20 Nov 2011
Social networks are exclusive. Only my selected “friends” can see what I publish on Facebook. That would be great privacy feature, but there is a catch. All my information is stored in “the cloud,” and the masters of the cloud find and use my relations, my interest and my whereabouts. Right now, they mostly use it to tune the advertisements that appear on their pages, which is arguably benign. But the potential for abuse is there, and potentials have a way to turn into future realities. Secret polices, for example, will learn the lessons of the “Arab Spring” and find ways to access the information in the cloud.
Peer-to-peer networks have no master. Everybody is equal. There is no central repository. That should be a great privacy features, but peer-to-peer networks are not exclusive. Everybody can find what anyone else publishes on Bit Torrent. This is precisely what the agents of copyright holders do. They navigate the network, find which IP address publishes copies of protected work, and work from there to identify and sue the publisher. If copyright holders can do that, we can be assured that secret polices can do it too.
Could we combine the exclusivity of social networks and the decentralized nature of peer-to-peer networks? Suppose for example that we build a peer-to-peer service in which we would only establish connections with our close friends. Only my friends would see my IP address. There would be no central storage of my publications. It could easily be used to spread the messages of the next Arab spring if our friends redistribute them to their friends, much like we see jokes being e-mailed from friend to friend today. That would be really private.
Of course, there are engineering issues. We will need to identify our friends online without relying on a central server. We will need to discover our friends’ addresses before establishing the peer-to-peer connections without disclosing too much information. We will need some kind of relay to ensure that messages can be forwarded even if two friends are not online at the same time. We can probably to that with a combination of public key cryptography, distributed hash tables and peer-to-peer store-and-forward, much like PGP, Kademlia and Skype groups. This will not be a simple mash up, especially if we want to make it easy to use. But engineering challenges are fun!