Meet the open sorcerers who have vowed to make Facebook history
Checking in on how IMAP could help folk throw off Zuck's yoke
Once upon a time the internet ran on open protocols, and anyone could host servers that ran these protocols. Your first dial-up internet connection probably came with a bundle of tools for groups and chat. If you weren't happy with the service from your ISP you'd point the client at another. The internet was open and federated, with tons of innovation at the client end.
But the protocol developers went to sleep for 20 years. We haven't seen much infrastructure development since the crypto protocols in the mid-1990s. Naturally, people wanted to do what they've always done, groups and chat, and so along came Mark Zuckerberg to turn the open, federated web into a private plantation. And here we all are, complaining that Mark Zuckerberg has too much power and no competition.
Technically, what a Facebook or a Slack really does underneath the slick UI is trivially simple, and if it were 1995, we would think it absurd that any company could attempt to charge money for such a service. We'd laugh the effort out of existence. An RFC would surely pop up, and it would become a standard anyone could host.
Rafael Laguna, founder and CEO of Open Xchange, is not merely trying to wake open-source developers from their slumbers. He's investing heavily in putting the pieces in place so that social networking becomes a federated service based on open protocols once again. You'll be able to host a server, or an ISP will host a server, and data will be interoperable. Just like it always should have been.
We've covered Laguna's initiatives over the past couple of years – see Open Sorcerers: Can you rid us of Emperor Zuck? and How open source could KO the Silicon Valley chat silos. But with Facebook's reputation melting down before our eyes, we caught up with Laguna to see how progress is matching up to the ambition.
The cunning plan doesn't start with trying to knock Facebook off its perch directly. That has been tried before, most notoriously by Diaspora – without getting any traction. The OX plan is more subtle, and entails extending IMAP (b.1986) to create secure, authenticated group chat. This is the base camp for a final assault on Mt Zuckerberg.
"So much time is spent replicating old models that have no chance of success whatsoever," Laguna tells us. "We're creating this different playing field."
And it's a fairly plausible plan. OX develops Dovecot, the open-source IMAP server. Around half of the world's email comes from Google, Yahoo!, Apple and Microsoft, but the other half – with some 2.5-3 billion users – is IMAP, and about 75 per cent of this other half run Dovecot. Not many people apart from Zuckerberg can claim to serve over 2 billion users.
But various pieces need to be pushed into place (they don't just fall into place) to reach base camp. One thrust extends IMAP, turning it into a real-time chat client. This would entail email clients handling both, or chat clients simply adding it as a protocol.
"Thousands of people are trying to be the next Facebook today. Look at messenger apps; they're all trying to build the next silo, like Telegram and Signal. We'll be breaking up the 1:1 connection between the app and the service."
What Laguna hopes for is a great unbundling.
"We're putting out a global federated system based on open standards that will be deployed fairly rapidly. We've created a network of federated servers that can potentially reach 2 billion people. That encourages others to play".
The other thrust is creating a federated back-end for identity. The internet escaped the stable without an identity infrastructure, and today we use email addresses in most of our daily authentication handshakes. Outlined only in broad strokes at its launch last year, OX's plan leverages its role in PowerDNS, the open-source DNS software. The initiative is now called Id4Me, and uses a domain name as the identifier. Users can pick and choose who manages this.
"The social stuff revolves around identities connecting, it revolves around identity," Laguna says. Id4Me admits that it doesn't authenticate the user, but this can be added.
"There is no authentication of the user's identity, and his personal information is entirely self-declared, as it currently happens for most online registration systems. Also, users are free to have multiple identities (e.g. a personal one, a business one etc.). The standard may however be extended to support third-party validation of the user's personal information and thus provide stronger proof of the user's real world identity," according to Id4Me. You can see more technical details here (PDF).
Says Laguna: "The biggest problem moving off is they're leaving their network – that's very hard to do. But once we have a critical mass of backends supporting our stuff – and OX had to do it, as we have a 75 per cent footprint of IMAP servers – it becomes fairly straightforward to look up all your friends on FB and send them an email that says: "I'm moving here, let's connect there!"
Then it's up to web developers and client software developers to innovate on top of the infrastructure with pretty UIs. Laguna cites the example of Usenet clients.
"Those apps were not great, they were geeky. Then the shiny marketing types came by, and realised that a nice UX for lay people is really important – and I think they were right. So they invented their own protocols to do a Hotel California," he says. "The Hotel Californias have done a good job of providing a good UX – and the open-source community hasn't," he adds ruefully.
But won't spam be a problem? If Facebook hasn't played the spam card yet, it surely will: open systems succumb to the tragedy of the commons. Yet tolerating a Facebook, with its impact on privacy and its effect on the economy and culture, seems a high price to pay.
"For real-time extensions to IMAP, it's easy and straightforward. The real-time chat connection is only created when you reply. You and I would then have a real-time channel we own, until we break the connection."
But wouldn't we being deluged with spam connection requests?
"Most connection requests get filtered out before you see them. People will do that, but it's just spam. It seems like an ideal application for machine learning."
What about timescales for the plumbing to be deployed?
"I wish it were faster – it may take another year," he admits. "I will be devoting a significant chunk of my engineering capacity to it."
He thinks Slack may feel the heat before Facebook does, describing it as "another bloody silo that nobody needs."
Expect to hear much more this year as the community process gathers steam, he vows. ®
Sponsored: Becoming a Pragmatic Security Leader