Keeping users connected, market position, ad money flowing VS losing all that by taking a stand. For a business (a vehicle designed to make money), the decision is pretty much inevitable.
You might think Facebook cannot really lose their market position, but it is entirely possible that Vietnam could go the way of China (block non-nationalistic software) or who knows, maybe even use China's alternative to FB. So perhaps this path is still the lesser evil.
Issues like this bring another concern to mind. The problem of scale. Do you think that The Facebook (the earlier college-only version of FB) would have faced these problems? Senate hearings, civil rights violations, election tampering, etc. These kinds of problems only happen when the user base is sufficiently large. Since it is now connected to so many people across many different contexts, it can be wielded by anyone with influence or know-how for their own purposes, to potentially great impact. That includes terrorists, oppressive governments, or a random hacker who figures out how to scrape all your friends' info to spearfish them.
So the bigger question is, how could you design a technology that, when scaled, could not be used as a weapon? (By the way, this is the same question that critical infrastructure services face in large cities.) Frankly, I do not think it is possible. Technology is simply a tool. Whether it damages or repairs depends on who wields it. Instead, I believe a better course is to distribute and federate services. Not just technically (something tech companies already do for best service), but in ownership of operations. At least that way, there isn't a single entity in charge. A single entity that can be influenced or infiltrated. A single point of failure.
I didn't really delve into the details of distributed and federated. And we have already seen the cracks of existing implementations, but also the successes. For example, email. One email service can be compromised (some of them, perhaps easily) and its users data exposed or censored, but it is intractable to compromise EVERY email service on the internet. I agree that data remaining private even to the service provider is still mostly unsolved by email currently.
The article is actually quite interesting in that it proposes an approach which separates the data from the service. Users own their data and provide permission to services to use limited data for the service functionality. If the user decides to change services, they can withdrawn consent from the old one. It would even be possible to design a service that can't see the data itself but can still perform its services based on the data ("function shipping" architectural pattern as opposed to "data shipping"). I've been looking for this approach (user-owned data) to gain traction for a while. The most prominent effort I have seen is Tim Berners-Lee's Solid project. Seems still a ways off from being end-user viable.
There is less than zero incentive for existing services to adopt this and push it forward. It would be a breaking change to their entire business model. I think it is going to take a new generation of services designed for user-owned data in order for the internet to transition.
Personal observation: this service paradigm highly parallels functional programming where data and functions are separate and independently composable.
Also user-owned data still has potential privacy pitfalls in who is storing it. Solid for example has public services available or you can store it on your own machine (albeit with a process that is currently out of reach to average users). You still have to have trust in who is storing it, which could be misplaced. Public services can change ownership/leadership and therefore policies over time. If user-owned data became a really popular thing, even trusting your local machine could be a challenge. For example, how much do you really trust Windows 10 with your privacy now? Don't you think if user-owned data became popular, they would write code to look for it to add to their metrics?
the holy grail of security, computing over encrypted data, or more aptly defined in the literature as secure computation
an approach which separates the data from the service
this service paradigm highly parallels functional programming where data and functions are separate and independently composable
What I am afraid is that this may never be "end-user viable". Data and functions may be independently composable, but use cases are not. For example, Apple has weakened the file system abstraction in iOS in favor of each application for a use case, and people love it (I love it too). Another example is machine learning, where data is deeply participating in defining the function, with each still distinct for different use cases.
For functions to be independent, the data it operates on needs to be an abstraction. But we cannot understand abstractions by intuition. For example, Haskell has discovered Monad to an abstraction over iteration, side effect, non-determinism, and asynchronicity. But these use cases are so distinct, we still have to understand them separately on our way to understanding the abstraction.
I believe this perspective of use case is more useful, as in reality what's challenging Facebook is not Wordpress, Mastodon, or Micro.blog, but WhatsApp, Instagram, Snapchat, Podcasts, subscribed newsletters like Substack, game communities like Discord, and professional communities like LinkedIn, StackExchange, GitHub, and dev.to. I don't think normal people care much about the abstractions which can arise behind all these, such as the WebSub standard.
The solution, in my opinion, has to be laws. GDPR. It's how we have regulated banks for centuries, and how we can transfer money and contracts across systems of different agencies even countries. But that's also exactly what's forcing Facebook to censor in this case. Because that's what law is: law is politics. This is a political battle. We have to recognize that until the whole world is politically liberated, the Internet cannot be truly free with mere technological tricks.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Keeping users connected, market position, ad money flowing VS losing all that by taking a stand. For a business (a vehicle designed to make money), the decision is pretty much inevitable.
You might think Facebook cannot really lose their market position, but it is entirely possible that Vietnam could go the way of China (block non-nationalistic software) or who knows, maybe even use China's alternative to FB. So perhaps this path is still the lesser evil.
Issues like this bring another concern to mind. The problem of scale. Do you think that The Facebook (the earlier college-only version of FB) would have faced these problems? Senate hearings, civil rights violations, election tampering, etc. These kinds of problems only happen when the user base is sufficiently large. Since it is now connected to so many people across many different contexts, it can be wielded by anyone with influence or know-how for their own purposes, to potentially great impact. That includes terrorists, oppressive governments, or a random hacker who figures out how to scrape all your friends' info to spearfish them.
So the bigger question is, how could you design a technology that, when scaled, could not be used as a weapon? (By the way, this is the same question that critical infrastructure services face in large cities.) Frankly, I do not think it is possible. Technology is simply a tool. Whether it damages or repairs depends on who wields it. Instead, I believe a better course is to distribute and federate services. Not just technically (something tech companies already do for best service), but in ownership of operations. At least that way, there isn't a single entity in charge. A single entity that can be influenced or infiltrated. A single point of failure.
I agree mostly, but FYI, privacy wise, naive federation is the worst of all worlds.
Great article and I agree with it.
I didn't really delve into the details of distributed and federated. And we have already seen the cracks of existing implementations, but also the successes. For example, email. One email service can be compromised (some of them, perhaps easily) and its users data exposed or censored, but it is intractable to compromise EVERY email service on the internet. I agree that data remaining private even to the service provider is still mostly unsolved by email currently.
The article is actually quite interesting in that it proposes an approach which separates the data from the service. Users own their data and provide permission to services to use limited data for the service functionality. If the user decides to change services, they can withdrawn consent from the old one. It would even be possible to design a service that can't see the data itself but can still perform its services based on the data ("function shipping" architectural pattern as opposed to "data shipping"). I've been looking for this approach (user-owned data) to gain traction for a while. The most prominent effort I have seen is Tim Berners-Lee's Solid project. Seems still a ways off from being end-user viable.
There is less than zero incentive for existing services to adopt this and push it forward. It would be a breaking change to their entire business model. I think it is going to take a new generation of services designed for user-owned data in order for the internet to transition.
Personal observation: this service paradigm highly parallels functional programming where data and functions are separate and independently composable.
Also user-owned data still has potential privacy pitfalls in who is storing it. Solid for example has public services available or you can store it on your own machine (albeit with a process that is currently out of reach to average users). You still have to have trust in who is storing it, which could be misplaced. Public services can change ownership/leadership and therefore policies over time. If user-owned data became a really popular thing, even trusting your local machine could be a challenge. For example, how much do you really trust Windows 10 with your privacy now? Don't you think if user-owned data became popular, they would write code to look for it to add to their metrics?
Some level of trust will still be a factor.
FYI, and to quote Computing Over Encrypted Data
What I am afraid is that this may never be "end-user viable". Data and functions may be independently composable, but use cases are not. For example, Apple has weakened the file system abstraction in iOS in favor of each application for a use case, and people love it (I love it too). Another example is machine learning, where data is deeply participating in defining the function, with each still distinct for different use cases.
For functions to be independent, the data it operates on needs to be an abstraction. But we cannot understand abstractions by intuition. For example, Haskell has discovered Monad to an abstraction over iteration, side effect, non-determinism, and asynchronicity. But these use cases are so distinct, we still have to understand them separately on our way to understanding the abstraction.
I believe this perspective of use case is more useful, as in reality what's challenging Facebook is not Wordpress, Mastodon, or Micro.blog, but WhatsApp, Instagram, Snapchat, Podcasts, subscribed newsletters like Substack, game communities like Discord, and professional communities like LinkedIn, StackExchange, GitHub, and dev.to. I don't think normal people care much about the abstractions which can arise behind all these, such as the WebSub standard.
The solution, in my opinion, has to be laws. GDPR. It's how we have regulated banks for centuries, and how we can transfer money and contracts across systems of different agencies even countries. But that's also exactly what's forcing Facebook to censor in this case. Because that's what law is: law is politics. This is a political battle. We have to recognize that until the whole world is politically liberated, the Internet cannot be truly free with mere technological tricks.