Federated contact book

One thing I miss from the golden age of Facebook, when pretty much everyone was on it and kept their profile up to date, was that it was easy to find how to reach out to someone. When I wanted to contact someone who I hadn’t talk to in a while, it was easy: I just used Facebook. I didn’t had to worry that I had a wrong or outdated email address. I could see their profile to make sure it’s the right person, and that they had been active recently so my message wouldn’t get lost in the void. It was reassuring!

This is something that email never achieved. Sure, email apps save our list of contacts, but that’s not the same. It places the burden on myself to maintain the list. To make sure that the hundreds of addresses that I collected are named properly and still up to date.

Some people have multiple addresses and it’s hard to know which one they want me to use for sending personal messages. Plus their phone number! Plus their Discord, Whatsapp, Signal, Slack, Steam, Facebook, Twitter usernames. What a mess! Which one should I use? Some people have been calling this the « App Fog » for when you have so many apps and you need to remember which one to use for each friend.

Each of us has the burden of maintaining our contact books. That’s a lot of duplicated efforts! In a group of 50 people, each of us has to maintain 49 contacts. That’s 50 x 49 = 2450 duplicated efforts!

I wish there would be a way to share that workload. If each of us maintain our own contact infos and make sure to keep it up to date, just like we did on Facebook back in the days, then that’s a lot less duplicated efforts!

In a group of 10 people, each of us as to maintain only 1 contact (our own). So that’s 20 x 1 = 20. No duplicated efforts!

So how do we get there? How do we make a system that is as practical as Facebook was back in the day, but not centralized in the hands of a private company? And what would it look like in practice?

Decentralized and federated contact book

Here’s how I would imagine a decentralize and federated contact book:

When someone want to give their email or phone number, instead of giving it directly, they would give you their « contact book profile », which would be an web address that would be short and easy to remember. (ex: contactbook.org/narf) It could also be shared easily by a QR code.

You would open that web address using any browser to see the person’s public profile. This means that even if you don’t have a compatible app, you can still have basic access. This public profile would list public information that your friend want to share, like maybe their Linkedin profile or work phone number and a short bio.

But if you do have a compatible contacts app (and ideally, all currently existing contact book apps would support this open standard) you can add that URL in your app to save the profile of your friend. At the start, you only see their public profile. But you can then send a friend request to see their private info, which would include things they aren’t sharing publically, like their personal email address, personal phone number or home address.

You should have total privacy control of who has access to your personal information. For example, you could hide your phone number by default and people would have to send you a « phone number request » before seeing it. And would could decide for how long to give it access to: forever or maybe just a couple months? (The default could be something like 2 years.)

The intent of all this system would be that once you’ve added a friend in your contact book app, their profile would be kept up to date automatically every time they update it. If they have a new phone number, they change it on their profile and your contact app automatically updates itself with the new info.

Of course, if your friend wants to keep their new phone number private, they could do so. Your app would display that their phone number is outdated and that you need to request access again.

This system should be an open standard, so that all existing contact book apps could implement it. Kinda like an updated version of CardDAV (https://en.wikipedia.org/wiki/CardDAV).

And ideally, all of that would be end-to-end encrypted, so that only your friends get to see your personal data. The host where you store your profile and your friends hosts should not be able to read your contact info!

And because it would be an open protocol, you could decide who you trust with your personal data. Sure, you could use Facebook or Google as your host, but there would be plenty of independent hosts, just like there are thousands of email providers and phone companies!

Or you could self-host it on your own personal website/server if you have one. I can imagine extensions for WordPress, Squarespace, Linktrees or wherever people host their website these days. It could be hosted by your Fediverse software of choice, like Mastodon or Firefish. Of course, it could also be hosted by your existing email provider (but, again, maybe you don’t want to trust Microsoft or Google with that! lol)

And because the quantity of data to store is small (a few text fields and maybe a couple profile photos), the cost for hosting would be quite low. Way less expensive than running a Mastodon or Email server.

Do you know any existing services that do something like that? Am I trying to re-invent something that already exists?

UI and user experience

Now let’s talk about UX!

For something like this to work, for people to want to use it and ditch Google and Facebook, it would need to provide excellent user experience.

For example: how do we make sure that people keep their profile up to date? This proposed system would be no better than our current contact books if they are always outdated! This isn’t a technical or UI problem; it’s a user experience problem!

One possible solution would be to prompt the user, maybe every 3 months, to validate 1 random piece of data of their profile.

  • « Do you still use 555-555-1234 as your personal phone number? »
  • « Do you still use sexyDrewXxX@hotmail.com as your email address? »

We don’t want to ask too frequently, and we don’t want it to take a long time to validate. It should be a simple yes/no question.

Your profile could even display when it was last validated next to each field, so that your friends know it’s not outdated. It would be reassuring to know that I’m about to send an email to an address that was validated less then 6 months ago. At least I’ll know I’m not about to talk to a void!

Another problem to anticipate: What if the host of a friend’s profile is temporarily or permanently unavailable? Well it wouldn’t be that bad since you would still have your local copy of your friend’s profile in your contact book app. That’s the beauty of local-first data storage!

Also, for maximum redundancy, we could think of a backup system. Your profile could hold a link to a backup profile of yours, hosted with another provider and kept automatically up to date. Kinda like a git mirror server or when your hospital ask you for parent/friend number in case of an emergency.

Another difficulty that come with decentralization: What if you want to migrate your profile, including all your address book, to a new host because your current host is problematic? It should be easy to migrate, without losing any of your friends or their data.

We can look at existing decentralized system and how they attempt to solve migration:

1️⃣ Most email providers have a tool to migrate all your emails and contacts from your old provider. But it doesn’t let your friends know that you have migrated and that they need to use your new address. You have to tell all your friends to use your new address, meaning they have to manually update their contact book. And you need to either setup an automated email forwarding or remember to check your old account from time to time. Not ideal… 🫤

2️⃣ Mastodon, Firefish and Pixelfed let you migrate, and all your followers will follow. They are automatically informed that you have a new account. If they still try to use your old one, they see a banner that tells them that you have a new account. That’s what we want!Unfortunately, not all data is migrated automatically: your list of friends and the lists you created aren’t currently migrated. You must export them to a file and re-import them in your new account. Not ideal… 🫤

For the federated contact book app that I’m proposing, it really should be better! When migrating to a different account, you would simply need to:

  1. In the old account, provide the link to the new one
  2. In the new account, provide the link to the old one (for confirmation)

Then the following would happen:

  1. Your profile is copied to the new host (all encrypted because both the old and the new host shouldn’t be able to read your data!)
  2. The list of people who gave you their contact infos should also be migrated to your new host (all encrypted of course!)
  3. Everyone to whom you gave permission to access your contact info are notified (or at least their host are). Their host automatically fetch your new data so your friends have nothing to do manually. It all works like magic!
  4. Your old account is automatically setup as a backup of your new account and will now automatically mirror all changes on your new account. Unless you don’t want that, in which case you can delete that old account.

Why is this so complicated?

Basically, this idea for a federated and decentralized contact book aims at addressing the shortcoming of emails and SMS. The beauty of email and SMS, and the reason why governments and companies always ask for an email or a phone number, is that it’s universal. Everybody has one! It’s not tied to a specific company, so everyone has the freedom to pick a provider (unlike in some countries where everything goes through Whatsapp or WeChat.

But I hate that email and SMS both feel stuck in the past, and they they are so much more difficult to use compared to Facebook Messenger, Discord or Whatsapp when it comes to maintaining your contact books. The only solution I found for myself was to make my own website and put everything there (https://blogue.narf.ca/accueil), but even then, I don’t want to display stuff like my private email and phone number because I’m afraid of spam.

With what I’m proposing, you can safely give your public profile anywhere, because people will still need to request permission to access your email or phone number, and you can revert that at any time.

This text was originally a thread on Mastodon.


Le

par

Leave a Reply