Decentralization is not the only way to save the open web — democracy can, too.
Centralized, community governed services can protect our privacy and empower users in a way that open source software alone can’t.
Most companies that invade our privacy are shareholder or privately owned, VC backed and offering a service to “customers” (often advertisers) and “users” (a.k.a. the product). This is possible because there is no real alternative to these companies, and because their executives have the freedom to decide one day that “users” will pay or terms will change, or that newly acquired subsidiaries will enter into data sharing agreements with their parent company, a la WhatsApp.
Most privacy advocates online are fairly staunch individualists, who believe every person should be able to run their own server giving them access to a global, federated network. This approach has fairly clear limitations because of it’s demanding operational side of things: many technical users tire of running their own systems for mail and chat in the end, and nontechnical users will be entirely unable to participate. The cost of privacy in this model is high, and network effects ensure that most communication still goes over “corporate” networks and protocols.
This is what has led me to advocate collectively run services. The barriers to entry can be lowered and similar approaches to the giants can be used, while offering clear legally backed guarantees to users about service levels and their privacy. Remember “free, forever”? It is a guarantee of advertising and data mining. My contribution to this discussion is to suggest that services be “community run, owned, and governed, forever” instead.
It is possible to register types of company in the UK (and almost certainly elsewhere too) that are confined to a specific purpose, which can’t dispose of (sell) their assets except in specific ways decided at the start and declared publicly. Usually assets can’t be passed to organisations without the same or comparable legally binding goals. Intended beneficiaries can seek redress with the regulator where the company fails to fulfil its stated purpose. These companies cannot change their purposes except by a majority vote of its membership, which could be literally all users, or donating users, etc. The purposes are, in the event of a challenge, evaluated and compared by judges in a court.
In other words, it is possible to provide legally binding guarantees to specified groups of beneficiaries through use of the right type of legal vehicle. This is through what is called a community benefit society — a democratic membership organisation which can hold assets, but isn’t for sale like a company.
A community benefit society would be an appropriate guardian for a centralised (not focused on self hosting users) social network and messaging platform because of the guarantees it could offer. Funding is likely to be lower, but widely used community resources like Wikipedia manage well enough to raise money quickly. Privacy is popular and many people would be happy to pay for guarantees they can understand. Not having to learn about cryptography in order to have a chance of not being sold out to advertisers (or be snooped on) has wider appeal than we give it credit for.
There are implications to non-profit, member funded organisations, too. It makes for much simpler technical implementation.
Facebook has vast engineering challenges that mostly revolve around maintaining a gigantic, privacy invading advertising network and data mining operation, with the infrastructure to feed it. On the other end of the scale Diaspora and distributed social networks like it find that protocol issues arise and complicate design decisions. Well meaning but amateur operators make federation (independent nodes users talking to one another even though they use different nodes) a difficult and broken experience.
Having neither the burden of infrastructure for data mining nor protocols for federation having to accommodate small time operations means there is less work to do over all. It means that efforts are focused on the project and the experience of using it.
Even the operations of such a system could be open: with proper configuration management and continuous deployment practices, an environment where it is safe to allow contributions from the community can be created.
Off the shelf tools can be used to create fast, reliable proof of concepts for a centralised system. Developing an application and a data model can take priority, with the opportunity to tackle implementing federation or other features later. I’ll outline in another post how I see a WhatsApp clone working, using established, mature open source software as a basis.
On reflection of what drives me for these kinds of goals, I have to say it isn’t fear of the state (although in many ways, the state is scary). It is a desire for public space and a commons. A modern, connected means of communication that is convenient and quick that can be used without offering up our deep thoughts or relationships or behaviours to a company I don’t like or control. It is the desire for a non-commercial, commonly held infrastructure.
Decentralization is one valid approach to that, but it is not the only one. Running your own email or jabber server in the name of decentralization can feel like homesteading on a frontier, with all the rugged, self reliant individualism of the old American west. It was one way to escape tyranny in its day: simply get up and walk away from it, into the wild.
That approach will never defeat the network effect that keeps people away from XMPP and on WhatsApp. The network effect is just a new way of describing something that has been known for a very long time: some things are possible in groups that are not possible individually. Privacy in society is one of those things, where only by acting in a way that is conducive to one another’s privacy can we guarantee our own.
Legally incorporated associations aren’t a traditional “netizen” approach, but I believe they are one that could bring some internet users what they wanted all along: privacy, accountability, and control. A democratic membership organisation would allow the privacy conscious, motivated individuals who today struggle with interoperability to embrace a legally driven, governance based approach to privacy. In doing so, they would come in from the wild and defend everyone’s rights — not just their own.
