Previous  |  Next



Tim O'Reilly

Tim O'Reilly

The Social Network Operating System

People have been talking about Facebook as the "social network operating system." At the Graphing Social Patterns conference the other day, I talked a bit about why, for that statement to be true, Facebook will have to focus on interoperability with other providers of social graph data -- and I don't particularly mean other explicit social networking sites like MySpace.

Every explicit social networking site, which is trying to reconstruct my social network by asking me to invite people and approve their invitations, is crying out for access to my true social network, which (to the extent it exists online) is locked up in applications that don't think of themselves as social networking applications at all. I'm talking about my email (which Xobni is starting to make available), my phone company's call history database, my corporate directory, my address book, my CRM system, and so on.

Let me make this concrete with the example I gave at the conference. Consider this recent spate of friend confirmation requests from Facebook:

facebook asks me to confirm people I clearly know

Now, why should I have to confirm these requests manually? and freebase both know that Sean O'Reilly is my brother. My company directory could confirm that Laurie Petrycki and Mike Loukides work for O'Reilly. Working with more unstructured data, Google or even Flickr could identify that I know Danese Cooper. She's spoken at many of my conferences, edited books for my company, and worked publicly with me for years on open source related issues.

The move from manual confirmation to automated recognition is one of the major trends that has allowed the web to scale from early manual web directories like GNN to smart search engines like Google. Social networking needs to follow the same path, discovering data about my social relationships, and not just asking me about them.

This is why I'm excited about the initiative started by Brad Fitzpatrick and David Recordon to push for social network portability and interoperability, the "open social network graph," so to speak. The only way we'll get to a truly comprehensive "social network operating system" is by defining protocols that will let everyone who has social networking data, from general purpose friending sites like facebook, to special purpose sites like geni and dopplr, to corporate directories, to interoperate via a set of clearly defined interfaces.

Such a system might have some of the characteristics of the DNS. Just as each machine has a unique ID, so might a person. (Maybe an email ID is a sufficient handle. Even though many people have multiple email IDs, it seems pretty clear that there's momentum towards an email address being a universal login identifier, whether via OpenID or some other mechanism.) That person could maintain their own identity record -- this is who I am, this is who I'm also known as, this is who has verified information about me -- or they could delegate this to some other provider. That provider should be able to give granular access to known data structures that define a person. (Freebase's people records are a good model.) That way, I can look up information that is guaranteed to be correct (barring spoofing).

It's also important to recognize that "the social networking operating system" is really just a subsystem of the larger internet operating system that we're building or evolving, and perhaps it's even just a part of the identity subsystem, which also includes other components like payment (Paypal, Google Checkout, Amazon Payments, and of course the credit card ecosystem itself are all potential players here), and various elements of personal history and preference such as my purchase history at Amazon and other online retailers, my search history at Google, etc.

If I wanted to own the social networking operating system, I wouldn't enter a winner takes all race to own the biggest social graph. Instead, I'd work as hard as I could to make a user-centric set of tools for managing what I want known about me, and who I'm willing to have know it, as well as underlying libraries for discovering and verifying other authorized sources of information about me and who I know, as well as managing access to and authorization to use that information. Oauth may be a step in the right direction.

We're a long way from there, but there's no question in my mind that that's where the technology wants to go.

tags: facebook, oauth, openID, social_networking, web2.0  | comments: 24   | Sphere It


0 TrackBacks

TrackBack URL for this entry:

Comments: 24

Gabriel Tellez   [10.12.07 04:36 AM]

Hi Tim,

Any ideas on how to measure "trust" in a social network? or more than that, new Software Engineering rules for building on-line social networks?

I understand that OAuth can be useful regarding security matters like confidentiality and/or privacy, but I understand it because I've a Computer Systems background...what happens with people that isn't aware about how all that stuff works?

Do you think "trust" can be dependable on which entity supports certain on-line social network?...

Julian Bond   [10.12.07 05:03 AM]

Your comments also reflect why Twitter's innovation is important. Why should you have to answer every request that goes "Am I your friend Y/N" when what those people really want to do is to follow you. "Following" and "Followed by" is much closer to what people are actually doing on these sites than the two phase confirmation which currently happens. The problem is that following has been overloaded with other privacy functions where confirmation of "Yes, you are my friend" is also used to mean "Yes, you can spam me with application invites".

"Following" is also open to automation and the moving of social graphs.

Wayne Smallman   [10.12.07 05:39 AM]

Several issues need to be addressed before social networks and social media portals serve their user base better.

Currently, everyone is a "friend", which says nothing about our true relationship with the people we meet on-line. So we need a more fine-grained approach, to discern a true friend from a simple acquaintance.

Then there's the issue of a truly portable social profile — which I too had envisioned as something akin to DNS.

Something that is portable, has the option to segment data, allowing us to show only portions to certain people or specific services for a pre-determined length of time.

Currently, oAuth and OpenID are as close as we've got, but it's only a matter of time before we can be free to concentrate of the features of the social networks themselves and not be troubled by managing our profiles.

Additionally, the service providers themselves need only add in the hooks for whatever standardized API that emerges, and they too can concentrate on the USP's of their offerings...

Nick   [10.12.07 05:56 AM]

Isn't this exactly what Google is planning to do in the social space?

Oli Rhys   [10.12.07 06:48 AM]

As far as I understand the basics, the concept of, or at least the metadata of FOAF should sort this out for you.

Secondly, this is very much a self fulfilling prophecy you are building here. Facebook is flavour of the month and so gets the prize.

Personally, I think it may be more sensible to work on trying to equal out the differences between someone's online persona status and their offline status. As it currently is, a very popular early adaptor with many similar rated online friends carries much more kudos than an expert in their field with no time to play with their social networking site!

John A Arkansawyer   [10.12.07 06:54 AM]


When you say

Now, why should I have to confirm these requests manually? and freebase both know that Sean O'Reilly is my brother. My company directory could confirm that Laurie Petrycki and Mike Loukides work for O'Reilly. Working with more unstructured data, Google or even Flickr could identify that I know Danese Cooper. She's spoken at many of my conferences, edited books for my company, and worked publicly with me for years on open source related issues.

Can you reliably say that every person who fits one of those criteria--"sibling of", "employee of", "colleague of" or "works with"--should be allowed into a given person's social network?

Search☸ Engines WEB   [10.12.07 09:45 AM]

I'd work as hard as I could to make a user-centric set of tools for managing what I want known about me, and who I'm willing to have know it, as well as underlying libraries for discovering and verifying other authorized sources of information about me and who I know, as well as managing access to and authorization to use that information
This certainly is a sound goal in a more trusting world. But, all it takes is one major security breach or widespread hack - and all the walls come tumbling down for each participant! The continuous, tenacious security safeguards have to be just as innovative as the social network operating systems' model.

Joe Duck   [10.12.07 10:29 AM]

make a user-centric set of tools for managing what I want known about me, and who I'm willing to have know it, as well as underlying libraries for discovering and verifying other authorized sources of information about me and who I know, as well as managing access to and authorization to use that information.

Tim - right on. As usual you have very clearly articulated the challenge and the promise of true social networking. If Facebook continues to open things up maybe they should reap the biggest rewards, but it seems too early to crown them as the king of the social heap and the eventual repository of all my social networking data which now includes a lot of stuff about us that we don't control or even know about (e.g. Riya face recognitions or Flickr pix and comments ).

Alexander van Elsas   [10.12.07 10:51 AM]

I think you are addressing the right issues, but we all tend to use too much terminology that relates to the network. But there lies exactly the real issue with most social networks. the service creator needs to create value by leveraging the network (how else is he going to make money by offering a free service). This obviously creates a basic reflex to have walled gardens around each network. But that doesn't fit my needs as a user. True user centric services would allow seamless integration of all the different social networks I am in, and the privacy would be controlled by me as well. I really like the work being done on that by Dick Hardt with is identity 2.0.
But if you ask me we need to make a mental shift in our thinking, from network and network terminology to user value and user interaction. Interaction is the key word here, my profile is my interaction with others, not the network that lies underneath. I wrote a post earlier that describes my 10 wishes to move away van network value to user centric value. Some of these wishes address exactly the problem you are sketching above:

Matthew   [10.12.07 03:19 PM]

Personally I'd rather approve each application manually. I use Facebook, LinkedIn, MySpace etc. all differently and somebody that I'd accept as a "friend" in one is not necessarily a friend in the other. Indeed, there is remarkably little overlap between my friends in each network.

Tim O'Reilly   [10.13.07 07:07 AM]

Gabriel --

In my social network operating system of the future, trust will work a lot like PageRank (and other web ranking algorithms) do today: as a statistical analysis of a variety of factors, including some degree of explicit rating, but not depending on it. Take the phone and email, for example. There is lots of great metadata to be collected: how often do I communicate with this person? How quickly do I respond when they contact me? How often do I initiate communication, and how quickly do they respond? How long have we been in contact? How many different modalities (phone, email, IM, other) do we use to connect? Add in: are we in the same organization? Do we work together in other ways? Do we appear in pictures together? Do I subscribe to their RSS feed?

There's a long way to go here, but I think there are breakthroughs to be had.

Obviously, the automated trust metrics will get you only so far, but it would seem that they could produce a list for manual review and management.

Kind of like keeping track of and managing your credit score.

Tim O'Reilly   [10.13.07 07:12 AM]

Julian --

I agree about making the distinction between a follower or fan and a friend, but I think you err in giving credit for that "innovation" to Twitter. Flickr allowed one-way relationships long before Twitter, and I'm sure other sites did too.

But this is, big time, one of the areas where we could see some social network innovation. It's important to make more nuanced distinctions. I got Tony Stubblebine to add this to crowdvine. You see, there are people I want to follow who I don't know, or might not even be my friends, while there are friends I have no need to follow, since I already know a lot about them. (I know I'm followed more closely by my competitors than by many of my closest friends!)

Tim O'Reilly   [10.13.07 07:19 AM]


I'm not saying that everyone who meets various criteria should automatically be included. That might be configurable by the user, for instance. I'm just saying that sites will eventually need to do more of the work for the user.

I remember Larry Wall's old configuration routines for RN, for example. Rather than asking you all kinds of information about your machine via a series of forms, which was typical for installation scripts of the time, Larry's software rooted around, figured out what it could, and asked you for confirmation.

Now we take that for granted.

Thomas Lord   [10.13.07 08:44 AM]

The rise of social graphing business models is a moral crisis for our industry.

First, it is a business largely based on obtaining labor fraudulantly. Users are clearly informed of the supposed personal benefits they'll receive by adding to the databases, but they are not well informed about "what's in it for host". They are not well informed about how the data is used and can be used in the future. They are not well informed about how they are helping put money in other people's pockets. Like Huck Fynn for Tom Sawyer, the user is drawn into doing "free work" on the promise that it will be fun.

Second, social graphing is the spy business. It may as well be called "privatized cointelpro". Social graphing tools are a way to infiltrate actual real-world (human, not digitized) social networks for the purpose of building dossiers of assemblies and associations, such dossiers to be sold to third parties for private use. We don't let private investigators operate will-nilly for any profitable ends -- we license them and confine their investigations sharply. Why should we treat corporate "human intel" organizations that spy on groups of people differently?

Third, social graphing sites are provoking neo-tribalism and killing markets. "Tribalism" occurs when groups of people use binary, totemish symbols to distinguish in-group and out-group members. By "neo-tribalism" I mean a form of tribalism in which tribal identities are not received from ancestors, but rather are made up in the present and spread horizontally (e.g., through advertising campaigns). Relationship markers in social graphing applications are such totemic markers. Social graphing apps are literally implementing user friendly tools for a form of bureaucratic tribalism. That would be merely gauche except that, on top of it, the number one use promoted for these sites (besides "fun") is as a safe and privileged trading environment -- trade (job seek, etc.) on your registered network. When a society's economy breaks down such that trading occurs almost exclusively within sub-societal tribal groups, that society is in a heck of a lot of trouble -- yet this is exactly the end-state the social graphing companies are pointing at.

Fourth, the social graphing applications (and the manner in which they are marketed) encourage a rejection of valuable received norms about what comprises a "social network". As nearly all great literature teaches us, social relationships between people are meaningful in our lives because they are ambiguous at each moment -- that ambiguity affording us liberty. Social *graphing* and the development of communication skills that reflexively respond to the graph eliminates that ambiguity. An example will illustrate:

Real world, non-digital social network:

My friend K needs a job and knows that I know M, who might have one to offer. Will I inquire with M? That day I visit M and, after chatting, realize that M is in a foul mood so I say nothing. The next day I return. M is cheerier and, also, instantly recognizes that my unexpected return suggests I want to talk about something important. We chat a bit, and I get around to telling M about my friend K.

Social graph application web experience:

K needs a job and thinks M might have one. Logging in, K finds that she is but 2 connections away from M, by at least three different routes. She writes a quick cover lever for intermediates, asking if anyone will pass it along to M, and attaches her resume. The next day, two of us intermediates skim the message and click the button to forward it to M. Indeed, we're all so modern and busy that this is a convenient way to handle things. Had K come to speak to me personally about this, it could easily have seemed intrusive and time-wasting by comparison.

On a personal note, I think social graphing technology must look very different and far more banal to, for example, someone like Tim. In some ways, the job of an exec like Tim is to play a massive game of simultaneous "conversation chess" with lots of people at once -- to be one of the "social butterflies" in certain crowds, one of the people who talks at least a little with almost everyone (in that crowd). People who are very good at that have a long tradition of keeping *private* diaries, calendars, and dossiers to keep track of the many conversations: it's an art. Of course it would be desirable to have a lot of on-line help with that personal map-making.

It's a big leap from that kind of use, though, to the current mass-market business models. Those users *didn't* start-off needing this, they still don't, and some report that they feel they have little practical choice but to use it anyway. Meanwhile those users don't really understand what they're building, what it can be used for, or who benefits. And, predictably, these things are doing serious damage to real world social networks and real world markets.


Thomas Lord   [10.13.07 09:02 AM]

I learned about a new social graphing company the other day when I received two separate invitations to join (in the same day!).

Wondering what was going on, I Googled around and found some descriptions. I am not certain these are true (if someone has better information, please share). The rumors at least illustrate my points above:

The social graphing company specializes in internships for young professionals. People join the graph by invitation. Professional recruiters host special-interest "forums" where candidates are received. The right to participate in a forum is obtained either by paying money, or by recruiting some number (I think it was 20) of new members to the site (via invitations).

*If* it is true that the site works like that, can anyone argue that it is *not* a pyramid scheme?

How is that description all that different from what pretty much all of the sites actually do? The "prizes" vary -- it isn't always an audience with the recruiter for some internships -- but there are always prizes of one sort or another. And there's always only "so much room at the top" with pressure on those not at the top to build out the next generation of exponential membership growth...


face booger   [10.13.07 09:36 AM]

"there's no question in my mind that that's where the technology wants to go."

But where does the user want to go?

There is yet only the thinnest correlation between the stickiness of systems like facebook and their utility.

Much of the current talk surrounding the social graph fails to provide any compelling benefits for the user in outboarding this kind of personal data, fails to recognize the novelty/entertainment basis of the current boom, and glosses over the security challenges of the prospective implementions.

Facebook from the user perspective is really just an adult version of the tamagotchi (keychain digital pet), crying to be "fed" from your inbox or rss reader, providing the vapid satisfaction to the user of watching it grow. Calling it any more a "platform" than the pet-rock is wishful thinking... a collective hallucination of silicon valley greed. Trying to turn facebook's lead into gold could be the ruin of many a valley alchemist.

Tim O'Reilly   [10.13.07 09:52 AM]

face booger --

It's always a mistake to judge the future by the early hacks. The PC was derided as a "toy." Yes, Facebook is mostly for fun today, but there are many things being learned in social network sites for fun that will be extremely useful in more functional systems that rely on social networks -- everything from CRM systems, to knowledge management, to HR systems, to new kinds of collective intelligence applications.

Ed Daniel   [10.14.07 01:12 AM]

I'm glad you're championing interoperability and common interfaces for SN tools though the 'crowd envy' factor will be a barrier for some time.

I wonder when SNs will move to de-centralised architectures such as P2P networks. Enabling us to dislocate our data from these SNs and syndicate across the entire spectrum of SNs would be an ideal way forward.

With the web one is able to remove data duplication through intelligent linking so is there much reason to centralise except when it's in the interest of the SN to index our data for their commercial benefit?

Still wrestling with the optimum way to provide advanced meta-creation over a P2P SN, though I feel a permission based hub-spoke model would be a half-way house for now... what will be interesting is when we start to share meta data and move beyond the simple to the complex.

Vincent van Wylick   [10.14.07 02:04 AM]

I think the costs in this scenario far outweigh the benefits. For my 30+ friends on Facebook, I don't need to "manage" my relationship, because those are actually my friends. And I still shudder at the memory of StumbleUpon asking me to scan my email for friends on the network, and then deciding—without my permission—to send invites to all those that didn't. Very embarrassing, considering some of those are Harvard professors.

I think many people would prefer to control their own "social graph." And only some—let's call them geeks and people with 5000 "friends"—would like to have this meshed web-like interaction, which… will only work with services like Google, who have access to your mail, calendar, chats, etc. and can usually be trusted to not annoy their users with that knowledge.

Tim O'Reilly   [10.14.07 07:37 AM]


I think you're absolutely right.

Tim O'Reilly   [10.14.07 07:56 AM]


You're right that we don't need any of the things I wrote about if you want to use Facebook to manage visibility of a list of 30 of your friends. That's its original use case. But "the future always comes too fast, and in the wrong order," as Alvin Toffler says. People *have* started overloading that use case, and trying to get facebook to do things for which it wasn't originally designed. We do it all with a lot of bad hacks. And eventually we do it over and do it right (or at least better.)

Why is Top Friends so successful? Because most people do in fact have more people friending them on facebook than they really want to track.

Why are business people trying facebook? Because they see it as a kind of lightweight CRM system. Or because they want to use it as a marketing tool, or...

I'll also remind you of a comment that Steve Case made early in the days of the web, arguing for why AOL would continue to dominate: "our stats show that most people never visit more than 20 web sites. they find ones they feel comfortable and stick with them." That comforting thought encouraged walled garden thinking that eventually led to AOL's demise as a major destination. Steve had bought GNN from me. GNN was the first web directory. But Steve didn't see the potential, and didn't invest in it -- it was just insurance -- and then Yahoo! came along and cleaned AOL's clock as a destination embracing everything. (Years later, Steve said to me, "I still regret how we muffed the GNN opportunity.")

And then came Google and the search economy, and pushed "access to everything" even further.

I think that eventually, social networks will follow the same path, from a list of 20-30 "channels" (people you're close with and following) to "access to all the world's information."

Thomas Lord   [10.14.07 09:14 AM]

What do social graphing web services give me that good software for managing private address books would not?

Hey, you know, this is what has been built so far:

1. Anyone could screen-scrape MySpace and build clique maps of many high schools. With better than random chances it could pick out the jocks and the nerds and the circles of true friends. You could probably do a half-decent job of noting people's favorite colors, favorite music, hobbies, favorite foods, economic status, and linguistic group (dialect), too.

That is a freaking gold mine and well worth the investment (if you are amoral). The evil plan would be to collect that data now and quietly test its quality now, but then sell it to advertisers in about 10 years (linking people to their guessed 10-year from now contact info).

(MySpace the company is probably in the best position for that but they aren't the only ones who can do it.)

2. Some social graphing tools that have privileged access to the overall graph like to share little tid-bits of information with the public, while trying to maintain privacy. They can fail in interesting ways:

Suppose that anyone can (a) count the number of people in a graph they are connected to; (b) add a new contact link; (c) count again; (d) delete any old contact link.

Then, anyone can infer "much" about the structure of the graph.

If as a bonus, anyone may ask "by how many links am I separated from X" then anyone can infer "much" (and probably "even more" although I haven't done the math to prove it) of the graph.

One could not, in general, reverse-engineer the entire graph but a third party, through that kind of screen-scraping, could likely give good answers like "Is A a contact of B? 97% likely."

I'll bet *that* database (from the SG sites oriented towards professionals and frequented by execs) commands a high price (even today)!


This is an industry based on giving away incentives to contribute data and to recruit other data-contributors, where the main value being produced is databases useful to third parties for manipulating those data-contributing users.

It's a ponzi scheme, it's fraud, it's classist and oppressive, it is the buying and selling of fraudulantly obtained labor, when usage becomes normative it is therefore a kind of "light touch of the whip" slavery.

And it was a well-intentioned accident:

To use the Internet for a mass-market application requires a ubiquitous client-side platform. Browsers are all we've got. There is no standard for "client-selected storage" of data so all data-recording apps must be server-side. Hence: a rapid build-out of such apps, the surviving members of which we dub "Web 2.0". But this is part of what separates engineering from tinkering: a goal larger than just making the lights blink.


p.s.: The way that stolen labor is treated by the SG apps finds interesting analogies in the prevailing norms of how open source projects are run.

John A Arkansawyer   [10.15.07 05:34 PM]


I'm just saying that sites will eventually need to do more of the work for the user

is a much more modest goal, and not at all the original statement of the problem:

Now, why should I have to confirm these requests manually?

Ron Carlos   [12.29.07 07:00 AM]

Online Social Network Operating System (OSNOS)
2008 will mark the birth of an online social operating system built on opensource. This will bring some structure to the hundreds of social widgets or applications. In addition, this OSNOS will make it easier to enable mobile internet convergence. A move to this new platform will be led by Facebook and supported by other social networking websites such as Bebo.

Post A Comment:

 (please be patient, comments may take awhile to post)

Remember Me?

Subscribe to this Site

Radar RSS feed