
Diaspora doesn’t have what it takes to topple Facebook - ericalexander
http://blog.backupify.com/2010/08/30/diaspora-doesnt-have-what-it-takes-to-topple-facebook/
======
mdasen
The problem that I have with Diaspora is that they haven't said how they're
going to solve the two problems I find interesting. Specifically, Diaspora
says that you'll be in charge of your data and that it will be "encrypted at
every leg". The problem is that I can't see how Diaspora will address those
issues (and I'll explain why).

First, they say that they're going to put you in charge of your data. If you
post something that you want to take back, you can delete it. However, how
would that work on a distributed network? Let's say that you use Goodbook and
I use Ultrabook and we're friends. I post something on Ultrabook and Goodbook
grabs it to show in your newsfeed. Then I delete it from Ultrabook - it was
embarrassing. Goodbook still has it stored. You can have a good-faith "please
delete this" but that doesn't stop another party from keeping it. So, there's
actually little control that one can exert over their data in a distributed
network and it relies on us trusting not only the provider we've chosen, but
the providers of all our friends.

Second, the end-to-end encryption promised doesn't seem so likely. For
example, if Goodbook grabs my status in encrypted form and they can unencrypt
it, that doesn't make the encryption worth anything. For encryption to be
worth something, it needs to be unencrypted by the end user. However, I don't
see how they'd do that. Browsers don't integrate this functionality and one
could write a plugin, but that's a big barrier to adoption. I could store my
public key with my Ultrabook account and then Goodbook could push your status
updates to me encrypted with my public key that I could then decrypt using my
private key, but that seems like it wouldn't be the most seam-less experience
without additional software.

That also ignores the much larger storage cost of storing a message encrypted
once for each friend you want to send it to (say, 500 times) rather than
storing it one time for everyone, but that's a scaling problem that could be
overcome.

If another service provider can unencrypt the updates, you're in a worse
position than with Facebook. Right now, I only have to worry about Facebook
being evil. In that scenario, I'd have to worry about a bunch of service
providers and hope none of them are evil. Likewise, if they're able to store
the updates on their server, I'm no longer in control of my data. My provider
might have a reason to put me in control (keep me as a user), but I'm likely
to be unaware of what other providers are doing and have little recourse
(other than de-friending everyone using their service).

I think it's possible to compete with Facebook. It does have a huge barrier to
entry, but big companies have been toppled before. No one thought AOL would be
relegated to what it is today either. No one thought an upstart like Google
could topple the old guard. Frankly, Facebook came in and toppled MySpace. It
happens. But I don't think Diaspora has even addressed two of the the
fundamental issues they claim to be solving. That's what will stop Diaspora
from toppling Facebook - they have yet to really talk about how to solve the
two major problems they face.

*Also, if someome has an idea of how to address those two things, I'd love to hear it!

~~~
stcredzero
_For encryption to be worth something, it needs to be unencrypted by the end
user. However, I don't see how they'd do that. Browsers don't integrate this
functionality and one could write a plugin, but that's a big barrier to
adoption._

I'm not sure why a plugin is necessary. Javascript can do encryption.
Actually, I'm not even sure why airtight end-to-end encryption is necessary.
Most people will use a "standard" install. The "standard" install will honor
the good-faith deletion requests. Those not using a standard install are SOL.
Those who have gotten hacked -- there will be a continual arms race just as
there is now. This is nothing new. It's still a far cry better than Big
Company Has All Your Data Just Trust Us.

~~~
stevejohnson
The reason Javascript won't do the trick is that in order to send the correct
Javascript, the server needs to have _all the information necessary to decrypt
all the content anyway._ So there's no point in the encryption at all, because
the information will pass through the server unencrypted at some stage and can
be captured.

If this were implemented as a browser feature or plugin, machines with the
user's key information installed would be the only devices capable of
decrypting the content sent by the server.

~~~
stcredzero
My point is also that there's (almost) no point in the encryption at all. If
Diaspora is going to be P2P, then any compromised node can hijack the data.
The only point of encryption would be to protect information enroute. Once
information gets to a node, you either need trust, white box encryption, or
hardware based DRM.

------
Anon84

        "The two major points of differentiation between Diaspora and Facebook are 
        1) Diaspora gives you more intuitive and effective control of your data privacy settings and 
        2) Diaspora is self-hosted, so you ultimately control all your own data.
    
        According to the blogosphere, these two points are precisely
        what the public is crying for and the exact recipe 
        necessary to finally break Facebook’s nefarious deathgrip on
        social networking. This, alas, is the social media/tech-blog
        echo chamber once again confusing its own desires with what
        the general public wants. "
    

This is the main point of the article. And, IMHO, the reason why projects like
Diaspora are doomed to fail. For the general public, convenience will always
trump privacy. If it's not easy to use, it's not used.

How many "normal" users encrypt their emails?

How many set an Administrator and User accounts on their windows machines?

Etc...

~~~
noodle
how many members of the general public even know what encrypted emails or
admin/user accounts do for them? or even know that those things exist?

i think i'd make the argument that it _could_ be successful because of the
publicity of the product educating the public.

edit: really? downvoted? i had to talk someone through the concept of a
"password" the other day. average people just don't know about granular
privacy/security concepts.

------
loup-vaillant
> _Second, I’m not convinced the average user gives a damn about privacy._

When I see stories about teens using steganography to escape the eye of their
parents[1], I'd say the average user cares _a lot_. I think the main problem
lies in the way the general public sees Facebook itself. Either they trust the
company too much, or they're not aware of the full extent of Facebook's
abilities regarding personal data. If they listened to Eben Moglen[2], many
would probably reconsider.

[1]:
[http://www.zephoria.org/thoughts/archives/2010/08/23/social-...](http://www.zephoria.org/thoughts/archives/2010/08/23/social-
steganography-learning-to-hide-in-plain-sight.html)

[2]: [http://www.softwarefreedom.org/news/2010/feb/01/freedom-
clou...](http://www.softwarefreedom.org/news/2010/feb/01/freedom-cloud-
software-freedom-privacy-and-securit/)

~~~
TallGuyShort
I'm an avid reader of Bruce Schneier's blog, and not even I gave a crap about
Facebook's privacy. Then one day, my Dad added me as a friend. September 15th
can't get here soon enough.

------
TallGuyShort
I really don't see his point. He says Facebook is too big to fail, and
compares it to AOL. Yeah, AOL is still around, but it is no longer seen as a
controlling force in the ISP industry. The goal of Diaspora has never been to
wipe Facebook off the face (no pun intended) of the Earth - but to stop it
from being such a controlling factor in social media. If Diaspora causes
Facebook to become as popular as AIM is now (which, for the record - I don't
think will happen, at least not just because of Diaspora), then it will have
caused far more damage than anyone anticipated.

~~~
djacobs
I agree. Sure, if we define "failure" as something as embarrassing as
"bankruptcy", maybe Facebook won't "fail". But if we define failure as
"starting to decline instead of inflate, after years of unchecked growth",
well, maybe that's what Diaspora is actually after.

I think the article's other points are equally invalid... How can Facebook's
"500 million user" base be the impediment to people adopting Diaspora? Surely,
if his logic was correct, then no one would've ever moved to Facebook from
MySpace. I would argue that the only reason Facebook has so many users is
precisely because a strong competitor like Diaspora isn't here yet.

What's more, his idea that "Facebook gets more users every year, ergo Facebook
users don't care about privacy" isn't too valid. How many of those users
despise Facebook, but join anyway? How many of those users publish only what
they would on a public service like Twitter, keeping their private lives off
the web?

There is too much weaseling in this article for me to count it as valid.

~~~
what

       How can Facebook's "500 million user" base be the impediment to 
       people adopting Diaspora? 
    

Because you're going to stay where your friends are, unless it's really easy
to switch. It's not going to be easy to switch to Diaspora when you have to
host your own node. Then when you do switch, you won't be able to find any of
your friends. Diaspora has no solution to the discovery problem. There's no
way to search for people, you'll have to ask all your friends where their node
is; It will be like exchanging emails again. Sounds like a lot of hassle for
not much gain.

~~~
stcredzero
Why make it necessary to switch? Make it an adjunct to FB. The more secure
super-hip adjunct. I can imagine someone getting their circle of hip friends
on FB because they want to share some racy stuff, and they no longer trust FB.
It's entirely plausible that they could still keep track of their school chums
and parents on FB.

People in protest movements would gravitate toward such software. They have
reason to be paranoid about a centralized corporate service.

~~~
what
Everything still stands. It's too much effort for normal people to host their
own node and you won't be able to find anyone else on it. They have to solve
discovery before it will even come close to useful.

~~~
TallGuyShort
I'm sure there are a number of groups waiting for September 15th to pounce on
the opportunity to provide this service: Inexpensive (or free) Diaspora
hosting, that's transparent and easy to manage.

------
andymoe
It does not matter if Disapora "fails." It's a really important problem they
are working on and as long as they release some code and it gets people
thinking and talking about how to solve the problems surrounding secure
distributed systems it will be time and money well spent. I look forward to
seeing the code they release and what they were able to accomplish this
summer.

------
drivingmenuts
So? Diaspora (as I understand it) isn't supposed to topple Facebook. It's a
solution for the people who want to opt out of FB badly enough that they will
install the tools to do so.

The average user may not think about security, but the average user isn't
likely to go to even moderate lengths to install social-networking software.

~~~
stcredzero
Such software could be hosted online for cheap using Amazon as a back end.

------
troymc
The Facebook privacy debacle isn't about privacy, it's about _trust_. Facebook
is a company people trusted to keep their party photos private among a close
group of college friends, then one day their aunt says she can see those
photos. All of them. "Why??? I didn't change any settings????"

------
nlavezzo
Does anyone remember what happened to Myspace? Of course it was complicated,
but I think the primary driver in the exodus from Myspace to Facebook were the
perceived privacy benefits of Facebook. People do care about privacy, but will
only act on it if there is a reasonably convenient alternative - if Diaspora
can make itself convenient, I think it has a chance.

Also, add in a slow news week with some sensationalized mainstream stories
about privacy that mention Diaspora, and I think the odds increase even more.
People love to have something to be paranoid about with their friends.

~~~
glhaynes
I think the primary driver in the exodus from MySpace to Facebook was the
Feed. The experience of Facebook is just so much more "social" because of it.
Other things like design/perceived professionalism/etc didn't hurt either, of
course.

~~~
nlavezzo
Yeah, I agree that those were important, maybe more important factors too. But
I know alot of my non-tech friends made the move largely because they were
sick of myspace spammers constantly contacting them.

~~~
glhaynes
Oh, interesting. I was thinking of "privacy" in terms of not letting their
personal information get out; but there's certainly that issue, too!

------
liuliu
His analogy is confusing. But the argument remains. It simply because you
cannot beat the current product by building a better one. You have to build a
destructive product in order to gain the critical mass. From the extensive
coverage, I can only see a clone of Facebook as Diaspora. Like you cannot
build a better search engine to kill Google, you cannot just build a better
SNS service to kill Facebook.

~~~
sprout
Offline access will be the killer app. If Facebook let me download an XML dump
of all my data, I wouldn't feel the need to switch. Open data is vital. Source
is less important.

------
probablyrobots
"Third, the opportunity to host my own social networking server is one that
appeals only to the smallest fraction of the social networking marketplace."

this argument seems really short sighted to me. If disapora takes off I expect
social networking accounts will be like email accounts. There will be several
dedicated hosts that serve the majority of users (like gmail, yahoo, etc.),
but there will also be thousands of other smaller options (including self
hosting) that savvier users choose as they see fit.

------
pinneycolton
I don't think Diaspora's goal is to topple Facebook. I think their goal is to
offer an alternative, and I think they'll succeed at that.

Perhaps the media-invented goal is to topple Facebook, and I do think the
Diaspora team is very likely fail at meeting objectives that they themselves
have not set! I have never heard the founders say that they want to topple
Facebook ... but maybe I wasn't listening closely enough?

------
dnautics
I feel like they would have said 'too big to fail' about myspace, too, but
Facebook won because there was social cachet in being 'exclusive' and because
myspace pages were butt-ugly (too much user control). You never know what's
going to or not going to be the achilles heel. Perhaps, in the end, people
simply yearn for change and any excuse will do, informed or otherwise.

------
jlgbecom
Something is going to topple Facebook, but I very much doubt it will be
Diaspora.

------
tleite
shocker

------
pathik
No shit, Sherlock.

