Rick Moen  .   .   .  
INOLJ-OOW2.0C (Is Not On LiveJournal[1] Or Other Web 2.0 Cults)

No, I'm really not interested in your Web-based "social network". And my data aren't going onto your Web-hosted "service".

I've been spammed by ArtBoom, Bebo, CardScan.Net, Congoo, Ecademy, Eventbee, Eventful, everyonesconnected.com, evite, Facebook, Flixster, Friendster, GitHub Google+, GreatestJournal, hi5.com, LinkedIn, LiveJournal, Living Directory, MeetUp, Memetika, Multiply, MySpace, openBC, Orkut, Plaxo, Quechup, Ringo, Ryze, Shortcut, Siliconindia.org, Spoke Software, Tagworld, Tickle (previously Emode), Tribe.net, Upcoming.org, Xanga, Yaari, Yafro, and Zvents — all telling me over and over how they're going to "build my social network", even though I'm absolutely not interested.

On the app-server side, 14Dayz, 23hq.com, 24sevenoffice, 30Boxes, 30gigs, 4shared, 43Things, 9rules, Addictingclips, Agatra, Airset, Ajaxilicious, AllMyData, Allmyfavorites, Allpeers, Amazon Web Services S3, Ambedo, Amiglia, Annotea, Avidbeauty, Backflip, BackPack, Basecamp, Battleout, Bbbuddy, Bebo, BeeDeo, Bibli, Bibliophil, Bibsonomy, Bigcontact, billQ, Birthdayforever, Blabb, BlinkList, Blinksale, Blogamp, Blogmarks, BlueDot, Bluesmiley, Blummy, Bmaccess, Bolt, Bookmarkme, Bookmarktracker, Box.net, Brightkite, Broadbandsports, Broadsnatch, Bubbleshare, Bubblesnaps, Bubblr, Buddymarks, Budgettracker, Bulletprooflinks, Busythumbs, Butterfly, Buzznet, CalendarHub, Castpost, Ceiva, Centraldesktop, Changetolink, Chipmark, Citadel, Citeulike, Cl1p.net Clickcaster, Clicktoscan, Clipclip, Clipmarks, ClipShack, Cluebacca, Cogenz, Coghead, Colib, CollectiveX, CommonLoop, Commontimes, Connectedy, Connotea, Cyberdummy, Cyworld, Dabble DB, Dailymotion, Danbooru, del.icio.us, Delivr, Diigo, Dimewise, Divicast, Docly, Dogear, Dottunes, Dropsend, Dropshots, Dudecheckthisout, dzone.com, Editgrid, Eggkeg, Epointment, Eskobo, eSnips, Eventicus, Eventstack, Everybit, Everystockphoto, Evideoshare, Evnt, Evoca, Expenses Tracker, Eyespot, Favmark, Favoor, Favoritoo, Favorville, Feedalley, Feedbeat.net, Feedmarker, Feedmelinks, Feedpile, FilmLoop, Fireant, Flickr, Flickrfotofinder, Flixya, Flukiest, Flyinside, Foldershare, Fotki, Fotochatter, Fotoflix, Fotolog, Foxcloud, Frappr, Freelink, Freepository, Frugalbetty, Funkplayer, Funtigo, Furl.net, Futureme, Gazzag, Gdisk, Getboo, Givealink, Glide Effortless, GMail, GoDaddy Online File Folder, GoFish, Goodnotes, Google Base, Google Calendar / CL2, Google Video, Goop, Gootodo, Goowy, Grouper, Groupr, Groups, Gtalkr, Hipcal, Hyperlinkomatic, iStorage, Jigsaw, Jookster, JotSpot Live, Kaboodle, Kiko, MediaFire, Meebo, Mofile, Mozy, Netvibes, Ning, Omnidrive, Openomy, Ourmedia, Pageflakes, Pando, PBase, Phanfare, Photobucket, PictureTrail, Planzo, Protopage, Putfile, Qoop, Rallypoint, Redit, RememberTheMilk, Renkoo, Revver, Riffs, Riya, Shadows, SimulScribe, Skobee, Slide, SmugMug, snapmania, Socialtext.net, Spinvox, SpongeCell, Streamload, Strongspace, Ta-Da List, Tagyu, TextDrive, Toodledo, Trumba, Vimeo, vSocial, Wallop, Wrickr, Writeboard, Writely, XDrive, Yelp, YouTube, Zingee, Zoho, Zoozio, and Zoto all say they're rapturously eager to do me the great favour of storing my personal data for me, telling me all about the "convenience" of not having to do it myself.

The fact that you can host my data, and avert for me the headache of having to administer my own computers, profoundly fails to interest me. Yes, I know how AJAX (Asynchronous Javascript And XML) works. No, I don't want your dynamic-content RSS feed. And thank you, but I can "build my reputation" and "extend my sphere of associates" equally well — no, fundamentally better — on my own. Please keep your useless account; I don't want it.

You might be reading this essay because you were coaxed into soliciting my business on behalf of one of those firms (e.g., where LinkedIn sends mail with forged headers professing to be from one of its customers to you as one of that customer's friends, claiming to be a note from your friend inviting you to join him/her on LinkedIn, and talking up its advantages). You might be a partisan of such Bubble 2.0 (er, "Web 2.0" -- which IT columnist David Berlind defines as "When the back button doesn't work"[2]) services and "social software", wondering what my beef is. Or you just might be curious.

So, I'll tell you.

"Excuse Me, But We Were Here First"

First, maybe you've heard of open source software? I use it heavily, and do all my computing with it, using almost entirely my own computers, running networked services set up, configured, and administered by me. So do a large body of other computer users, the "open source community", comprising mainly users of Linux and the BSD family of operating systems.

This gives us many long-term benefits and advantages at the cost of having to manage our own affairs. One of the subtler benefits, that one comes to appreciate over time, is autonomy and control: no forced upgrades, no odd and capriciously enforced Terms of Service, no bugs that can't be addressed because a vendor doesn't care, no dead-end secret data formats, no gratuitous sabotaging of interoperability, no inescapable advertising, no end-of-lifed products with no migration path, no proxy thuggery on behalf of the RIAA and MPAA, no spying on the user, and no remote disabling of software features by other parties for commercial reasons. Configuring and running our own compute facilities means we're the boss: Our machines do what we want, when we want, to advance our agenda.

And here's the other thing: This is our core competency. Internet presence and services is what the open source world is best known for doing well — for itself as well as for others.

What does AJAX have to do with it?

It's sometimes claimed that the fuzzy hype about "Web 2.0" initiatives is just a recycling of ideas that could have been implemented in 1995. That's not entirely correct. In the AJAX client-server model, a DOM and CSS-capable Web browser client sends XMLHttpRequest messages to a server back-end capable of parsing and responding in kind, asynchronously. The result is that Web pages, and portions of Web pages, can be updated and modified in response to user actions in real time, without significant bandwidth overhead. Thus, the 1990s' "DHTML" dot-commer's dream is, finally, technologically feasible: You as a budding Internet tycoon can convince people to outsource their entire office suite, customer relationship management, and other business software operations (e.g., scheduling) to a Web site that you operate and control. The user runs only a generic Web browser, and otherwise has no contact with the underlying technology. You might even be able to achieve complete vertical integration, if you play the "convenience" card long and hard enough.

Now, AJAX genuinely is a really neat hack — and more. It's a potentially revolutionary improvement to Web technology. However, it has led to a rising clamour of marketing for schemes to export one's computing operations to some thinly capitalised commercial firm, and use only a Web browser (as a "thin client") locally. This tendency poses a (renewed) threat to the very most fundamental goals of open source:

The Data Problem

That includes, but certainly isn't limited to, our keeping custody of our own data. Many of these new "Web 2.0" businesses tout the "convenience" of doing the opposite: entrusting our personal and business data to their specialised Web-based servers, and then manipulating that data remotely via AJAX-driven messaging from our Web browsers, so that all that confidential material lives on the service's data store.

Let's say you start using some of those. Now, you have an entirely new class of worries: Your files are accessible only when your Internet connection is up. They're at the mercy of your vendor's security problems, reliability, management, and funding shortfalls. They may vanish if the firms change their business models, go broke, or undergo many other types of abrupt change, possibly even just to silence critics. Not only may the firms pry into and abuse knowledge of your personal affairs, so may their business partners and people with both legitimate and illegitimate access. Check the fine print in your service agreements: You'll probably find out that there not only are big holes in your privacy, but also that you specifically consented to them.

Did I mention those business partners? One of the lessons of the USA "Nationwide Do Not Call List" is that there's an exception (in its enabling legislation and just about all other privacy laws) for firms you have an "existing business relationship" with, plus their subsidiaries and allied businesses. Guess what? When you sign up with one of the "Web 2.0" companies, that's a business relationship: You've just given them leave to market you to distraction.

The service agreement may (and probably does) say that all users' data remains their property, but in situations like those, yours is on long-term loan, and subject to all manner of uses you might strongly dislike. Experience suggests that "Possession is nine points of the law", and the best way to prevent abuse of your personal data by strangers is not to give it to them.

The Code Problem

One motive force behind open source was getting away from cruddy software that was in someone else's control — that you could not control, modify or commission modifications of, and so on. The Web 2.0 schemes recreate that very problem, and then compound it, in that the software isn't even running on your machine at all, plus they get real-time information on your activity and interests (the spyware author's dream!), so they can manipulate you with "sticky" Web site features, directed advertising, and feeds of information about you to others.

(And, even if the service business wants to keep offering you the use of its software, suppose it loses that right on account of, say, patent problems, as with BlackBerry PDA users? With regular retail software that you run locally, you'd retain the ability to use it privately. With a hosted service, you're screwed.)

Why would we open source users go to all the trouble of freeing ourselves from abuse-prone software sharecropping arrangements, only to abandon that for very nearly the very same situation in the name of "convenience" and a slick VC-funded marketing job? I remember very clearly the day in 2001 I realised that both the Mozilla Navigator 0.9.x and Konqueror Web browsers had become good enough to replace Netscape Communicator with no regrets. That mattered greatly, because Communicator was the last bit of proprietary code most people needed. June 28, 2001, release day for Mozilla 0.9.2, was our Independence Day.

Independence through open source was not a dot-com fad. It was and is the way forward. We're not going back.

The Credibility Problem

Open source isn't a slogan; it's facts on the ground. When our community decided it was fed up with abusive licence agreements and unfixable software, it didn't skulk about trying to weasel through holes in licence enforcement, or whine, or ask for legal protection. It sat down and wrote from-scratch replacements that better suited its needs.

We proved the merit of our work by using it — by living it, by improving it and lengthening its reach. We proved we were serious about getting out from under the thumb of proprietary software arrangements by doing the necessary redesign and coding. Thus, the open source fan's characteristic response to a neat hosted Web service isn't "Cool. Where do I sign up?" but rather "Cool. I wonder if there's a reasonable way to do that with my own computing resources using open source."

Leaping onto the hosted-app fad entails the opposite of that mindset. It would mean we're not serious — and we've been serious as a heart attack about computing autonomy, for decades.

The Identity Problem

The Internet is "unreal estate": It's not really a place, and yet also it is. Many of us in the open source community are long-time homesteaders on that virtual territory. A lot of our vital interests are tied up in various forms of Internet presence. We see others come and go, getting their established presences periodically clobbered or fragmented because some business failed, or they were claimed to have broken some rule, and so on. They change e-mail addresses each time they hop ISPs, being the online equivalent of "pencil people": the folks whose entries in my address book must be in pencil on account of frequent changes.

The more your Internet presence depends on hosting and other value-add services, embodying for the vendor what Tim O'Reilly calls "proprietary value higher up the [software] stack", the more unstable and blurry your long-term presence — your virtual identity — is likely to be. Favouring commodity third-party Internet services if any (those lower on Tim O'Reilly's stack) and vesting most control in yourself helps keep your online affairs whole, and stable — and keeps them yours.

If and when I need what LiveJournal, Flickr, et alii offer, I'll bloody well do it myself. Because I can, because it's better for me in the long term, and because putting my core Internet interests into someone's "hosting" application would be like outsourcing my right arm.

And Yet...

You might ask, so, does the spirit of open source entail doing everything yourself?

Well, no. Obviously, independence is a relative matter. Most people use some services, if only IMAP / POP3 / SMTP e-mail, Web space on someone else's server, and so on. I don't use any of those things, preferring to use for all such purposes my own servers on commodity-purchased raw IP transport, hosted at my house — but I'm a bit of an outlying case. Even at that, I rely on a couple of third-party NNTP news servers rather than trying to run my own Usenet feed. I use Google (with CustomizeGoogle to minimise privacy loss) and several other search engines rather than trying to build my own, and also consider Google Maps a sensational success as an AJAX-based Web service.

Some who uses such services selectively and with an eye towards autonomy will try to rely only on generic, fungible services for anything important, rather than being suckered into a specialty offering with no freedom of movement.

Google Maps is very cool (even though you may not want to depend on it), is (like the Google Web and DejaNews^WGoogle Groups search engines) not something I could within reason approximate on my own (even though Autodesk has now released tools that make that theoretically possible), and has several approximately equivalent competitors. I compare this to my attitude to restaurants: When dining out, I favour dishes that I either don't know how to cook or could not within reason prepare on my own. (The difference is that no restaurant ever threatened anyone's capacity to cook for him or herself.)

"But I'm a Fan of [Service Foo]"

Good for you. Enjoy. Some values of [Foo] are awfully nice, such as Flickr (when it's not suffering protracted downtime), and the project management facilities on Basecamp. Have a good time with them.

If your favourite Web 2.0 service ever goes belly-up — as a number already have — odds are that you'll have autonomous and non-business-dependent alternatives at your disposal. Guess whom you'll probably be able to thank? That's right: the open source community that you consider unreasonable for being unwilling to settle for someone else's business-dependent hosted service.

And so on. (SubEthEdit isn't technically hosted, but it's another example of O'Reilly's suggestion of seeking proprietary advantage at a point higher in the "software stack" than usual, in its case building a proprietary, collaborative editing environment on top of the IETF ZeroConf protocol. Rough equivalents for others will be added to the above list, if/when I find them.) The open-source, host-it-yourself codebases listed above may not be polished and bulletproof, yet, but, unlike hosted services, they're ours permanently and here to stay. They're for you, too.

Did I mention that we're serious about this? When Bubble 2.0 is dead and gone, we'll still be here.

[1] In a mild irony, some years after writing this essay, I did create a LiveJournal login solely so I could see and respond to 'friends-locked' postings by my wife to her personal LiveJournal, the benefits being worth the annoyance of another contractual relationship and related Internet login I otherwise didn't really want. As part of my policy of not sharecropping on such sites, I do not post substantive writing there, and do not have a LiveJournal blogging stream of my own. Any time I was tempted to post something substantive to a discussion on someone's LiveJournal, I instead post it as an essay or mailing list posting on my own Internet server, and then reference it by URL in LiveJournal. (I deleted my LiveJournal as superfluous, after my wife ceased using that site. Also, all worthwhile LJ traffic had by then long moved to Dreamwidth in reaction to clueless and hostile actions by newer LJ management.)

[2] Don Marti's definition: "In Web 2.0, application use you."