitious will undoubtedly require funding. Although I strongly believe that putting the power back in the hands of the people is the right thing to do, when you stack it up as a business pitch against the current approach of forcing users to give all their data to you, and to be totally reliant on you on an ongoing basis, it doesn’t stack up particularly well. Plus, everyone is already familiar with the ‘host user content, get eyeballs, profit!’ sequence so it’s a relatively easy sell. Perhaps the answer is not to chase the stratospheric growth targets of typical Web 2.0 companies, but to ramp something up quietly and organically, funding via lightweight (optional) hub search services and provisioning to ISPs and/or early adopters. Open source is totally inherent in the approach too, both to promote open adoption but also to instill trust - in order to fully trust a system like this, its inner workings have to be completely open for anyone to scrutinise.

Well, there we go, my vision for the future of exchange of personal information on the Internet. If any VCs are reading this, feel free to discuss it with me further 😀