Many of my lab day ideas are to explore some new technology. I’ve spent a day with GraphQL, doing image recognition with machine learning using CAFFE, and doing a small ARKit demo among other things. The last three lab days, however, were not centered around a specific technology, but around a problem. Rather, a set of problems. Namely, Facebook.
I both loath and love Facebook. It is an Orwellian, exploitative brain control monitoring service that optimizes itself to monopolize your attention. A politically charged propaganda engine of misinformation that tears countries and families apart (/end hyperbole). On the other hand it has all my friends captive in one way or another, and it really is the best place to find out what’s going on in my busy friends lives, and in my community. I’m in a catch 22, and it’s a problem I’ve been thinking about for some time.
So for lab day, I wanted to break down the Facebook problem into it’s constituent pieces. What are the benefits I get from it, and how can I still get that benefit without the drawbacks? Also, how can I do it in a way that is distributed and decentralized, so no one entity can monetize your real life relationships.
In September and October, I worked on a little contacts application to store information about my friends: Birthdays, Gift Ideas, etc. It would also store the date of the last time you met with that person, and remind you to catch up with them occasionally. The app was a totally disconnected app. No cloud platform whatsoever, just a database with a front end. It was also sort of an exercise in learning Core Data, which despite being an iOS dev, I had never had the pleasure of working with.
This has solved one problem for me that facebook solves… Just reminding me to get in touch with my friends occasionally, and not letting any of my friendships lie fallow. I’ve had the app installed on my Phone, and while it’s a little bare bones, and needs some work, I actually use the thing.
The other benefit Facebook solves that I appreciate is a little more tricky. Your facebook feed lets you post your personal content online, and protects it behind a fairly elaborate permissions system (aka, posting for your friends, followers, or the public). Facebook of course manages your social graph and stores all their content on their servers. They also serve up everyone else’ss content in an easy to read feed.
So the question is, how could I post (and own) my own content, read my friends content, and control access to it, all without letting any one company own the whole thing?
The web already does this. It’s relatively easy to spin up a blog and serve an RSS feed for that blog. I can also add all my friends blogs to my RSS feed. Then me and my friends could protect our blogs with passwords (somehow) and the problem is solved right? Welllllll…. I guess. But I think we can do better.
At this point, I realized that the real hairy problem here is access management. Anyone can make a simple blogging platform and serve rss feeds. This is pretty much what Facebook, Tumblr, Twitter, etc already does. What we need is a better way of controlling access to ALL your content on the internet, no matter where it lives. Here’s how I imagine it would work.
- You visit some page, or follow some rss feed with content of Friend A. This page has previously opted into a friend auth protocol.
- You either log in and authenticate through some central system.
- The protocol checks your access rights for that piece of content based on whether that user has issued you access.
- A scheme for access rights could be, add anyone and you ‘follow’ them.
- If two people ‘follow’ each other, they are ‘friends’
- You can set access to all, followers, or friends for any url you have content on that also opts into this protocol system.
- You are granted access and can view it.
Now this raises a couple of questions. We have basically created our own centralized facebook like server for user access management. The whole purpose of this system was to decentralize this, so nobody can own it.
Blockchain is a distributed, immutable public ledger of transactions. With some blockchain technology we can keep our ledger of friend requests, and authenticate relationships on a distributed network of databases. Here’s how I imagined it might work…
- User A and User B log into their Ethereum wallets.
- User A executes a smart contract that stores a block that says they ‘follow’ User B.
- User B executes the same contract saying that they ‘follow’ User A.
- The contract can validate whether or not two users are followers or friends.
- When User A tries to visit User B’s site, or add their RSS feed, they are asked to sign in if they aren’t already using MetaMask
- The protocol then asks for the logged in ethereum user address, and the address of the person’s content you are visiting. So the person implementing this will need to set it up with their address.
- The smart contract determines whether the two users or friends.
- The smart contract returns success and User B is granted access to view that content.
So, I needed to learn how to write a smart contract on the Ethereum blockchain in a day. After reading some of the documentation on the ethereum site, I determined that I would need some 3rd party libraries to make developing Dapps a little more developer friendly.
After some searching I found the Truffle framework. Truffle’s features include…
- Built in compilation, linking and deployment – This seemed process seemed clunky without some kind of framework help.
- Automated contract testing – Since I only had a day, I didn’t want to mess with deploying contracts to the actual public blockchain. I needed a way to test locally.
- Other features that are great, but I care significantly less about for lab day.
So my goals was a proof of concept that used blockchain technology to show friend authentication using a smart contract written in solidity.
After figuring out what I actually wanted to build, and getting my development environment all set up, I didn’t have much time to implement anything fancy, but I did manage to get a contract setup that got the job done. I even got a couple unit tests setup to test my code locally.
I often try to record some kind of future roadmap for these experiments in case I want to come back to them later and find something to do.
- I need a web interface to allow users to login and friend arbitrary users.
- I need to put the authentication protocol into a library that can be incorporated easily into other projects.
- I need a reference platform for users to easily jump in and use this protocol. I think a simple twitter or instagram clone would be sufficient.
There are some drawbacks of this system. The big one I can see is getting people authenticated through ethereum. Getting a wallet setup, getting your credentials, and making sure you don’t lose them is not a fool-proof user experience. There seems to be quite a few things that can go wrong, and losing your online identity by forgetting your password or losing your key is an ever present danger.