So You Want to Leave Facebook
A survey of social networks, from Signal to Scuttlebutt
There are a lot of social networks out there, and a lot of good reasons to leave some of the most popular ones. The goal of this post is to share my analysis of the alternatives during my own quest to leave Facebook.
Let’s start with the easy ones. I assume if you’re here, it’s because you care at least a little bit about privacy, ads, censorship, data brokerage, security, centralized control, constant tracking/surveillance, or not being the product. That justifiably rules out a lot of the most popular options like Instagram (owned by Facebook), WhatsApp (owned and being degraded by Facebook), Twitter, Snapchat, QQ/WeChat/QZone (heavily influenced by the Chinese government), GroupMe (low security), Google+ (dead), and Google Hangouts (phasing out). Let’s not waste time on those — they have many of the same shortcomings as Facebook.
Now, since there are so many options out there, I’ll organize the rest into categories.
Slack and its clones
Appeal: the features.
I like the Slack experience a lot, in particular its custom reacts, threads, channels, and mentions. It works well and is very useful for the workplace environment it dominates. If you want an exact clone with slightly less polish that’s open source and self-hosted, Mattermost is the most prominent clone for you. However, there’s the obvious drawback: workspaces are not interoperable. This dooms Slack as a real social network, unless the whole world were put in one workspace (which also seems like a disaster).
Discord is great because it did the same thing but made workspaces interoperable — that is, you have one account for all of Discord, and can join and leave any number of servers (equivalent to Slack workspaces) as you please. Direct messages are outside a specific server. Unfortunately, they explicitly read and sell your data to advertisers, so ultimately a no-go as well.
End-to-end encrypted messengers
Appeal: the security.
These all rely on roughly the same principle. Alice encrypts the message on her device and sends it to the server in the middle. The server can’t read it, but knows to give it to Bob. When Bob gets it on his device, he’s the only one who can decrypt and see what Alice said.
Some have obvious shortcomings, like iMessage not being on Android, but what it comes down to for a lot of them is how much you trust their security. For example, audits of Line have cast some doubt on whether their cryptography is actually sound. Also, most of these services can still see who’s talking to whom and how often, which itself reveals a ton of information. As a general council at the NSA once said,
“If you have enough metadata you don’t really need content.”
On this front, Signal is the winner and the clear favorite in the security community for being open source and including features such as forward secrecy, cryptographic deniability, and good metadata hiding. It also has a decent UI, is quite popular already, and has multi-device support.
The only other one you may want to consider here is Telegram, which is more feature rich than Signal with stickers, better group messaging, and a great UI. Also extremely popular (over 200 million users), it seems to have good security but is not nearly as unanimously praised for security as Signal.
Something from this group (Signal or Telegram recommended) is sufficient for your basic messaging needs. Even if you’re a whistle-blower in a surveillance state, Signal is secure enough to protect you.
However, they still leave a lot to be desired, namely:
- It’s not at all a full social networking experience. Messaging is only part of how we connect and share with our friends and family.
- Something could happen to them. These apps are free right now, but servers cost money to maintain. The groups behind them could run out and start charging you for it at any time, and you would be trapped again—because leaving means losing your contacts and messages.
Examples: literally hundreds. I’ll highlight a few of the main networks.
Appeal: ability to choose a specific community but have access to everyone.
For many of the open source options above, it’s possible for some independent developer to build an app of their own that can send and receive messages, but it would still all have to go through the main Signal server (for example). Federated systems have many independent servers which all share a convention for how messages are formatted. The most well known example is Email, where “email@example.com” means that the “example.com” server is responsible for collecting messages to Alice. Slightly oversimplified, but that’s the main idea all the federated models follow.
This is exciting for a couple of reasons:
- No one controls the whole network!
- There are a lot of options (gmail, outlook, etc.), so you can pick the best one for you. Different servers also have different policies and focuses for what shows up in your news feed — or what gets blocked as spam.
- If your server starts misbehaving, you can switch to a new one without your friends having to switch platforms.
There remain a few drawbacks, however, so let’s get those out of the way:
- There are a lot of options. Deciding is hard, especially as a new user, because it’s a large commitment you don’t know how to evaluate.
- If your server starts misbehaving, switching is still a pain, because you have to transfer your contacts and tell all of your friends to use your new identity (like an email address, ActivityPub id, etc.).
Without further ado, the options:
The largest and most popular social network. It’s good at what it does, but I think we can all agree that it doesn’t meet modern expectations for social networking features. It’s also fairly insecure.
The most mainstream federated social network besides email (although it’s hard to tell, because they’re really spread out by design). “ActivityPub” is not the name of any service you can join, it’s the convention that lets all of the users on the following sites talk to each other:
- Mastodon (Twitter clone) — most popular with well over 1 million users
- GNU Social
- PeerTube (YouTube clone)
- PixelFed (Instagram clone)
- Frendica (Facebook clone)
- also Pleroma (Twitter clone), Hubzilla, Mobilizon, Misskey, and many more
So if you’re on Mastodon and your friend posts a cool video on PeerTube, you can “like” it cross-platform and it will show up in your other friends’ feeds.
ActivityPub user data is encrypted in transit (between servers, as almost all traffic is nowadays), but not encrypted once it gets to your home server. This was deliberate, because one of the features is that different servers will prioritize different content in your news feed. However, it means that if your username is @firstname.lastname@example.org, you are trusting example.com with all of your messages and data (just like email). They could be doing anything with it, including censoring or selling it. Hopefully this isn’t often a problem, because competition should make the most honest servers the most popular, but it is very important to know there’s the risk.
No, not that Matrix — I wish.
Very similar to ActivityPub, Matrix is a set of conventions that make it possible for users on many different sites to communicate, however people refer to the network as “Matrix” in this case. It’s also federated, so everyone has a home server, but there is much less emphasis on choosing the right one here. Matrix is built with more of a Slack/Discord mindset, where the servers are like Slack workspaces that can host channels and such. The main web client for interacting with the network is itself a Discord clone, called Riot. Extra bonus points to Matrix for having bridges to most other platforms, which enable setups like half your team using Slack and half using Riot (and one person using IRC) with the messages from the other app being transferred over automatically by a bot.
The main feature that Matrix offers over ActivityPub is privacy. End-to-end encryption is available even for large group channels, so with that enabled no server can read your messages.
- Diaspora: was very popular (for a federated social network) for a while. Emphasis on cross-platform posting (for example, to blogs, or Facebook).
- SOLID: project of world wide web inventor Tim Berners-Lee. Cool idea, unfortunately underdeveloped and shrouded in ambiguity.
- Peergos: cool tech — servers aren’t trusted so it’s almost decentralized, but does not provide users much of a social network-like experience.
For this category it really comes down to what you’re looking for. If you want an experience like Twitter, join Mastodon. If you want something like Discord, care about privacy, or are an organization looking for a work platform, Matrix would be better.
Both still have the issue of it being hard for users to change their home server if it misbehaves — you’re kind of stuck with the domain tied to your username (like with email). In order to solve that problem, we must foray into the territory of very unconventional social networks. Onward!
Appeal: BLOCKCHAIN! Also, uncensorable, permanent, and can reward content
Prerequisites: Know that crypotocurrencies like Bitcoin and Ethereum not only let you send money around, but are also a public permanent record of any data you add to those transactions (for example, your tweets). There’s more to it, but that’s enough to understand how these work on a high level.
A couple of different desires can be fulfilled by blockchains:
- Anyone can participate: on a public blockchain, anyone can submit or read transactions.
- Censorship is hard: no one can globally filter transactions to or from the blockchain.
- “Good” content deserves to be rewarded, and what better reward than money? (details vary by platform)
But of course, there are drawbacks:
- Adding any new data to the blockchain incurs a transaction fee.
- Blockchains are often slow and/or resource-intensive.
- You have to be connected to the “main network” of people using the blockchain to participate. It won’t work offline or even just regionally (like federated systems can).
And now, the apps:
You have to pay to post
There’s solid tech behind some of these, but I’m not going to spend time on them because I don’t think needing money to join or post is palatable to most users (even just a little, even if the devs start them off with some).
Depends on Blockstack
Blockstack is an organization which absorbs the transaction fees of using its blockchain-based ID system, and lots of other things.
This is a disadvantage for the same reasons as any blockchain (speed, connectivity, etc), but also because we’re not really sure what Blockstack’s business model is despite them raising lots of money and giving away $100k/month to app developers. It seems to be “1) become the ultimate domain/identity registrar of the new internet, 2) profit”. This is its own category because it trades one problem for another, and a lot of Blockstack-based social networks have cropped up due to their developer rewards. That does mean you can log into lots of apps with that one ID, though.
Content curation/reputation focused
This category solves an interesting related problem: How to determine what’s quality content, and how to reward those how generate it. The answers here are “a reputation system/web of trust” and “blockchains”, respectively. These systems could have an entire article to themselves, but they’re more replacements for Reddit than Facebook so I won’t say much more here.
A Twitter clone, and my favorite in this category. Everything is stored on Ethereum (and thus open to other people making clients), but they bundle things in a clever way which keeps costs fixed no matter how many tweets there are (and they cover this small cost). The big draw is their huge focus on encouraging quality content and making it a nice place to be. Of course, since it’s on a blockchain, it’s also very charity/tip focused so it’s easy to tip other people for a tweet (but they do take a cut). Unfortunately, as with all Ethereum apps still, you have to install the MetaMask browser extension to use it (which has its own UX problmes…).
Ultimately, this category has lots of cool ideas and may have some promise when it comes to curating quality in a global public feed, but they don’t solve the fundamental blockchain drawbacks from before. Plus, most of what you do on Facebook (messaging and posting to friends or in groups) isn’t public anyways, so it seems silly to save that on a global permanent record (the blockchain). The UI hurdles that come with blockchain — like needing MetaMask and/or cryptocurrency to participate — also make me think that most of these have a pretty low chance of being widely adopted.
Appeal: no dependence on third parties, lots of options, high latency not an issue
The main idea behind each of these is that the data which makes up the network (profiles, messages, etc) is sent directly from one person’s device to another, without any intermediate servers or anything. This can be done in person, over Bluetooth for example, or across the entire internet. For example, Secure Scuttlebutt (SSB) was started by a guy from remote New Zealand which has terrible connectivity. With SSB, he can post a picture while out on a boat, come into town and sync directly with one person via Bluetooth, then that person could go to the local bar and sync directly with everyone else, and now they’d all have his post without ever having to ping the outside world.
That’s pretty wild, but it brings with it some challenges:
- This is harder technically.
- Finding new people and content is harder when no central (or even federated) entity is amassing profiles and posts.
- There isn’t necessarily an entity dedicated to keeping your stuff online while you’re disconnected.
These all seem solvable, however, and the benefits are compelling:
- There’s no central controller, data vacuum, or censorship tool.
- An open platform means many options for users.
- No reliance on fallible or untrustworthy third parties. Your data is yours.
For a long version of the benefits see the thought that kicked off this research:
The Case for a Decentralized Social Network
Decouple the network from the host/client and competition will drive quality up and costs down.
Though they all have that same core function, each one implemented it a bit differently. Here are the most noteworthy in a little more detail:
Secure Scuttlebutt (SSB)
One content spreading mechanic, as mentioned above, is people storing each other’s stuff and spreading it to the next person, but the main way this happens in practice is through intermediary nodes called pubs, which are servers someone is hosting as a meeting place to exchange profile updates. Pubs can read your messages, and everyone can read who follows whom so it’s not very private, but they do have encrypted messaging.
Briar is similar to SSB, except with an extreme focus on privacy (which sacrifices many of SSB’s nice social features). First of all, the only way to communicate with someone new is to meet up in person and exchange keys (scan a barcode), and your key is required to be password protected. Once you’ve connected with someone all correspondence is end-to-end encrypted and you can only communicate directly (like with Bluetooth) or through Tor (which hides who’s talking to whom). Extremely secure. Not very user-friendly.
Honorable mention because of their emphasis on users forming a “web of trust” and the clever things they can do with that. For example: one problem/benefit of decentralized social networks is that no one backs up your password for you. So if you forget it, you can’t do a simple email reset or something. However, since in Iris you have already indicated which other users you trust, if enough of them say you really did lose your password you can replace the locked account.
This category has a lot of variation, so I can’t claim one or another is better— it depends on your use case. Unfortunately, none of the options seem to have quite figured out how best to balance privacy, discovery, and user experience.
Some things just defy categorization. These are cool projects that do not deserve to be all the way at the bottom.
Their core technology is a clever secure file sharing system (with 250GB of free space), where something kind of like Slack has evolved around that. They’ve done a great job of making security user friendly (for both messages and files). Again, a very solid option, but it is centralized so Matrix is probably a better choice for its popularity, bridges, and federation unless you really value large secure file storage and a bit more polish.
Status could have gone in the decentralization category, but it’s also not quite a social network. It’s very polished and has a lot of thought put into it, but is really a mobile crypto hub for interacting with Ethereum apps, storing cryptocurrency, and yes, also messaging. The messaging security is great, but that’s because they send each encrypted message to everyone else on the network, which obviously does not scale.
And the winner is…
It depends. Sorry. That’s usually the answer.
If you just want extremely secure messaging, Signal or Briar are best.
If you like social media for the personalized feed of outside content, a centralized option can probably do the best job because they have the global view, but one of the [your interest]-based federated communities of ActivityPub could be a good fit.
If you really like Twitter but not their data practices and…
- …also think it’s toxic: try Peepeth.
- …wish the chatter was more relevant: find the Mastodon community for your interests.
If you’re just looking for a simple messenger app, that’s more than covered by SSB, Matrix, or Telegram — add or remove centralization to taste.
But if you want a full social networking experience to bond online and keep in touch with your friends and family without having to worry about that personal stuff getting leaked, sold, stolen, or lost… It seems like there isn’t a perfect solution yet.
However! There is some good news.
This is not because of technical limitations, it turns out, it’s just that no one has put all the right pieces together yet. So I’ve decided to, and if you too were left unsatisfied by this research endeavor, drop me your email and I’ll let you know when it’s ready.