Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Do We Need an Open Protocol for Facebook?

DZone's Guide to

Do We Need an Open Protocol for Facebook?

Due to the scandal surrounding Facebook about its use of user data, we ask whether there's an existing security protocol that could give social media users peace of mind.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Do we need an open protocol for Facebook? We are once again having the discussion, bout what is going on with Facebook. Mark Zuckerberg must explain his business model before a public committee. Many people are puzzled and wondering what exactly is being done with their personal data. Again and again, it is argued that one could not really leave Facebook as long there is no alternative platform. Mark Zuckerberg himself explains to the US Congress that he only wants to bring people together. He wants to open a way to allow people to share there thoughts and ideas. OK, this is an honorable goal. But what are the basics we need to achieve such a goal?

An Open Protocol

The concerns about the business model of Facebook, as well as the way in which our personal data is handled today, can be dispelled if we could use an open technical protocol to exchange and share information. Such an internet protocol could possibly be defined by an open organization like the IETF. Facebook could then implement this protocol to make it clear to everyone what exactly is happening when you share information with your friends. And, of course, everyone would then be able to implement their own service that provides the same or an even better functionality than Facebook is offering today.

So what would be the core functions of such a protocol? It should be able to transmit information safely from one sender to one or many receivers. If we assume that different service implementations exist worldwide, the protocol should also need to be able to send the same message to different service nodes (apps) located all over the world. Each service node could, of course, store the information. But from the user's perspective, of course, you don’t want to have to register for additional services to communicate with friends who live in another country or who use a different app.

This sounds like a huge challenge that can only be overcome by the tech giants from Silicon Valley…

Could This Be Solved?

You may already be able to guess what I'm getting at here. We already have an open Internet protocol that meets these exact requirements. This protocol is named the Simple Mail Transfer Protocol (SMTP) and is an Internet standard for electronic message transmission that was put in place 36 years ago! But what does SMTP do, and can it really keep up with Facebook?

SMTP is a standard which is based on the idea of defining a unique user identifier based on their real name and the internet domain of the internet host. The host is the service endpoint where a user wants their message to be stored. This is independent of if he or she sends or receives a message. It is not necessary for me to know on which service endpoint my friends store their messages. I can send a message to a friend wherever he lives. This is called routing and it's the core function of the TCP/IP standard.

So with SMTP, I can communicate with every person in the world as long as I know their user ID. This is one of the noble goals of Facebook as explained by Mark Zuckerberg to the US Congress. And this is not an invention 0f Mark Zuckerberg himself as many young people today believe. It is the same functionality and based on exactly the same idea – connecting people. That’s it.

What Is the Disadvantage?

So what we need to discuss is the question, what is the disadvantage of SMTP?

The first one is the coolness factor. I do not know any e-mail clients which look cool. When using an e-mail client you must open each message to see its contents. On Facebook, you see the content of all your messages by simply opening your account – that’s cool. In an e-mail client, you must open a new message window to send a message (ok there is something like a reply and forward function…). On Facebook, you just need to type a message into a smart box and press send. I am not sure, but I think it should be possible to write an e-mail client in that way too….

The second disadvantage is the lack of advertising. In general, you can also use SMTP to generate spam. But as SMTP is a distributed concept, it is possible for a single service provider to block such spam. This can easily be done and we have 36 years of experience in doing this. But for the advertising economy, this is really not a cool feature.

But the last disadvantage of SMTP is maybe also the most important: the lack of centralization. Basically, the Internet was based on the concept of decentralization. This has something to do with the Cold War, that many young people don’t know. If you decentralize the communication, the information is distributed and separated on infinite different service nodes. And this concept makes it impossible to centrally analyze, aggregate, and sell the data from all communication participants to the highest bidder.

So the final question is, again, who wants to connect people and who might want to just improve his own business?

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
smtp ,security ,web application security ,data security ,data privacy

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}