As promised in Proposal: Relationship and Group Scoped Identities a lifetime ago, here’s a more generic idea about how to do the group/relationship (i.e. “social networking”) stuff in a SAFE way
Summary: For the average person, the SAFE network will be just another way to connect to others; they won’t care much about any of the radical benefits. In this already crazy competition, we’ll need radically superior social networking features to get past the tipping point. Luckily (for us), current social networking applications don’t follow the way we organize our real-life relationships. Addressing this weakness may attract a large enough segment of potential adopters.
I propose a particular solution (or a high-level draft thereof) that is closer to how we think about our relationships, but this post is really just an invitation for discussing how to model real-life social networks on the SAFE network.
The point is, there must be, from the beginning, a platform level solution for the social aspects of the SAFE network, so that:
- application developers can build on a secure and well designed framework to represent relationships and interactions between people
- we could presents users with established, well understood conventions when they interact with each other.
The framework would provide a higher level abstraction than the simple “user” concept of the core network, so projects like Project Decorum and others would not have to re-implement similar ideas again and again, usually in different ways, using similar (but different) metaphors, confusing users.
(some rambling; feel free to skip)
On the lowest level, the SAFE network enables storing and transmitting information privately and securely. In real life, however, people will see it is as just another way to send cat videos to their friends: it’s going to be a social network. How much do you stop to marvel about the message carried by that little the green badge next to https://www.youtube.com/user/PewDiePie in your address bar? Because that’s exactly how much the average person will think about all the hidden awesomeness of the SAFE network.
To get adopted, SAFE must provide a better social experience than Facebook. And that bar is freaking high.
Not everybody is happy with Facebook though. You don’t want your mom know about everything you do with your friends. You may want to share pictures from the concert with your friends, but what happened after the concert, only with those select few. Facebook gives you some tools, but they are an afterthought. We could do better.
So on to my particular idea. To start afresh, I tried to identify a few concepts that “conventional” social networking sites fail to represent, but human beings think of them as separate entities:
- login identity – e.g.: “me, sitting in front of my computer”
- social identity – e.g.: “me as the guy in the office” (linkedin), “just me” (facebook + twitter + instagram), “all my dark secrets” (tumblr), “cosplay” (another tumblr), “the aspiring writer” (nanowrimo)
- relationship – e.g.: “the sum of: my facebook, skype, and hangouts chat history with a certain friend, the stuff we shared with each other, the places we went together, and who knows what else”
(I looked into bitcoin’s BIP32 recently, and I realized my idea has a lot of similarities to it; I figured it may be useful to mention the corresponding hierarchical wallet things for those who know how they work.)
The above concepts would map to these on the SAFE social network:
- I log on to the Launcher with a login identity (LID)
- BIP32: it’s like your xprv key
- it’s the actual SAFE login, and nothing about it is disclosed
- (note: while an xpriv key is a private a key, your LID is really just a public key, so even disclosing it would not allow access to your SAFE account; this comparison isn’t about that)
- a LID can have child LIDs, so it’s a tree structured thing, down to an arbitrary depth
- my social identity (SID) is my visible “profile”
- BIP32: it’s like your xpub key; but you don’t have to share it, so not all LIDs have a public SID
- when I do something “social” (e.g. send a message, share a picture, etc) I do it in as a SID
- it can have all kinds of information about you, stuff that others can read about you and know you by
- I imagine communities, apps, etc would list these SIDs (profiles) in their directories
- a SID have no access to stuff outside of the LID it belongs to (i.e. I can’t share a photo stored on my otaku LID on my work profile; unless I’m an idiot and my work LID is a descendant of my otaku LID)
- they are displayed with a “theme” to avoid mixups on the user side (i.e. you don’t want to send that picture to your mom) – see Proposal: Themes
- there are proxy identities (XID) to link the more transient relationships to the more permanent SIDs
- BIP32: the addresses generated from an xprv or xpub key; just like bitcoin addresses, XIDs are also to be used only once
- related to Proposal: Relationship and Group Scoped Identities
-
relationships (REL) are two or more XIDs grouped together – BIP32: a bitcoin transaction
- all actual interactions are done in the context of a relationship
- a friendship is a special case with just two XIDs, but it’s not any different from a group
The rules:
- Relationships from child LID/SIDs are inherited by the parents, but never the other way around.
- Documents from parent LID/SIDs are inherited by the children, but never the other way around.
Now we can:
- incrementally restrict access as we create child accounts: we allow fewer and fewer people into it as the smaller the circles become, we share more and more with those circles;
- horizontally segment our life as we create additional accounts on the same level: we share a different set of data with people from different areas of our lives.
This of course requires support from the Launcher, because it needs to load the child accounts recursively. One doesn’t have to log on at the top level, by the way: I may feel safe to use my master LID on my triple-firewalled, manually compiled, hardened BSD box in my Faraday-cage basement (wearing a fashionable tinfoil hat), but I would only risk to log on to my “personal” LID (a descendent of the master LID) on my Android phone, because NSA and Martians.
I’ll add some scenarios about how I imagined this would work from a user’s point of view.
EDIT: I changed the abbreviation for proxy identities to XID because it’s cooler (and it doesn’t remind me of process ids all the time)