They don't act in good faith. It's not some "hard technical problem" to solve. They simply benefit from market dominance and don't need to do better. I'm sick of worrying that an opaque, Kafkaesque bureaucracy will take my entire online life away every time I take any action
Enter Friend Clouds
I saw a user on Twitter mention the term "Friend Cloud" and link to some software that can help people take control of their own personal social network. I don't know how widespread this term is so far, but the suggestion certainly got me thinking.
I don't want millions of Twitter followers anyway, so I'd be onboard with a small cloud where I can talk to just dozens or hundreds, with some secondary federation letting the broader world see my content.
Primarily, I want to own my own content. I don't want to be moderated by algorithms, and I don't want to be pidgeon-holed into one-size-fits-all speech rules. I started this blog as one reaction to my exhaustion with monolithic social media. I want to own these posts, even if that means shouldering the burden of keeping them online.
It should fill the Facebook and Twitter niches, and maybe Instagram. Not so much Youtube or video platforms; that too quickly blows up storage and bandwidth.
Text posts (short and long), pictures, videos, private messages, likes, re-shares, privacy control.
Private content should be private even from the administrator. This is a key point that's a no-go for me on Mastodon. I trust small-time administrators very little but for somewhat different reasons than I trust large corps.
If the friction isn't low then it's dead in the water. The friction of signing up for end users, getting a node running for administrators, paying for it (if it all), finding their friends, wasting their time doomscrolling on it, navigating the basic interface, and on... these are are places where sources of friction can be introduced. Users don't care what your problem is. It needs to just work and they blame you if it doesn't.
Even just understanding what it is is a source of friction. The open source world does terribly about this. The Linux community is a great example of what not to do. *nix advocaes even take pride in this friction. Any time you think of asking any question you just expect
Nix Neckbeards are a hostile, self-righteous, own-foot-shooting community.
You shouldn't need to drink the Kool-aid to make an account. You shouldn't need to learn a world of new concepts, and the messaging should try to smooth them over as much as possible.
Disaspora has a whole page explaining "aspects". They're just lists. They should use the same language as Facebook, and they shouldn't be a whole page. Users expect them now. Just put a little blurb on the homepage that verifies they're there. Just show them as one infbox in one of those Bootstrap left-right-left-right list-of-infobox designs that's so popular these days.
Capitalize on as much user prior knowledge as possible. Make it familiar. Reduce the congitive load; the general public has a very small tolerance for it. High cognitive load causes people to self-select out of using your system. You're left with only certain types of people in your userbase.
Diatribes about privacy and social justice will cause further self-selection out of your pool. Users just want to sign up and do the thing like any other service. They just want to know that they can post statues, images, and videos with ease, preferably for free, control who sees them and who their friends are, and maybe they also want to get discovered by strangers.
Mastodon has friction right out of the gate. You have to choose a community, then you have to choose an app to use, have to understand the "fediverse", etc. This is already drives large swaths of the general public away from the very idea. They just want to Do The Thing. They want to go to the site and use the app. Having a choice of other apps, like you do with Twitter, is nice for some power-users who care about that, but the majority want to download the app and get going
Diaspora wants you to learn about
Setting up a server is too high of an ask for a member of the general public. This is a difficult hurdle to overcome unless you do some peer-to-peer thing in each user's app, which is not my vision here.
Ironically the best way to boostrap this community would be hosting it for the early users, which is centralization. Pay a small fee per month and we'll run the shard for you and your small friend group (but dear god don't call it "shard" in the communication with end-users). By boostrapping the community, you'd see quicker uptake w.r.t. setting up independent servers, and maybe third-party one-click hosts would also spring up. However, this still leaves the difficult problem of how to get the technical bar even lower for people to truly self-host. I don't know the answer. I can imagine various ways to faciliate users, say, by providing server ISOs that they can slap on a VPS, but I still see this as a high bar. Even if you provide step-by-step instructions in the clearest terms, avoiding too much detail about what a VPS is (just "go here, register this, click that, trust me") it's still not nearly as low as I'd like the bar to be.
Trust No One
As mentioned, I dislike Mastodon because I'm giving my private communications to small-time administrators.
When it comes to state actors, it's even easier for a government to lean on than a big corp. A corp has a legal team that knows its rights re: court orders, but is untrusthworhy becaus its interests might not be aligned with protecting you. A small-time Joe Schmo has both problems: they don't know their rights, they don't have experience with this, and they'll probably sell you out when the slightest pressure is applied.
But that's something I'm less worried about. Joe Schmo likes to snoop. A huge corp may algorithmically sell you out with the "Big Data" treatment, but individuals probably won't single you out for individualized, manual, old-fashioned spying, stalking, and harassment (It can happen, though, and it did happen with Amazon: moderators sold favors to outsiders, agreeing to ban competitors for a kickback)
I want it all encrypted even so my closest friend wouldn't be able to see what I uploaded if they had direct access to the server.
I imagine a system of binary blobs, encrypted on the client, being sent away to the server.
- Only the friends with the keys can decrypt the blobs
- There can be keys for whole groups
- Public posts would be unencrypted, but still cryptographically signed for authenticity verification.
The administrator can also glean information from the mere fact that something was uploaded. I imagine sending decoy payloads at irregular intervals to throw a snooping administrator (or governmental actor) off the scent. But I can also imagine all kinds of problems with this. This is an area I need to research more into and see what good ideas are already out there. I don't know enough.
For example, even irregularly-uploaded decoy blobs would probably leave a telltale pattern. You could probably use statistics to segment them into real and decoy based on expected normal user behavior.
As mentioned, in my mind there should be an app. Users should be offered this app when they sign up. If they're more savvy, they can go find the other apps, or they can happen upon them later through word of mouth.
Disapora's website is absolutely fuck-ugly. It's a basic uncustomized Boostrap. It looks amateurish, and users absolutely have their perceptions colored by this.
Mastodon does a little better in the visuals department, but the web interface was really unpleasant to use; it felt clunky and cluttered. At the time I first used it it was modeled after TweetDeck. No thanks. Never used that. If you're gonna be a Twitter clone I want a Twitter experience. I haven't been back.
The UI/UX experience needs to be as good as Facebook and Twitter. Users don't care what you don't have the resources. They expect it to just work. Make it work or else you fail. No sympathy for you.
The Price Problem
An absolutely huge hurdle is getting users to pay when Facebook and Twitter are "free". Their illusion of free-ness hurts potential open competitors. As the saying goes, "if you're not paying for it, you're the product". The price is in selling yourself out. Spying on you has a literal dollar value that can be attached.
It would be hard to get users to pay even $1/month for their local Friend Cloud; "Why should I pay anything when Facebook is free?"
The only answer to this is 1. get them to understand the price of "free" and 2. make it cheap to serve a large group of friends and friends-of-friends, so that one person is willing to front the $5-$10/mo cost for 20/50/100/200 or whatever the number may be
Moore's Law brings the price of CPU, memory, disk, and bandwidth all down all the time, and this is reflected in hosting prices. You can serve more-and-more users every year for less-and-less. But it's still hard to compete with "free"
More User Turn-offs
Master Passwords and Recovery
This article brings up the idea of using security questions and slow key-derivation to provide a trustless forgot-my-password system. It's noted that this is almost certainly not the case, but it got me thinking . Could this be used to store a backup of the master key without just becoming the weak link in the chain? Probably not, but it's interesting to think about.