The Cloudspace Solution

Let’s fix the Internet

Introduction

It’s true: the Internet has forever changed our world. It has empowered us in ways we could never have imagined — ways we now probably couldn’t imagine giving up. What would we do without the global enabling technology for our new digital lives, the backbone system supporting our universe of gadgets and apps?

Unfortunately, the Internet has also spawned a world where we are digitally subjugated, simply by participating. Using the Internet today means suffering continuous privacy abuse, and its noxious offspring: surveillance, censorship and cybercrime. And sure everybody hates it, but it just gets worse.

But imagine that there’s one simple tweak that each of us could make, one that collectively solves all the problems with the Internet today — and, it turns out, actually makes it better in every other meaningful way going forward. What would that simple tweak look like?

We’d stop signing all our personal data over to strangers.

That simple but overlooked problem is the root issue driving every bad thing on the Internet. Giving away our data is insane behavior that we all repeat all day, every day. So it’s actually our own fault that the Internet is screwed up. And nothing will change until we stop.

So that’s the real question: Are we really locked into that condition, or is there an alternative? I believe there is.

In this post I’ll introduce you to the concept of a personal cloudspace. It has one purpose: to act as a repository to keep all your stuff private, so you can stop giving it away. Instead of creating content in somebody else’s app and losing control of it, you’ll create content in your personal cloudspace and share it from there. That single change fixes the basic wiring of the Internet. In aggregate, our personal cloudspaces will form a free public utility that can do everything we depend on private companies to do for us today. It’s the last network we’ll ever need.

The cloudspace model is easy to adopt because it looks and operates just like every other social network — except this one isn’t owned by anybody. You can do everything you do today, plus any future innovation that could have happened either way.

It works because of a dirty little secret behind all of the networks you use today. While they feel differentiated — you’d never use Twitter where you’d use LinkedIn, for example — they are all based on some variation of the same simple model: collecting content from you and sharing it back to your network. In the cloudspace alternative, you’re able to do all that yourself. Which delivers many immediate and downstream benefits, as I’ll illustrate.

Previously I’ve written about this concept on my obscure blog, and proposed some very specific technical elements. But I’ve concluded that this level of detail isn’t necessary to understand the cloudspace concept, and anyway it’s the part that would be engineered by people with different skills than me. So in this post I’ll stick to the requirements; instead of technical specifics I’ll focus on a general set of open standards, protocols, and APIs that anyone could write to.

The Flaw: Data Location

The fact that you give your data away is the root cause of all the pain, but it’s actually another faulty presumption that makes you do it. When you are creating content in an online service, you are explicitly choosing to let the service store it for you. But that’s not a necessary design choice. As you’ll see, that simple location element — where you store your data — is the linchpin of how the Internet operates, and why it’s defective today.

How we got here

It’s fair to say there have been few moments in human history where respect for privacy has been worse than it is now, across the globe. Never has surveillance been deployed at this scale; never have censors employed such powerful tools to control what citizens see and hear; and never have crooks been able to steal from you so easily, and from so far away.

So what gives?

In some ways it feels rational, even natural, to accept this terrible bargain. After all, these services provide things you know you could never provide for yourself. You play the role of guest in every activity… and guests are very much dependent on the grace of their hosts.

Even when you whiteboard it for analysis, the view seems to be validated. Clearly we are the free-riders in this situation, right?

Your Contributions:

  • Content

Service Contributions:

  • Storage
  • CPU
  • Network
  • Application Logic
  • Identity
  • Security
  • Authentication
  • Contracts

So it really does seem like it might be a good deal, especially when there’s no apparent alternative.

Now see what happens when you replace the label “Contributions” with “Control Points.” All of those things that the Service provides are major control points. And yet it still feels hopeless to consider any alternative, because those things look hard.

But look again at what you bring to the party. Yeah it’s just one entry, your humble boring content. But consider that, of all the things contributed by either party, your content is the only unique and irreplaceable contribution. The other stuff —well, that’s a simple computer problem, the kind that gets solved all the time.

And when you pull that thread you realize that, if you want to consolidate everything under the control of a single party, there’s just one possible owner: you. That’s what a cloudspace enables for you. It lets you do for yourself everything you need a service to do for you today.

It turns out that, once you focus on the right requirement — simple sharing — the design is straightforward. In fact, sharing encompasses the whole category of Web properties that are most responsible for problems today. They are so alike in this regard that I’ll just call them services, and mean every sharing-based solution.

Service Components

Let’s walk through each of the service components, and see what happens when you gain control. Watch how much better and more useful they become.

I’ll address infrastructure (storage, CPU, and network) as a group, before we go through them individually. That’s where the costs are, and without solving for cost, you can’t have anything. You’ll see how easily an ecosystem of free cloudspace hosting services can be created. And unlike services, cloudspaces are free — free as in speech, and free as in beer.

Infrastructure is the category that prevents you from imagining you could do anything like the services on your own. After all, we all know that modern data centers run into the billions of dollars.

But cloud experts will tell you that the total investment isn’t the important metric. Rather, it’s the cost per user. These services remain free (as in beer) to you only because they can sell enough things, based on your private data, to turn each user into a profit.

In 2014 you were worth $8.25 in revenue to Facebook (specifically Facebook), at a 40% gross profit, so your costs were less than 5 dollars for the year. Your cloudspace physical costs will be equally trivial. This means that free cloudspace hosting companies can be profitable with just a few dollars a year of (non-profiling) ads per user. Especially if capacity frees up from existing services, which, again, face potential extinction.

Or you could pay for the costs yourself. Would you pay, say, $10 a year to do everything you can do today, with complete privacy, no profiling, and no ads? Organizations and companies could have cloudspaces too, and may find the paid model desirable, for benefits like greater control and performance. So there are lots of revenue opportunities to drive a robust cloudspace hosting marketplace.

Now let’s continue and run through all the components individually.

Storage is the at the root of of all Internet problems. Or specifically, where you store data. Think about it: if you had to name the absolute worst place you could store your private, personal content, wouldn’t it be “scattered all over the internet and signed over to strangers”? Yet that’s exactly what you have today.

There’s an axiom in the tech industry that “whoever controls the data controls the customer.” That’s how Microsoft did it with Windows and Office, and that’s how the services make money. (Except even Bill Gates never tried to assume ownership of your content.) Once the services hold your data, they know you are reliant on them for other things, which multiplies their leverage over you.

That’s why the first requirement for change is a personal repository — your cloudspace. It’s what’s missing today: a default destination for you to keep everything you now give away. To apply the axiom, you take control of your data and you gain control of yourself.

Because they’re API-based, cloudspaces can be constructed with any technology. But there are four specific “P” characteristics that a cloudspace must deliver:

  • Programmability. The cloudspace must expose its contained objects to manipulation through a set of free and open APIs. This separates data from logic to support virtually unlimited opportunity for innovation. A prebuilt set of common services like file system, authentication, and sharing means lightweight apps can do everything a full service stack is required for now. That’s what drives innovation and prevents lock-in.
  • Privacy. The cloudspace must be individually encrypted to a unique key controlled solely by you. (Typically generated at the time of signup and cloudspace creation.) This will prevent anyone, even the cloudspace hosting service, from seeing what’s inside, or anything you do from within the cloudspace context, unless you explicitly share something.
  • Persistence. A primary value of a data store is that its utility grows over time. Your cloudspace will persist over your lifetime, providing a complete view — a personal panopticon — of everything that happens in your digital world. Just as in the physical realm, it puts you at the center of your individual universe.
  • Portability. The cloudspace model isn’t a single service, it’s an open framework, like the Web itself. You must be able to easily move your cloudspace, in its entirety, between hosting providers. That promotes innovation and prevents the type of lock-ins that have led to the current awful state of the Internet.

One additional core concept is scope. Consider that Facebook has a single shared data set for over 1.5 billion people. That’s big data. Your cloudspace is scoped to only you. That’s little data. Because your queries are scoped precisely to your data (and things explicitly shared with you), performance can be much better. For example, your social feed won’t lag every time you scroll down, and you can easily search for something you posted years before.

The bottom line is, the only approach that actually works for the benefit of you is one that puts you in complete control of your data. And the starting point for that is personal storage — your cloudspace. What follows is a natural rethinking of the other components you use on the Internet every day.

CPU and Network are the other infrastructure components you’re required to provide, once you own the data, just because that’s how things work. They don’t deliver any specific benefits because you take over responsibility, but controlling them is necessary for other components to work.

Application Logic is the other critical capability (along with storage) that benefits you to take control over. Here’s why.

Because the services control the user data store, they also control the apps (both Web and device) that access it. A consequence is that the services are able to restrict you to one app per service, and one service per app — take it or leave it. But their design incentives are different from yours. For example, you’ll find that services artificially limit your configuration options because they really want to control the algorithms for what you see.

But your cloudspace flips this over. Since your data is already in one place, with all the services running, all developers need to care about is logic. That’s now the innovation point. There’s not even a temptation to exploit your data because it can’t be done; it’s all permissions-based, read/write operations against your secure data set.

In fact, it’s the free and open APIs that finally unlock all the value in your data. They enable Web or device apps written by anyone, for any platform. I could write one in my home, or a startup could write one in Silicon Valley or Kendall Square. The APIs duplicate all the modalities of today’s services, which, again, turns out to be easy because the primary enabler of all social and collaborative communication is the ability to share. And sharing is just much more powerful when everything’s in one private, secure place.

The result is that you might have a choice of 50 social apps, meaning Facebook-like apps to post status updates, photos, check-ins, etc., and share with friends and groups. With all the infrastructure taken care of, apps will compete on feature/function, UI, and performance. That lowers barriers so different market segments could be much better addressed. You might want something with strong photo-editing features, while another person who is sight-impaired could seek out a high-contrast UI. Or one person could switch between any of them, since they use the same data set, security, etc.

Identity is the component that got me thinking about the cloudspace angle in the first place. One day I realized that, compared to the real world, digital identity is extremely screwed up. In the real world you control yourself, but online someone else is always responsible for that. You are forced into the absurd role of guest to your own identity.

Worse, there are a gazillion different versions of you out there, each woefully incomplete, and probably incorrect in important ways. Your cloudspace fixes that by centralizing everything into a single authoritative identity. In this way you get to declaratively define who you are, and everyone goes by your version.

A central component of your identity is your contact list. When you create one on a service, you are locked into their version of who you are. What’s more, you inform the service exactly who you know, so it can build social graphs (and spam your friends, as LinkedIn does). In contrast, your cloudspace features a single, unified contact list, completely private and within your control. Imagine the fine-grained flexibility to create groups that work across any modality, or to create different groups for different modalities. Cloudspaces might even support multiple aliases that can abstract you from your actual identity where desired, yet provide an integrated view from your perspective.

In the cloudspace API-based model, everything is a live object, including contacts in your personal list. Just as a change to your profile propagates to everyone in your network, any changes made by your friends show up when you invoke their identity from within your cloudspace.

Security is another key area where cloudspaces are fundamentally superior in important ways, but there’s one basic factor that trumps all: everyone’s cloudspace is individually encrypted. Your personal encryption key protects your personal data, and keeps it separate from everyone else’s. From a security standpoint, the benefit is that the cloudspace network is highly atomic and decentralized, so there’s no single point to attack (or subpoena).

There’s also the opportunity to design security best practices into the cloudspace itself. Since we’re eliminating the password mess we have now (see “Authentication,” below), it’s reasonable to design multiple security points into the cloudspace. Escalated privileges finally become practical: perhaps requiring just a fingerprint or password to read or post, with multi-factor authentication and/or natural language passphrases for important things like deletes and configuration changes.

Other security opportunities are supported by the programmability of the cloudspace model. Controls could allow you to restrict access to specific devices or IP addresses. Activity could be logged right into the cloudspace, providing a way to assure that only you have accessed it. And then there’s the data center security: because your cloudspace is a computer file (or files), it can be protected against access by proper data center practices, likely based on an open cloudspace hosting design.

Authentication is another one that gets really better when you take it over. You can simply log into your cloudspace and let it handle all authentication on your behalf, securely. It’s the single sign-on that Facebook and Google are trying to become now (possibly the WORST idea ever, since they are among the biggest privacy violators).

This is because cloudspaces are built upon native security. Specifically, they employ certificates in a way that is completely seamless to the user. This means every single interaction is authenticated and, by default, encrypted. And they work just fine with self-signed certificates, eliminating the need for Verisign or other commercial certificate authorities.

Here’s why. People think that the value in a certificate is that it proves who you are to another party. But using a certificate authority only really helps the first time. In practice, the best proof of who you are is how you interact over an extended period of time.

If you think about it, the services don’t actually try to prove who you are. They let you do that yourself, as you interact with the people who know you in the physical world. All the service is doing is making sure you authenticate with the same credentials every time. Similarly, your cloudspace certificate lets you build a history, over many transactions, that would be impossible to spoof. Only this authentication model would work anywhere on the Internet, not just on a single service.

Contracts comprise one area that you’ll agree is completely messed up. We all know how one-sided those click-through Terms of Use are. The cloudspace model fixes this as well. Not only do you escape the onerous contracts by no longer using the services that impose them, your cloudspace APIs allow you to assert your own contract terms for any piece of content you own. For example, you could have a default term that states that anything you share is subject to deletion from your end, so that if you kill it in your cloudspace, it’s deleted everywhere. And the APIs can enforce that.

Benefits and Sequence

A couple of times I’ve noted that there are two separate classes of benefits. They’re actually sequential.

The immediate one is that you eliminate Facebook and every other service that uses the sharing model. These services are simply no longer required once there’s a better way to do all the same stuff yourself. Some services may pivot to preserve partial opportunity by providing aggregation or orchestration services (Medium might be a great example), but generally speaking, the “we have your data so we’re in charge” thing is over if people start using cloudspaces.

Some specific things that face the possibility of being replaced:

  • Facebook — To share a social post, simply save to your cloudspace and set permissions. Your cloudspace will notify your friends’ cloudspaces, and your post will appear on everyone’s feeds. Your lists and groups are drawn right from your cloudspace contact list. And you’re able to set legal terms, for example if you want to prevent re-sharing. And since everyone can choose from multiple competing social apps, rather than being stuck with Facebook’s “Top Stories” algorithm, you could choose the app (or apps) that support your preferences.
  • Twitter — Tweeting is just another modality for a cloudspace — an XML content descriptor. (Except without the 140 character limit — cloudspaces have no logical content limits.) Sharing publicly is as easy as sharing privately. In these public sharing scenarios, there may be benefit in aggregation services; for example a service that aggregates tweets for a specific community of interest. A cloudspace app could then aggregate the aggregators, providing virtually limitless customizations.
  • Gmail — Your cloudspace is an obvious destination for email. All the logic can be surfaced in a simple app, especially since the standards and conventions for email are mature. However, while supporting standard SMTP email for external correspondence, all correspondence between cloudspace users (of any type, not just email) is by default encrypted and authenticated. That’s the end of spam — yet another ancillary benefit of the cloudspace model.
  • LinkedIn or okCupid — If you think about it, your professional or dating profiles are just facets of your total profile. Therefore, you could simply designate the values (and layout) you want to show in these contexts. The cloudspace advantage is that you can do it in a way that is completely within your control. You get to see everyone who views your profile (no “upgrade” taxes/hurdles), and interact directly (and privately) with potential employers and romantic partners.
  • Youtube — Since it’s easy to share anything from your cloudspace, you can simply save your videos there. Whether you place ads or anything else on the page people see is now completely your choice. If you have popular content, you probably want to get a commercial cloudspace for high performance, but this will tie to actual cost, and all other control (e.g., ads, ecommerce) is retained by you as the cloudspace owner.
  • Pinterest, tumblr, Reddit, SnapChat, Instagram, Quora, WhatsApp, DropBox, iTunes, Blogger, etc. etc. etc. — As above, anything that simply collects your data and shares it back to you or your network becomes obsolete, once you can do that from your personal cloudspace, with complete ownership, security, and privacy. Aggregation networks will emerge, but the big evolution is that they must accept YOUR terms of service to access your content.
  • Facebook Messenger/Google Hangouts — These are probably the most important ones, so I left them for last. Make no mistake, these services are competing to eat the world, as they add SMS to their VoIP and video and direct messaging feature set. If these for-profit companies are successful, between the Facebook/Messenger and Google/Hangouts properties these companies will control an irreversible proportion of the world’s private content. Cloudspaces will be able to do anything these services can do today, plus any innovation for the future, since that’s provided by the lightweight apps. I would argue that 1:1 messaging is the thing it’s most important to own, control, and keep private, which is one of the key features of a cloudspace.

But those immediate changes, which happen as soon as you claim your cloudspace... they aren’t the most interesting part. Not even close. If you play the long game, you realize that once you have a personal repository, all your data has potential to go there.

As described above, once your cloudspace replaces all the Facebook services, that data automatically starts getting stored. However, there’s an “everything else” category to consider. That’s a lot of personal data too, and it’s increasing. It’s anything digital and relating specifically to you, like your commercial interactions, your GPS data, search history, and Internet of Things feeds.

In fact, you could potentially store the complete data exhaust you create as you move around the Internet. All the same benefits apply when that gets stored to your cloudspace. You gain unfettered data visibility and management, along with privacy and ownership.

The reason this is sequential, not immediate, is that it involve things that aren’t being replaced (as sharing-based services are) by the cloudspace network. Therefore all the apps and services will need to be modified to work in the cloudspace model.

Fortunately there are powerful economic incentives in play. If you’re a cloudspace user and a Fitbit or Nest competitor were to introduce an alternative with cloudspace support, that may well be a powerful differentiator for you. And besides, Fitbit or Nest have an incentive to add cloudspace support anyway, as it saves them costs for hosting and infrastructure.

What about e-commerce? Your cloudspace could drive an app on your device that replaces Apple Pay and Google Pay, with all the same benefits including single-use codes, except no one would see anything but you and your bank.

There are also legislative possibilities. You could probably imagine privacy-focused governments (EU countries?) mandating the use of cloudspaces for personal data, whenever possible. Your mobile phone company could store your location and call history there. You could grant the company rights to read and write the data, so it would work pretty much the same way from a vendor/billing perspective. But you’ve done the important thing: changed the data location.

The many other advantages of cloudspaces drive other opportunities. For example, the certificate-based security could support electronic voting in a way that makes fraud infinitely more difficult. When a vote is just one more record among the thousands in your cloudspace, it’s much harder to fake.

This is why I believe the second wave of change is the most important one. Exposing sharing-based services as an evolutionary dead end is a nice bit of work on its own, but the systemic improvements driven by the cloudspace model will dwarf even that over time. We’ll have an Internet that’s simply better in every meaningful way.

Objections

Since I first wrote about this in May 2014, I’ve discussed it with some smart people, and a small set of the same objections usually comes up. Let me walk through them here, as I believe they are all addressable. See if you agree.

All your eggs in one basket — This is the fear that if you get hacked, you’re owned. Your cloudspace would make a juicy target. Let me address this one, first with a parallel, and then emphasizing the design advantages of the cloudspace to keep you secure.

Have you got an phone with a fingerprint reader, or do you know someone who has? It’s the best thing since sliced bread. It improves security by a ridiculous amount, yet in a way that is absolutely frictionless. But if you read the coverage, everyone focuses on the fact that the NSA could crack it or some researcher was able to clone a fingerprint from a beer glass.

Meanwhile, for the use case it was designed for, it is a million times better than what was possible before. So don’t compare a cloudspace with theoretical perfection, compare it with the mess we have now.

That said, I think a cloudspace design can be extraordinarily secure. As I mentioned in the security section, the fact that each cloudspace is encrypted separately is a huge security advantage. Encryption works, and individually encrypted files make it mathematically much harder to exploit. Mass surveillance ends, that’s for certain.

When you add in the built-in security of certificates and escalated privileges, it’s clear that your result is a massively improved security posture, versus anything you have now.

People are too lazy to change — While generally true, think about the specific context. All you’re asking a user to do is join one more social network. The unique incentive is that you reduce the number of networks to one, for most of the stuff people do today. And it fixes the snooping problem, which even casual Internet users are starting to see as distasteful.

Plus, we completely overlook something we all know to be true: any network can collapse pretty much instantly if participants find something better. Ask MySpace. This risk was prominent in Facebook’s own IPO prospectus:

If we fail to retain existing users or add new users, or if our users decrease their level of engagement with Facebook, our revenue, financial results, and business may be significantly harmed.

And that’s the point. If your friends go somewhere else, you will too. If a cloudspace is a better solution than the incumbent — and it is — adoption won’t be a challenge.

“I have nothing to hide” — with a cloudspace you’re not required to hide anything; in fact you have absolute control of what is shared or not. But what you do change is that you’re no longer giving everything away. All the ownership and management benefits apply to everyone equally.

It’s like <ELLO, Diaspora*, MeWe, whatever> — People gravitate toward other examples because they provide a reference point. Let me be clear that cloudspaces aren’t like anything else. For one thing, all of those services still host your data.

As I stated above, cloudspaces represent a basic rewiring of the Internet. By taking control of your data, you flip the power dynamic in your favor, forever. It’s a simple concept, but potentially more disruptive than anything you’ve seen in a generation. Probably since the World Wide Web.

Powerful people will be unhappy — If I sounded dismissive about the objections above (and I’m not trying to be), this is the one I am genuinely concerned about. It’s no accident that the people holding the power on the Internet like it fine the way things are. If you’re a Web-based service, or spy, or authoritarian government, or online crook, things are pretty sweet right now.

But that’s why the cloudspace network must be an open standard, not a corporation. The model I keep coming back to is the Web itself: anyone can use it and nobody can stop anyone else from doing so. What the cloudspace solution does is add some critical features that, in hindsight, were always needed for a full-potential Internet. And, as unhappy as powerful entities may be, I really don’t think they can stop us.

Next Steps

Since you’ve read this far, you may be interested in living in the world I’ve envisioned here. Now it’s your turn to help make it happen.

If you’re an architect, design it. If you’re a developer, code it. If you’re a standards body, define it. And if you’re an investor, invest in it. (Anybody who wants my participation, just ask.)

If you don’t fit in any of those categories, hopefully your chance to help will come soon, when you can create your own cloudspace. You won’t just be seizing active control of your digital life, you’ll be doing your part to fix the Internet.