Inside-Out Social Networking

My recent tirade against the ubiquitous social networking site Facebook (it is the tenth most popular website in the world) focused on the incessant and irritating way the site forces you to open a browser and log in simply to read an email from their system.

In fact, it’s the deeper issue that concerns me. I really dislike the way Facebook has attempted to reinvent everything I might find useful, and in most cases have already found a perfectly adequate solution elsewhere. Status updates? Twitter is fine. Notes? I have a blog thank you. Photos? I already pay for a Flickr Pro account. The list goes on.

Now, I can’t say all this and not recognise that, in fact, Facebook have done incredibly well. As I said earlier, it’s the 10th most popular website on the Internet. You don’t manage that by being rubbish! I suggest that their popularity is due to two things:

1. Facebook make it easy to start a blog, to add photos, collect your friends in one place, and all the other things you can do.

Twitter, and Flickr are fine, but they’re three separate systems from three companies with three logins and three URLs to remember. In their own ways they’re quite user friendly, but they don’t exist together and you need a certain degree of prior knowledge to know where to look for these services (or even to know that such services exist).

2. Facebook is a club. You’re either in it or you’re not. To be in the club (ie. a member) allows you to participate in events, social banter, see your friends’ photos (or photos of you), and a whole bunch of other things. If you’re not in the club you can’t play – bar a few small exceptions, all these things are excluded from you. If you want any real involvement you have to join.

That’s a clever combination of simple principles that make for a powerful and impressive growth. They’ve made themselves indispensable. From the viewpoint of a business trying to increase its membership, this is a wonderful combination and clearly works well for them. The problem is, it comes at the expense of flexibility. What if you don’t like their mail system, if you already have a blog or a photo album elsewhere? Sure, there are applications that offer some compromise, but they’re all still ultimately bound by the rules of Facebook, and are limited to the application’s functionality which may fall far short of what you expect or need. In any case,why reinvent the wheel?

So the real losers are the ones who have already established themselves on the ‘net in some way. They have a Flickr account, or are happy with their existing email thankyouverymuch.

Incidentally, I use Facebook as example only. It may not be the most popular social networking site out there at the moment (according to Alexa, Myspace and Orkut are higher), but it certainly seems to be the hottest social network at the moment. That said, the analysis equally applies to other social networking sites: Myspace, Friendster, Orkut, and myriad others, as well as the wider picture: any site that makes use of personal information in one way or another could potentially be included here.

With all this in mind, I’ve been wondering about solutions. I’m still very much personally developing these ideas, but this feels like the right time to throw some thoughts out into the public for further discussion and to start testing ideas.

I wonder whether the solution comes from an inside-out approach to social networking. Take the user out of the network and create them as their own entity, on their own website. Then, invite the networking tools to connect to the user.

Here’s a better example: I have a personal website – it’s From here I have a short blurb about myself, a CV, contact information, a link to my blog and a link to my Flickr photos. Every time I sign up for a social networking site, I’m probably going to take each of those bits of information (or parts of them) and add them to each site. What if I could just tell Facebook or LinkedIn, “here, use this URL. Everything about me’s on there”? They use the URL to pick up my details and go from there.

Whenever I change my details, add a photo or blog post, the networking site pulls the update and refreshes its own database accordingly.

For a computer to interpret this data, it must be in a computer-readable form, and in many cases such forms exist. My blog can be retrieved through RSS or Atom, Twitter feeds come via RSS, Flickr photos also come via RSS. Contact details can be grabbed from a vCard. CV details via HR-XML. Friendship/relationship information by XFN or FOAF.

If I really wanted to run that incessant vampire application from Facebook I’m sure they could come up with an XML feed too.

The binding can come from <link> tags, or the <a rel=…> attribute. If needed, a separate file simply documenting the various types of data can be produced.

The social networking sites then simply pick and choose. LinkedIn would like my contact and CV information, but is probably not interested in my stream of photos. Facebook can take everything but the CV. Even sites with peripheral social networking interests can take part – why not have Flickr & Zooomr pick up my list of friends.

With such an architecture in place, the onus is then on service providers to ensure they provide adequate feeds for their services. The emphasis is on standards development, so all the services and networking sites can talk to one another. The byproduct is increased flexibility and choice for the user. Sounds very Web 2.0, doesn’t it!

There would be some important issues that need to be discussed.

How is security applied to this model?

Presumably information that the user publishes is deemed to be available for all and sundry, but many sites apply a security to certain information (e.g. a user’s mobile number might only be available to their friends).

I wonder whether encryption is the key here (pardon the pun): the published information is encrypted. When the user agrees, the decrypt key is sent to the participating social networking site (e.g. “I agree that users of Facebook, Orkut and Friendster who appear in my friends list may see my phone number”), which enforces the security model within its own environment.

Where is the user information hosted?

Not everybody has their own domain name with some personal information on it. Nor are too many people interested in (or capable of) adding a load of metadata to their site.

In this case I wonder what the parallels are (if any) with OpenID. This system is designed to be a decentralised single sign-on system. You pick a URL (e.g. which becomes your login for participating sites. The OpenID provider then affirms the identity of the user. The traditional username/password (beyond the OpenID provider itself) becomes redundant. It seems a natural extension to join the authentication system to user details – go to and get further information about them (bonus points if the social networking site also used OpenID to identify its users in the first place!)

Admittedly I don’t have too much experience with OpenID, and it attracts a lot of critical comments which will be the subject of continued debate I’m sure.

Failing an OpenID solution, what are the possibilities of having a personal hosted presence elsewhere, on a site purely designed to public this metadata (see below – business incentives).
What’s to stop spammers or identity theft?

If the information you care about is published in ‘public’ on your favourite social networking site, there would seem to be little difference.

What’s the (business) incentive for social networking sites? If you take away the user from the social networking site, what’s left?

Imagine Facebook in this alternative model. Your personal information is managed elsewhere – why would you still use Facebook? Well for one, it’s a very rich environment for running applications. Facebook makes it very easy (are dare I say it – fun) to interact with your friends. Its beauty is that it IS easy to use; to set up accounts, a blog, a photo album. Even if the data is stored elsewhere, Facebook can keep its various applications – it simply publishes the data in a different way.

Let me put it another way. The true value of social networking sites – the bit that makes one better than another – is not so much about the data, it’s about how it USES the data.

Furthermore, why not make Facebook an OpenID (or at least an ‘identity’) provider. They’ve clearly got the tools to encourage people to publish information about themselves. is as good a place as any to be publishing this stuff. Then, if I prefer LinkedIn, I can still see Joe Bloggs’ profile and information – it’s exactly the same as if I saw it in Facebook, but the available options might be entirely different. That suits me, because I prefer LinkedIn. It also suits Joe Bloggs, because he’s quite happy managing his profile in Facebook and doesn’t have to recreate himself in LinkedIn.

So, ideas certainly abounds. I’m excited by the idea of a ‘system’ that offers openness at the fundamental data level, but also encourages innovative applications and services on top.

Perhaps I need to be brought down to earth – there might be some critical error in my expectations that prevents this entire system from getting off the ground. I don’t know, but what I am sure of is that in many cases the technology, the underlying standards and data representations are there, and in theory at least this has a lot of potential.

My next step is to attempt to consolidate all of this into a demonstration system, but I invite comments, thoughts and discussion below. If you have a view, please participate!