Web 3.0: Reclaiming Our Online Selves
Web 3.0: Reclaiming Our Online Selves
By Shay Rapaport
Everyone’s talking today about privacy. People are abandoning Facebook by the droves. Zuckerberg is hauled in to face the Senate. Google execs run away rather than answering questions on the subject. The EU has passed GDPR. Blockchain fanatics are trying to convince us that crypto will restore our control over the Internet any moment now. Don’t hold your breath.
It’s obvious to all of us that something very bad has happened to our privacy. It’s time to change direction. But do we even know what we are talking about when we argue about digital privacy?
The most common aspect of the discussion is the leaking -- some would say hemorrhaging -- of our private information to untrustworthy entities and to government agencies. That’s probably redundant to say. But it’s a hot topic: how do we keep our private data safe.
But ultimately this is a dull discussion: It can be sealed be saying our information should not leak or bleed. That whoever is storing my info needs damn well to take care of it, not abuse it, and get punished severely if they do.
The much more elusive and exciting topic touches on those truly new use-cases created by new technologies and service models. Questions there arise such as: to whom does certain types of private information really belong? who owns the space in which the personal data resides? which rights belong to which parties and in what proportion?
These questions are important, now more than ever, because ignoring them has summoned from the deep some corporate monsters who inhabit this space. They will try to plant their flag in this new realm, like explorers who claim to have discovered a new continent and believe it naturally belongs to them. And then proceed to suck it dry.
If we don’t discuss these issues, and work on solutions to them, we will one day in the not distant future likely awaken to discover that we are no longer full citizens of the digital lands we inhabit. Already our rights have badly eroded.
Let’s borrow a lesson from a world of communications that's older and more traditional than the internet: the world of telephony. Let’s imagine that we want to move from a telephone provider to another and our phone service provider were to inform us that we can’t move our number to a competitor. It’s quite clear that we would get angry and also understand immediately that our provider had broken the law and infringed on our rights. It hurts us because that number belongs to us, and only us, right?
Most of us remember that it wasn’t always like that. That number became ours in the moment that lawmakers decided that it belonged to us and not our telephone provider. Until lawmakers established as a right and a norm that numbers belong to their users, we not only didn’t know who owned them. Most of us didn’t even raise the question. We were inclined to think that the inability to move a telephone number between providers was some kind of “natural” technical limitation. A limit that once seemed natural turned into an unconscionable violation of our natural rights!
Here is a classic example of a monopoly’s power to establish arbitrary norms as seemingly immutable facts on the ground even before someone else even has the chance to think otherwise, let alone challenge it.
Now let’s follow this train of thought and imagine for a moment the following things:The cellular company forces us to use only its equipment and forbids us to bring a telephone from an outside source. In its device, the cellular company controls the signal of incoming messages from those whose calls we missed and drives us crazy with this signal.
Our provider gives us free voice mail, but when we listen to our messages, we are forced to hear ads. Most of the ads are short and relevant to what we are dealing with at the moment, so they don’t bother most people so much, unless they wonder how the phone company knows so much about what interests them most and one day decide we don’t want ads, and our cellular provider explains that if so, we will lose our voicemail. No voicemail without ads and without the computer AI listening to our conversations.
When we get mad, decide to discontinue and try another network, our provider reminds us that we must leave our phone number behind. Oh, and one more thing: we also need to leave all of our contacts behind. Of course, our personal information remains ours and we can get backups of our conversations, and even a list of our friends. But sorry: the telephone numbers, which identify our friends, stay with the provider and can’t be transferred.
Does that seem outrageous? It’s the situation today with most internet services we use. But it all seemed natural just a few years ago.
How did all this happen? As we all know, the internet was intended to be a global network, open and belonging to its users. The problem is the endless number of services, cloud apps, messaging services and Web 2.0 sites have turned us from a flat world to groups of groups of islands and continents, mostly ruled by giant corporations.
To explain this, l will again compare today’s internet with the phone networks of not long ago and also to email. Once, before we had profiles in sites and applications, each person had a telephone number and an email address to connect with the world. Both email and phone numbers operate according to universal open protocols. They are open because they don’t belong to any person or company and everyone can use them. They are universal because anyone who has a phone number or an email address can connect to anyone else on the network, regardless of the service provider each party uses.
These protocols define the identities on the networks (phone numbers and email addresses) and the transport of data between and among these identities. Phone networks and email survived and were never truly replaced because of their “network effects.” As the numbers of telephone users and email addresses grew, so increased the value of telephone services and email services. Users needed them to communicate with the people important to them. At a certain point the network effect often reached a critical tipping point with a power almost impossible to compete with. But phone networks became universal and open only after regulators stepped in and broke up the components of the network (infrastructure, services, devices, etc.) among smaller entities than the original giant monopolies that established them in the first place. The classic example, of course, was the 1982 breaking of AT&T into the “baby Bells.”
Emails and the internet, despite this, were planned from the start as ownerless open systems stripped of corporate power and operating according to the consensus of software engineers. Unlike telephony, which had a much slower evolution and continuous regulatory involvement, with the internet no one ever tried to “milk” customers on the right to users SMTP or TCP/IP protocols. Therefore few thought to complain that the two seized control of the network and became practically impossible to replace.
As noted, a network effect, once established, is very difficult to change or break. If someone proposes today, for example, telephony that work with a different protocol (let’s say alphabetical names instead of numbers) no one would use it before a critical mass of peers used it too, and no providers would use it if other providers did not. Facebook also enjoys this network effect so that even if someone were to develop a social network far more impressive, very few indeed would move to it before their friends move there first and maybe even then never move there at all. It’s the classic chicken-and-egg conundrum.
A new invention, which seeks to replace an existing network effect, must offer an alternative dramatically better than what it hopes to replace. Even then, the inventor needs to locate, engage and excite a specific group of people who need the improvement so badly that they -- these early adopters -- can create the inner cycle of a new network effect that can challenge the incumbent.
That is, for example, the reason that the leading providers of those oversized walkie-talkies in the ‘80’s turned out the first mobile phones in the 90’s. It was not just technological progress that brought on cellular mobile communications, but the will of customers to join an existing universal network that connected everyone they knew, with known digital identities: namely, their phone numbers.
The most significant open and universal protocol in the internet network till now was founded by Tim Berners-Lee three decades ago: the World Wide Web or, to be more exact, the the standards supporting the WWW: the HTTP protocol and the HTML language.
The idea of a global network of documents and sites connected by hyperlinks lifted the wings of imagination of entrepreneurs. They brought us the first Mosaic browser and after it Netscape. Then came an unending parade of sites and applications for every purpose under the sun: Craigslist, eBay, Wikipedia, Google, Netflix, and thousands of others, ever onward.
And here came the big rift: about a decade after the big breakthrough of WWW into the public consciousness, a new phenomenon began to gather momentum, called web 2.0 or "social media". Since no update was made of the protocols and standards that had already made up the global network, there was an fierce argument about the very nature of this phenomenon. Some referred to the term web 2.0 as a fad and an empty facade (including Sir Berners-Lee, the inventor of "Web 1.0"). Others enthusiastically wrote that it was a new kind of user-generated content sharing, interactive sites with dynamic content backed by a refreshing design spirit.
In my opinion, both have missed the essence of the phenomenon: the emergence of a new layer of identities and new network effects, on top of the layer of previous identities and network effects. Even more important, for our purposes: the new identities and connections between them were not open and universal, but closed and parochial, belonging to and defined by corporate entities.
Facebook is the most representative (and most successful) instance of Web 2.0. Facebook did not create a second generation of content nor a new design spirit. What it did is create, to a degree almost unimaginable, a second generation of digital identities. They were characterized in user profiles by real names and real photos, and a network of connections and content exchange among these identities. And here’s an interesting fact: Facebook succeeded to create such identities in unprecedented quantities, mostly because it made clever use of the previous generation of identities to expedite the building of its own identities. To subscribe to the network in its early days, you had to sign up with an e-mail address with an .edu extension verifying your affiliation with an institution of higher education in the United States.
In other words, the education institution verified your identity when you enrolled for studies and granted you this email address. Using it for registration on Facebook attests to your ownership of the address and therefore the fact that you are a student at a certain institution with complete certainty. Your student friends who connect to your profile and communicate with you openly are "character witnesses,” confirming that the name and picture in your profile are real and valuable. That is, there is a direct correspondence between them and your social persona in offline life, the identity of your 0.0 generation, if you wish. So, a photo (Gen 0.0 identity) plus email (Gen 1.0) plus your Facebook account with its public social connections among profiles equals a new network of reliable identities, Generation 2.0. This network of “real” profiles and mutually trusted connections are Facebook's greatest assets, not its technology or anything else it holds.
Social networks, text messaging and similar software made another intelligent use of previous generation identities: by allowing their users not only to register but also to invite their friends and contacts through phone numbers and emails, these new platforms built on established networks and network effects to spread faster than was previously possible in what is called a "viral effect." No network has developed as quickly as Facebook, Whatsapp, Instagram or even Israel’s ICQ, which really was the first to introduce the notion of viral conversion of e-mail addresses to instant messaging identities.
How does this story relate to our privacy? As I have said, Web 2.0 is not based on an open and free standard of identity and data communications. It is based on user accounts and internal communications which are possible only between these user accounts, sometimes only in a single domain or a single application. This closed model, in which identities and human contacts live in walled gardens, raises intriguing questions about the ownership of data and about the blurring of the boundaries between our identity and information and those platforms containing them. Here are some such questions:
Who owns my profile?
When I say a sentence like "I have a Facebook profile," the phrase "I have" refers to a very different type of ownership than most of the other things I have in the world. Usually, when I own something, at the end of the day I can get ahold of it. True, I can lend, sell, or transfer what is mine to a trustee or a friend, and then it will not really be in my possession, but in most cases these will be temporary arrangements, at the end of which my right is restored and the item returns to my custody. I am the one who can transfer the things which are "mine" from place to place, according to my will. But is this equally true of my identities on sites and social networks?
The short answer is no. My Facebook profile is valuable only when it is within Facebook, where it has validity and confers trusts through my social connections. If you want to "take" your profile, you will find that Facebook allows each user to receive his or her profile information in an orderly file that can be downloaded to your personal computer. The problem is that this file is not worth much. If you show the file to someone, all they can know for sure is that you have a file that looks a bit like a Facebook profile, which may or may not have been yours once.
One of the reasons for this is that Facebook does not digitally sign the file, which could attest to its authenticity and to the difference between an authentic profile and an invented one. For the sake of comparison, imagine that you would go to the passport office or the Department of Motor Vehicles and request that they issue you an identity card or driver’s license, but the clerk instead just printed a piece of copy paper with your picture, your name, and your identifying information, without even a stamp or signature. This is essentially what you get from Facebook and it’s about the same as if they would tell you that your profile is downloadable but valid only in Nablus or Kalamazoo.
Unfortunately, even the famous GDPR, which explicitly states that our profiles and identities on the internet indeed belong to us, does not include a clear requirement to transfer to our hands valid evidence of our online identity bearing witness to its credibility.\
I mention Facebook because it is such a prominent example and a convenient target, but the situation is similar or worse in any social network and any other site where you have a profile. Facebook is actually on the less dark side of the scale, since like Google, Twitter, and other giants, they allow you not just to download your profile data, but also to transfer parts of “your” information to third parties through an API. Seen from the other direction, any third party can obtain “your” information via the API. This includes all those sites and applications to which you can register via Facebook, Google etc. giving explicit permission to use your information. This is indeed very convenient and undoubtedly has made life much easier for us, the users, and the application developers.
The problem is that now Facebook also knows about all the apps I'm using. Furthermore, to a great extent, Facebook actually manages my relationship with them. Facebook can block an app, decide which data to provide, all according to its policy considerations. It is as if, to present my identity card to any organization, I would need to call that same government clerk who earlier refused to issue a proper ID to confirm my identity -- subject to her wishes and conditions. If you used to call Facebook, Google and the like "Big Brother," I suggest changing the nickname to "Daddy" since this kind of relationship is more like guardianship of a minor than mutually respectful fraternal relations.
Who owns my reputation?
While it is now possible to wonder, perhaps, what use I would like to make of my Facebook identity outside of Facebook, there are situations in which my profile has a clear economic value. In the LinkedIn network, for example, I have gained many colleagues' recommendations and certifications of my various professional abilities. In many cases, this profile is much more valuable than any CV that I would write myself and anything that I could testify about myself.
Can I remove my "profile" from LinkedIn and display it reliably outside the platform walls? Same answer: no way. Only if an employer subscribing to the platform can see my profile within it will she believe it. If I download and present it, the profile's value will be the same as the paper on which it is printed. If I have gained experience or recommendations on Upwork, Fiverr, or Uber, can I prove my experience or show my ratings outside of these platforms?
Again, the answer is no, no, no. Anyone can create a file that looks like a very desirable profile on one of these systems, but only the companies that run them can sign such a file in a way that confirms its validity and makes it reliable, transferable, and valuable. How many platforms do this? The answer is, to the best of my knowledge: not even one.
Who owns my relationships?
If I tell you that Amil is my friend on Facebook, it would make sense. On the other hand, if I say that Emily is my friend on Verizon, or that Amelia is my best friend in Gmail, it will sound absurd. Why? Because telephony and e-mail are open and universal standards, there is no need to specify the name of the service provider, which becomes almost meaningless in communication among people on these networks.
On the other hand, if I am your Facebook friend, our relationship takes place on Facebook only. It's very possible that I don’t have your phone number, your email, or your Twitter account. If my friend uses another social network, let's say the Russian VK, and not Facebook, I cannot communicate with her between the social networks. She will not share her thoughts and photos of my cats and I will not accept hers. If I bring up content that is more controversial than cat photos and Facebook decides to block my account, I can no longer make contact with my "Facebook friends".
If I close my Facebook account, as so many others did, but still want to stay in touch with my Facebook friends, I would first need to use the Facebook network itself to contact each member individually and ask for alternative digital address or ID, such as an email or phone number. On this subject, too, Facebook generously will give me a list of all my friends in a file, but how will this help me? What would I do with it? It’s not like a list of phone numbers, which I could copy to another device on another network and continue as if nothing had happened.
And if a new network were to be set up tomorrow, which wanted to allow me to communicate with my old Facebook friends, the list in my hands would be useless. The list that Facebook issues includes neither the Internet addresses (URL) of my friends’ profiles nor the ID number of each Facebook profile. We can safely assume that this is not accidental.
Facebook takes good care of its monopoly on the most important asset it owns: the identities and networks of connections between them -- its “social graph” -- the network effect it does not want any other network to replicate. In other words, Facebook will relinquish to us the information we exchanged within our relationships on its platform, provided that it keeps the relationship itself.
Who owns my priorities?
When we use emails and phones, we have relatively good controls over the urgency with which we receive messages. There are many methods to decide when we get a notification or a ring, when we silence them. (One of the few exceptions to this is the phone dialer on Apple devices, where a phone number and the client software that uses it are inextricably interconnected. Apple still doesn’t let us replace the dialer.) There is no reason why countless standards could not evolve to help us make decisions about incoming messages. You could get an alert, reply, auto-reply, snooze, mute, archive it so you could listen to it later, send it your appointment calendar, determine its nature by artificial intelligence or use a thousand colored "mute" buttons in different interfaces that various software companies offer to use with these open standards.
You cannot say the same thing about Facebook or Whatsapp or even Telegram that supposedly protects user privacy. Such applications and the shareholders behind them measure themselves according to one main index: the number of users and the average user time per day. They have a fixed interest in capturing our attention and they have a great way to do it: through our information, our social connections and, of course, by sending alerts and activating little red markers with the number of messages we have not read.
True, each of these applications gives us certain choices, such as Snooze, but it's not because they see the good of helping us manage our priorities. It’s because without these minimal options we would stop responding to the application altogether, ignore most messages, and maybe remove the app and move on to its competitor. But what if I want groups or channels of communication to be completely silent, like email: without notifications, without red marks for unread messages, but rather as something I can choose to read in my free time or archive for future use? This is one feature does not exist in today's messengers, and you can imagine many similar features that I would like but probably never will see.
By controlling the identities of Generation 2.0, the network of relationships between them, the information that passes among them and by linking all of these to a fixed and predefined user interface, these platforms seize control of our attention and manage our priorities. This is the "attention economy": when our attention is convertible into income and profit margins, it’s hardly surprising that attention deficit disorder and concentration problems have become a global sickness.
So, without even paying attention, our attention became a captive. Along with it, our digital identity, our social connections, our social and professional reputations, and our abilities to set our priorities in communication with others, all were locked up in magical, beautiful gardens surrounded by digital walls. In these lovely gardens, which in reality more closely resemble grain silos, we are neither the sovereign nor even citizens with the right to vote. Rather, we are serfs allowed only to vote with our feet by abandoning our containers, eluding our captors, leaving behind some of our valuable property as a fine for the offense of trying to be on our own again.
The protests against Facebook, the regulatory interventions, and the growing discourse on individual rights on the Internet are important and signify a trend. But for it not to be merely a passing fad, it is important that we be accurate. We must understand very well what is actually being taken from us, what we ask in return, and how, technically and legally, it will be possible to fulfill our requests. Our duty is to make the next evolutionary wave of the internet, Web 3.0, be characterized by openness, accessibility, and what engineers tend to call interoperability.
How do we do this? Here are some ideas.
A. Our information should be given to us in a manner and format to enable its easy transfer and reuse, so that it will be truly ours without the need for a "guardian". Personal information verified by a particular platform must be held for us and provided to us with its verification. For example, if I have gained a reputation as an excellent driver in Uber, this reputation is mine and I have a right to this profile, with my recommendations and my ratings at any given moment. This profile must be authenticated by Uber, whether it gives access to this information without preconditions through an API, or a file digitally signed by Uber. The same requirement should go for LinkedIn, Airbnb, your bank or your insurance company.
B. Instead of applications and platforms being the repositories and custodians of our profiles and identities, this information should be maintained by a body that I trust. If my information was held by a neutral third party, such as Dropbox, the app would effectively become a client of my information rather than its owner. I alone decide to whom I give access and when, not the app where, by chance, the information was created and collected.
An interesting example of the implementation of the previous two proposals can be seen in the digi.me system, which is one of the first swarms to implement this direction. Google, Facebook and others have announced a joint project that will allow for a simpler transition of profiles and information among various networks. That sounds promising, but the status of the project is unclear. One wonders why none of them have used far simpler tools to transfer authentical information, which is by digital signature.
C. Separation instead of bundling. One of the tools by which corporations preserve, impose and expand their power is by bundling. Microsoft was the first software company to make the great breakthrough in this business method and also the first to incur huge fines for doing it. Apple is now the global bundling champion, leaving every competitor behind. Only because she does it better and far more elegantly than anyone else is she forgiven and even loved for it.
Google became a search monopoly with a powerful algorithm, an accurate user experience, and by exploiting brilliantly the wisdom of the crowd to improve its services. Google always said that the difference between her and the "bad guys," by which she meant Microsoft, is that the competition is only a click away. That was so true that even Google itself panicked and rushed to seize control of the browser market and smartphone operating systems, to make their search services the default of everyone on the planet. They have yet to pay the price for that grab.
But there's also a less obvious bundling, one that happens all the time. That’s the one between our information and of platforms and user interfaces. Whether I work with my bank application, or order a taxi, write a post or read a message, I use the information that is mine but it’s packaged by force in the user interface of a corporation, and run by an algorithm of that corporation, along with its information, presentation, sharing options, notification, etc. The features and options can be better or worse but they are always limited.
Behind the scenes, the data, algorithms, and user interface are separate layers. It is time that this separation become accessible to users. We should be able to choose the interfaces and algorithms that display or manipulate our data. Each service should have an open API that allows the user (not just an authorized application) to access and manipulate data as much as he / she wants. Consistent data schemas need to be created, so that for both programmers and users, switching between platforms becomes smooth and simple. We have to create a situation where we stay with our suppliers because they created a beautiful and enjoyable playground for us, not because this playground is surrounded with a wall and guarded by a network effect and bundling, with a heavy penalty of leaving behind our valuable information and fragments of our identity should we try to leave.
D. Back to the Future. True, perhaps new technologies may allow new freedoms that are difficult to imagine now. Cloud services in the future may be different from and better than what we have been experienced so far. So many projects underway today include among their goals the development of new technologies that redefine the rules of the game on the Internet: what is yours and what is mine, what is private and what is public.
One of the more interesting efforts is led by none other than Tim Berners-Lee, the inventor of the Web, who makes no secret of his belief that something has gone wrong, deviating far from his original vision. His Solid project is all about enabling individuals to reclaim agency over their data from corporate giants, and he has a new initiative called Inrupt which supports this goal.
There is another possibility for saving the situation that may at first hearing sound even stranger: the possibility of a massive return to e-mail or phone-based identities by using a new generation of interoperable smart services running on these open networks, using universal standards and protocols.
The author is an entrepreneur and CEO of [email protected], a developer of Web 3.0 solutions to connect identities, communication channels and services within a new, unified, interoperable communication and collaboration power tools.