

So what would we need to implement an open alternative to Facebook? - wherespaul
http://www.reddit.com/r/technology/comments/c1vmr/so_what_would_we_need_to_implement_an_open/

======
ErrantX
So, here is what I suggest someone does:

\- A "drop it in and it works" wordpress like app that acts as someones
homepage/social network interface so people can host their own pages

\- - include oauth/openid in the app so the homepage can act as a central
login too

\- - drop pubsubhubub or something similar into the app so that people can
share information with their friends and followers directly

\- implement a central website to act as a "search" clearing house (search for
names and email addresses which resolve to url's). All it will store is name
and a hash of your email (with options to store more if the user allows).

\- produce a "web bar" like the blogger one to go at the top of the web app -
so people logged into their "network" get easy tools when on other peoples
pages

All of this exists in parts already (oauth, pubsubhubub etc) so it's just a
case of drawing it together.

~~~
rythie
BuddyPress? <http://buddypress.org/>

~~~
mortenjorck
That's actually... really promising.

I could definitely see using this among my close friends if Posterous ever
gets too cumbersome.

The real question, though, is how BuddyPress installations might eventually
communicate with each other. A federated mesh of BuddyPress instances, with a
good UI for managing relationships between them, is the kind of thing that
would be needed to take on Facebook.

~~~
ErrantX
The _only_ concern I would have with BuddyPress is that it is based on
Wordpress.

As a codebase WP tends to have quite a high rate of exploits (or it is a
popular exploit target). Right now that's not a huge problem - but for a
social network where we want to encourage non-techy types to be involved it
could be explosively bad.

------
mrkurt
What "we" really need is a whole bunch of people to use it. An open Facebook
alternative isn't a technical problem.

~~~
lallysingh
It might work well for corporate hosting of pages -- a work-life social
network makes a lot of sense as a separate entity from our private lives.

------
rue
I think stopping thinking about and in terms of Facebook would be a good first
step.

~~~
jcdreads
Well, except that when most people say "Facebook" they mean "a place online
where I can look up and interact with my friends and family". That's a
perfectly reasonable thing to want, and many people do.

~~~
rue
Right.

------
rit
I'm not sure why exactly we "need" an alternative to Facebook.

But why not leverage what's already out there. I recently killed my Facebook
account out of frustration from seeing their social widget all over the place.
But the main reason I was using it was: a) People who felt the easiest way to
do event invitations was through facebook by way of a point and click here's
all my friends in one place interface. b) People sharing Photographs with
groups of friends w/ discreet privacy interfaces.

The C) of this list is all my friends who aslo have twitter accounts who add
#fb to the end of every.damn.tweet because that's some kind of special
operator to "update their profile message".

The question I put forth is why not create a thin layer to pull together the
services which provide these already? Twitter already does short one line
status updates. Flickr has discreet friend-level privacy settings. There are 8
billion easy to use invitation services. There are other photo services which
I'm not familiar with like Picassa which likely do the same.

Rather than reinvent the wheel - we should be pushing for some kind of OAuth
or OpenID services to tie these things together CLEARLY. Maybe a simple one-
stop page to manage relationships with people, and your services. Your
"profile" page can simply be "rit stores his photos at Flickr." and a link to
those (or show them inline). But nothing stops me from having a friend who
does things on Picassa.

The last few iterations of Facebook seemed to me designed to be more and more
like Twitter. Why reinvent the wheel when you can just integrate?

------
weego
Is this a completely arbitrary use of the term "open" or am I missing
something? What does it even mean in this context? How does using "open"
systems address any of the concerns they mention. The moment you upload any
data to a server that is not your own I don't see how any solution is any
different to Facebook because the person with the datastore can do as they
please, good or bad.

And a question: is it coincidence that popular products are always heavily
controlled by a handful of peoples (at most) vision of their product and not
"open" design by committee products?

~~~
robryan
The central server would just contain a reference to your data. Your data
would remain on your own hosting or a 3rd party of your choosing and updates
you post will only be pushed to your friends. That's how I'm getting the
general idea.

~~~
swombat
Yeah, that's totally suitable to the 400 million odd users on Facebook who
don't even have a clue what a "host" is (other than someone who invites their
friends to dinner).

------
rythie
All of the stuff that would be needed already exists, it's just not being used
yet.

    
    
      - A standardized personal information representation = Social Graph API
      - A centralized database with pointers to user profiles = Social Graph API
      - A security mechanism = oAuth
      - An information delivery mechanism = PubSubHubbub + Activity Streams
      - Easy deployment = buddypress, onesocialweb and others

~~~
mattmiller
Your right. But this will never take down Facebook. FB is more of a marketing
achievement than a technical one. Who is going to put in the work to market
open FB if there is no upside?

I don't think we need an open FB, I think we need a few companies specialize
in smaller portions of FB. One company runs the graph, but does not do
messaging, or IM, or photos... Then other companies use that companies graphs
to build on. These companies should all be for profit, otherwise I don't think
they will be able to out-market FB.

------
gokhan
In such a decentralized (pushes of feed updates, for example) architecture,
how do you revoke a given permission? The data is no longer yours once you
pushed it to some other dude's server. DRMing little chunks of data would also
be expensive and time consuming if you check every feed item you can see all
the time from publisher's servers.

Facebook, also, is not just profiles and the feed. How about events, in a
decentralized way, for example? Will a single accept will be amplified to the
rest of 500 people invited?

For the profile part, my basic identity is my email address. Implement
something on the mail server that I can manage and let that be my profile.
Emailing a specific command to gokhan@example.com results my profile as the
attachment, for example.

~~~
pyre
So it would just not come with a delete function. Once you've given someone a
piece of information, it's hard to revoke it anyway. If you published a phone
number to a bunch of friends that you didn't want to have the number, the
protocol could allow your client to contact theirs, and ask to delete that
information if it exists. Sure their client could refuse to abide by that
request, but it's equally likely that they could have exported that phone
number info Outlook/AddressBook or written it down on a piece of paper. How do
you revoke it then?

As to blog/microblog posts, the same thing applies. The communication protocol
between clients could specific a mechanism to request a deletion, but there's
no guarantee that their client would obey. But there's also no guarantee that
the other person hasn't already read your post.

Once you send information out into the world, it's very hard to pull it back
in. Even on Facebook, if you broadcast information to people, there's no
guarantee that they haven't written it down, exported it, screenshotted it
before you deleted it or revoked privilege to it.

~~~
mseebach
If we have to assume no privacy around the data on the site, it's _much, much_
easier to just export that assumption to Facebook and keep using that since it
has the benefit of existing.

The social-service your friends are using will have the same access to the
data your friend has access to, and if compromised, you are also compromised.
So now you have to trust the integrity of potentially hundreds (actually
infinite, since the ability for your friends to carry your authentication for
them to access you to a new service would be central) of services - which you
can't/don't - and then it's easier to just not trust Facebook.

~~~
pyre
> _If we have to assume no privacy around the data on the site_

Where did you draw that conclusion? If you accidentally send the wrong data to
the wrong person you've violated your _own_ privacy due to your _own_ mistake.

That's a lot different than you specifying that someone shouldn't get a
certain piece of information, but that person gets it anyway because the
software erroneously allows them to see it.

It's also a _lot_ different than allowing third parties access to your private
data.

------
pohl
This touches on the Diaspora project, which was mentioned on HN not long ago:

<http://news.ycombinator.com/item?id=1321651>

------
jcl
The big problem, I think, is that this decentralized system requires "a
centralized database with pointers to user profiles". Who pays for and curates
this database?

------
xenonite
An open alternative is necessarily decentralised, standardized and extensible.

Jabber/XMPP is a decentralized contact list with communication and
authorization protocols. It is easily extendable with XEP's.

With a sleek web interface that anyone can host himself - this is an open
alternative to facebook I imagine.

~~~
bbsabelli
Women can host these too!

~~~
Semiapies
See, this is why I use Spivak pronouns...

------
p858snake
What about status.net for the base (what identi.ca runs on), It could easily
provide the base for the activity/status feed since that is basically what
it's designed to do anyway (And it's open source!).

Then you would just add on the other parts you want to system (for example:
pages, apps etc)

------
zandorg
First, get Oracle to buy Facebook and for Oracle to shut it down.

------
bbsabelli
I can't help but think of OpenOffice here. By the time it's built, the world
has most likely changed and it's irrelevant.

Innovation anyone?

------
korch
Psst, here's how I think Facebook is going to unravel itself: just like
Microsoft not seeing the forrest for the trees, getting blind sided by the
Internet and Google, Facebook sows the seeds of its own decline by pushing the
social graph everywhere. Facebook has carved out a nice hub for itself, being
the most visited site other than Google, but what all these startup
visionaries may be failing at is _vastly underestimating_ the usefulness of an
open social graph. If Facebook suddenly finds its social graph baby is
appropriated by an ad hoc open network that dwarfs its users, then Facebook
loses control of the graph.

How might this happen? Browsers sure have changed a lot in just the past 2
years. Local storage is here today already, but almost no sites are doing
anything with it. Google Gears had so much potential, but was too ahead of its
time to become a trend. What if your browser stored your entire social graph
locally, and you could configure your own privacy settings to only share what
you want with sites you visit? That eliminates Facebook from being the master
hub of the social graph—they are just another federated end point. As Facebook
becomes "spammy" more users will want to block Facebook, so they might be
convinced to use a local social graph in the same way hundreds of thousands
are using AdBlock and FlashBlock. We already know Facebook will kill links to
GreaseMonkey scripts that do this.

Alot of mashups and wild Javascript ideas will have to be seen over the next 8
months or so, but I definitely think the Facebook "diaspora" movement will
take off once it's dead easy for end-users to run their own social graph
programs locally from their own browser. Just like a desktop app. Perhaps even
that might be asking too much of end users, the average of whom cannot
recognize the difference between their browser and the Internet. Hopefully
Apple will start baking new identity features into the iPad, since you know
they will nail it as far as being simple enough for everyone to use.

The Techrunch rumor mill does keep whispering about Apple putting Facebook
Connect into iTunes, but it seems more likely that Apple would take them on.
Facebook will wish they had their own browser to push back with.

It's probably going to be a great tragedy that Apple is so unstoppable now
that they can just roll over any other tech company at-will.

