Hacker News new | comments | show | ask | jobs | submit login
Berners-Lee: Facebook 'threatens' web future (theregister.co.uk)
172 points by raju on Nov 22, 2010 | hide | past | web | favorite | 40 comments

Here's where the critique of Facebook gets interesting: we criticize it for creating a "closed silo of content" in which information is not represented in open URLs, while simultaneously criticizing it for not providing and enforcing strong, simple privacy controls.

I'm not being a smartass here: both of these issues concern me - to the point that I don't have a facebook account - but I'm not sure how to reconcile them in an internally consistent overarching critique.

Huh? It's pretty easy. Give users the proper ability to control what of their information is and isn't private. That's it.

The situation as it stands now:

* Facebook tries as hard as it can to make it impossible for a user to liberate their information from the system (either to ditch Facebook for a new system, or to run both in parallel).

* Facebook constantly has bugs/oversights/intentional misrepresentations that allow 3rd parties to get access to user information that the user though they had ultimate control over. This information obvious isn't a click-button interface to access, but the people trying to harvest that type of information are more technical (or will just hire more technical people) than the majority Facebook's user-base.

The ultimate goal is give the user control and meet user expectations:

* When a user says, "Hide my email from everyone but my friends," they don't want there to be some way for a 3rd party or a friend of a friend to url-hack their way to that information (even if they don't know what url-hacking even means; don't prey on user ignorance, and claim that you're ethical).

* The user does want the ability to export the information that they have in the system. Don't hide behind some excuse like, "You can't export all of your friends' contact information because that information belongs to your friends." As long as your friends have given you access to see it, then you have access to that information. It's not a privacy violation if you allow a user to export data that they have read-access to. If your friend revokes access to their (e.g.) email address down the road, that doesn't mean that you still don't know what it is. You could have manually entered it into Gmail, or your physical address book. An export feature is just an automation of this process, not a privacy violation.

It's not a privacy violation if you allow a user to export data that they have read-access to.

That applies more to email addresses than photos.

Of course, you can persuasively argue that users want their friends to have the right to save their contact information but not necessarily their photos (after all, contact information is worthless if you can't save it).

I think they can be reconciled - but only with an open standard (or set of open standards) for access control on the web. We've moved far beyond the web as a publishing medium; it's an application and data platform. In those contexts, some kind of universal access control - and open identity to go along with it - is critical.

For what it's worth, my vote would be a simple system, like oAuth, that would send access and identity data in the HTTP header along with a request. This wouldn't break existing web patterns, or require vast amounts of new development, but would add a little extra identity-centric context. It could be sent from the browser itself, I suppose, but I see it being added as a layer from feed reader style apps.

I wrote a summary of the idea down a while back: http://benwerd.com/2010/03/activity-streams-and-oauth-a-soci... There are lots of possible solutions, but this is one.

FOAF+SSL is what you want.

People controlling their own profile and how it's used, but keeping it openly and universally accessible.

It already works in all browsers too... though it's a little ugly and the user experience should be improved a hell of a lot.

This idea and more are explored in the final report of the W3C's Social Web Incubator Group:


I'm not sure how FOAF and SSL could be used in themselves? FOAF is fine for storing social contact information, for sure, and SSL is a handy security layer. But while they could be used in an access control mechanism, they don't constitute one.

(Is FOAF actually still used anywhere?)


"FOAF+SSL is a secure authentication protocol that enables the building of distributed, open and secure social networks: the Social Web. We are just in the process of starting the formal standardisation process."

This is based on client certificates and thus is doomed by terrible browser UIs.

Thank you. Did not know about it before. Finally something open is going to replace Facebook & Co. Good ui/ux is also guaranteed as this will be the new space for browsers to compete on.

It needs people to implement it though... one of the guys involved is willing to help people do this. Just contact Henry Story if you're interested in learning more: http://bblfish.net/

I've actually spoken to Henry about it, and seen him demonstrate it together with WebID. The problem is, it's really technical right now; without input and UI support from the browser vendors, it's going to be out of reach for most casual web users.

Why not contacting someone directly from Mozilla or Google? They should both 'adopt' it in no time. Also I have seen zero coverage of it until now.

we criticize it for creating a "closed silo of content" in which information is not represented in open URLs, while simultaneously criticizing it for not providing and enforcing strong, simple privacy controls.

Good point - criticism of Facebook is confused and needs to become more focused. The "closed silo of content" point is key and the "lack of privacy" point is ultimately a canard. It's not one shouldn't have privacy but that Facebook promises an impossible kind of "privacy" akin to personal DRM, impossible like personal DRM, and serving merely as a excuse for Facebook's enhanced control and increasing it's "silo". See Facebook's ridiculous reply to Google on email addresses - as if someone giving you their email address via Facebook could reasonably expect to revoke that gift at a later point("DRM-like"/impossible).

The short story of Facebook privacy is that you shouldn't post anything that could get fired etc, using your real name, whether it's on your Facebook page or elsewhere.

They are both about control of data, yes, but privacy is about you controlling it, and centralisation is about someone else controlling it.

Technically they have some resemblance, but in human usage they are practically opposites.

I don't get the criticism "each piece of information does not have a URI". Has TBL not seen http://graph.facebook.com ?

I can't view that link because I'm not logged in to Facebook.

Well, sure. It's your private data so it's behind a login. You can get a free application key which you allow you to programmatically download your information, eg graph.facebook.com/me/events /photos, etc. Every bit of data has its own URL, contrary to TBL's claims in the article. Authentication and authorization are orthogonal to the URI scheme.

Is Apache hurting the way because you can password-protect URIs? Is "403: Forbidden" the 'evil' part of the HTTP spec?

I somehow don't think that, "this information requires a login," is the death of the web.

Would not supporting open URLs for those things which users have chosen to share reconcile these seemingly opposed desiderata?

It is not really Facebook particularly, it is a general problem.

There is a deep structural opposition between the internet and the corporate/commercial model of the last 200 years since the industrial revolution. With the internet, the essence is connection: in all shapes and directions. With the corporation, the essence is centralisation: broadcast product one way, concentrate money the other way.

The 'conical' structure of the corporation can exist in the network structure of the internet, but the more cone-like it is, the less network-like it is.

In the late 80's and early 90's, people were talking about the finer grained capitalism in Japan. Groups inside corporations could develop working relationships with other groups inside the corporation or with outsourcers. That's also how it works in the US, but the corporation and divisions within large corporations act as barriers, making transactions and projects between such groups awkward.

From what I've seen, todays corporations should act more like a network and less like a monolithic entity. I've been inside one Fortune 500 company that tried to set top-down standards for software development. (All ye shall use this messaging, that database, this webserver, that programming language.) Everyone knew it was a joke and ignored it until it went away. I've been inside another corporation where the corporation merely mandated standards for sharing data between systems. As a result, the dynamic changed from everyone protecting their turf, to everyone trying to be as useful to as many others as possible.

Here's a list of Berners-Lee's statements that are contradicted by http://graph.facebook.com:

"The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site."

"You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site."

"The isolation occurs because each piece of information does not have a URI"

Except for email addresses of friends, a third-party site can access as much of a user's Facebook data as the user wants to make available. Statements to the contrary are common, but false.

So there's a site with the main purpose of maintaining a list of contacts and everything is as openly accessible as users want. Everything but contact information. That makes no sense to me at all.

There's that completely disingenuous argument that my contacts' privacy would somehow be violated if I could export my address book. But it was me who they entrusted with their contact info. If someone shares a phone number with me, it's for me to decide what to do with it, not for the phone company or the handset maker, so why is Facebook keeping my address book hostage?

I think Facebook should make email addresses accessible via its APIs. That shortcoming, however, is a far cry from what Berners-Lee says in this article.

It's not keeping it hostage, if you are a Yahoo Mail user. You can export email addresses there and to Hotmail I think.

I'm neither a yahoo nor a hotmail user.

I was being slightly facetious and should have made it more obvious.

So why is there always a login page when a link points to Facebook? Just a casual observation, I don't know much about the inner workings of FB. I just have yet to see a link to FB that does not require a login.

I think the pendulum will swing back to open pretty soon, it kind of feels we're at the black end of closedness in terms of the social graph.

In fact, a great time to start new companies shooting for the social graph. Facebook executes fantastically, but they'll stumble.

I agree.

The headline reads like "Horse-carriage threatening the future of transportation".

Facebook is merely the latest evolutionary milestone, and it's crackling already.

There was once a time when AOL and compuserve defined what Joe Sixpack would have called "the internet" when asked.

It shattered and we entered the era of portals (yahoo, lycos), whose dominance, again, faded when the first worthwhile search engines came around.

Today we're just seeing the latest cycle in this pattern, the new concept now being the social graph. And just like before it's at first being beta-tested and refined in a small number of closed silos (facebook, twitter), simply because implementation, experimentation and monetization are so much easier in a closed ecosystem.

Now that the concepts have matured it's a matter of time before the good parts break out into distributed protocols and services, which will incrementally erode the monoliths.

Internet evolution at work, nothing to see here, please move along.

totally agreed. it's interesting how many people I've talked to who think Facebook may be close to hitting a wall. we shall see...

He's wrong about not being able to link to song information on iTunes. That's been possible for about a year. What's interesting is that presumably this is because at a certain point (once they had secured the market) Apple found it more beneficial to expose this information to the web than to keep it behind a wall.

I wonder this will apply to Facebook too. Perhaps when they're secure enough to not worry if Google simply sucks out all their data, the benefits of being the central but open resource will outweigh the benefits of being a one way valve.

"The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site. Each site is a silo, walled off from the others"

This has been pretty much every ecommerce site since the 90s. I didn't hear anyone clamoring that pets.com, drugstore.com or 1800flowers.com was going to threaten the future of the web. There's more to it than just that "data is siloed" issue. Most ecommerce sites don't have a network effect built-in - they deliver value to me regardless of how many other people use them.

There's the threat of inertia - people won't re-enter their information in to new systems as those systems are introduced. That's certainly a concern, but I really don't see it as a threat. AOL was king for years, and people were scared of them. Then MySpace. Now Facebook. I suspect as people grow up, the focus may move to something that's not yet developed. Certainly the game is Facebook's to lose right now, but I don't think they'll hold on forever.

Granted, I think Tim's point is not specifically facebook but the walled/siloed data sites in general. I also don't think those will ever go away.

"Cable television companies that sell internet connectivity are considering whether to limit their Internet users to downloading only the company’s mix of entertainment,"

This is the big one for me and should also include mobile providers. For the web to promote real innovation and be truly "democratic", this mafia must be dismantled.

I'm just thinking that's unlikely to happen as long as some level of competition is maintained - nobody is going to put up with a walled-in internet. As soon as the cable company does this the telco will capitalize on it like mad, and vice-versa.

I can see a provider provide, say, special content only to users of their network - but that's a completely different story.

Large companies will tend to act in an obnoxious enough way, so that their users will flee to smaller, hungrier, more savvy competitors. (Often using newer technology like WiMax.) I'm an example of this. (All of my internet use is through WiMax now.)

This reminds me of when the .mobi domain was described as a threat to the future of the web (http://www.w3.org/DesignIssues/TLD). While Facebook is much more of a thing than .mobi I'm pretty sure the end result will be the same, Facebook will come and go, the web will abide.

Before Facebook, couldn't I share and receive the same information over email? What if FB was a desktop email client that just made that really easy to do, like Flock for email? Would TBL or anyone care about such a silo?

If the value of the web is increasing faster than the value of Facebook, I think the web will survive... unless FB is deliberately trying to destroy the web, of course.

Tim berners-lee is absolutely right. We are getting too centralized.


You CAN have privacy and distributed.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact