There’s a Hole in the Internet

By User:Alain r (Own work) [CC BY-SA 2.5 (http://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons

The internet’s amazing and all, but it’s missing one really important piece: a tool designed to empower the people who use the internet. There’s no solution that enables each of us to proactively manage our own affairs online; no way to promote your own interests in the basic process of connecting to the internet.

And that’s a big hole. Because the way everything works now, we’re completely reliant on the corporations and governments that run the internet. Every tool and system favors these powerful and technologically brilliant institutions, but often directly at the expense of the humans (you and me) who use the internet.

Once you recognize that, it becomes clear that this model that we so casually accept is directly responsible for things like privacy abuse, surveillance, and censorship. We’ve evolved to a bizarro world where we need to give our personal data away to gain any utility from it.

But that raises the question: what would happen if we simply found a way to perform the basic internet functions ourselves? What if we could keep our data, and stop giving it away?

Turns out that something truly transformative would take place. We (you and me) would take control of the internet.

Because this relatively minor tweak — really as much a new social perspective as a technical evolution — affects just about everything we know about the internet today. The cascading benefits from fixing the data problem drive a complete refactoring of the internet. Like a judo move, it exploits leverage to flip the power in the other direction, and the internet becomes a far better place, for people. (Like you and me.) Permanently.

Sounds pretty far-fetched, doesn’t it? Well, please suspend disbelief for a few minutes. Let me illustrate how it could look, and you can evaluate whether it’s feasible (I believe it is), and, if so, worth doing the things needed to get there (I’m certain of that). As far as I can tell, nobody has explored the user-centered angle I will describe. I hope to convince you that the approach deserves to be investigated and considered.

Now… imagine this world.

Your personal cloudspace

An open standards project would define a new type of persistent resource, one that lives in the cloud; let’s call it a cloudspace. Because it’s an open standard like the web, any service provider can offer them, and any user can get one. It’s designed from the start for privacy and security, so no one except you can see anything inside.

Your cloudspace empowers you to do three profoundly important things that you can’t do today:

1. Securely store and manage your personal data corpus
2. Privately communicate and share with anyone
3. Own and manage your digital identity

Unlike every other piece of software on the internet, a cloudspace is designed from your perspective, as its owner. It serves as your online home; it’s your universal login, and it becomes the default context and lens for all your online activities. It grows and changes with you, and you’ll have it for your entire life.

Once established, cloudspaces can connect with each other, equivalent to a Facebook “friend” or LinkedIn “connection.” However, cloudspaces communicate across all the modes we use today, so instead of being bound to specific networks, your interactions are defined by the modality you choose. Email, sharing, IM, calendar, voice, livestreaming, etc., etc…. they all just work. Your context becomes the people and groups in your world, not disparate and limiting networks.

Person by person, the cloudspace community is designed to organically grow to form a new global network, one which is neither owned nor controlled by anyone — except that each person has absolute ownership and control of his or her little atomic piece of it. It’s the World Wide Web of people.

With a cloudspace, your account info and data aren’t tossed into some humongous centralized database. Instead, an individual, strongly encrypted environment is created just for you, where everything is completely private — not even the hosting service can see its contents. And because it’s also your communication platform, your cloudspace automatically keeps all the data you produce, whatever app or mode you use.

The repository and APIs are prescribed by the cloudspace standard. The logic is provided by lightweight third party apps, which are granted controlled access to the protected data set. App choice becomes unlimited because your data is constant across and between apps. At the same time, apps don’t store any data, so no user privacy abuse or profiling is possible.

Like any other cloud object, your cloudspace lives at its own internet address. From there you can access it seamlessly across different devices and apps, as well as the web. Because you legally own your cloudspace, and administratively control it, you can move it between hosting providers all you want.

Your cloudspace experience

To get started, you’ll do a simple web account setup with any hosting provider that supports the cloudspace standard. All you need is an email address to establish your cloudspace as a node on the network. You’re free to choose any user name (duplicates are fine because cloudspace certificates are unique), but you’d probably use your real name because, as you’ll see, your cloudspace becomes your authoritative digital identity.

You can then invite contacts to connect, either through a cloudspace search, in-app function, or regular email. Once a connection is made, communication is available across multiple modes, with all communications automatically encrypted end-to-end. This means you no longer need any commercial service to interact with that particular contact, but you can do so in all the same ways you do now.

In fact, the cloudspace model frees the internet from all of the limiting forces of today’s networks. First, it solves the data and identity siloing problems caused by disparate, competing “walled garden” networks today. More importantly, it drives a completely new app paradigm. Where today you get one device app and one web app per service, cloudspace apps are interchangeable, while having unlimited flexibility to innovate — for example, with customizable feed algorithms and UIs.

In day-to-day use, your cloudspace feels very much like you operate today. The big difference is that, when you create content, for example in a chat or post or share, you do it in your cloudspace, not on some service. When you hit “save,” the cloudspace handles all the alerting and updating, securely and automatically. In this closed system, you — and your correspondent(s) — retain the data, but no one else can even see it.

So, what are the real game-changing improvements that occur under the cloudspace model?

• Privacy: Suddenly, privacy becomes the default condition — for most of what you do online anyway. And when nobody can see your stuff, it’s hard to abuse your privacy, spy on you, or censor you. That’s kinda big right there.
• Self-determination: Your cloudspace empowers you to do all the social/communication activities yourself. Having this capability means you will never again be dependent on someone else’s kindness (or suffer from the lack thereof). For the first time, you gain personal agency on the internet, or the ability to actively direct your online affairs in your own interests.
• Freedom: The services you use today purposefully limit your choice, both in the apps you use, and in how configurable they are for things like feed algorithms and ads. This makes perfect sense, as the services pursue their own goals, which frequently misalign with yours. With a cloudspace, apps compete solely on feature/function, since your data remains private and therefore cannot be mined. Similarly, aggregation networks may still exist — for example Twitter could evolve to become a place to aggregate everyone’s cloudspace-based public tweets. But it’s non-exclusive; multiple services can always compete and innovate, so you eliminate the network effects lock-in.
• Data Value: The only thing that really changes is the location of your personal data: your cloudspace lets you keep it instead of spraying it all over the internet. You evolve to a single, unified repository, one that’s scoped to you individually. In many ways it’s the memex that Vannevar Bush envisioned in 1945 . The consolidation of your personal data corpus massively increases its utility to you, its putative owner.
• Managed Identity: Your digital identity is also consolidated, into a single, authoritative resource. It’s insane that today you have a thousand redundant, context-based identities out there, all largely beyond your control, and all incomplete and/or inaccurate in very important ways. With a cloudspace, your “profile” becomes what you declare it is, and all other entities agree to go by your version. Importantly, you also consolidate to a single address book, with tools to proactively manage people and groups across all usage modalities.
• True Single Sign-on: Your cloudspace’s digital certificate and security APIs will seamlessly verify your identity in any cloudspace-to-cloudspace interaction, but it’s just as easy for web sites to accept. Forget “Sign in with Facebook/Google,” which is a terrible idea in every way. “Connect via your cloudspace” eliminates logins for good, and keeps activities private between you and the web site you’re using.
• Smarter Advertising: internet advertising is nonexistent by default in the cloudspace model, at least across the social and collaboration channels where you connect privately. But the framework itself will drive massive innovation in advertising, by enabling mutually beneficial transactions. The cloudspace’s native programmability makes it easy for apps to offer “opt in” ads, or even methods to let you sell your attention to marketers, for micro-payments or for services like cloudspace hosting or news site subscriptions.
• Controlled Access: A timely topic with the Apple/FBI kerfuffle… A cloudspace has one unique characteristic: your personal data is encrypted separately from everyone else’s, and you alone hold the encryption key. No third party can decrypt it; therefore, under a government order you either give up the data, or you don’t. That establishes a framework where personal data encryption (the only thing that can ensure privacy) can become an enforceable human right.
• Content Rights: The licensing dynamic is flipped as well. You are the clear and exclusive rights holder for all the data you create or generate in your cloudspace. Apps can impose and enforce content rights through APIs; any correspondents, including aggregation services (like the Twitter example), must agree to your terms of use. This allows for unlimited innovation in the area of content rights; for example, ephemeral features akin to Snapchat, except across any communication modality.
• Managed Persistence: Lastly, because your cloudspace is persistent, it lives and grows with you, and like all data stores it becomes more valuable to you over time. But unlike the myriad accounts you have scattered over the internet now, you can instruct your cloudspace to expire once it sees that you have.

So… Those are the immediate benefits you’d get. We’re talking about a “minimum viable product.” You know, a Version 1.0 release. And it would be a game changer, don’t you agree?

But once you tease out the basic framework, you see that there’s a subsequent wave of opportunity to improve our digital lives, one that’s quite possibly even bigger. And that’s simply because the world has never had a ubiquitous, secure, and radically programmable infrastructure like the cloudspace network.

The second wave of cloudspace value

Cloudspace APIs open the platform to all forms of integration and innovation. In the 1.0 version of the cloudspace, social and sharing networks can be easily replicated because those have mature standards and protocols and conventions to exploit. But social is just one piece of your online existence. If you expand the horizon to include all data that specifically relates to you — your complete personal data corpus — the opportunities jump out.

Vendor systems of every type will need to be re-evaluated in light of the cloudspace network and its capabilities. In fact, cloudspace support may prove to be a powerful differentiator. Here are some examples of longer-term possibilities:

• Better IoT: The Internet of Things is the next big data generator in our lives. Why must your Nest and Fitbit data go to nest.com and fitbit.com? IoT data should save to your cloudspace, where it can be wired into apps like everything else, and for your sole benefit as data owner. And if Nest and Fitbit don’t innovate in this way, competitors surely will.
• Data Exhaust: Every day you generate a highly personal and quite valuable data set, but one that’s currently spraying all over the internet. It’s your search and bookmarks and browsing history, the call and location history from your smartphone, your shopping records (both online and offline), utilities and other bills… That could — and should — all go into your cloudspace too. Over time, more and more of it will.
• Innovation Platform: Like we have seen with the web, the openness of the cloudspace standard means developers are free to innovate in unforeseeable ways, both for new solutions and extensions/enhancements to existing ones. For example, you could envision someone extending the identity subsystem to support multiple identities, or even complete anonymity, while storing data into the same unified repository for the benefit of the user. Or creating a web proxy feature that makes tracking and profiling you much harder.
• Privacy Platform: A cloudspace fundamentally improves your privacy over the model in place today, because it’s designed from the bottom up to do just that. That opens up many new opportunities. For example, it gives privacy-friendly legislators a reliable way to create and enforce laws. There could be a requirement that, if you so choose, all your medical records are stored to your cloudspace. Or a law requiring that any facial recognition program that identifies you must record that fact in your cloudspace.
• Universal Use Cases: Cloudspaces aren’t limited to people; businesses and groups can have them too. Open APIs introduce a universe of new solutions. For example, someone could create a band app that hosts social updates, tour schedules, and videos, bypassing Facebook and Youtube completely. All fan/band interactions are managed and retained by the band (and the fans, individually).
• Secure Commerce: Cloudspaces could supplant digital solutions like Apple Pay or Venmo, or even credit cards, as a universal payment platform. The radical programmability makes it easy for apps to generate one-time codes, or to orchestrate push payments. Similarly, two-way micro-payments finally become practical because they’re all contained and verified within a single framework.
• Universal Identity — There’s never been an identity model as objectively reliable as your cloudspace — far superior to any government or commercial identity. You don’t need third-party certification of who you are, because your cloudspace certificate proves you are the same person across every interaction, and over time the sheer volume of these successful interactions will make your identity un-spoofable. This opens up opportunities to automate important interactions, for example e-voting and digital signatures— things that are simply impractical without such a ubiquitous and secure identity framework.
• Personal AI — Artificial intelligence can be applied in ways that uniquely benefit a person. Today when Google reminds you that a flight is coming up because it reads your email, that’s semi-handy but requires an antecedent activity. A cloudspace app, accessing all your data, could automatically formulate your next trip for you, with one-click booking. That’s technology making life better for you.

What would it take?

It starts with a discussion. I think a standards effort gets it done.

In a nutshell: you need a tool — one that empowers you to retain control of your personal data — if you’re ever to assume control of your own digital existence. A cloudspace standard would give you the tools to manage your own interests in the digital world.

It’s an attitudinal change, a social change. One that transforms your daily internet experience from one that is passive and dependent, to one that’s active and directed.

Or here’s a way to visualize it. Today the internet diagram looks like an org chart, with all the mega-services at the top. The cloudspace model turns all that into a true matrix, where every person (and other entity) is functionally equal to every other one.

So the questions to ask yourself are:

1. Would you like to live in a world that operates like that?
2. Could we really make it happen?

Because if the first answer is “yes,” then the second question, well, is just a computer problem. I’m not trivializing the technical requirements of creating the cloudspace network. Encryption, authentication, routing, storage, APIs… those are all things that need to be worked. But architecturally, all you’re doing is adding one new object type to the internet, and you can re-use all of the standards and protocols and infrastructure that’s out there now.

I’ve thought a lot about this possibility, yes probably too much. And I’ve written quite a bit about it here on Medium and previously on my little blog.

But here’s the funny thing about this idea. If you’re like me, once it’s in your head, every day the internet itself illustrates why this user-centric model should have been the design center from the start. Most of the news you see about the internet, particularly its abuses and failings, would not even apply in a world with cloudspaces. This is the cascading dynamic I referenced up front; fix the data problem and everything else fixes itself.

For example, passwords go away because if you’re logged in to your cloudspace, identity just works. Data backup becomes automatic, handled at the hosting layer. Spam becomes impossible in a world of irrepudiable identity. Cybercrooks have it tougher too, when centralized user databases are no longer the standard. The creepy app permissions problem goes away; your cloudspace granularly grants permissions, and all data remains in your private cloudspace. Try it — every day you can spot some nagging issue that just wouldn’t be coherent in a cloudspace world.

As I’ve stated elsewhere, my personal motivation is simply to share this insight, and see if anybody else agrees it represents an avenue to pursue. I’m playing for Team Humanity here. I understand (and appreciate) that its open source nature means that nobody could profit off the concept’s authorship, including me.

But I do believe there’s at least a germ of an idea here, one that could fundamentally and permanently improve the internet for people across the planet. If we can re-orient the internet around a model of empowered humans, we would obliterate the current failed system based on walled gardens and gatekeepers. And it’s something we could spawn and implement ourselves, irrespective of whether the entities controlling the internet like it or not. (Spoiler alert: they won’t.) That’s worth a discussion, I think. Let’s have one!

Thanks for reading. If you find the approach I’ve described at all interesting (or at least entertaining), please hit the “recommend” button below, and forward to your pals. Let me know what you think, in the comments, or via email to arthurfontaine@gmail.com.