back to article Meet the open sorcerers who have vowed to make Facebook history

Once upon a time the internet ran on open protocols, and anyone could host servers that ran these protocols. Your first dial-up internet connection probably came with a bundle of tools for groups and chat. If you weren't happy with the service from your ISP you'd point the client at another. The internet was open and federated, …

  1. disgustedoftunbridgewells Silver badge

    Why IMAP and not XNMP?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why IMAP and not XNMP?

      Do you mean XMPP?

      Either way, my guess is that as there is already a massive number of IMAP servers already deployed anyway, that this extension can piggy-back off, you could be nearer to adoption than by getting more XMPP servers deployed.

      1. disgustedoftunbridgewells Silver badge

        Re: Why IMAP and not XNMP?

        XNMP - a mix of XMPP and SNMP ( yes, I meant XMPP )

        1. bobajob12
          Coat

          Re: Why IMAP and not XNMP?

          You can chat to your buddies, but only in ASN.1

          1. . 3

            Re: Why IMAP and not XNMP?

            There's already enough XMPP capacity in existence for billions of users (cf. ejabberd). However, there is no centrally stored message history so it's no Facebook replacement.

            Why stop at Faceache? An open protocol Ebay / Amazon must be a good decade overdue.

            1. Charles 9 Silver badge

              Re: Why IMAP and not XNMP?

              What eBay and Amazon provide cannot be decentralized. They succeed BY being middlemen: a moderator/facilitator in this case. They reduce the "caveat emptor" risks. Plus Amazon is itself a retailer: no middlemen in those cases.

              1. Anonymous Coward
                Anonymous Coward

                Re: Why IMAP and not XNMP?

                "What eBay and Amazon provide cannot be decentralized. They succeed BY being middlemen: a moderator/facilitator in this case. They reduce the "caveat emptor" risks. Plus Amazon is itself a retailer: no middlemen in those cases."

                I used Google to find stuff on Amazon, even though Amazon has a search function.

                Break down the functions. Product catalog management, reputation management, sales process mediation, escrow, insurance, payment handling, and other stuff. These functions can be provided a la carte. What Amazon and eBay do is bundle it for our convenience, which admittedly is a value provided as well. We like convenience, sometimes to our own detriment. It needn't be centralized, or i.e. monopolized. As protocols mature and interoperability advances, we can have a different world. I'm not betting on it, but I don't give up hope.

                1. JMcL

                  Re: Why IMAP and not XNMP?

                  "Break down the functions. Product catalog management, reputation management, sales process mediation, escrow, insurance, payment handling, and other stuff. These functions can be provided a la carte. What Amazon and eBay do is bundle it for our convenience, which admittedly is a value provided as well."

                  Amazon in fairness do add logistics into the mix, marketplace excluded, and we do all like the large discounts which that sort of scale affords.

          2. Anonymous Coward
            Anonymous Coward

            Re: Why IMAP and not XNMP?

            You can chat to your buddies, but only in ASN.1

            Given that ASN.1 can mean XML or JSON these days (the ITU standard is still updated). ASN.1 is quite cool and Web friendly.

            As it happens I'm using this feature of ASN.1 right now. I get JSON objects in through a Web API, and those get deserialised, validated, reserialised as XML and then uPER as they move throughout the system where bandwidth becomes scarce (uPER is handy for that). All the code to do this serialisation to multiple wire formats is generated automatically from a single ASN.1 schema, which is kinda cool.

            For my next trick I intend running the C code generated by one of the open source ASN.1 tools as a Web assembly. If that's not enough to cause widespread disgust throughout the developer community, I don't know what is...

            1. bobajob12

              Re: Why IMAP and not XNMP?

              That is very cool...didn't know that. I'm still recovering from programming ASN.1 for OSI protocol stacks in the early 90s. I had no idea they had kept up with the cool kids.

              1. Michael Wojcik Silver badge

                Re: Why IMAP and not XNMP?

                I had no idea they had kept up with the cool kids.

                While DER, and even more so BER, are abominations and largely responsible for the myriad problems of ASN.1 implementations, ASN.1 itself is still overengineered and excessive. It's the very antithesis of "cool", regardless of encoding.

                OIDs in ASN.1 structures are useful, inasmuch as they add a typing mechanism, but even they are poorly designed. Hierarchical namespace: great. Represented with integers assigned by a numbering authority rather than human-readable text: dumb.

                Aside from OIDs I'm having a hard time thinking of anything valuable ASN.1 brought to the table. It's not like it invented the idea of describing structured types using a CFG. We've had Backus-Naur Form since 1960, and as Wikipedia points out, the general idea is around 2500 years old.

      2. Anonymous Coward
        Anonymous Coward

        Re: Why IMAP and not XNMP?

        > as there is already a massive number of IMAP servers already deployed anyway, that this extension can piggy-back off, you could be nearer to adoption than by getting more XMPP servers deployed.

        Group messaging over IMAP is almost a completely new protocol (even *sending* of E-mail isn't normally done over IMAP). So why build completely new protocol, and servers, and clients, when there are existing XMPP servers and clients?

  2. Anne-Lise Pasch

    another bloody silo that nobody needs

    We're good at adding silos. I'm lumbered with Slack, Skype (and For Business) and MS Teams. Id really like it if they'd amalgamate underneath.

    1. bombastic bob Silver badge
      Unhappy

      Re: another bloody silo that nobody needs

      extending IMAP probably isn't the right way to do it, especially if existing private e-mail systems NOT running Dovecot suddenly become "incompatible" because of it.

      Any kind of central "real world identity" system is RIPE for abuse. Period.

      Spammers and scammers WANT to be able to connect a real-world identity with an online one, especially if you use multiple e-mail addresses, IRC handles, gamer IDs, or "any other presence". If they can't track you CENTRALLY, in order to monitor you for advertising (or other) purposes, they'll do it via the "real world identity" thing.

      Don't forget, Micro-shaft NOW has that "Micro-shaft Logon" which was first excreted in the early part of the 21st century as part of their "Dot Not Initiative" - aka "Micro-shaft Passport", which was a TOTAL flop even when compared to the whole "dot bomb" thing.

      maybe its time to divorce from the Faecebook way of doing things, and go back to something that doesn't track you or spam you with ads, like USENET and IRC.

      1. John G Imrie Silver badge

        Any kind of central "real world identity" system is RIPE for abuse. Period.

        I may have misunderstood, but wasn't the ID bit to piggyback of DNS, which is defiantly not a centralised system.

        1. Anonymous Coward
          Anonymous Coward

          Re: Any kind of central "real world identity" system is RIPE for abuse. Period.

          DNS is a hierarchical decentralized system. The worst of both worlds.

          Federated social networks are yet another compromise between central and decentralized. It's not a new idea, it's been tried and failed before (eg. XMPP). What's the incentive for big ISPs to maintain a complex decentralized infrastructure when their users are happy enough with their simple central silos? There is none.

          1. Anonymous Coward
            Anonymous Coward

            Re: Any kind of central "real world identity" system is RIPE for abuse. Period.

            "What's the incentive for big ISPs to maintain a complex decentralized infrastructure when their users are happy enough with their simple central silos? There is none."

            The answer is dead easy. Existence. As in existential class actions against such ISPs (in a broad sense), which are not only foreseeable but foreseen by certain devs (that also happen to be trial lawyers) quietly building the technical infrastructure to create and support properly pleaded "lawyer-less decentralized class actions".

            If you want to predict the future, it's hard. Until and unless you actively create that future. You don't even need funding or community "support" until you choose to deploy, that just slows everything down. It's so easy to do that Zuck did it with his dystopian present, so why not anyone?

          2. Door Handle
            Linux

            Re: Any kind of central "real world identity" system is RIPE for abuse. Period.

            You don't necessarily need any new infrstructure or any other form of co-operation from ISPs. Check out Delta Chat: https://delta.chat/en/

            This is an open source Android chat app built on top of the existing SMTP and IMAP protocols. Pretty compatible with E-mail clients and has end-to-end encryption, it can use your existing mail accounts / servers. Of course gmail works as well. You don't need anything apart from the Android app to start using it.

            1. Michael Wojcik Silver badge

              Re: Any kind of central "real world identity" system is RIPE for abuse. Period.

              You don't need anything apart from the Android app to start using it.

              Presumably you need at least one interlocutor.

              And therein, I think, lies the rub. I haven't produced any content on Facebook since shortly after I first signed up several years ago: not a post, not a status update, not a "like". I do, however, read it for at least a few minutes most days, because my extended family and friends post heavily, and I respect them enough to try to pay a bit of attention.

              None of them are using Delta Chat. None of them are likely to ever start using some new decentralized IMAP-based social media system. True, several use Twitter or Instagram or god knows what else; I ignore all of that because the Facebook skim is all I'm willing to invest in this, respect or no. But they started using those other non-Facebook social media services because there was pressure to, and that pressure was largely generated by marketing campaigns.1

              I've yet to see an open protocol with a real marketing campaign.

              To the vast majority of ordinary users, a new social media service is just what they see in the client app. And if that doesn't do something that they see as novel and valuable, they won't adopt it.

              1Typically "stealth" campaigns of the sort described by Holiday.

      2. Anonymous Coward
        Anonymous Coward

        Re: another bloody silo that nobody needs

        "maybe its time to divorce from the Faecebook way of doing things, and go back to something that doesn't track you or spam you with ads, like USENET and IRC."

        What's keeping you here? Usenet and IRC aren't dead yet.

      3. daealc
        Thumb Up

        Re: another bloody silo that nobody needs

        IRC will never die :)

      4. Anonymous Coward
        Anonymous Coward

        Re: another bloody silo that nobody needs

        extending IMAP probably isn't the right way to do it, especially if existing private e-mail systems NOT running Dovecot suddenly become "incompatible" because of it.

        Agreed

        Any kind of central "real world identity" system is RIPE for abuse. Period.

        What's being discussed is a non-centralised, federated identity system.

        Spammers and scammers WANT to be able to connect a real-world identity with an online one

        Why not actually read the id4me overview? You'll see that identity providers can provide a different unique ID to each online system ("relying party") which authenticates against it. Two cooperating services don't need to know that you are the same person.

        "Identity authorities can decide whether to provide the same identity handle to all the relying parties having access to a specific identity, or whether to provide a different identity handle to each relying party. "

        especially if you use multiple e-mail addresses, IRC handles, gamer IDs, or "any other presence". If they can't track you CENTRALLY, in order to monitor you for advertising (or other) purposes, they'll do it via the "real world identity" thing.

        It's not necessary to link an online identity to a real-world identity. In fact, id4me does not have any existing way to do so. Any personally identifying information you care to share via id4me is unverified and can be as fake as you like. Or you can create an identity with no information at all.

        Don't forget, Micro-shaft NOW has that "Micro-shaft Logon" which was first excreted in the early part of the 21st century as part of their "Dot Not Initiative" - aka "Micro-shaft Passport", which was a TOTAL flop even when compared to the whole "dot bomb" thing.

        Clearly you don't use Office365 or OneDrive; these authenticate off a Microsoft account. Wouldn't it be a bit mad to have a separate username and password for each Microsoft service?

        1. Charles 9 Silver badge

          Re: another bloody silo that nobody needs

          The point is that there is a financial incentive to de-anonymize the Internet's netizens. Meaning there will ALWAYS be someone out there trying to connect the dots, no matter how much effort you put into scattering chaff, much like a letter in the mail, the required information (addresses) alone are enough to start painting a picture. Frankly, if you want to stay anonymous, don't communicate. EVER. In fact, don't even step out into public streets (as you never know where a camera is hidden).

    2. small and stupid

      Re: another bloody silo that nobody needs

      No silos are great.

      You can have a separate identity in each and if it goes titsup at least the consequences are limited.

  3. MacroRodent Silver badge

    The hardware underneath

    The big thing Facebook, Google etc bring to the table is a huge network of maintained servers. We can dream up alternative social networks and software all we want, but it has to run somewhere, And that costs real money, and cannot be done as a hobby (at least not for long).

    1. DougS Silver badge

      Re: The hardware underneath

      A lot of people have unused bandwidth, CPU cycles and gigabytes of storage. Theoretically you could build some sort of massively redundant distributed system, though it would probably be easier to rent cloud resources from Microsoft or Amazon and ask for donations to fund a spying-free social networking alternative.

      1. Charles 9 Silver badge

        Re: The hardware underneath

        I don't think you CAN make it spying-free unless you roll it completely on your own. Otherwise, SOMEONE in the loop's gonna peek.

        1. veti Silver badge

          Re: The hardware underneath

          And by "roll it completely on your own", you mean "running your own software, on your own operating system, your own hardware, with chips designed, fabricated and soldered into place by you personally."

          Anything less is just posing.

          Ideally you should also be laying the fibre and installing connectors too, but that would be unreasonable. So long as there's no silicon within your server centre that's provided or manufactured by anyone else, that's probably good enough.

          Assuming you're perfect, of course.

          1. Anonymous Coward
            Anonymous Coward

            Re: The hardware underneath

            The roll-your-own movement is still alive and kicking as a direct result of governmental overreach. They are a solid part of the people I hang out with on the weekends. There already exist CPU's which have been verified as being per specifications, without additions. Operating system kernels formally verified. Each program as well. And so forth as we work up the stack. Note: Everything outside the device is considered insecure. There's some special theories about securing communications beyond the end point, considered an essential feature in the face of a determined attacker.

            There's also a solid group trying to figure out ways to operate in an environment where you can't trust any device or its components. That group is operating at a level that loses me. I really need to upgrade my maths to correspond to what they are practicing.

            Interesting problems and it's not like I have much else to do these days.

            1. Charles 9 Silver badge

              Re: The hardware underneath

              I frankly don't see how that problem can be solved. It's like the First Contact problem (Alice and Bob trying to prove themselves to each other without anything, even a Trent, in common between them). Basically, if you can't trust your environment, you can't trust your work in it, period. Meaning all the bad guys need to win is to install a perpetual paranoia.

      2. Anonymous Coward
        Anonymous Coward

        Re: The hardware underneath

        The major problem with trying to utilize unused bandwidth, CPU cycles, storage, ad nauseum are the cable, telecomms, and other ISP's themselves. Try running a server and see how far you get. As a matter of fact, I would really like a business internet connection via Comcast Business. They aren't even willing to try even though we have their all up service here. That's completely ignoring the asymmetric nature of normal services. That's the other reason I wanted a business connection here, it's symmetric. 1 TB on each of storage on several services doesn't do much good if you can't upload fast enough to do any good. Oh, and that's ignoring all sorts of free consumer accounts.

        If Dovecoat goes anywhere, I'm willing to find ways with or around our ISP. Hell, just host it on somebody else's server (Amazon, ....).

        1. DougS Silver badge

          Re: The hardware underneath

          The asymmetry is going away thanks to some breakthroughs in self interference cancellation earlier this decade. DOCSIS 3.1 has a full duplex mode that is standardized and will be deployed later this year at up to 5 Gbps symmetric by Comcast or Spectrum (can't remember) Terabit DSL is also symmetric - though it may never see the light of day in the US, since telcos have been unloading their copper to companies who are letting it rot while milking grannies who cling to their landlines.

      3. Michael Wojcik Silver badge

        Re: The hardware underneath

        Theoretically you could build some sort of massively redundant distributed system, though it would probably be easier to

        use Usenet.

        Hey, look, it's NNTP. An open protocol for a redundant distributed social-media system.

        I know. It'll never catch on again.

    2. Aitor 1

      Re: The hardware underneath

      I have had in the past forums, etc.

      You mostly have some extra power there.. and you would only need more power if you have more users. Then you should get more money in (donations, subscriptions, selling their personal data, ads, whatever).

    3. Michael Wojcik Silver badge

      Re: The hardware underneath

      The big thing Facebook, Google etc bring to the table is a huge network of maintained servers

      That's only part of it. Orlowski's "trivially simple" comment is, in fact, quite wrong. More is different.

      When you scale up a system to the kind of transaction rates that Facebook handles, you need quite a lot of non-trivial software. It's not just a question of throwing hardware at it. Even a very low failure rate1 turns into quite a lot of failures when multiplied by that load.

      Take a look at Realtime Data Processing at Facebook, say, or the SVE paper, or TAO.

      The big social-media players do quite a lot of software R&D. It is not trivial, nor simple.

      And yes, Dovecot may handle, in aggregate, the email of a couple of billion people. Email workloads are orders of magnitude smaller than social-media workloads.

      I'm perfectly happy to see people extending IMAP (though I've never been a fan of IMAP, particularly) or other open protocols. I've spent much of my professional career working with both open and proprietary data-comm protocols, and even the gnarliest open ones (IIOP, say, or if you want an IETF-blessed example, Telnet) are generally much nicer than the proprietary alternatives (ah, SNA, so many years you have claimed). But minimizing the technical challenges helps no one.

      1And the high tolerance for failure in social-media applications, which really don't care about consistency and reliability.

  4. Anonymous Coward
    Anonymous Coward

    It's a good idea but how do you monetise it? Do email providers start charging money or serving ads? How long till we're back at the same problem?

    1. Julz

      I already pay for my email service.

      1. Doctor Syntax Silver badge

        "I already pay for my email service."

        So do I, partially so I can hand out and delete unique email addresses but there are millions who won't.

        1. David 164 Bronze badge

          More like billions and billions of users is what the likes of facebook and google and yahoo operate at.

          The number of individual who actually pay for their own email service is in the low millions.

  5. highdiver_2000

    Why not XMPP? Unless you want to de throne Whatsapp, then good luck.

    Why Facebook messaging?

    The key is the content, good, bad, inane, horrible content. These drive the user interactions and messages. Be it individual posts or Group pages. But the article says it is not about content, so WTF?

  6. Doctor Syntax Silver badge

    The problem with this scheme is that so many users will go for the cheapest ISP and then "free" services such as FB which cash in by selling the users. If a bunch of ISPs stepped up and offered services with similar levels of traffic to FB etc their costs would go up and hence their prices unless they also sold their users. They wouldn't attract custom away from cheap ISP and "free" social network combination.

    1. teknopaul Bronze badge

      Hotmail, Gmail and Arsebook can all play ball and give away free to users that want their chats scanned, but those of us that don't and have a different email address can still chat.

      1. Doctor Syntax Silver badge

        "but those of us that don't and have a different email address can still chat"

        And continue to have no measurable difference on FB's viability.

  7. Anonymous Coward
    Anonymous Coward

    I'm looking for a Scottish croft that has no internet or mobile phone reception to save me from this anti-social madness.

    1. d3vy
      Joke

      From experience you dont need to be too remote... Pretty much anywhere north of Glasgow should meet your requirements :)

    2. Stuart Halliday

      Try Oban. Pretty much zero GSM.

      1. Anonymous Coward
        Anonymous Coward

        >Try Oban. Pretty much zero GSM.

        Ah wonderful Oban, you go there for the scuba diving and the great fish and chips by the harbour.

      2. d3vy

        "Try Oban. Pretty much zero GSM."

        Pah, you dont know you're born... I spent the late 90s on North Uist!

      3. JMcL

        "Try Oban. Pretty much zero GSM."

        Who needs GSM when you've got whisky

    3. Snar

      From our very own El Reg!

      This place was up for sale a few years ago - I wish I'd had the cash to buy it.....

      https://www.theregister.co.uk/2010/07/09/scottish_bunker/

  8. Anonymous Coward
    Anonymous Coward

    Please just don't care enough

    It's been pretty depressing watching the continual process of capture, we've drifted from decentralised protocols (NNTP/Usenet) to user-managed sites on hosting facilities (phpBB, geocities) to aggregators (e.g. slashdot, digg) to services (FB et al).

    Convenience has trumped maintaining control and big-media is subverting the peer-to-peer nature of the internet to producer-consumer relationship where they keep control.

    Once this little storm has blown over, expect to see full steam head towards more consolation of control, less power to the end-user..

    1. rh587 Bronze badge

      Re: Please just don't care enough

      Once this little storm has blown over, expect to see full steam head towards more consolation of control, less power to the end-user..

      Yes, I would suggest that what it actually needs is a truly user-friendly federated system.

      "Mastadon/Diaspora/<thing> in a box". Plenty of people have reasonably swift internet connections these days (50/20). You buy a box, plug it in, set up your identity and connect to your federated network(s) of choice, self-hosting your content. Storage isn't expensive - my total FB archive came to 300MB - mostly photos and videos (albeit I am not a heavy user). A £100 always-on box with a few gigs of storage would be more than sufficient for non-technical users. Let it grab updates automatically - no need to involve users in actually maintaining a Ruby environment or anything.

      The stumbling block has always been bandwidth. The actual demand on your individual content in a social network is unlikely to be terribly high.

      This would offload a goodly chunk of the bandwidth and storage costs for running a network.

      1. Graham Cobb

        Re: Please just don't care enough

        Mastadon/Diaspora/<thing> in a box

        That is part of the idea behind Freedombox.org. The harder part, though, is a good way to market it -- to get people to connect to you at sufficient levels that Facebook are forced to allow integration with other systems.

        The issue isn't really the protocols, it is achieving critical mass to make it necessary for the walled gardens to open up and interoperate.

        Maybe the current hassle facing Facebook will mean there could be actual political action this time to force them to open up the monopoly. Remind me, how much do the silicon valley monopolists contribute to political parties each year?

      2. Anonymous Coward
        Anonymous Coward

        Re: Please just don't care enough

        "Plenty of people have reasonably swift internet connections these days"

        It might work if everyone who wanted to join would need to run their own server, because...

        "The stumbling block has always been bandwidth. The actual demand on your individual content in a social network is unlikely to be terribly high."

        ... the real stumbling block has always been the bunch of coppers raiding your house in the wee hours because of some bullshit/threat/porn/hate that was published on your server or from your IP address.

        A distributed social network run by volunteers for free would still need to abide by the laws. Probably by the laws of every country where the content can be accessed from.

        1. rh587 Bronze badge

          Re: Please just don't care enough

          ... the real stumbling block has always been the bunch of coppers raiding your house in the wee hours because of some bullshit/threat/porn/hate that was published on your server or from your IP address.

          A distributed social network run by volunteers for free would still need to abide by the laws. Probably by the laws of every country where the content can be accessed from.

          That was rather my point. Your node only stores your content. You retain physical control over the storage.

          Of course a federated system that caches/stores/redistributes other people's content will run into those sorts of issues.

      3. Doctor Syntax Silver badge

        Re: Please just don't care enough

        "A £100 always-on box with a few gigs of storage would be more than sufficient for non-technical users."

        You're trying to sell £100 box to people who go for the cheapest ISP and "free" FB services?

        1. rh587 Bronze badge

          Re: Please just don't care enough

          You're trying to sell £100 box to people who go for the cheapest ISP and "free" FB services?

          But who then turn around and spend £30/mo on Sky TV, pay for an XBL subscription, think nothing of changing their £700 smartphone ever couple of years, drop £40 a time on the latest AAA game titles.

          It's about marketing and presentation.

          1. David 164 Bronze badge

            Re: Please just don't care enough

            They got content people want. However you face a classic chicken and egg problem, you won't get people to buy the box unless they know the content is there and the contents won't be there unless people buy the box.

            £100 quid is way to high, it can't be more than around 10 to 15 quid, it got to be a impulse purchase. You need partners big enough to be able to hand out thousands, tens of thousand for free to people so you are generating the content.

    2. David Nash Silver badge

      Re: Please just don't care enough

      "Convenience has trumped maintaining control"

      It always does and always will, because people are lazy, and just want something that "works".

      Edit: And free, of course.

  9. Mage Silver badge
    Facepalm

    half of the world's email comes from Google, Yahoo!, Apple and Microsoft

    Frightening if true.

    So part of "The Cloud" monoculture examined in the fantasy apocalypse story "No Silver Lining" by Ray McCarthy.

  10. PVecchi

    What has IMAP got to do with Facebook?

    Dear Andrew,

    I know that being a journalist is hard especially because lots of research should be done before writing stuff.

    IMAP played a good role in email servers and client for many years but we see that is anyway being replaced by Open Source implementation of MAPI and on the client side with ActiveSync as they are more efficient.

    I have no idea what relation there may be between a Facebook replacement and IMAP. Maybe Laguna has a new secret extension of IMAP in the making?

    While we wait to know more the rest of the world is using XMPP for chat using clients or implement distributed platform using ActivityPub or similar protocol to sync instances.

    Facebook alternatives are out there, Diaspora being one of them, and the fact that billions of users aren't using them is due to the fact that people got used to instant gratification, some call it convenience, given by the fact that they can sign up and give away their private data straight away without having the time or will to consider the implications.

    I'm all for an exam, lasting at least half an hour, where users have to read all the T&C of Public Cloud services, answer a questionnaire, digitally sign a waiver stating that their data can (will) be used for any profit making activity the Corporation can think of and only then allow access.

    The same should naturally be applied to all sites that use Google Analytics and related services.

    I bet after a while users and companies will find that is a lot more convenient to install their own chat or email server. The additional bonus is that we'll have more people that know what to do in IT instead of outsourcing everything to the so called "Cloud".

    1. Brewster's Angle Grinder Silver badge
      Trollface

      Re: What has IMAP got to do with Facebook?

      Ironically, the original email (as spec'd in RFC821) had the SEND command to send messages directly to an online user. (As well as SOML and SAML). We don't need no fancy IMAP enhancements; all we need to do is resurrect that. Job done.

  11. Awil Onmearse
    Headmaster

    Yolk? Seriously? I'm oeuffended!

    "Checking in on how IMAP could help folk throw off Zuck's yolk"

    1. Steve the Cynic

      Re: Yolk? Seriously? I'm oeuffended!

      Hey, if you want to make omelettes, you gotta break some eggs.

      1. Roj Blake Silver badge

        Re: Yolk? Seriously? I'm oeuffended!

        But how much will we all have to shell out for this?

    2. Captain Hogwash Silver badge

      Re: Yolk? Seriously? I'm oeuffended!

      So it wasn't proofread. Get ova it.

    3. Randy Hudson

      Re: Yolk? Seriously? I'm oeuffended!

      As one of my professors used to say, "If you haven't bothered to read it, why should I? "

      1. AndrueC Silver badge
        Joke

        Re: Yolk? Seriously? I'm oeuffended!

        Please, folks, stop egging them on.

  12. Anonymous Coward
    Anonymous Coward

    Uhm, pushing your own agenda much?

    "The OX plan is more subtle, and entails extending IMAP (b.1986) to create secure, authenticated group chat. "

    As others also stated: why IMAP? My theory? To enforce this whole idiocy onto people. Dovecot is a pretty popular e-mail server and this way you can more or less force this new "standard" onto users without them even realizing it. It'll be much easier to persuade people to use something new if it turns out that they already have it installed and don't need too much extra effort in comparison to trying to motivate people to install something new.

    Instead of changing existing current protocols and risk generating more gaps between services (do we really need multiple IMAP protocols?) why not try to come up with something new instead?

    Or better yet: try to elevate an already existing design and make that yours! That's what open source and open standards were made for, is it not? And there are dozens of projects which try to utilize chatting and communication services.

    Alas... I read about this before and as a result we removed Dovecot from all our servers and replaced it with Cyrus IMAPd. Despite its name it supports IMAP, POP3 (and the encrypted variants) as well as smpt and lmtp. The best feature, in my opinion, is that this project has no ambitions into creating the "next big Internet hit" but instead focus themselves on what they're good at and which really matters: providing one heck of a mail server!

    This may sound like a negative rant to you but if you look at Dovecot's history you will notice that it has "change because of change" written all over it. Take for instance the sudden configuration format change: from one easy to administrate config file (well documented and well segmented too) into the conf.d crap which it is now: dozens of different config file parts, and good luck to you in guessing the right file(s) and section(s) to edit! And why? How exactly enhances this my administrative experience? Wouldn't it have been enough to merely provide an include feature and (here's the big one:) let me decide if I want a one or multi -part config file instead of shoving it down my throat because you needed something "new"?

    Yes, I'm aware that I can revert back myself. That's not the point: because after every upgrade you'll be force to go over the multipart crapola again in order to check for changed and/or new parameters and options.

    And these are the people who now want even more shiny new stuff in the form of IMAP socialized media? Pardon me for not being a believer here ;)

    1. Frederic Bloggs

      Re: Uhm, pushing your own agenda much?

      IIRC the "conf.d crap" is actually "Debian conf.d crap" and there is absolutely no need to use it.

    2. teknopaul Bronze badge

      Re: Uhm, pushing your own agenda much?

      Personally I am way up for this.

      Pretty much always want chat with email and always want to separate work and play accounts. Happy to pay for the imap server (already have dovecot)

      Happy to build an app to access it it too.

      Faster I can take Facebook out of the loop the better.

  13. short

    providing a good UX - Facebook?!?

    I've got a facebook account (under a pseudonym, natch.)

    How in hell is that a good UX? Can't find things, can't dig back, can't organise. It's just a dumping ground. Photos get resampled, cropped and generally befouled. Videos likewise. Coments don't thread. Ads are poorly targeted bollocks if I disable blockers. Recommendations for 'you might like' are nonsensical babble.

    It just lived off investor cash until it got big enough to sell the emperor's new ads, and now it's reached critical mass.

    Horrible mess. But clearly successful. Does beating FB mean playing it at its own crazy game? Interoperating with it?

    1. This post has been deleted by its author

    2. matjaggard

      Re: providing a good UX - Facebook?!?

      Facebook used to be OK. I now go on it about once a month and only ever read things from people I have started. Their algorgithms are now so bad that I generally have zero interest in what is displayed to me.

      1. David 164 Bronze badge

        Re: providing a good UX - Facebook?!?

        Ironically I believe Facebook has gotten worse precisely because of all of the layers of privacy features they have added on top.

    3. Frank Bitterlich

      Re: providing a good UX - Facebook?!?

      How in hell is that a good UX? Can't find things, can't dig back, can't organise. It's just a dumping ground. Photos get resampled, cropped and generally befouled. Videos likewise. Coments don't thread. Ads are poorly targeted bollocks if I disable blockers. Recommendations for 'you might like' are nonsensical babble.

      All true. But, as scary as it may be, hardly any FB user cares about that. They typical Facebonker wants to just dump their stuff in there. They do not care about about an interface that gives them control - they want an "easy" one, and the less control they have over their stuff, the "easier" it appears.

      Ten or 20 years ago, many of those people would have operated their own blog or other website, but today FB to them looks like the same thing, but much easier. Heck, even businesses these day think that a FB page is equivalent to a prober website. I know a group of people who think their CMS is too complicated, so they post all news on FB instead. Don't have a Facebook account? Tough luck, customer.

      Does beating FB mean playing it at its own crazy game? Interoperating with it?

      If you want to make as much money as them, yes. You'll have to rip off your users, take sneak control away from them, and sell them out in any way you can.

      For another definition of success, e.g. making the 'net a better place, combining a good protocol with a good UI will probably do the trick. If it really works out well, people will adopt it and operate services on that platform. If they have enouph pull, users will eventually adopt it.

      There has never been a better time to pull this off than now.

  14. DougS Silver badge

    Google could kill WhatsApp in a stroke

    If they had ever got off their asses and built an iMessage like capability into Android's texting app. Were they getting paid off by the telcos or something? Regardless, SMS is no longer much of a revenue source for them so there's no reason Google couldn't do it now.

    Though knowing Google they've spent all this time overengineering something that tries to be all things for all people, they'll release it with great fanfare as a beta, then kill it two years later.

    1. Samuel Penn

      Re: Google could kill WhatsApp in a stroke

      They have Hangouts, which has done cross platform video and chat on phones and desktops for years now. It even used to be combined with their text messenger app at one point.

      Except they seem to want to replace it with Duo and Allo which don't work on desktops.

    2. Anonymous Coward
      Anonymous Coward

      Re: Google could kill WhatsApp in a stroke

      SMS is an awful protocol. Insecure by design and hub-and-spoke like most telecom stuff. Like SIP for voice.

      For real time communications XMPP would be the way to go, especially because it can do peer to peer. But it has some serious deficiencies starting with its reliance on XML, lack of QoS and an immature federation model. It also has the handicap of having been hyped by Google and then unceremoniously dumped when it didn't meet the needs of the walled garden du jure. There are still XMPP networks out there, but diminished in number and influence.

      IMAP is singularly unsuited to forking into an RTC protocol. Once again this idea makes the mistake of focusing on a product rather than services and protocols. MAPI, mentioned here in the comments, is even more unsuitable than IMAP.

      Using DNS as the basis for an IdM system isn't new, it is at the core of at least one solution for distributing free security certificates, but that's wisely not tied to a single DNS server product.

      Besides, since the beginnings of the modern Internet the herd has consistently chosen the corral over the open plains. That psychology isn't going to be overcome by a protocol, at least not anytime soon.

  15. Disk0
    Megaphone

    " moving off "

    I think the notion that people "Move Off" one network to fully commit to another, is rather simplistic.

    Like myself, most people I know ADD networks, apps, and sites to whatever they are already using, usually because it enables them to connect to more friends, content, or opportunities.

    So there is a whole screen on my phone dedicated to just that - connectivity and social apps, each with their own merit. Sure I could use another, or even several more, and if this other platform is compelling enough I will try to get my friends on board, but we will probably still keep using any current platform.

    Interestingly we do not have to move all our content as if we are moving house: because it is computer data, we can just copy over what we need.

    I don't get how the people presenting just about every single "new" platform do not seem to understand that we can use /Multiple/ platforms for the same or different goals.

    IMO it is a big mistake to suggest to people that they will have to abandon what they already have in order to use your new, unproven platform.

    Better to present your offering as an /addition/ that enables me to do other stuff, more interesting, private, slick, secure, easy or fast, or just different because I get bored and like to try something else.

    Stop trying to tell us what apps/platforms/sites/protocols to use. The successful players of the past and present have become so by offering things like (e.g.) great visual presentation, better options than telco messaging, or just not having to look at Tom.

  16. Anonymous Coward
    Anonymous Coward

    Give your labour for free...

    ...to build something open source, so that some shyster can build a billion dollar company off the back of someone else's effort.

    Not fucking likely.

  17. Terry 6 Silver badge

    Pure nonsense

    The point about Facebook is that it's ubiquitous. How it works is of no relevance. It's a big space that people use. And they are not bothered by how it works, at any level. But the fact that anyone can access it, and be seen by anyone they want ( or don't for that matter) is its sole purpose. Whether the general public will continue to value it enough to sell their souls to it is another question. But no local, small scale start-up will provide what the public want from it.

    1. Charles 9 Silver badge

      Re: Pure nonsense

      IOW, the only thing that'll beat a community as big as Facebook...is another community as big as Facebook. Trouble is, the sizes tend to enforce There Can Be Only One.

  18. NBCanuck

    Anonymous on Facebook

    It's interesting how people think that Facebook does not know who you are just because you don't give them your real name. Between your activity, the activity of your friends, the info you friends have on you (email and phone) Facebook is able to build out a pretty solid profile on you. Facebook knows who you are. They know who you are even if you don't use Facebook so not hard to connect you to an account, even if not under your own name.

    1. mark l 2 Silver badge

      Re: Anonymous on Facebook

      "It's interesting how people think that Facebook does not know who you are just because you don't give them your real name. Between your activity, the activity of your friends, the info you friends have on you (email and phone) Facebook is able to build out a pretty solid profile on you. Facebook knows who you are. They know who you are even if you don't use Facebook so not hard to connect you to an account, even if not under your own name."

      The only real way to connect to FB and stay anonymous is to use virtual machine on a dynamically assigned IP which you refresh before and after connecting or connect through a private proxy or VPN. Don't do any other surfing from that browser just for FB only. This is how the spammers and scammers do it to try and avoid their accounts getting flagged.

    2. Anonymous Coward
      Anonymous Coward

      Re: Anonymous on Facebook

      My kids created a Facebook id for our cat about 12 years ago. Said cat died about 10 years ago but still shows up as a friend of my wife. Facebook gathers a lot of connection data. Whether it knows how to make use of it is less clear.

      1. bazza Silver badge

        Re: Anonymous on Facebook

        My kids created a Facebook id for our cat about 12 years ago. Said cat died about 10 years ago but still shows up as a friend of my wife. Facebook gathers a lot of connection data. Whether it knows how to make use of it is less clear.

        Not sure it matters anymore. Advertisers are so in love with the whole idea of analytics, data silos, pretty much anything that's got those labels attached gets accepted as "brilliant" without anyone caring whether it's any good or not.

  19. ken jay

    how things have changed

    I am from the generation that would not allow any data out of our computer unless it was initialised by a person on that server, i think the problem is that people need to take control of their personal data and totally ban data transfers between entities that have no relationship.

    1. Charles 9 Silver badge

      Re: how things have changed

      Big problem, though; people DON'T WANT to.

  20. Panicnow
    Alert

    Copy the Web ...

    Copying the success of the web.. HTTP and HTML

    MeTP A Message transport protocol family, that copes with many Tx systems (BT, SMS, Internet...) and methods ( Instant, store and forward, Server...)

    MeMP a Message content protocol. (Subject, Language, encryption....)

    MeSP A message search protocol ( To hinder Google etc reading everything and becoming de facto gatekeeper)

  21. Bronek Kozicki Silver badge

    This would be promising

    ... if 1) RFC for appropriate protocols were written 2) security (authentication and encryption!) was catered for. But as the things stand, meh.

  22. Adrian 4 Silver badge

    I'm all for an infrastructure that lets you create a chat group without selling your soul to a data-marketing demon or locking-in to a single source. IRC is pretty close, but the text-only nature is too retro for non-techies. It also keeps away the worst spammers and scammers, so it remains the best choice if the participants can cope.

    But I don't think lack of development is what has allowed facebook to succeed. We've had people trying to lock in a community since the beginning - starting with AOL, even before the internet was a big thing for the public. Then geocities, yahoo etc .. they all tried to create a walled garden to make access simpler for their users : and lock them in. Facebook is only the latest and will likely fail too when people get as annoyed about having too many facebook messages as they have about email.

    I can't believe the people who claim to use slack etc. because they're swamped with email. Once all their email tormentors find the new channel, they'll be there too.

    What Laguna needs to do, along with making public IM easy for the masses, is ensure there is a scaleable method of filtering. That's what will keep a new protocol relevant.

  23. Peter2 Silver badge

    Obligatary XKCD; https://xkcd.com/743/

    You have to note that he was somewhat out, he expected 2010 rather than 2018.

  24. Stuart Halliday

    Doesn't matter what program people use. If it's successful people will abuse it, profit from it and annoy people.

    Then we'll get the evangelicals charging in to 'save us' and it'll all start again.

  25. Czrly

    Don't we have this, already?

    Didn't TextSecure already invent an open group-chat mechanism with proper end-to-end encryption? They're called Signal or something, now, I think. I'd check, but I left my phone at home, today.

    Between TextSecure (for friends) and good ol' email (family, more friends, customers and suppliers) and issues on our GitLab server (hosted in-house), I'm flush with ways to communicate with anybody I'd care to contact. I also have a phone. And I think the printer can even send faxes.

    I'm honestly not sure what else one needs. What do people actually *do* on Facebook? Play Farmville and poke people's walls? (Ewwww...!)

  26. anonymous boring coward Silver badge

    A vaguely related question:

    Wasn’t the original Facebook ad-free?

    Also, didn’t the Big Zucker say, at the time, that FB would never have ads?

    I don’t use FB, but doesn’t it have ads nowadays?

    1. Anonymous Coward
      Anonymous Coward

      The original eBay was free to buy and sell on, and now they take a cut on the sale and the payment method.

      It's the same with drug dealers. Give it away for free to hook people in then sell them for profit.

  27. sisk Silver badge

    The problem I see with this is the same problem I saw with Google+. Pretty much everyone who's inclined to sign up for a social network is on Facebook. Seriously, they've got a near 99% market share. In order to get people to move you have to get their friends to move first, and their friends aren't going to move unless they do. Trying to introduce anything that resembles Facebook today is a catch 22, and that's going to remain true going forward. This doesn't change when you're essentially trying to replace Facebook Messenger.

    Then again, there's always that one guy who insists on using IRC and hooking into *insert random thing your group is using* through a plugin.

    1. Outcast

      https://mewe.com/

  28. steelpillow Silver badge

    serverless chat

    The only reason chat needs a server is so that people can leave "call me" type messages for friends who are offline. Otherwise, your chat client could perfectly well manage your friends list, chat session and message/media silos of choice through suitable protocols/APIs. You might as well resort to email for those offline pings, then the chat system itself can be serverless.

    OMG! A genuine use case for serverless? I may have to eat my hat.

    1. Peter2 Silver badge

      Re: serverless chat

      The problem there would be that you wouldn't know if somebody was online or not because that information is held by the server. ;)

  29. Anonymous Coward
    Anonymous Coward

    so that social networking becomes a federated service based on open protocols

    while laudable, this is completely unworkable. I mean, sure, perfectly doable, but mentally a no-go. Why? Because it's got to be "attractive", i..e. PRETTY LOGO!!! FREE APP!!!! CLICK HERE!!! COOL STUFF BRO!!!!

    It's not about "connecting to people", it's 99.9% about LOOK AT ME WORLD!!!!

    facebook and others just press those low human buttons, that puff human ego, and they milk it brilliantly.

  30. fidodogbreath Silver badge

    Non-stalking OpenID

    I'm so effing sick of creating separate logins for every site. Unfortunately, the only OpenID logins that are widely supported are FU-book and Google.

    I would pay for a SSO provider that (a) is well supported by sites that I want to use, and (b) does not sell my usage data -- including so-called "anonymized" data, which we all know is trivially easy to reverse. Stalk-free OpenID could be an add-on or bundle with another common web service -- domain/web hosting, or a privacy-focused mail service such as Proton Mail.

    1. Charles 9 Silver badge

      Re: Non-stalking OpenID

      You would, but would anyone else? Without critical mass, the service wouldn't last long.

  31. CheesyTheClown

    PowerDNS... NO FUCKING WAY!!!

    So... I went to check the source code to PowerDNS. I went into the security code to check for cleanliness and commenting.

    1) it’s written in C++

    2) there is little or no header documentation

    3) The only comments are in Russian written in Latin-1 which is an improvement over 1252... but ... here is a Google translate of the first comment I tried.

    Wide scope for dreams and for life. The future is open to us for years. We are given strength by force. So it was, so it is and so will always be faithfulness to the Motherland.

    —-

    Somehow, using code that is supposed to “keep us safe” but is filled with poems of political propaganda about getting strength by force and motherland references... and that’s in the security code.

    I don’t think I’ll bother even looking at OX. It’s probably commented with Mein Kampf.

  32. Anonymous Coward
    Anonymous Coward

    Facebook 'free' world can't get here soon enough

    https://www.bloomberg.com/news/features/2018-03-27/ad-scammers-need-suckers-and-facebook-helps-find-them

  33. Anwar

    standards exist from ITU, GSM and IETF

    ITU has X.400, X.500 and X.503. These provide a secure email, directory services and Authentication and authenticity. Except for certs, these aren't mainstream, if they were, there would be a compatible, integrated persistent chat standard, I'm sure. These standards anticipated the need for global directory (today we use LinkedIn) and means to prevent phishing and spam. Sad the standards didn't catch on.

    GSM created IP Multimedia Subsystem (IMS), then Rich Communication Services (RCS, "joyn"), another open de jure standard. Would have an integrated, compatible persistent chat standard, I'm sure. Would have integrated Twitter capabilities into SMS. Sad the open standard didn't catch on.

    IETF has XMPP. Sad the open standard didn't catch on.

    The other challenge will be these networks cost money to run, but today they are "free" (no cost) to users, so getting users to pay won't be easy.

    Most communicate via mobiles, and most mobiles are replaced every 2 years. If regulators insisted on open, standard support in smartphones, we could have ubiquitous support by 2020. Never gonna happen :(

    In the 1990s, Sun bought then sold Cobalt Qube appliances; think Google Suite|Office 365 in a box (but much more primitive). I think the concept still has merit.

    Can you put all these together?

    If my broadband router's Ethernet ports supported Power over Ethernet, and I could add something like Raspberry Pi 3 Model B+, which ran as an appliance, (ran an open, self-updating OS and email, chat, etc servers; like Cobalt Qube running X400|X.500|XMPP) as part of an open global federation (like Diaspora), that might be part of a long term solution. In exchange for hosting the federation, it would be free for me to use.

    1. CheesyTheClown

      Re: standards exist from ITU, GSM and IETF

      XMPP didn’t catch on because it was even worse than the SIP it was trying I replace.

      I have to implement an XMPP server soon. I have been googling like mad for months and while I’ve implemented dozens of major protocols in my life, I haven’t the slightest idea where to start with XMPP.

      If you can’t implement a protocol, you can’t integrate it. It looks to me like XMPP will take months or more just to get the basic features running.

      No I can’t use a library. They’re not good enough.

      No I won’t use a C or C++ program, I refuse to take those security risks. I will need to support communication between 100,000+ devices and the only reason we need XMPP is because of security. I’m not going to start by using languages which run native code on the servers.

    2. Anonymous Coward
      Anonymous Coward

      Re: standards exist from ITU, GSM and IETF

      Yes there are all these standards, but they suffer the problems that pervades the developer community. Which is, developers would far rather grow something new from scratch, hacking away at their code for the fun of it, rather that conform to a standard they didn't right and can't be bothered to look for, let alone read.

      This has led to things being reinvented, oftentimes worse that the original, complete with a whole new swathes of security vulnerabilities. And those who get lucky like Zuckerberg turn into data hoarding money grabbing capitalists.

      What's really needed is for services like Facebook, Snapchat, WhatsApp, etc, to be classified as Communication Service Providers (they then need an operating licence) and for law to mandate open standards for what they do. It's legislators who have fallen asleep on the job, letting these walled gardens grow too big and too powerful with almost no thought for the social, economic and law enforcement consequences.

      1. Charles 9 Silver badge

        Re: standards exist from ITU, GSM and IETF

        What would've kept those countries from jumping ship to friendlier countries and, if laws get implemented, waiting for users to complain to their governments about Big Brother ambitions?

  34. streaky Silver badge

    Just Kill Me..

    and entails extending IMAP (b.1986) to create secure, authenticated group chat.

    No, please, make it stop.

    It's like these people who think PKI is about indentity as opposed to securing a two-way communication and we end up with the shitshow that is is EV,

    STOP making protocols do things they're not intended to do. Just stop. You overcomplicate the protocol and it ends up being useless at the thing you wanted to do anyway, and nobody will use it.

    There are plenty of secure "chat" protocols that work very well, we don't need this. Also nothing but anybody who thinks people use Facebook for chat in great numbers is a tool. Go back to sleep.

  35. Anonymous Coward
    Anonymous Coward

    FB own their customers

    You can make as many open standards as you like, if they signed up to FB then they are going nowhere.

    This simply because if you are stupid enough to use FB for anything personal after years of your more knowledgible friends telling you how your info is being abused then this latest is nothing new.

    If you want to get rid of FB then you need to get the law changed so that abusing/trading personal information is illegal.

    1. Charles 9 Silver badge

      Re: FB own their customers

      That'll never happen, as you'll basically make doing business illegal (you MUST trade information to do business, and what if that goes through a facilitator). What about governments?

  36. petethebloke

    Goodbye Emojis?

    I 'kin hope so. Colon bracket was so much better than a stupid yellow face.

  37. AdrianMontagu

    ID4ME

    ID4ME is the interesting bit. This could be coupled with one's passport, Driving licence and NHS number (they should all be the same anyway). This with full certification would establish a person totally. If the public move into this with email etc then anything from a false ID gets dumped. That helps prevent spam, viruses etc because they can be traced. Needs more thought but interesting to an old codger like me!

    1. Charles 9 Silver badge

      Re: ID4ME

      But that also opens everything up to identity THEFT, which the spammers will then turn to stay in business.

  38. nijam

    > If Facebook hasn't played the spam card yet, it surely will...

    What? Surely Facebook *is* spam?

  39. Charles 9 Silver badge

    The main reason Facebook works versus a P2P system a la BitTorrent is that it opens the network to users with no fixed points of contact (eg. their only useable device is a cell phone whose IP--let alone contactability--cannot be guaranteed). A client/server approach is the only one that works here, and for a client/server system to work, the server must be consistent and reliable.

  40. Poncey McPonceface
    Alert

    A few questions …

    This IMAP extension thing, what is the name of the project?

    Is there any code?

    Are there any design specs?

    How does it relate to ActivityPub? https://activitypub.rocks/

    Will it play nicely with the Fediverse? https://fediverse.party/en/fediverse/

    This id4me thing, how does it compare to OAuth? https://oauth.net/2/

    How does it compare to the defunct Mozilla Persona? https://developer.mozilla.org/en-US/docs/Archive/Mozilla/Persona

    This article raises more questions than it answers! :/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019