Software
We are looking for a good alternative to Faceboogle.
Please discuss different software solutions here.
Contents |
Requirements
- free and open source software
- good usability
- decentralised
- good privacy
- scalable (1% of Facebook = 8 million users)
- open innovation > open standards (= if the standards aren't good enough, the project should make a new one)
- something unique (that Facebook can't imitate easily)
There is an evaluation criteria list at https://pad.foebud.org/ecl
Discussion
- Do we want a decentralised and distributed network (no server, only client to client connections) rather than just a decentralised/federated network (various servers store the data of their clients and intercommunicate with federation protocols)? Both systems have their own set of problems.
<LynX> http://secushare.org/2011-FSW-Scalability-Paranoia gives some reasons why it is problematic to rely on servers for privacy. Also, having to set up a server (and pay for one!) is a bigger hurdle than just to install an app on your computer or device. Using somebody else's server for your private affairs isn't so nice either: even if it is your best friend, would you like her or him to be technically able to read into your conversations with other friends? The requirement "end to end encryption" actually means that you have to install some application on your device anyway – web browsers cannot implement end to end encryption without at least the installation of an extra add-on. So, if you are going to require everybody to install software, why not install something that does the whole thing and isn't dependent on servers? The downside of this is, we don't know of any reliably working peer-to-peer social network solution as yet, just works in progress, prototypes and old buggy attempts. So if we want something now instead of tomorrow, we must compromise. If we want something seriously good, possibly soon, we should consider helping it.
<deef> You can do end-to-end-cryptography in the browser using javascript. And if you want to build a solution that is somewhat mass-compatible that's the only way to go. People want to use their social network everywhere, from every internet-enabled computer, they don't want to bother installing software.
<lynX> Javascript crypto solutions are only useful in a limited way if the server is trustworthy. If the server has an interest in your data, it doesn't work out. So it's not such a big improvement from leaving the stuff on the server from the start. See also: Javascript Cryptography Considered Harmful. And why do people bother to install Skype even though they could be using web-based telephony offerings? Also, with smartphones all over, using somebody else's computer (highly unsafe anyway) as a usage pattern will lose in relevance. In the 80s it was normal to say can I use your phone while you're in somebody's house. Today you pick up your own cellphone in most cases.
- Should we require open standards? Protocol or API?
<LynX> The situation is such that most protocols used in various software aren't performing good and fast enough for all the people that would like to use it and all the data that people would like to exchange. That counts for XMPP and especially for OStatus. Therefore, what is already being proclaimed as an open standard is very nice, but doesn't work well enough. Many projects are spending time being standards compliant, while it doesn't actually do the job. On the other hand, all open source software, that somehow works, can be documented and become an open standard if it works. So, first the world needs an actually working distributed social solution, then we can make its protocol public and invite everyone to use it. Honestly I believe it's such a tough challenge, that we won't be having more than one or two implementations of the actual protocol (similar as it is with TLS/SSL). Most applications will simply be using those implementations as a library or application-programming interface and put their own stuff on top, so making an open standard API for social applications is more important than what actually crosses the wire.
Candidates
Here is a list of software projects, each with programming language, network protocol and general project condition:
Server-based (decentralized, federated)
| Name | Language | Protocol | State | Licence | Comments |
| 6d | PHP | HTTP-based | don't know | MIT | |
| ampify | several | don't know | don't know | Unlicence based on CC0 1.0 | |
| Appleseed | PHP | custom | don't know | GPL | |
| buddycloud | CoffeeScript | XMPP-based | prototypical | Apache License V2 | |
| diaspora | Ruby | XML/HTTP-based | usable | GNU-AGPL-3.0 | |
| DSNP | C & PHP | DSNP | prototypical | Permission to use, copy, modify... | |
| friendica | PHP | OStatus/HTTP-based | usable | Permission to use, copy, modify... | |
| GNU social | PHP | OStatus/HTTP-based | don't know | GNU-AGPL-3.0 | |
| Kune | Java+GWT (gadgets in JS/Python) | Wave Federation protocol and XMPP | usable | GNU Affero GPL v3 | Focused on real-time collaboration |
| lorea/elgg | PHP+MySQL | HTTP/XMPP/experiments with PSYC | popular | GNU-GPL-v2 | |
| MOVIM | PHP | XMPP-based | don't know | GNU Affero GPL v3 | |
| Noosfero | Ruby on Rails | don't know | don't know | GNU Affero GPL v3 | |
| OneSocialWeb | Java | XMPP-based | don't know | Apache License v2 | |
| Jappix | PHP, JS, | XMPP-based | usable | GNU Affero GPL v3 | decentralized, |
| ProjectDanube | Java | OStatus/HTTP-based | don't know | ?TBD license? | |
| SocialRiver vs BuddyPress | PHP | OStatus/HTTP-based | don't know | ? | For Wordpress, Back in action soon... |
| Social Igniter | PHP | OStatus/HTTP-based | don't know | MIT License, CodeIgniter License | |
| Social Stream | Ruby/Java | OStatus/HTTP-based | don't know | Permission to use, copy, modify... | |
| SocialZE | PHP | JSON/HTTP-based | prototypical | GPL v3 | |
| Socknet | Perl | XML/HTTP-based | don't know | ? | |
| status.net (identi.ca) | PHP | OStatus/HTTP-based | Popular | GNU Affero GPL v3 | mostly for twitter-like public updates, not so much for private communications |
Federated servers are a major privacy headache: Instead of having one company that can spy on you and sell your data you suddenly enable several companies or private parties to do so. Look at the criticism on the diaspora page, although it actually applies to all federated systems. That's why P2P systems are arising.
P2P/F2F-based (fully distributed)
| Name | Language | Protocol | State | Licence | Comments |
| freenet, | Java, | custom P2P with untraceability and WebOfTrust for spam-defense, | popular | ||
| Tahrir | Java | related to freenet | pre-prototypical | (by the inventor of freenet) | |
| Friend2Friend | PHP | XML over P2P | don't know | ||
| retroshare | Qt/C++ | custom P2P over TLS | popular | ||
| InterFace | Qt/C++, | libRetroShare | productive says the promoter | requires custom web-browser. | |
| Safebook | proprietary | has been sold to the MatchUpBox startup | |||
| secushare | C | PSYC/GNUnet-based | prototype in coming weeks | ||
| GNU Social P2P | Java & Ruby | PGP in XMPP/HTTP TLS with DynDNS dependency over Tor | pre-prototypical | AGPLv3 | |
| versionvega | Java | FreePastry P2P | don't know | ||
| Briar | Java | custom | pre-prototypical | ||
| Forest | Java | custom | pre-prototypical | AGPLv3 |
Unsorted
Please help sorting these out:
| Name | Language | Protocol | State | Licence | Comments |
| jitsi | Java | XMPP, SIP, ZRTP, and others | ? | LGPL | http://en.wikipedia.org/wiki/Jitsi |
| snapchat | ? | ? | ? | proprietary | http://en.wikipedia.org/wiki/Snapchat |
| bodycloud | ? | XMPP | ? | Apache? | http://buddycloud.com/ |
Web interface only
These projects currently provide no well-defined interserver networking. But they are otherwise very popular social networking engines and may provide for a great web-based user interface.
Not considered
FOAF+SSL, SMOB and other semantic web projects are technically quite interesting, but not really viable in practice: If you want to see what your friends have been up to, your web browser must log into each friend's feed using a client certificate. That's cumbersome. You need special software to have a combined feed.
Dyskinesia, psyced, PsycZilla etc are PSYC apps which would work over secushare. Saikound is a building block of secushare.
Thimbl is an art project, its requirements aren't suited for the general public. Many other projects such as Pangaia or Nodilus have all the right ideas, but no code or just 5 files of python.
Duuit! is refusing to publish its source code before 2014, so it is effectively yet another social walled garden.
More and more
New projects show up every day. Here are popular lists of projects:
- http://p2pfoundation.net/Distributed_Social_Network_Projects
- http://p2pfoundation.net/Category:P2P_Infrastructure
- https://gitorious.org/social/pages/ProjectComparison
- http://we-need-a-free-and-open-social-network.wikispaces.com/Distributed+Social+Network+Projects
- https://en.wikipedia.org/wiki/Distributed_social_network
As you can see the actual meanings of 'distributed' and 'decentralized' are frequently confused even by those who make such lists.