Wednesday, October 13, 2010

Open Source Social Networking

For quite some time now, I've been thinking about a social networking website alternative, where you, as a user, can keep control of what you submit : who can see it, what can be seen, and most important, if you delete it, that it is really gone (at least from the website you originally put it on, as one can not be sure that something that is published on the internet can be completely removed from it). But I got an insight on how it could be done. It's only a rough idea, with a lot of conceptual and practical things still to be sorted out :

A way to reach this goal is to use encryption. When encrypting a message for instance with OpenPGP, you use the public keys of the ones that should be able to decrypt the message. To do so, they use their own - private - key, which is of course private, and can only be used by the one who owns it. So this way, only the ones you intend to be able to read your message will be able to read it.
So, in case of this conceptual open source social networking website, every user has a PGP-key. If you want to submit something to this website, for instance your place of birth, you encrypt it, using the public keys of a selection of your friends and submit that encrypted chunk of data to the website, where it is stored in the database.
If one of your friends accesses your page on this social networking website, all the data, in encrypted form, is requested from the website and decrypted using the private key of that friend. The data that was encrypted with that persons public key, will be decrypted, while the rest will remain unreadable, thus showing only the data that you intended for that person.
If on a later moment, you decide you want to change the list of people that will be able to consult your place of birth, you simple encrypt the same data with different keys and replace it in the database.

The kind of data you can encrypt is of course not limited to short texts, but can also be a picture, a piece of video, a link to a website, a piece of you DNA, ...
The upside of storing an encrypted version of the data you share, makes it unreadable to anyone who doesn't have the right decryption key. So even if your data remains in the database of the website, it will only be readable for the persons it was originally intended for. It will even not be readable by the maintainers of the website, unless you include their public key when encrypting.

So, the bottom line is that YOU should be able to keep control over your data. Encrypting the data is one thing, somewhat trusting the software that makes it happen and of course also the ones hosting it all, is as important.
And here the Open Source model comes in. The software is freely available, so the way it works can be checked and improved by the Open Source community.
And because the software is freely available, anyone can set up a social networking website. So as a user, you can choose who to trust when you join a group.


Of course, this is all just an idea and a very general concept.

One final remark : in order for this to work, the whole encryption mechanism should be invisible for the end user. And the encryption should be handled client side, for obvious reasons, otherwise the data you intend to be limited available, might end up unencrypted on some kind of server.

No comments: