In a way, I'd like to propose breaking up Facebook into a SMTP-like service. And yes, I know the issue of spam needs to be engineered into it from the start or we will not ever get rid of it again.
The SMTP model was always highly decentralised - even more so in the past than it is today. Every IP system was ment to run Sendmail or something like it that would join in the global network of routing messages around the world. People were meant gather the messages from the "local drop" - hence protocols like POP and IMAP emerged later when Internet was misunderstood by the telco and mainframe crowd to mean big client-server systems. Usenet worked similarily only the destination addresses were "group names" and themselves replicated across the globe.
The current web by itself is extremely good at client-server content delivery but as Facebook & others have shown with their need to amass user data in huge centralized data centres, I think it's only a childhood stage in the progress to the adult p2p stage of the Internet.
We are actually pretty close to returning Internet back to its peer-to-peer roots because most end-user devices (primarily desktops but now also mobile phones) are always online. The only practical remaining obstacles are:
- Artificial sender/uploader bandwidth caps telcos maintain to squeeze more profits from high-end home users.
- Artifical platform limitations on the fastest growing segment of the Internet - the mobile phones (limitation on software development/licensing/blessings-by-appstore and on low-level API access like multitasking). Hopefully, this one will go away Really Soon Now with Android.
As it says on the label, peer-to-peer social networking must be exactly that - with each client participating equally. Possibly, like the situation is today, there would be big routing nodes equivalent to today's ISP-located e-mail (SMTP) servers.
I think the problem of user identity (which also touches on the problem of spam) can be solved by public key cryptography. Since social networks are a "friends only club", technically better described as a "white list", it is trivially easy to reject messages from senders for which you don't have/approve their public keys. Once public key crypto is present, the rest of the crypto stack also becomes trivial - secret communication can be guaranteed at the protocol level.
The general use-case is easy. Imagine having a Facebook-like application (hmmm, would it still be a "web app"? don't know, it doesn't have to be - but it isn't important - if it conforms to the same protocol as everyone else), which will a) store your messages locally, b) try to find others in your friend list who are online (and most civilized desktops todays are always online) and push the content there, or find a router that will do it for you and c) occasionally poll your friends for messages you might have missed. For the purpose of this discussion, a "message" is anything - a text message/status, a photo, a "like", etc.
The mobile phone use-case is a tiny bit more twisted because most of them are still not always online (which would require mostly using the option "c" in the above list, but so it is now with today's social networks).
The exact protocols used in all this are then mostly trivial to design, and can rely on infrastructure already present - the MIME types for message types for example (with new additions of course). Even a p2p overlay network over the HTTP web would work (though heavy on the POST/PUT side). For starts, dyndns-like services could be utilized until ISPs stop cycling client IP addresses and/or NAT gets replaced with IPv6.
I think it's technologically extremely doable right now.
#1 Re: On Facebook and (De)centralization
So, in essence, we could have specially formatted emails (with a specific header, for instance, just to facilitate filtering them from all the regular emails) which our "social networking software" would parse and display. Something would need to be done about spam, but that's about it... You would only add your friends' emails into a list (or multiple lists, for family, friends, coworkers, acquaintances etc.) and it's settled.
#2 Re: On Facebook and (De)centralization
Interesting thoughts, I've been thinking along these lines for some time now. I don't think p2p is the whole solution, as you note with possibly needing large routing nodes ie ISPs, but it is a part. You do get at the root of the problem with how much control is being given up to the application servers like Twitter, but the solution is likely to be a blend with even more ingredients than the worthy ones you note. :) The main idea is definitely decentralization, but not quite the equality between nodes that you suggest, as there's always going to be a difference in capability between a blade server and a smartphone. NAT and asymmetric upload links are definitely the obstacles right now, but I'm not sure they matter much as long as you don't insist on highly equal p2p clients. Overlaying on HTTP is a horrible idea, but you know that. ;) As for spam, the solution is simple: micropayments. :)
#3 Re: On Facebook and (De)centralization
@Jurica: I'd like to very much abandon the e-mail (SMTP) system as it currently is, but pick up good ideas from its design.
@sprewell: I'd also like to stay away from introducing (micro)payments in the whole process - I'm leaning more towards introducing "hard" identity into the system - thus public key crypto. Yes, I would sacrifice anonimity in order to lose spam and gain efficiency.
But I agree that maybe pure p2p isn't the immediately correct solution - this is why I'm always returning to SMTP. In it you have complete equality among mail servers/routers but the real end-points - the users - connect via "inferior" (in the sense of p2p-ness) protocols to interact with their mailboxes. One interesting thing here is the role that the DNS plays in todays e-mail routing (MX records), which enables it to treat routing to individual addresses as a practically solved problem.
#4 Re: On Facebook and (De)centralization
Ivan, I completely agree with you about abandoning SMTP while keeping its good ideas, exactly my thoughts. I'd like to have a central messaging client that stores all my mail, IMs, voice calls, and video calls together, with the routing to reach that client done in a decentralized way like with SMTP. I disagree about micropayments and sacrificing anonymity though. Micropayments are <i>the</i> solution for spam. Spam is essentially an economic hack, where a spammer sends out millions of emails knowing that only one or two of them will pay out, but because sending email is so cheap, it's still worth it. By applying a returnable micropayment bond, say 5 cents, to receive email from someone you don't know (you'd whitelist your friends and family), you completely kill the economics of spam. Coming up with technical solutions for an economic hack is an exercise in futility. I think crypto has a large role to play but more in preserving some level of anonymity, though perhaps not the total anonymity that some have aimed for in the past. Yes, that is exactly why pure p2p with <i>completely equal</i> nodes is not a good idea, because some nodes are just better than others and you have to take that into account, just like you note with SMTP/imap. As for DNS, I hate that such a badly-organized tech plays such a large role in the internet today. I'd much rather have some sort of address book/contact lookup scheme that doesn't require people to remember a completely new addressing format like name@address.domain and get rid of URLs altogether. :) They're already becoming outdated by AJAX websites that break the page->URL model anyway.
#5 Re: On Facebook and (De)centralization
These guys are trying to start something up that looks promising - distributed just like you're describing:
http://www.joindiaspora.com/
#6 Re: Diaspora
Seen it, it's too far away from me (not only in geographical sense) to do anything about it. Seems too much PR-ware so far and with too little meat on the bones. I don't have anything against it, though :)
#7 Re: On Facebook and (De)centralization
@sprewell: Something like DNS is still needed at least in the background. It would be extremely tedious to bootstrap a global p2p network without a few well known fixed nodes (fixed in terms of DNS name; IP addresses are too inconvenient for this - especially with IPv6).
Re micropayments: as a person who regularily has problems and annoyances when trying to do anything monetary on the international level because I live in a backwards little country which needs to be searched on the map with a microscope, I can reliably tell you that micropayments on this scale will start working only when the economy starts to become truly global, or else the system will not work outside the borders of 20-or so countries. In other words, it will happen when a Star Trek-like utopia becomes a reality :) For a confirmation of this, simply take a look at the list of countries where PayPal operates in a bidirectional way (send+receive money). In absence of this, technical solutions are the best we got.
#8 Re: On Facebook and (De)centralization
Ivan, that's not much of a need for DNS though, all you'd have to do is replace the fixed domains with some fixed IPs that bootstrap with further known nodes. I don't see why a few fixed domains is any better than a few fixed IPs, you're not going to change the IPs for those fixed domains that often anyway. As for micropayments, perhaps there are problems for international flows but certainly in-country payment works most everywhere. Given how mobile money is these days, I'm skeptical that international flows will be much of a problem either. I'm fine with technical solutions for spam for now, but it's an arms race until an economic solution is implemented, where spammers figure out the holes in Bayesian spam filters and simply repost captchas on porn sites, an ongoing and futile technical back and forth that can't be won.
#9 Re: On Facebook and (De)centralization
I find it a bit intresting that one of the more commented posts on your blog is something not directly connected to FreeBSD.
Micropayments might be a may to go, but as Ivan has said, you don't have to stray that far away from from the big countries for it to be a pain (at best). For example, just look at google; they havn't evee opened the paying Android Market yet but for a small number of big countries.