That’s not entirely true. I get the whole “portal” concept, which has been around for a while. Facebook, and the similar services such as MySpace, collect a bunch of things in one place and give users a consistent view of it and a single place to go to find it. You can plug in your “friends”, and have one place to go to communicate with them, share things with them, see what they’re up to, and so on.
And if all of my friends use the same social networking service, and I consider all of my friends to be equal to each other, it works.
Only, they don’t, and I don’t. And that’s the part I don’t get.
My IETF colleague Eliot Lear has just joined Facebook, and his initial comments echo some of what puzzles me about it.
First, I have to buy into their security model. Do I like the idea of using a single identity and authentication for everything? As I operate now, I use separate authentication for email, instant messaging, blogging, and photo sharing — though Google is making its own play at blending them, if one uses GMail, Google talk, Blogger, and Picasa. Is it better to keep them separate, or to tie them all together?
Conventional security wisdom dictates keeping them separate, so that if one is compromised they aren’t all, and that one doesn’t accidentally leak things from one to another — one logs on to what one needs, and not to the others. Only, do I — does the average Internet user — need that sort of separation? Probably not; probably, most users are served well by having a single login. In fact, it’s arguably better: less logging on means less opportunity for one’s password to be compromised.
Of course, Eliot wonders about the authentication mechanism and the use of passwords in the first place, preferring better mechanisms. I agree, but I have two comments:
- Facebook certainly isn’t the only problem here, nor the worst. Google’s services also use password logins exclusively. So do most banks and credit card companies. So does PayPal. So do most Internet vendors. We have a long way to go to fix this.
- There’s technology that’s been (and being) developed to allow cross-service collaboration without revealing login credentials across the services. It’s called OAuth, it’s currently in use by such as Google, Yahoo!, AOL, and MySpace, and it’s been brought to the IETF for standardization.
But that brings me to the question of authorization and access control. If something like OAuth allows me to use my login on one service to do something on another service, that starts to blur the boundaries even more. Again, it’s something that most Internet users won’t care about — something that will, in fact, be helpful to most users — but it makes it ever easier for someone to do “social engineering” to trick people into giving up personal information and giving access to personal and financial web sites.
Then, too, there’s the question of controlling access to the information I’m making available. Most access control on the Internet is too broad. I usually have but three choices: make things on “site X” private, make them public, or limit access to a specified list of users. I usually can’t give different access to one item from a site than to others. If I post two photos to Flickr, for example, I can’t limit access to them to different sets of users. These pages, on Blogger, are either all public... or all not.
Different sites, though, give different options, and by using different sites (and even multiple identities on some of the sites) I do have more options. Putting it all on a single social networking site seems to take much of that flexibility away.
And that’s something that some people, at least, care about, as we saw when Facebook tripped on its own feet with its “Beacon” feature (and here). Even among one’s friends, one has information that one is willing to share with some, but not with all. And many people turned out not to like it when Facebook unilaterally decided that it would start sharing something new with their “friends”.
Beyond the security model is the question of whether I have what I need already, with the services I use. Or, as Eliot puts it:
Why is Facebook even necessary? Isn’t this what we want the Internet to be in general? Why should this form of communication be limited to one site? For one, people are tired of spam on the Internet and so they are looking for an email replacement. Beyond that, having one’s own web server is a royal pain in the ass. But moreover, the comment I got more than once was that a blog is isolating. Why is that? What makes this blog isolating as compared to Facebook?
I certainly feel no need for it. I share what I’ve chosen to share, and I communicate as I choose to communicate. Isolating? Not at all: people can and do comment, as I comment on the blogs of others. Nothing isolating about that.
On the other hand, people who want to find me need to know where to look. Coming here and reading these pages doesn’t automatically get you my “tweets” (no, there are none; I’ll have another post about Twitter soon-ish), my email address, my IM identities, or my Flickr photos. Some of these are accessible from here if you look around (email and Flickr, for example), but it’s not automatic, not all in one place. And if you have dozens of friends like me, you don’t get all of us in one handy portal.
But what do Facebook users do when some of their friends are on MySpace, not Facebook? Or LiveJournal or Friendster? With many social networking sites around and no standardization, no bridges, no interconnection among them, it’s hard to be sure you can collect all your friends in one place. Maybe it works for a bunch of kids in the same school class, or folks in the same office or coffee klatsch. But it doesn’t work so well in the wild world of the Internet as a whole.
It also doesn’t work well when people have multiple roles and exist in different communities. I have some friends who use LiveJournal who don’t read these pages because they can’t get them in their LJ feed — which is how they read all their friends’ writings. Other colleagues and acquaintances tell me about MySpace, others talk of Facebook... since we’re not all on the same social sites, we don’t actually get everything in one place.
Worse, we can’t see everything even if we go look for it. If I want full access to what my Facebook friends want to share with me, I have to join Facebook. It is, of course, how each site differentiates itself: by getting as many members at it can. From that point of view, it’s arguably not in any of the social sites’ best interest to have standard linkage among them.
In the end, I think it’s a question of the way we’ve each gotten used to using the Internet and its tools. Certainly, whether I get it or not, users of the social networking services love them. And that’s probably the bottom line.