First came Net Neutrality, then came the Snowden leaks, then came so many users’ leaked private photos, then came the evidence of censorship by Facebook, Twitter, Instagram, and YouTube, then came the sight of Zuckerberg defending himself and Facebook in front of Congress.
In truth, this should not have surprised anyone. Nor does anyone really have the right to be horrified by the current state of affairs. Security and privacy experts warned about the dangers of current digital communication technology for years, even decades. Yet, people rarely feel the need to leave the comfort of their familiar environments when these problems don't seem to affect them directly. Of course, that's how the damage is done.
The good news is that, finally, people are waking up. People are realizing just how much these “free” services really cost them. There is even better news: you and I can do something about it now. Facebook and Twitter and Email and all the other traditional social media are not our only options anymore. They never were, but now there are options out there that might even be comfortable enough for you to help convince your social network to move with you.
Dealing with all the ramifications of our current technology could take up 6 textbooks in psychology, philosophy, political science, computer science, history, and human-computer interaction, at the very least. This paper does not have the time nor the space to deal with anything in depth. Rather, I will emphasize what is wrong with our current technology, what a solution looks like, what the trade-offs are, what are some non-solutions, the correct timeline for action, the current state of the art, and the next steps you need to take to make a difference.
What is wrong today?
People do not realize just how broken and systemically harmful our current method of digital communications really is to liberty, security, and privacy. Here is a brief list of the major point, each of which is significantly responsible for so much of the trouble we see on the news today:
- Lack of Privacy
- Weak Security
- Central Control
- Monetization of People
- Infrastructure Dependence/Fragility
I will cover each of these briefly below to help you understand what they are and how they threaten you and your friends.
Lack of Privacy
Most current digital communications are not private. They do an excellent job of making you think that they are private, but they most certainly are not. As an example, every time that you send an email, that email is being sent in an un-encrypted form. It does not go directly to your friend either. Imagine if, when you sent a letter through the post office, every single person who touched that letter took a copy of it, read it, and stored a copy of it for their use. That is how email works. Your email “hops” between servers until it finally reaches its destination, and little copies of that email can end up sprinkled all over the Internet’s backbone, in an un-encrypted form called “plain text” that permits anyone to read its contents.
If you use a hosted email service, it is even worse. Using something like Gmail, any other webmail solution, or something like IMAP, uses a remote server to store your data in the cloud. All those emails just sit there in servers that you do not control. Moreover, their service agreements empower service providers to read your emails for most any reason they deem appropriate. It is common and trivially easy for the Government to request emails from service providers, and those service providers rarely, if ever, put up a fuss about it.
Facebook, Twitter, Instagram, and other social media sites work the same way as a webmail provider. You do not have any of that data on your computer. Instead, all your personal information and data is stored in the cloud somewhere, unencrypted, and completely accessible to any of those companies. Usually you agree to allow them full access to use, read, and “mine” that data to serve you ads. As we have recently seen, this data can and will be used against you and rarely in your best interest. Email is just as bad, because nowadays, almost everyone uses one of a very few email providers, so data resides on just a handful of company servers.
Not only are people that you do not trust and that do not have your best interests at heart viewing, reading, and accessing your data, but they also track your behavior. These applications monitor and watch everything you do, they listen to your conversations, and they build profiles of your behavior. They actively keep tabs on you with more detail than Nazi Germany and Communist Russia ever could. Of course, they use all this data for their own benefit, and it can be readily and easily abused.
In short, social media presents a veneer of privacy that crumbles at the slightest investigation. The only way you can be okay with this is if you literally do not mind walking around with a camera live streaming every minute of your life to the world and forcing everyone you interact with to also livestream their lives. Because it is not just your privacy at stake. When you accept a lack of privacy, you force everyone with whom you interact to also accept that lack of privacy. You force anyone who wants to talk with you to bare their own lives to be misused, abused, and profited on with no benefit to them.
By using traditional digital communications, you leave security in the hands of people who actively have a motive to keep your data minimally secured. They will secure your data to the point where they feel that they have little to no liability if something goes wrong, but otherwise, they have little to no incentive to grant you privacy or security above that. It simply is not in their best interest. It is in their best interest to sell and profit from your information as much as you are willing to tolerate. Thus, many of these companies have very few protocols in place that would prevent or discipline the abuse of your personal information. There have been cases of employees of these companies misusing the data that they had access to.
By using these sorts of services, you forego any option to make yourself safer or more secure. Instead, you rely on someone else, who is not interested in your safety or security, to provide you with the tools that might help you feel secure. It is a recipe for disaster, and as we have seen, disaster has a tendency to strike with a scary degree of regularity.
You do not have a right to talk, or a right to free speech on any of these platforms. You are there on the good will of the monarchs of these services. Moreover, people readily absuse their “reporting” systems. In the Tech industry we call these sorts of intentional abuses “denial of service” attacks. They cause innocent people to be brought offline because someone dislikes them. They are remarkably easy to achieve and very difficult to fight on platforms like this, because all the power lies with the company that is running the service.
Social media platforms, in which I include Email, can readily and easily censor your communications and outright ban you from communicating on their networks. Companies have been doing it for a very long time. It is in their best interest to ensure that the majority of people do not get censored, but as we have seen, censorship is a favorite tool of political activists.
Because of the design of these systems, there is no way to avoid censorship. You are literally powerless on these systems, with no rights and no recourse but the good will of the people handling your case before the monarchs of the platforms.
Free speech is not very free when the platforms we rely on to speak are not themselves capable of protecting that all important right.
At the heart of problems like those above, is the centralized nature of these platforms. Someone other than you and your friends run the software, control the data, and handle all of the work. They literally manage everything for you, and you become a sheep who comes to eat there occasionally (or, in the case of the addictive nature of social media, very often). These systems are called centralized because all the power rests in the centralized control of the company, all of the data is stored in a centralized source, all of the software comes from a single party, all of the protocols are closed and proprietary so that only a single source controls their development.
Another term for this is vendor lock-in, and companies have a huge incentive to ensure that your data cannot leave them. If you have years of your life locked up in their vaults, you are likely to be more amenable to their demands. Since they control everything, you are at their mercy, and the more you use their services, and the more you come to rely on them, the more you fall into their power. It is a little like a drug lord who gives you your first taste for free and then gradually increases the cost on you since you cannot leave easily.
It is no far stretch to say that many people have most of their lives on these platforms. That is a tremendous amount of power to give to a few people who do not have any reason to care about your well-being. We do not design our governments to have this amount of control anymore, and for good reason. The only way to free oneself from such a situation is usually a bloody revolt, with a big mess in the transition.
Monetization of People
Have you ever wondered how these systems manage to stay afloat? It is a massively expensive undertaking. Why would anyone offer such services for free? We are still in a free enough market that they have to be getting something in return for all of the free “service” these platforms provide us. Well, the answer is, literally, that you are selling yourself to them, and that is a valuable commodity. These companies learned that if you give people something convenient, fun, and that fills them with endorphins, much like other addictive products, they will sell their long-term well-being for a short-term benefit. You are selling your personal information, your life, your habits, and the habits of your social network to these companies. They in turn use this information as a package that can be sold to other people who want to do everything from sell you ads to alter your behavior at election time.
If you asked someone if they would be willing to wear a GPS tracker with a camera on it that would publish their life to the Internet, and in exchange, random people they did not know very well would come up to them and say “I like you,” how many people do you think would sign up for that? I think a common response would be that they are not a sex offender and do not need to be tracked. Ironically, this is what many people do when they sign up and provide their information and post photos of their lives to Instagram and Facebook. All so that they can receive affirmation from strangers.
That is how they make money, because people are willing to sell themselves and their lives in order to “feel good.”
Social media has a well-documented effect on the world that causes an increase in the amount of impersonal conversation and tends to distance ourselves from those with whom we interact. It helps us to have many small conversations and shallow relationships with people that we do not know well. We know that this causes a degradation in trust among fellows because we don't have the time for repeated, deeper interactions with people that are more meaningful.
Current social media is designed on this model. It is designed for us to get “lots of followers” and to seek out strange communications, rather than to help us deepen our real life relationships. It extends our reach, at the cost of neglecting our more relevant relationships.
This model benefits the current platforms because it creates more connections in the social graph between parties that otherwise might care about each other. This increases data going through the total network, which allows for better analytics on the behaviors of people at large, and thus, better ads, and better behavioral analysis of the network. It is also a selling point for them, because it gives people the excitement of meeting new people.
Evidence suggests that this sort of thing is not healthy for us.
Our current social media platforms in widespread use rely heavily on the Internet as we now understand it. They are all, at their heart, centralized web applications. You access them primarily with your browser or with applications which are specialized browsers for that one application, but that Internet is dangerously fragile. Governments can easily close or seize specific websites, or in places like China, censor the whole network. The Internet backbone is easily controlled, and that's risky for anyone. Even if sites wanted to allow you to post content on them, if the networks prevent them, then you will not be able to do so.
What does the solution look like?
Given all of these problems, what does the solution need to look like? How can we avoid all of these problems? Here are the 6 things that any workable solution should provide. If the solution being offered doesn't have these 6 things, then it won't fix the problems:
- Strong Encryption by Default
- Peer to Peer
- Stalker/Scraper Resistant
- Relationship Driven
- Infrastructure Neutral/Independent and Offline Friendly
Firstly, strong encryption is an absolute requirement. It needs to be the default, always on, never off, base of communication. It needs to be immediate. Many systems exist that allow you to “turn on” encrypted messages, but this is not good enough. You have to only be able to send encrypted messages, unless those messages are meant for complete general consumption, and not specific individuals. Anything less and people will have a tendency not to use encryption.
Secondly, decentralization and peer-to-peer (or, P2P) go hand in hand, and are critical parts of the solution. Decentralization means that all the data is distributed across multiple servers, locations, and owners. Instead of a single server farm controlled by a single company, anyone can run a service or be a part of the service if they want. Email is technically decentralized, because anyone could run their own email server if they wanted to do so; all the email servers can talk to one another. Facebook is centralized, because Facebook is the only one who can run Facebook servers. But decentralization does not suffice, as we have seen with email. Even though everyone could run their own servers and emails could be spread over the world, in practice, decentralized systems that rely on servers tend to become centralized (Gmail) because everyone starts using the same servers. To overcome this, what you really need is Peer to Peer solutions. These are solutions in which all of the communication and work is done by the people using the service. That is, servers are not necessary for the solution at all. In P2P systems, your computer is part of the whole network solution, rather than just being a client that connects to a server. In a P2P solution, decentralized servers may still provide useful benefits, but they are not necessary to the operation of the service, and the service could go on working without them. No one should be “tied” to a server.
You can determine whether your system is peer to peer by checking whether you have to “log in” to a specific server or address. If you can just go to a web browser and start using the service after creating an account, then it is not peer to peer. Peer to peer systems usually do not require you to create any account on any server, and they generally also require that you install some software on your machine.
P2P, decentralized systems that use strong encryption are stalker resistant. Any good solution needs to make it hard for anyone who is spying on the network to get the “entire network.” The best systems make it so that there is not even a concept of an entire network, because there can be an infinite number of local networks, instead of one single, large, monolithic network.
If you have a good system, then it is harder for someone to infiltrate all of the networks and scrape data from everyone. It is harder to follow and track people, and it is hard to censor them. They hide not only what is said, but who is talking. This makes spying on people hard to do.
In order for these systems to work well, then they must be relationship/trust driven. That means that a good system should emphasize the value of real, human relationships, rather than random connections between strangers. Good social media solutions make it easy to talk to those people who you know and requires you to make introductions (just as in real life) between friends in order for them to start following one another. This introduces a degree of trust and makes the network better behaved. This process can be mostly automated, and relatively easy, but you do not want some random stranger to easily be able to bombard you with spam or start watching your activities.
Finally, good social media that is resistant to censorship must be able to work without an Internet connection, and it must be able to work even if the Internet goes down for some reason. Good solutions are “mesh network” compatible. This is when you have to build up a peer-to-peer Internet where everyone helps talk to one another instead of relying on a large Internet backbone. The details are technical, so I will not go into that here, but the best social media solutions are mesh network friendly and work even if the Internet were to disappear.
What are non-solutions?
There are a lot of “solutions” that people might propose which do not fix the problems.
Some people will suggest that we just need to apply political pressure on Facebook, Twitter, &c. to make them stop doing what they are doing. But that is like petitioning the monarch and threatening revolt. It does not work in the long term. These systems are systemically broken, and they will not be fixed simply because people are trying to get them to “behave.” That only fosters a lack of trust and will lead to Facebook and other companies doing better to hide bad activities. The solution must discard these traditional applications entirely.
Decentralized, Federated systems exist and some people use them as alternatives to traditional social media. These systems make it easy to create local social networks by running your own “social network server.” These servers talk to one another, and so they are called Federated. However, these solutions do not solve the problem, because they are all still relying on central servers to provide most of their services, and they lock people in to various servers. These services can only work if everyone is running their own servers and then they are talking to one another, and at that point they are no longer federated. Good solutions have no distinction between client and server. If you have to create an account on another machine in order to use the system, then there is a problem.
Others will demand that any new solution should be able to talk to Facebook, Twitter, or the like. But that is not a solution. Such recommendations only encourage users to continue using Twitter and Facebook. You do not have an exodus from Egypt by sticking around there and only having a few people out in the desert. No, you leave, en masse. And any information that leaks back into Facebook is more information that remains unsecured and dangerous. It does not solve the problem, but only perpetuates it. Clean break, cold turkey.
Finally, here is the worst problem. Everyone uses these other systems, and many will not want to leave those systems unless their friends also leave. I mean, what is the point of a social network if there is not anyone to talk to? This is called the “Network Effect.” It is insidious and horrible. You cannot wait for someone else to make the first move. Instead, you need to be part of the exodus. You need to start forging new lands and colonizing new planets. If you do not do the work to move out, then no one will. You need to be the one to say, “Hey, I am not going to use insecure communication. If you want to talk to me, talk to me with secure social media.” You need to draw a line in the sand and drag people across.
What are the trade-offs?
Nothing is ever easy. Moving to a new social media paradigm is not all roses and parties. Despite all the good attributes that these new social media paradigms have, there are some things that you will need to adjust to if you want to embrace a better world.
As we spoke before, the Network effect is going to cause issues. Not many people are using these systems relative to the wider community, so you are going to be an early adaptor, and you need to be prepared for that. You need to be willing to go through that awkward conversation of getting your friends onto a new social network rather than just talking to them on the old.
Because these systems are so new, and because they do not have millions of dollars in development funding behind them, that means that these systems are not going to be as polished as the old systems. That is just going to be true for a while. That does not mean you should not use them. It means that you should start using them and investing the time and money into making them work. Remember that these systems are not making money off of you using the system, because they are not monetizing you as a person. That means that it is more important for you to support the developers of these system directly. Remember, you are trying to stop selling yourself, so to make up for that, you should be willing to put in some cash. Only by using the system, bringing more people into the system, and funding future development will these products continue to improve and get to the point that they exceed the usability of the old systems.
One of the great things about centralized services (and also a source of all kinds of evil) is that they take all of the responsibility off of your shoulders. They promise to take care of everything for you, and you just have to be a consumer. Well, we have seen what kinds of bad happen because of that, but the solution means that you need to start taking responsibility again. Not only is this worthwhile, today it is easier than ever. Backing up your data, encrypting your hard drive, and getting connected to P2P social media is now so easy that a few button clicks will accomplish the task. What once took a degree in Information Technology is now easier than getting your photos off of your phone.
We have all had someone try to censor us. It happens all the time. No one enjoys having their free speech shut down. On the other hand, no one likes to be forced to listen to someone’s drivel either. In P2P systems of proper design, no one can tell you what you can and cannot say. On the flip side, this means that you also cannot censor what others are saying. Instead, you have the power to filter out the content that you do not want to see. You are not forced to listen to what others are saying, but you cannot force anyone not to say those things.
What does this mean? We are designing a system that takes central control away, which means that we are taking away the ability for someone to control someone else. This is a great thing, but it means that you do not get to have a say in what someone else says. People really like to be the one carrying the censorship stick, they just do not like to be on the receiving end. If you do not want to be on the receiving end, it means that you also do not get to have the censorship stick either. If someone says something that you do not like, or does something that you do not like, you do not have to listen to them, and you can block them, or hide them so that you do not hear them, but you cannot stop others from listening to them if they want to do so. That will rub some people the wrong way, because some people are not willing to rest while they know that someone else is saying something somewhere – even if they cannot hear it – that they do not like.
And for those people who just cannot stand that you are saying what you are saying, there is no central authority to which they can appeal to get you shutdown. That is always the more comfortable approach, because then they do not have to deal with you directly and they can use cowardly indirection to deal with the problem. But without that central authority to get in the way, that means that you now become the target. Be prepared for that. On a P2P network, the only person you can go after to stop someone from saying something is that person themselves. Good networks will make it hard for other people to just shut someone down, but that does not mean that you might not have to deal with people trying to do so anyways. People will feel that it is their duty to shut you up, and they will try to do anything they can to do so. A good social network will not allow that to happen, but you have to be ready for the attempts. There are no other gatekeepers in P2P social networking. You are your own gatekeeper.
What do we do?
I'll keep this short. Act now. It is too late to do anything when bad stuff starts happening to you. You need to be switching over your systems now. You need to be leaving traditional media now. Everyone has been putting things off when it comes to securing their systems, but it is too late to worry about security once you have had a breach. It is too late to worry about censorship once they start censoring you. Get out now.
The current systems need time to build themselves up and prepare for the influx of new users. They have to have time to continue to mature. You must start using them, getting used to them, becoming familiar with them and helping to see them improve through funding and use. Only then can we hope to be ready for anything in the future. If you wait, then the systems won't be ready, and you'll be left without any good options, without the mindset and preparedness necessary to seamlessly transition.
What are the options that exist right now that we can begin using and moving forward? There are quite a few projects that are trying to solve these problems, and many of them are pretty good. I'm focusing on providing a desirable solution for the following needs:
- Secure Email/Messaging a la Facebook Messaging or WhatsApp
- Instagram/Twitter Replacement
- Facebook style social interaction
- Blogging/News Sites
- Video Chat and Instant Messaging
Right now, the two best technologies for this are probably a combination of Scuttlebutt and Tox. You can see examples of my Tox and Scuttlebutt ID’s in the title of this paper.
Tox is a P2P, decentralized, secure instant messaging protocol. The qTox application works as a good Skype replacement. It's easy to use, easy to install, and works for Voice, Video, Text, and File Sharing. It is a good way to replace WhatsApp, Skype, and Text Messaging. There are many different clients that you can use to talk with Tox right now. Unlike with centralized services, you get an “ID” that is generated on your computer when you launch Tox that you can send to your friends. It's like your “address.” They can then add you to their friends list and communicate with you.
Scuttlebutt (SSB) is a new protocol for social networking. It can replace Twitter, Email, Instagram, your Blog/News site, and a significant portion of your Facebook stuff right now. (Breath deep, it is going to be okay. Your friends and contacts will get used to your new address. Frankly, if your friends cannot handle your new address, are they really your friends?) It is designed to allow many different applications to be built on top of it. Right now, you can use Patchwork, which is a social media app built on top of Scuttlebutt, as well as applications designed for blogging, playing chess, and the like. It's one of the most polished P2P platforms at the moment.
Unlike Twitter, SSB allows you to post longer content. You can send messages out to the wide world the way you would with Instagram or Twitter, and you can share things like you would on your Facebook timeline. It also has secure by default messaging, which allows you to send secure emails to your friends.
The biggest current limitation with Scuttlebutt is that it only really works well on your computer at the moment. Work is being doing to get support for Mobile devices up and running, but that's still in its infancy. That should not stop you from getting started and getting to know the system, since Mobile Support is coming.
One other great feature of Scuttlebutt is that it is designed to be “append only.” This means that you cannot delete or edit anything once you post it. These days it is too easy for people to say something, and then decide to delete it afterwards. Instead, the design of Scuttlebutt is meant to encourage people to be more deliberate and thoughtful in what they say. What you say on the Internet is out there forever and the illusion that you can just edit or delete something and that it is gone is a bad one. Scuttlebutt is more honest and up front about this, encourage people to be more deliberate and thoughtful in what they say, since there is no way to change what you say afterwards.
So what are the next steps to take? Follow these specific directions to get set up and running on Tox and Scuttlebutt, and be a part of the new wave of social media that values freedom, privacy, and security.
Getting Connected on Scuttlebutt/Patchwork
Here’s how to get started with Patchwork and Scuttlebutt. Once you have gone through this process, you can learn more about Scuttlebutt and Patchwork at https://www.scuttlebutt.nz/ .
- Download and install Patchwork by visiting: http://dinosaur.is/patchwork-downloader/
- Launch Patchwork and configure your profile.
- Visit http://social.sacrideo.us and copy your Pub invitation.
- Click “Join Pub” in the Public tab of Patchwork and paste in your invitation. Click Redeem Invite to be connected to the broader “Scuttleverse.”
- Browse around, search, find your friends, and generally start getting used to the system.
- Copy your profile ID from your Profile page and add it to your Business Cards, Email signature, and social media profiles. My own ID looks like this, and yours will look similar: @snp/faEAB52u3OuZaOwZ7Dc6+GTDFNuMZb8X/sDe2T8=.ed25519 .
- Check out the #new-people and #patchwork-help channels where you can introduce yourself and ask questions about how to use Patchwork.
Getting Started with Tox
Getting started with Tox is pretty easy:
- Go to https://tox.chat/, read up on Tox, and download/install qTox to get started.
- Open qTox and create a profile. Pick a good password to encrypt your local data.
- After that, click on your profile name in qTox to edit your profile details and add an icon.
- In your profile details you will see your Tox ID. Clicking on it will let you copy it.
- Add your Tox ID to your business cards, email signature, and social media sites.
- Once you give your friends your Tox ID, they can add you to their own friends list and message you.
- My own Tox ID is: BFCECD4F76E88B4F18138AE4DF6BD52198E2C04A157DF1220FFBFF8334E2D673BF0BCB6CCDE2
After you have installed and configured qTox and Patchwork, be sure to start encouraging all your friends to start using it! Feel free to send me a message on Patchwork if you have having trouble. You’ll find me as @arcfide in Scuttlebutt, and my full ID is listed above. It is important that you start using SSB/Tox for your daily activity and that you start encouraging everyone to contact you through these methods instead of using traditional media. Only by using the system and talking to the developers about what works and doesn’t work (such as on the #patchwork and #scuttlebutt channels) can we improve these systems and make sure that they replace traditional social media.