« To the Leapmobile? | Main | A place to shove your settings »


Feed You can follow this conversation by subscribing to the comment feed for this post.

Matt Jacobs

What I really want is privacy built into existing publishing tools. I'd rather have one service where both my friends and followers can find me, but I can send the private stuff to just my friends. In other words, a lot like Flickr's model.

I'm just not sure that federation is the right solution for a set of people who want better privacy controls. There are people who want to converse with their friends and Facebook (or whatever) is right for them. Then there are people who want to to write privately, but probably don't care about having people follow them. For the subset of people who want to write long blog posts for their friends, I'm inclined to think most them won't want to set up their own service.

This is not to dissuade you from building a publishing platform with built-in federation. My dream is that every service supports Salmon (or whatever) and I can just publish where I want and have all of the responses appear in my service of choice.

In conclusion: I'd like to see a great blogging service that supports private posts and an open federation protocol.


That was a pretty long response to some cantankerous curmudgeony. :) I will respond by rambling here.

Private RSS feeds are really a terrible hack that just kind of pushes the idea up a level anyway. You still need some sort of authentication mechanism that keeps things easy and secure. OpenID does fill that role pretty well but by the time it came along it was already too late.

The thing that always bothered me about RSS is that it's a strictly pull-based mechanism. I always wanted to see something more push-based, but then whenever I think about that, I always end up thinking, "Why invent something new when we could just use SMTP as the underlying transport?" Although really, for the best bet you need something that can act as both push and pull. Or, better yet, do it as a synchronization operation, although that runs into huge scaling problems very quickly. (Then again, so does a naively-implemented pull-based mechanism like RSS, especially when you get a hell of a lot of subscribers with broken agents that refresh all feeds every 15 minutes.)

Google has done some pretty interesting stuff with XMPP, in the meantime. They apparently use XMPP as the underlying push transport for Android sync and calendar publication, and it works quite well. Also, simple messaging protocols benefit from being pretty easy to parallelize and so on, with just a bit of simple dependency management to make sure that updates go out in the right order (and it could really just be something as trivial as "if we try to process a message whose dependencies aren't met, just resubmit it to the end of the queue").

I actually thought that Google had some REALLY good ideas with Wave. Unfortunately, they were too caught up in their single crappy implementation that was trying to do too much, badly, and only releasing it as a walled garden web app (instead of starting out with the federation protocol) pretty much killed it before it had a chance to get going.

Incidentally, I'd be fine with having "another inbox to check" if that one inbox could also act as a feed reader. I'm not particularly wedded to Google Reader, and the only things it does would be done better by some sort of distributed social network anyway. The one thing that Facebook does REALLY WELL is sharing items, and that's the only thing that Google Reader really brings to the table (and it does it so horribly that it pretty much might as well not even exist anyway).


Of course, as long as there's multiple ways that people can identify themselves that conflict and lead to identity fragmentation, and no good way to migrate that identity between services, then there will always be problems. The fact that there's so many equally-valid ways that I can authenticate to TypePad just to post a comment (TypeKey, Facebook, Twitter, and a dozen or so different OpenID brokers who all want to be my one true OpenID broker) makes it pretty hard for me to keep control over my identity. I could either keep commenting with my TypeKey profile to maintain the continuity there, or I could try migrating everything to one particular OpenID key (which is using an OpenID server that I control), or I could use one of my other services' identities.

It's great that Dreamwidth is making it easy for people to join in on Dreamwidth by just using their LiveJournal OpenIDs, but when LJ shuts down or starts charging for OpenID authentication or whatever, then all the trust networks and comment histories they've built up there are ruined. Also, OpenID as implemented most places is kind of cumbersome and is really just a substitute for a password but still ends up creating yet another account everywhere, and one that's pretty much fixed to a single OpenID URL (and I really hate how that URL is what LJ/DW/etc. show as your username and link to as the profile page, but that's an implementation detail). At least with a traditional account tied to an email address you can generally change email addresses.

Anil Dash

Been ruminating a bit more about this (I mean in the past two days, not just the past decade), and I think part of the big issue here is we try to solve this by starting with protocols and hacking. The questions that have emerged for me, with some distance are:

  • Does anybody want this? Is the reason that most Open* efforts have failed to actually get any users because it's not an actual desire, just something we hope people desire?
  • Why can't we start with what we have? We have an inbox on Tumblr, on TypePad, on WordPress. I can't even simply follow between these services, even as they face a mortal threat from Twitter and Facebook. (Yes, yes, I know record traffic, blah blah blah.)
  • Has Facebook permanently destroyed the idea of "privacy" on the Internet? I'm not exaggerating — Facebook has the combination of the greatest reach of any app ever, along with setting the immoral precedent of shifting user-set privacy settings, which no large-scale network had ever done before. As a result, i think it's possible they have redefined to most web users whether privacy actually exists on the web, with a default of "no" that would take years to undo.

I don't say these things to be a pessimist, but the use case I'd work towards initially would be the (existing!) ability to have password-protected blogs on TypePad and WordPress.com. What would it take to (say) exchange basic auth credentials between two sites that had the equivalent of low-tech .htaccess protection?

Because the Great Dream of federating all the old networks isn't working, and meanwhile the idea that anything could ever be private, yet shared, is slipping away.

I think the best thing that could happen right now to encourage long-form sharing, though, would be having tools made for the job. I've talked to folks like Kottke and Gruber and Dooce, and of course work with Gina and Waxy, and there just isn't a tool out there for people who want something modern, hackable, resilient, and optimized for an individual. The niceties could evolve out of it, but I'd love to merely have a platform that I enjoyed publishing my blog on.


It would certainly be better to have privacy in existing tools, since the existing tools are already so good at everything else. I guess I'm looking at it from my new position outside: the most effective option for me to agitate for this is to demonstrate the value by building an alternative. If it has value, the existing services can join later once it provides something beyond hippie handholding with their competitors—and if they never see value, hey, I have my alternative. (If it never actually has value, well, that's information too.)

I agree the old idea of federating all those services isn't working, but that only disinclines me to work with those players. (Again, I guess I'm looking through my own lens at it.)

As for the twin questions of whether anyone wants it and if Facebook has condemned privacy to the dustbin, I only raise the idea because I think that I want it. Perhaps I'm hovering around that dustbin, inappropriately nostalgilizing LiveJournal, but I miss the private register it provided and don't quite see why we have to leave it behind.

The comments to this entry are closed.