BREAKING: I’m on a podcast! My friend and former colleague Rob Leathern had me on his great new podcast Won’t Fix, about AI-driven deception, abuse and scams — and why they're so hard to stop. If you’ve ever wanted to hear almost a year of Platformocracy posts distilled to a fast-moving 45 minutes or so, this is your chance. Plus there’s video if you want to see if you can spot my labradoodle George hanging out in the background.
A few months ago, I proposed that big platforms could bring due process to account terminations without breaking the bank. That series got a good response, and was fun to write, so today I am making another proposal: privacy-safe social graph portability.
We have many reasons to want it to be easy to move our social graphs between platforms.
As an individual, you want your friends and family to know how to find you on a new platform.
As a creator, you want to be able to bring your followers with you wherever you go, to protect your business and influence.
As the administrator of a group, you want to keep your community going even if you swap out the underlying social platform.
As a friend, fan, or group member, you want to know when moves happen, and to have an easy way to recreate the relationship on the new platform.
The ability to move platforms is also critical to reclaiming our voice online. I’ve written a lot about the importance of credible Exit (leaving one platform for another) over the past year. Here’s a refresher.
Exit is part of Albert Hirschman’s model for how people let organizations know that they have started to deteriorate (worse products, poor governance, etc). Quitting a group is a strong signal that something is wrong.
Exit is also a building block of participatory governance. As David Stasavage writes in The Decline and Rise of Democracy, “Whenever the populace found it easier to do without a particular ruler—say by moving to a new location—then rulers felt compelled to govern more consensually.”
Exit does not mean just getting a big file dump of your activity. Export is only useful if it comes with some form of import to a destination platform.
Privacy is a concern, but consent is a practical solution
The main platform excuse for not doing this today is privacy risk, like what led to Facebook’s Cambridge Analytica scandal. If you gave a third-party app access to your Facebook account before 2013-2014, it also got automatic access to all of your friends’ names and a bunch of their data. This let Cambridge Analytica leverage only 300,000 willing participants into a database of 87 million Facebook users. [See this definitive 2018 explanation by Jonathan Albright of the Columbia Tow Center for Digital Journalism for the details.]
Modern consent standards mean that you can’t just download your social graph from Platform A and upload it to Platform B. Each person in your network needs to agree to re-establish their relationship with you in a new place.
A basic, consent-driven workflow for moving platforms would be pretty straightforward for any social platform to implement.
You give Platform A a link to your new profile on Platform B, and ask Platform A to notify your network that you have moved.
Platform A sends a notification to each person on your network, including the link to your profile on Platform B if they want to re-connect.
Platform A displays the link to Platform B on your old profile permanently, like a forwarding address. Anyone who tries to interact with you on Platform A in future will get the notification and the forwarding link.
Security and usability can be improved with proven technology
Just typing in an arbitrary link to your new profile on another platform is clunky, and not secure. If someone compromises your account, they could spam your network with a malware link. The good news is that a proven technology that’s been around for over a decade could fix this, and make moving more user-friendly at the same time: OAuth.
If you’re not in the tech industry, you probably have never heard of OAuth, which is short for “open authorization,” but you’ve almost definitely used it. OAuth is the underlying mechanism for Sign in with Google, Sign in with Apple, Log in with Facebook, and so forth. OAuth works under the hood to provide the appropriate security and cryptographic signatures (fancy math that proves it’s not being faked) so that an app using third-party sign-in can trust the process.
Using OAuth to verify your new account on Platform B would assure your friends and followers on Platform A that this is a legitimate and safe change. With this higher level of security, Platforms A and B could even collaborate to trigger the reconnection process on Platform B with a single, secure click from inside Platform A.
This is not just theoretical. OAuth is already being used to connect social accounts on two huge platforms with over 200 million monthly active users each – Discord and Twitch. Discord Connections let you link accounts for over 20 platforms, including YouTube, TikTok, Reddit, Bluesky, XBox, PlayStation, and more. Twitch Recommended Connections works similarly, and supports a long list of game and social platforms.
Importantly, Discord and Twitch use these connections as a way to decorate profiles, improving their value for current users. Persistent connections let you keep track of your friends, family, and favorite creators wherever they are. This is a huge improvement over the clunky and insecure workaround that big platforms force us into – adding a link in bio, with a service like Linktree, to list all of your online identities on a separate page.
Big platforms will fight this, but they shouldn’t
The biggest platforms don’t want to enable social graph portability or a network of connections. Platform stickiness is good for revenue growth, and in their minds your social graphs belong to them, anyway. In 2013, for example, Facebook infamously blocked Twitter’s new short-form video app Vine from using their friend finder API on the thinnest of pretexts, just because Vine usage was exploding. That delayed consumer choice for years, until TikTok got big in the US around 2019.
Regulation is a proven way to break down barriers to Exit. The US has required mobile phone number portability since 2003, in the face of years of industry lawsuits and griping. “These programs are enormously expensive, and we think customers are best served with our using our resources for other things, like increased network capacity and new applications” said Audrey Schaefer, a spokeswoman for Nextel, in 2003. [Narrator: “She was wrong.”]
Besides, the big platforms could turn a connections/portability mandate to their advantage. Verified information about their users’ other social accounts (including notification when someone moves entirely) would be a huge new source of market intelligence. Not only would this reveal more about current competitors, it would be a powerful early-warning system for new platforms gaining traction with their user base.
Besides, a mandatory portability workflow, while important as a matter of principle and giving people options, is unlikely to upend the entire social media market. Mobile phone number portability lowered prices and led to some ownership changes (like Cingular buying AT&T), but the biggest players were able to keep competing and winning. The strongest social media platforms would survive social graph portability.
If you’re a social platform who really believes you have no unique value to offer other than making it hard for your users to switch, you’ve got bigger problems.
Next time: loose ends
I skipped some important caveats this week. I didn’t mention ambitious proposals to get away from multiple accounts (and governance by the biggest platforms) by moving to decentralized identity. And I didn’t talk about the challenges of moving an entire community, like a Facebook group, between platforms. I will look at those topics, and address any feedback I get from you at [email protected] or on social media, next week.
Social graph portability would be good for us and for democracy