July08 Feature Plaxo by Martin Jonson

THE FUTURE OF WEB 2.0

Who Owns Your Friends?

SOCIAL-NETWORKING SITES ARE FIGHTING OVER CONTROL OF USERS’ PERSONAL INFORMATION. THE OUTCOME IS LIKELY TO DETERMINE THE FUTURE STRUCTURE OF THE INDUSTRY. By ERI C A N AO N E

echnology blogger Robert Scoble wanted help moving contact information for his 5,000 Facebook friends into his Microsoft Outlook address book. He turned to Joseph Smarr, chief platform architect at Plaxo, a company in Mountain View, CA, that synchronizes contact information between Outlook, other desktop e-mail programs, and a number of Web services. Smarr gave Scoble a short program to test out, which automatically paged through Scoble’s Facebook connections and extracted the names, birthdays, and e-mail addresses of his friends. There was just one problem. The program triggered alerts at Facebook, which disabled Scoble’s account. “My identity disappeared,” Scoble says. “If I was your friend, I turned gray—all my information went gray. ” Scoble was transformed from a man with a small town of Facebook friends into a nonperson. The incident brought to a head a debate that had been raging for months behind the scenes at social-networking sites: who controls the data users post on their profiles? Advocates of so-called data portability, including Scoble and Smarr, say people should be able to transfer information easily in and out of any Web services they use. Facebook, on the other hand, says it needs to safeguard the information it stores so that it isn’t misused, and that means keeping tight control over users’ information. At stake is not simply the ease and security with which people move between socialnetworking sites but control of the currency that gives those sites their value: personal information. Although Scoble’s trouble managing his 5,000 Facebook friends is an extreme example, similar problems are common. Many users have five or six online accounts that use social data—perhaps an e-mail account, an instant-messenger service, a profile on a social network, a photo-sharing site, and a blog. “Every time you try to sign up for some new service, it acts like you’ve never used another

FEATURE STORY

July08 Feature Plaxo 44

website before,” says Smarr. “You have to create a new account and password from scratch. You have to fill in your profile all over again. You have to find all the people on that site that you know, reconnect with them, and reëstablish their relationship to you. I think this adds up to a huge burden, and a lot of people aren’t using or consuming from nearly as many of these sites as they could.” Chris Saad, cofounder and chair of the nonprofit DataPortability Project, notes that many current methods of transferring data expose users to huge security risks. For example, it’s a common practice for social sites to ask users to submit the usernames and passwords for their Web-based e-mail accounts when they first sign up; an automated service can then search the network for people listed in their address books. “The door is open right now for any application that scrapes your Gmail address book to go ahead and scrape your shopping cart as well, or scrape your searches, or keep your username and password and pretend to be you,” says Saad. “It’s a nightmare of security, and it’s something we need to solve sooner rather than later.” Though most experts perceive a need for an easier, more secure way for users to share data among social networks, there is little agreement on a solution. “Is it going to be the closed, walled garden of infrastructure, or the more open, distributed infrastructure of the Web itself?” asks Smarr. The answer to that question could determine whether social networks are dominated by a single company—and these days Facebook has the edge—or whether users will be able to jump around effortlessly among a slew of flourishing social sites, each with its own strengths and features. BILL OF RIGHTS

The Plaxo office in Mountain View is large, open, and half-empty, with, says Smarr, plenty of room for the company to grow. Rows of

Photograph by TOBY BURDITT

6/10/08 6:43:19 PM

workstations at long tables have no barriers between them. At one workstation, a neon “open” sign lights up in red and blue. It looks, in other words, like a typical social-networking startup. Indeed, since its founding seven years ago, Plaxo has in many ways mirrored the evolution of social networks as a whole—and their answers to the challenges they’ve faced. (In May, Comcast agreed to acquire the company.) Initially, Plaxo let new users import contact information from their existing e-mail accounts. It then gave them the option of automatically e-mailing their contacts to ask for updates. Many people, however, perceived the e-mails as spam—a charge also leveled against the “viral marketing” techniques of other social networks. Two years ago the company abandoned the tool and publicly apologized for it. Plaxo then began trying to reinvent itself as a company that helps people manage their social data, which has become increasingly scattered among a variety of desktop applications and Web services. Last summer, Plaxo launched Pulse, a site that allows users to track friends’ and family members’ online social activities. On a single page, for example, you can read and comment on a friend’s Twitter updates and blog entries or look at photos posted to Flickr. Given Plaxo’s commitment to Pulse, it is not surprising that Smarr has become a strong advocate of open communication between social sites. Posted in the Plaxo office is a hard copy of “A Bill of Rights for Users of the Social Web,” which Smarr coauthored last fall. The bill of rights reads, in part, “We publicly assert that all users of the social web are entitled to certain fundamental rights, speciﬁcally: ■ Ownership of their own personal information, including: –their own proﬁle data –the list of people they are connected to –the activity stream of content they create; ■ Control of whether and how such personal information is shared with others; and ■ Freedom to grant persistent access to their personal information to trusted external sites.”

To facilitate the sharing of data across sites, community groups have developed a series of technical standards. OpenID lets users sign up once for a username and password that will then work at any compatible site. OAuth lets Web services share information about a user’s social contacts, without granting the services broader access to each other. RSS and XMPP can both automatically update a site about activity somewhere else, making it possible to track someone’s postings from a central location. A number of companies have begun using such tools to make their data more open. Yahoo recently changed its user accounts

www

Watch Plaxo’s Joseph Smarr explain data portability: www.technologyreview.com/plaxo

FEATURE STORY

July08 Feature Plaxo 46

so that they adhere to the OpenID format. Its customers can now use their Yahoo credentials to log in to sites that accept OpenIDs. Twitter is working to make its service compatible with OAuth. MySpace allows users to share their MySpace data with sites such as eBay and Photobucket. But at least one major social-networking site is bucking the trend. CONTROLLING FACTORS

Less than 10 miles down the road from Plaxo’s offices are Facebook’s, tucked away on the second floor of a nondescript office building in downtown Palo Alto. If Plaxo’s offices suggest a company redefining itself and uncertain of its future, Facebook’s are those of a highly successful startup being forced to grow up. A graffiti aesthetic dominates. A distorted face painted on the company’s elevator doors splits apart when they open, revealing other faces painted within. In the office itself, a triumphant graffiti-style fist rises beside the Facebook corporate logo. Despite its explosive growth—it is now the second-largest social site behind MySpace, with more than 70 million active users—Facebook is still searching for a viable business model (see “Social Networking Is Not a Business,” p. 36). As part of that search, Facebook has taken steps to position itself as the social glue holding a variety of Web services together. In May 2007, it launched Platform, which allows third parties to build applications that Facebook users can install in their profiles. The result is that other sites can make their social tools available through Facebook, rather than having to build their own networks. With this strategy, Facebook hopes to circumvent the need for data portability: users can take advantage of other sites’ applications without ever leaving Facebook. The launch of Facebook Connect this May took the idea of Platform and flipped it over. Where Platform allows people to run other applications through Facebook, Connect allows people to run Facebook through other websites: sites can add social features by building in miniature versions of Facebook. As with Platform, this means that Facebook members can use new socialnetworking tools without having to create new accounts or give control of their information to other companies. The service provides a kind of data portability, but the data remains subject to Facebook’s control. “It’s not just about data portability; it’s actually about privacy portability,” says Dave Morin, Facebook’s senior platform manager. “When you go somewhere else and take those connections with you, the trust that’s been established between two people—or 5,000 people, as in the case of Scoble—continues to be maintained wherever they go.” Scoble wasn’t simply moving his own data from one place to another, argues Morin; he was moving data that belonged to his contacts. Scoble’s friends may have given him permission to access their data, but they didn’t give him permission

T E CH N O L O G Y R E V I E W J U L Y / A U G U S T 2008

6/10/08 6:43:30 PM

EXPLAI N E D.

FACEBOOK’S COMBINATORIAL CHALLENGE How the social network’s technology manages a vast, proliferating net of connections. By Alan Zeichick

acebook is a wonderful example of the network effect, in which the value of a network to a user is exponentially proportional to the number of other users that network has. Facebook’s power derives from what Jeff Rothschild, its vice president of technology, calls the “social graph”—the sum of the wildly various connections between the site’s users and their friends; between people and events; between events and photos; between photos and people; and between a huge number of discrete objects linked by metadata describing them and their connections. Facebook maintains data centers in Santa Clara, CA; San Francisco; and Northern Virginia. The centers are built on the backs of three tiers of x86 servers loaded up with opensource software, some that Facebook has created itself. Let’s look at the main facility, in Santa Clara, and then show how it interacts with its siblings. The top tier of the Facebook network is made up of the Web servers that create the Web pages that users see, most with eight cores running 64-bit Linux and Apache. Many of the social network’s pages and features are created using PHP, a computer scripting language specialized for simple, automated functions. But Facebook also develops complex core applications using a variety of full-featured computer languages, including C++, Java, Python, and Ruby. To manage

W W W . T E CH N O L O G Y R E V I E W . C O M

July08 Feature Plaxo 47

the complexity of this approach, the company created Thrift, an application framework that lets programs compiled from different languages work together. The bottom tier consists of eight-core Linux servers running MySQL, an open-source database server application. Rothschild estimates that Facebook has about 800 such servers distributing about 40 terabytes of user data. This tier stores all the metadata about every object in the database, such as a person, photo, or event. The middle tier consists of caching servers. Even 800 database servers can’t serve up all the needed data: Facebook receives 15 million requests per second for both data and connections. Bulked-up cache servers, running Linux and the open-source Memcache software, ﬁll the gap. About 95

percent of data queries can be filled from the cache servers’ 15 terabytes of RAM, so that only 500,000 queries per second have to be passed to the MySQL databases and their relatively slow hard drives. Photos, videos, and other objects that populate the Web tier are stored in separate filers within the data center. The San Francisco facility replicates the Web and cache tiers, as well as the filers with the database objects, but it uses the Santa Clara MySQL database tier. The Virginia data center is too far away to share MySQL databases: with 70 milliseconds of Internet delay, give or take, it just won’t work. Thus, it completely duplicates the Santa Clara facility, using MySQL replication to keep the database tiers in sync.

What’s next for Facebook’s technology? For one thing, says Rothschild, the company has discovered that interrupts on the servers’ Ethernet controllers—which let the servers process myriad requests arriving at the same time—are a bottleneck, since they’re generally handled by only one core. So Facebook rewrote the controllers’ drivers to scale on multicore systems. Facebook is also experimenting with solid-state drives, which could speed the performance of the MySQL database tier by a factor of 100. Given that Facebook is growing—and that connections grow exponentially—the site is going to need that performance soon. A FORMER SYSTEMS ANALYST, ALAN ZEICHICK IS EDITORIAL DIRECTOR OF SD TIMES AND SYSTEMS MANAGEMENT NEWS. HE IS ALSO PRINCIPAL ANALYST OF CAMDEN ASSOCIATES, AN IT CONSULTING FIRM.

FACEBOOK ARCHITECTURE Cache sync

SF SC

MySQL Replication

San Francisco

Web

Santa Clara Filer

Memcache

Virginia

Web

Memcache proxy Memcache

MySQL

Filer

MySQL Replication

Memcache

Filer

MySQL

FEATURE STORY

6/10/08 6:43:30 PM

Q&A

THE FUTURE OF THE WEB

MENA TROTT President and cofounder of Six Apart; San Francisco

“With the popularity of blogging and online video and photo sharing, we already know that people want to publish signiﬁcant portions of their lives online. In 10 years, I can easily see someone putting 75 percent of their day online. But it won’t all be public. The majority will be for that person’s eyes only; it will be more a record for that individual.”

LEAH CULVER Cofounder of Pownce (see p. 51); San Francisco

JONATHAN ZITTRAIN Professor of law and cofounder of the Berkman Center for Internet and Society at Harvard Law School and author of The Future of the Internet—and How to Stop It; Cambridge, MA

“The future of the Web may be its past: an abandonment of open standards and services (like the collective hallucination that is our dis-

FEATURE STORY

July08 Feature Plaxo 48

MARC BENIOFF Founder and CEO of Salesforce.com; San Francisco

“The future of the Web will all be about developer empowerment. We have seen the Web disrupt and disintermediate content and commerce, and now software development is next. Companies such as Salesforce.com, Google, and Amazon are making it possible to create and run powerful business applications in the cloud, and that will change the economics of the software industry forever.”

JAMES PEARCE Vice president of technology at dotMobi; Dublin, Ireland

“The mobile Web. In 10 years’ time we will look back at those quaint few years when our online experiences required us to sit at a lonely keyboard and screen. You don’t have to sit by a hi-ﬁ to listen to music in the 21st century. Why should you have to sit at a PC to use the Web?”

to move it someplace where they couldn’t control it, and where they couldn’t revoke or alter Scoble’s privileged access. With Facebook Connect, Morin says, the company hopes to let users control what happens to their personal information on all sites they use, simply by adjusting their Facebook settings. If a user decides she doesn’t like what some other site is doing with her social information, she can just rescind that site’s access to her Facebook account. Because Facebook wants to put users in charge of what happens to shared contact information, says Morin, it’s cautious about open standards; it wants to make sure they’re secure before integrating them into its site. In the meantime, he says, Facebook is content to build its own tools. THE 800-POUND GORILLA

The tight controls exerted by Facebook may or may not help users, but they have certainly benefited the company, giving it an increasingly dominant position among social networks. However, that dominance is now being challenged by a player relatively new to this arena: Google. Friend Connect, which Google announced just days after Facebook announced its own Connect, makes it simple for a site to add social-network functions by bringing in existing features and profiles from elsewhere. It competes directly with Facebook Connect, but there is a key difference: users can carry their profiles and connections to a new site from any network they belong to, as long as it supports Friend Connect. Google, in essence, is looking to become a middleman in the sharing of social information. Despite such innovations, there is still a long way to go before data is freely shared among social-networking sites, says the DataPortability Project’s Saad. Right now, he says, many companies want data portability to be a one-way street. Some want to receive data from other sites without giving any up, while others want to provide data without receiving it—each hoping that its site will become a user’s primary social tool. In the future, Saad says, “we’re going to try and push quite firmly on the idea that you need to be both providing and consuming data; you can’t be doing one without the other.” For users, the key question remains whether companies will find a way to make social tools work together in a simple, logical fashion. “If you can’t plug your camcorder into your VCR and your VCR into your TV, if things don’t work together, you just don’t use them,” Plaxo’s Joseph Smarr says. One way to achieve such compatibility is for a single company to control multiple online social tools; another is for a variety of companies to agree on common standards. As long as tools supporting both models proliferate, however, the users of social networks may be able to assert their preferences on the open market. ERICA NAONE IS AN ASSISTANT EDITOR AT TECHNOLOGY REVIEW.

CAL H E N D E R S O N (C U LVE R); J U LI ETTE M E LTO N (Z ITTRAI N); SALE S FO R C E.C O M (B E N I O F F)

“Open standards will always be the future of the Web. Developers should be able to rely on their programs’ running well on multiple platforms. Simple and open API standards such as Microformats, OpenSocial, OAuth, and OEmbed will help developers build the next generation of Web applications that we love.”

tributed e-mail system) and a return to the gated communities that offered consistency and security—and also lock-in (see p. 12). To avoid this future, application developers must pressure the makers of cool new platforms like Facebook and Google Apps (or the iPhone, for that matter) to abandon their ability to kill any apps at any time for any reason.”

T E CH N O L O G Y R E V I E W J U L Y / A U G U S T 2008

6/11/08 1:11:57 PM