I believe that personal computing has serious problems so I've developed a general yet concrete solution to all of them.
My intent is to expose the design and underlying ideas for the sake of criticism, discussion, and to discover whether anything resonates.
The Heart Of It
The key is digitized personal information and your control over it (also known as privacy).
Personal information is not just basic attributes like name, address, phone number, and whatnot. It's any and all information about you: your activity, abilities, interests, expressions, associations, needs, history, and personality. Everything: in detail and into the future.
- Digitized information about yourself
- Absolute control over that information
The result of combining these two seemingly contradictory ingredients in just the right way is a type of software that bypasses wide swaths of systemic problems, helps us solve many other problems (from highly personal through to social), and on top of it all is surprisingly simple and easy to use with an interesting future.
- Bypass systemic problems
- Help solve many other problems
- Easy to use
- Lots of potential
- You'll hate it
Computers as we know them aren't going to disappear. Absolute control over your information may never happen (certainly not on day one) but there's plenty of room for improvement. Already-exposed personal information is out of reach but can be overshadowed by new quality information.
Again, no magic, but plenty of strange ideas.
The modern computing equation has three core factors: hardware, software, and people. Hardware is fine, people are who they are, but software is a problem. Conveniently, software is by far the most malleable.
Right now we can look at our computers and say they help us solve many problems. Clearly they are amazingly flexible and powerful, with software able to point the underlying hardware in any number of directions. It seems we can make our computers do pretty much anything.
In the same vein, each person is also flexible and capable. Persistent small informed steps can take us nearly anywhere. The clearer our goals, the more likely we'll achieve them. Better opportunities come to those of us who are better informed, more aware, and richly connected. And the more awareness and control we have over our own behaviour, the more likely we'll adapt and succeed.
Perhaps most importantly we can use our personal computers to help ourselves.
And do we ever! There's Evernote, Trello, Asana, Workflowy, Facebook, Todoist, Google Everything, Microsoft Everything, GitHub, all sorts of GTD, Mint, org-mode, YNAB, and I'm spent. Many thousands of options covering nearly every possibility.
Each of these tools deals with a slice of highly personal information about you. That's the point, after all. These products help you extract value from your actions, social connections, actions, thoughts, or intentions. Some help keep you focused, organized, and pointed in your preferred direction.
When viewed as offering competitive advantage - helping you become more effective - their appeal is obvious.
Such a fragmented marketplace for this type of software indicates systemic problems. Certainly demand is high, but the products are simply not good enough; they don't solve enough problems to justify either their operational overhead or their reinforcement of larger problems.
First, each person tends to discover a fatal flaw; we have unique needs that are not always articulated. Trello doesn't do scheduling; Mint needs manual intervention; EverNote is too complex; org-mode needs Emacs. It's always something. Behind this pattern is the fact that products specialize while also offering the same experience to each person: the same interface, same features, same data structure, same flow. Each person has to adapt themselves to each piece of software only to experience a massive compromise.
Further, thousands of options lead to decision overload, paralysis by analysis, and a general grass-is-greener ennui. It's exhausting to cobble together a sustainable, effective, trustworthy system from pieces that just don't quite fit together. Why bother?
The situation becomes what is known as information silos or walled gardens - some information with FitBit, some with Garmin Connect, some with RunKeeper. Now you get to figure out how to export that data and make sense of it. But you probably won't.
Your personal information becomes fragmented and widely distributed amongst all the various apps and services you use or have tried. Each service murmurs pleasantly about your privacy and how carefully they'll exploit your information or package it for sale, but without having personal oversight and control you'd be wise to minimize your expectations. Privacy without control is a dangerous illusion.
Broadly speaking, right now personal computing is about personal information, it involves or uses personal information. I think of it as a layer of personal atop the computer, which how personal computers came about historically. That's the essence the problem and it runs deep. Decades deep.
The general solution is to make personal information the focus, the center, the essence of the personal computer. So the personal computer becomes personal information, breaking down that long-standing boundary between the personal and the computer.
This puts the person in the captain's chair, in control. Which makes each person responsible for their own information and the consequences of its exposure, a stark contrast to our current habits.
Control is required to develop, protect, and amplify the value of information. Control is privacy; it's the ability to decide what to include, how to organize, and who gets to see what (if anything), and on what terms.
On the Internet, you control nothing. Anything you share may exist forever, whether in public archives or private, with no say in its subsequent use, distribution, or lifetime. Your online activity, in all its glorious detail, is captured and saved indefinitely - fragmented across thousands of sites, services, and organizations if you're fortunate, aggregated if you're not. Neither situation is great. To make matters worse, security lapses from supposedly-competent companies are constantly leading to massive leaks. And the fragile vulnerability of individual computers and devices inspires no confidence whatsoever.
So, to achieve control, it must be possible to remove the Internet from the equation and have the freedom and support to make that decision yourself, whenever it suits you.
I know that's a weird thing to say in 2015, but computers as we know them - freely connected to the Internet - won't be disappearing. They are useful and a big part of this solution.
It's a relatively recent idea that all software must be Internet-aware, often Internet-dependent, and everyone online together. Early software was standalone and it worked. Today there's still room for a different concept of software that is simply much better without the Internet. The hardware and software building blocks are already in place; as with many ideas, it's a simple matter of perspective and will. But not easy. And it won't involve streaming videos.
The need for control is driven by the value of information. When information is inadvertently exposed, its value is reduced. New information straight from the source is valuable; old and indirect information is not. Contextualized, connected, and intuitively structured information is valuable. Random snippets are not.
Cyber-criminals know this well: they strive to discover exploits and siphon information, then sell it for a much higher price to their first buyer than their second, with the the first buyer often paying extra for exclusivity. Then the buyer acts immediately, before the information becomes stale and risky. This same sensitivity to age and exposure holds for all information.
You can always be on the buy side of your own information; pay yourself whatever you like.
Whoever exploits your information receives the value from it. Right now, that's often companies using it for arbitrage, leverage, rent-seeking, marketing, resale, or business intelligence purposes. They possess it, so they control it. You probably don't possess anything like the information they have about you, nor the ability to leverage it.
When you have control (actual privacy) either you receive the value or nobody does. And you can do so much better than anyone else. With privacy, you'll find yourself willing to go into more detail and into more intimate places. Like the difference between when you're at home or at the mall, or with your best friends as opposed to your work colleagues. You're probably much more authentic and open in a trusted, secure, private environment. This raises the value of the information.
Personal information as the fundamental of a computing experience.
That's a strange idea, isn't it? It's an idea that's only possible with control, which the Internet makes difficult, and taking way Internet connectivity is near unthinkable. Pragmatism is required.
I'm going to break this down into two major components:
- The platform
- The general core
At the beginning, these are much the same: the platform is the core. Over time, the core develops specialization while the platform becomes more general.
Think of the platform as a layer atop existing reality (hardware, software, and Internet) that replaces the idea of a "computer" with an abstract privacy-friendly environment.
This environment is specifically designed so that the core (which is personal information) can grow and thrive for your benefit. Shades of a virtual machine, but with much broader scope. Also shades of Freenet, but narrower in scope. Somewhere between the two. If virtual machines are hotel rooms, and Freenet is an exclusive tropical resort, this platform is ... a Westfalia camper van. Not sure that helped.
Earlier I stated the original problem was the personal part being merely a layer atop a computer. First we had computers, then we had personal computers, but the underlying technical nature of computers has remained and evolved on its own. A nature that strikes me as no longer aligned with the best interest of individuals due a severely imbalanced treatment of personal information.
Primarily, the platform provides the highest possible degree of control that each person might want over their information. This means information security is a top priority and, as we know, that's a tough row to hoe.
The foundation of the platform is that each person's information is held as securely as possible within a container whose access they control. There are several options for this container, whether something like Docker, Xen, KVM, or hardware itself (I'm starting with Docker). The container includes a database, a web server, and any data processing tasks. It can be specially configured and also moved around to different physical hosts (perhaps with different operating systems like FreeBSD, OpenBSD, or OmniOS). This is a flexible architecture that scales easily but at a high cost.
Think of it as a hybrid between IaaS (Amazon EC2) and SaaS (GMail) that is not PaaS (Heroku), while also being a hybrid between a remotely-hosted service and standalone software.
Different, right? Good thing its value doesn't depend on a massive user-base, an advantage of standalone capability.
The keys to this platform's security are openness, progression, and variety.
Openness allows trust by making all relevant information available (and encouraged) while also ensuring systems can be verified. Trust without verification is risky so source code is open, software dependencies are open, and infrastructure details are open. Same with security strategies. While openness may be uncomfortable for some, it helps keep the system visible, tested, and responsive to challenges.
Progression reflects the fact that security is an ongoing compromise - a continual effort to balance the ever-changing risks with usability and implementation costs and also with the volatile value of information under protection.
With information security, one size does not fit all.
Each person takes a unique approach to their personal information; some deal with superficialities, others with highly sensitive and attractive information, others with deep intimacy. Some are just getting started, others may have years worth of information. Further, each person has their own thresholds for how much protection they need and how much responsibility they'll take for it (or how much they'll pay for convenience). Further yet, an outsider may see much more value in information than its owner.
So the pragmatic approach is to provide a solid base of security using established tools and techniques, but also provide each person with the option to raise or lower that level of security to suit their needs. Per-user containers provide this capability.
The level of security could range from information being available on a public website or via public API all the way to being hosted on air-gapped high-security hardware in a physical location of their choosing. As a person's information accumulates value, or their appreciation for privacy increases, they can raise their level of protection.
Variety arises from the combination of openness with progression, which can be viewed as meta-privacy. With distinct levels of security, a single breach is less likely to expose all information. With each person's preferred level of security being different (plus possible customizations), and information potentially stored anywhere on the Internet, the big-juicy-target problem gets reduced over time. Individual targets (highly varied and secured competently) are unattractive.
This aspect isn't yet implemented so I'll be brief. For a wide variety of reasons, information wants to be shared. The more it is digitized, the higher its quality, and the more personal it is, the more discoveries we'll make about how to connect and communicate that simply aren't practical now.
With this perspective of personal computing, a legitimate information marketplace becomes possible. You decide what information is shared, with whom (possibly businesses, academic researchers, social-data apps), and for what price (if any).
Others have already developed most of the building blocks required for this marketplace: the implementation might well resemble a cryptocurrency. All we're missing is information of the right type, in the right structure, that's worth trading. That's what this platform provides.
The General Core
Although the boundary between the core and the platform is fuzzy and may shift, think of the core as the basic user interface, the general data structures, and general capacity to accumulate, organize, possibly share, and extract value from this information. The basics, like an operating system, but focused on information rather than applications. Apps come later as specialized information handlers; after all, this is a platform.
This has gone on long enough, so I'm going to bail.
Below you'll find links to pages with different perspectives and more details. As I mentioned at the beginning, there's an implementation that demonstrates the initial half of the general core.
Shoot me an email if you want to talk, it's on my about page.