No, I am not interested in joining your proprietary social network

I don’t care whether it’s ello or sgrouples or FriendFace or app.net or whatever, I am not joining another walled-in social network owned by a single organization. I already have enough of those.

I don’t care if it has a strong privacy policy, I don’t care if it has good security, I don’t care if it has no advertising, I don’t care if it will let you remain pseudonymous, I don’t care if the people who own it are really cool. All of those things are worthless if the site is controlled by a single organization, because they can all be changed on a whim.

Remember, Facebook used to be ad-free, somewhat closed, had no data mining, and didn’t force you to sign up with your real name. Then they decided they had to make money, and their only resource was a captive user base.

Twitter used to be ad-free with no data mining, and it used to be open so anyone could write clients for it. Then they decided they had to make money, and that meant making sure clients showed ads properly, and that meant locking out your favorite Twitter client and showing you posts that nobody had retweeted.

Go back even further into the past, and LiveJournal used to be run by a small team of people who were directly engaged with their user base. Then they sold out to a company who didn’t care, who sold out to a Russian company who were in it for the money.

Make no mistake, this cycle will repeat itself with ello and all the other closed-off single-provider social networks. Servers cost significant time and money to run — I know because I run some. Unless you have an eccentric millionaire or a trust fund to pay for the hosting, as the site grows, sooner or later someone’s going to decide that it needs to pay for itself. In fact, even if you have funding from an eccentric millionaire, you’re still reliant on their whims to keep the privacy and advertising policies you like.

Venture capitalists are not philanthropists. They didn’t lend ello half a million dollars so that it could be run on donations as a not-for-profit, no matter what the founder may say about having unconstrained choices. The fact that ello aren’t upfront about their funding is very telling.

So, what’s the alternative? One word: federation.

What we need are social networks which are open, like e-mail and the web; where anyone who wants to can set up their own server (or pay someone else to do it) and join the conversation via a system they control. We need social systems which are decentralized, rather than centralized and corporate. Systems where at a minimum, there are multiple independent organizations running servers, and you can migrate if you decide you don’t like the one you’re relying on.

There’s a system which is built that way. It also has no ads, doesn’t require that you provide your “real” name or specify your gender, doesn’t aggregate your data for sale to corporations, and doesn’t run ads. It has per-post privacy settings, so you can share just with the people you trust. You can post pictures and comments, discuss things with friends in discussion threads, and do most of the other stuff you do on Facebook or Twitter.

It’s called Diaspora. You may have heard of it. It was big for a while, but then people were disappointed with the initial code, and tragically one of the lead developers committed suicide.

Diaspora isn’t as pretty as other social networks. It doesn’t have signup pages making elaborate feel-good promises. It isn’t popular with celebrities. But it works, and you can sign up for it right now, and because it’s open source it isn’t going to be ripped away from you or turned into the next privacy-destroying corporate panopticon. Want to give it a try? Tutorials are available, you can pick from dozens of service providers, and my profile’s public.

So in summary: Please don’t waste time asking me to join another walled-off “social” network. If you find a decentralized system that’s better than Diaspora, I’m all for that, but no, I’m not interested in the next Facebook, Twitter or Google+.

Diaspora Screenshot
Creative Commons License Antonio Pardo via Compfight

BitTorrent Sync

Today Forbes has an article about how BitTorrent Sync is taking off. I’ve been using it since the beta was opened up, and I’m very impressed.

I run it on my phone. When I take a photo or record a movie, it sits in the DCIM folders (the name is part of the DCF standards for digital cameras). When the phone finds my home network, Sync automatically does a 1-way read-only sync of all the camera files to my Mac and my home server.

I run it on my tablet. When I have a PDF or other file I want to read later, I throw it in a folder on any of my computers. When I power on the tablet, it pulls all the new files across the network and I can tap to open whichever one I want to read next.

I run it on my laptops. When I find a cool new font while I’m working on web design, I toss it into the appropriate folder. When I go to my Mac after work, by the time I’ve logged in Sync will have transferred the data across.

The thing is, because it runs across my home network whenever possible, BitTorrent Sync is fast. Sure, SpiderOak is supposed to use LAN connections when possible, but it never seemed to work that way.

It also works over the public Internet. If I’m away from home and really need some file that didn’t have time to sync before I left, I can sync using free WiFi at a coffee shop, or tell BitTorrent Sync to use my wireless data plan to do the sync.

It’s also painless to set up. No accounts, no logging in, no extra passwords, no firewall changes, no servers to configure. Each sync folder has a 40-character secret which enables access to it, analogous to a URL. Copy that to the destination system(s) by whatever method you like and you’re done.

You can use these secrets to share files too. Set up a read-only sync folder, send the secret code to a friend via e-mail, they can paste it into their BitTorrent Sync and the folder will download via BitTorrent. Want to share 2GB video files with a collaborator? With BitTorrent Sync, you won’t pay to do so. Academics are using it to share terabytes of research data.

And the big point Forbes makes: It’s secure. All data which goes across the Internet is encrypted. There’s no cloud provider the NSA can force to disclose your data or keys without telling you.

Oh, and it’s free and works with NAS systems and headless servers. If you’re geeky enough you can run it on any random Linux VPS hosting plan and make your own DropBox alternative.

Got a computer you leave running at home? Then why pay DropBox $100 a year for a measly 100GB of on-the-go file access, when you can stick a 2TB hard drive in your computer for that price?

You might be worried about the battery implications of running a P2P client on your phone, right? Well, don’t be. At least on my phone, BitTorrent Sync uses less battery than “Cell standby”, i.e. remaining connected to the mobile network ready to receive a call.

In short, BitTorrent Sync is the best thing since rsync. It’s easily the best thing Bram Cohen and team have ever done. It has replaced my use of Google Drive, Box, and AeroFS. I still use SpiderOak, but increasingly just to keep an offsite encrypted backup of medical and tax records.

BitTorrent Sync is part of the bigger redecentralization movement, also known as the indie web movement, which seeks to break out of the walled gardens and move back towards the decentralized peer-to-peer system the Internet was designed to be. It’s also easier (on Windows, Mac and Android) and better than the centralized options, so give it a try if you value your freedom.

Another Google freakout

People are freaking out about a ‘new’ feature that lets people e-mail you from your Google+ profile, even if they don’t know your e-mail address.

Well, guess what? That feature has been in there for years. You can still read an article I wrote about the feature back in 2011. I’ve had it set to “Anyone can e-mail me” since before then, and I’ve received zero spam as a result. The only new feature is that Google+ contacts show up in Gmail’s autocomplete, and the preference is visible in Gmail as well as Google+.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the feature was “eerily similar to the Buzz fiasco, when Google tried to force Gmail users into Google’s social network service Buzz,” violating their privacy. […]

“The FTC needs to determine whether this change to Google’s business practices violates the consent order that resulted from the Buzz investigation,” Rotenberg said.

Rotenberg needs to try to keep informed about the social networks he pontificates about. There has been no change to business practices, all they’ve done is make a pre-existing Google+ feature visible inside Gmail.

But this does point out, once again, that Google’s unnecessarily heavy-handed attempts to force people to use Google+ have resulted in the public perception that (a) nobody uses Google+ and (b) every change Google makes is a new privacy violation or attempt to coerce us.

Fun fact most people don’t realize: Google+ has more people actively using it as a social network than Twitter does. Yes, that’s more ‘in-stream’ users, i.e. people actively choosing to load the Google+ post stream and read it.

And I say all that as someone who has resolved not to use Google+ much in 2014.

Your Google+ identity is now your business card

Google are apparently hellbent on making your Google+ profile be your publicly visible worldwide profile. With this goal in mind, starting in 2014 Android phones will be displaying your Google+ profile information as caller ID when they receive a call from you. Your Google+ user icon, name, and other information will show up for whoever you call.

Not worried yet? Well, consider that my work phone number is a VoIP system which forwards the call to my cell phone. It’s a very common arrangement at IBM, where so many people work remotely or are mobile. It’s probably the same at many other big companies, not to mention schools and other organizations.

So, let’s imagine a few scenarios here.

  • You’re a teacher. You call a parent, and on their screen they get that amusing profile photo of you drunk off your face at a party.

  • You call your bank to ask about a loan. After the call, the bank manager idly taps the Google+ profile that appeared on his phone, and up come all your postings about the fancy new car you just bought.

  • You call in sick at work. Your manager notices you checked in to a restaurant half an hour ago.

  • You are a realtor. You call back a client, and they see that amusing fake name you put on your Google+ profile, and decide not to answer a call from Mr I.P. Freely.

Yes, I think it’s safe to say that this new policy is a privacy disaster waiting to happen. And like with Facebook, you’re opted in by default, and have to explicitly opt out.

Sure, you could not associate a phone number with you Google account. But if you do that, you can’t use the SMS-based 2-factor authentication to keep your account safe from hackers. You also lose the genuinely useful caller ID functionality.

Yes, you can opt out. But again, you lose the caller ID. And let’s be honest, we know how this is going to work, from playing Facebook Privacy Whack-A-Mole: sooner or later Google will ‘accidentally’ reset your preference, or add some other feature that unexpectedly makes your Google+ profile show up places you weren’t aware of.

So in my view, the only reasonable option now is to treat your Google+ profile as the worldwide public business card that Google obviously wants to force it to be.

If you’re not a heavy Google+ user, the obvious option is to remove almost all your info, and use some other social network. But if you want to keep using Google+ for its discussions, sharing and other features, you’ll probably want to create some other profile with which to do so.

Now, you could just create a whole separate Google+ profile with a new Gmail address and so on. But that’s a pain in the butt, and I think there’s a better option: create a page for yourself. As business people say, you are a brand.

Pages have a number of advantages. You can have lots of them, you don’t need additional accounts in order to manage them, and you can call them anything — no requirement to use your legal name. The downside is that switching between your Page identity and your main identity—which I’m going to call your worldwide public profile—can get a bit confusing. So, make sure you set a distinct profile photo for your page and your world profile. You might even want to set up multiple identities in your browser, so you can have a window for each while you get it all set up. You could also use a completely different browser for the page.

The main downside of Pages is that right now, it seems that the list of people a Page follows is always considered public information by Google. Or at least, I can’t find the setting to make it private.

Tip: When using Google+, the fastest way to switch between your page and your worldwide public profile is the drop-down menu you get by clicking your profile photo at top right.

Now, you’ll probably want to transfer your friends and other circles from your worldwide public profile to your page. But there’s a catch. A lot of Google+ seems to filter out pages you own from your search results. For example, you can’t just share a circle with one of your own pages; by default, your own pages don’t show up. (Or at least, they don’t for me.)

However, there’s a workaround. Once you’ve created the page that you’re going to use for personal stuff on Google+ and switched to using Google+ as that page, i.e. “managing the page”, you can then find your worldwide public profile on G+ and add yourself to the page’s “Following” circle temporarily. Now go back to using G+ as yourself, and go to your circles and look at who has added you. You should be able to find your page in the list, and add it to your Following circle.

Now that you have a temporary two-way circle relationship between yourself and your page, you should find that you can share something, search for your page by name, and have it show up.

So, you can now open one of your circles, and share it with your page (and only your page). You can then switch to your page, look at your notifications, and see that you shared a circle. You can then click through to the post, open the shared circle, and add the members to a circle that belongs to your page.

Once you do this, you’ll quickly discover that Google have implemented a hard limit on the number of changes you can make to your circles each day. So you’ll probably have to move over one circle per day until you’re done. In fact, if you have a lot of friends, you’ll probably have to do them a few at a time, because the limit appears to be 50 changes per day. (Seriously, Google? Nobody has more than 50 friends they might want to add to a circle when setting up their account?)

Of course, this is all a colossal pain in the ass. Google could ameliorate the pain by providing some tools, but right now they don’t support moving circles from personal accounts to pages, and they removed the circle import/export tools that existed back in 2011.

So I expect that what will actually happen is that another batch of active users will be driven away from Google+, but the user numbers will go up because of the influx of placeholder accounts. So, a win for Google in misleading statistical terms, but a big loss for Google+ users.

It’s also pretty easy to say what Google should have done: They should have implemented a “caller ID” info box as part of your Google profile, and prompted you to update the defaults (or delete the info) next time you logged in. But that wouldn’t have forced everyone to use Google+, so I guess it wasn’t an allowed solution. Apparently forcing people who don’t want to use Google+ to sign up is a much more important goal than meeting the needs of people who do want to use Google+.

Google+ name policy: three seven fatuous arguments

Following the discussion of Google’s profile name policy, I see some ridiculous arguments crop up with tedious regularity.

“It’s to stop spam.”

Looking at my spam folder, it’s full of mail from spammers with autogenerated fake names that would pass Google’s smell test: “Denese Mozelle”, “Adrien Lavona”, “Mohammad Alitahir”, “Letisha Lorri”, “Kelli Thomas”, and so on. If you don’t understand how trivially easy it is to bulk generate plausible WASPy names for spamming Google+, ask any programmer. If all else fails, spammers are quite willing to hack and steal account credentials of legitimate accounts in order to spam social networks.

If you haven’t had fake profiles with plausible looking female names try to friend you on Twitter and Facebook so they can invite you to visit their sexy web sites, you can’t have been using those services much. Spammers will even set up networks of web sites to try and push their spam through. Thinking up a plausible e-mail won’t hold them back for more than a few seconds.

There’s also the problem that spammers need to get you to follow them, for their ongoing spam to be effective on Google Plus. Conclusion: The anti-spam argument is bogus. The policy does nothing to stop spam.

“It’s to stop trolls.”

Trolls too have no problem inventing plausible names. If you play online video games, you’ll quickly discover plenty of trolls and griefers, even on services where you have to have a credit card number to get access.

In addition, some of the most famous/infamous trolls have used their real names — ROGER DAVID CARASSO, Richard Sexton, Jason Fortuny, John Dvorak, and so on. (I should note that these examples aren’t all full-time trolls, and some of them have retired from trolling at this point.) Those are just a few examples where I know the names are real; there are endless examples of trolls with names that would pass the Google Plus “smell test”, but which I don’t know are real — Adrian Chen, David Thorne, Joel Johnson of Gizmodo, and so on.

And again, the trolls need to get you to follow them and respond to them. Conclusion: The anti-troll argument is bogus, there are plenty of trolls with real or real-sounding names.

What really discourages trolls and spammers is giving users the tools to block them permanently, and recommend similar blocking to friends.

“It’s to stop people from being rude.”

Facebook has the same policy regarding real names. Have you seen any lack of rudeness on Facebook? Every now and again a page will fill up with bile and death threats, and there are entire web sites dedicated to cataloging everyday Facebook rudeness.

There’s also scientific research on online disinhibition that suggests that people flame more when they know each other’s identities.

“It’s not a problem for me personally.”

“TV censorship isn’t a problem for me, I don’t watch TV.”

“E coli contamination of meat isn’t a problem for me, I’m a vegetarian.”

“Sexism isn’t a problem for me, I’m male.”

“Anti-semitism isn’t a problem for me, I’m not Jewish.”

“The unemployment rate isn’t a problem for me, I have a job.”

See how none of these statements contribute anything positive to discussion of the appropriate topics, and would tend to offend those for whom the issue is a problem?

Conclusion: It’s a good idea to pause and think before ever saying “It’s not a problem for me” when discussing any contentious issue. Maybe there’s a case where it actually contributes useful information to say it, but off the top of my head I can’t think of one.

There are plenty of legitimate real-world situations where someone has a valid reason for wishing to use a pseudonym online, or wishing to use a name that doesn’t fit Google’s restrictions of “firstname and lastname in that order”. Here are a few:

  • Women who are suffering stalking or harrassment online.
  • People who are from foreign countries where names are handled differently, such as Korea. (And even if you have a western-style name on your driver’s license, that doesn’t mean you want that used as your name in a social context.)
  • People who live somewhere where your real name is whatever you say it is, like the UK.

So that’s tens of millions of people right there. So just because you have no valid reason or excuse to use a name other than the one on your driver’s license, doesn’t even begin to mean that nobody else does.

“Well, don’t use it then.”

Like the “It’s not a problem for me” argument, this one adds nothing to the discussion.

“Fox news is biased? Don’t watch it then.”

“Driving while texting is dangerous? Don’t do it then.”

“Cigarette smoke causes cancer? So don’t go places that allow smoking.”

The policies set by Google and Facebook determine many details of our social interactions on the Internet. If Google were to decide to block your personal web site, you would effectively be invisible on the Internet, and saying “Well, people should use a different search engine then” wouldn’t be any help to you.

In addition, the mere existence of personal choice does not mean we should refrain from criticism of corporations and their products.

“It’s so people can find you.”

If most of your friends call you by your nickname in real life, and almost all your Internet contacts know you by your nickname, then that’s going to be the name people will use to search for you in Google+. People aren’t going to search for Stefani Germanotta.

Yet there are plenty of examples where Google have suspended people’s profiles and tried to force them to use a name hardly anyone knows them by, because the name someone is most commonly known by is not necessarily at all similar to their legal name.

“Just use your real name and there’s no problem.”

First of all, there are hundreds of millions of people around the world whose names do not obey the rules “must be written as firstname lastname in plain ASCII”.

Secondly, there are many people who are harmed by being forced to use a “real name”.

Thirdly, the rules presented by Google are ambiguous if the name you are most commonly known by is not your legal name. It’s quite possible in many countries to have credit cards and other everyday identification with names other than the name by which you are known to the government.