As I write, Facebook is in the process of executing the biggest IPO in US corporate history. Yet, its security model is so involved, and changes so frequently, that not only have people found it necessary to publish sets of guidelines on how to maintain and update Facebook’s security settings, (http://www.facebook.com/note.php?note_id=10150261846610766 ) but also found that they have their hands full keeping these guidelines up to date. At this point, I must admit I’ve never had an account on Facebook; when they launched here in the UK I was invited to sign up by a number of early-adopter friends, but after a good hard look at their security and privacy policy, I said “you have got to be [elided] joking”.

Facebook’s scope and ambition, is also the source of its security complexity. By trying to be “the aggregation point of everything”, for its users – photo albums, bio and status details, blog, IM, music player, games console, etc etc – as well as attempting to tie it all together into the much-discussed “social graph” and using this to attract an income stream from highly-targetable advertising, I believe it has become sufficiently encumbered by having to deal with such a number of diverse entities with different vested interests that the problem of constructing a security policy which will “please a working percentage of these entities, a working percentage of the time” has become effectively intractable.

This may also be why Google+ seems to be controlling its features carefully. Also, I think Google are taking a very interesting approach in unifying their security, privacy and use policies across their offerings; kudos to them for taking that challenge on.

So, I’ve taken to considering where social media will go, from here; as well as seeing what’s happening at Facebook, I’m also seeing a bunch of people writing about how social media is another tech bubble all set to burst. While I firmly believe social media is here to stay, it’s going to get more Darwinian; as with the earlier tech bubble there’lll be casualties, but the result will be a more business-focussed industry.

I think the pendulum of control over information and its sharing is going to swing back, and much more control is going to be placed in the users’ hands; and this has to happen via a mechanism much more straightforward than Facebook controls. Here’s how I think it’s going to work.

What users are going to do, rather than look to a Facebook to host and aggregate all content and present a unified view of it, is run content aggregators locally. I can see these looking something like the Flipboard app for iPad (of which I happen to be rather a fan). From a UI perspective, I’d have a virtual “book of stuff” per friend, which would have pages, articles and photos aggregated from all the data sources they’ve chosen to share with me. I’d need my address book to be extensible to take URLs (and where applicable, passwords) for all these sources, per friend, but that’s not exactly hard.

When I want to share something with a friend, I post it to the appropriate site, using the most appropriate account I’ve given them access to. There’s no more need for fiddling with access controls, people who want to “share stuff” can just create a new account for sharing with particular people or groups of people. It’s all a bit retro, but it means that the account is associated with the group of people involved, not uniquely and verifiably me as an individual; therefore, I get to dictate whatever identities I want to use, wherever I want to use them. There’ll be a bunch of account info to keep track of from the sharer’s end too, but this is a solved problem.

This will also work if the pendulum swings far enough that users start hosting content on their own servers and devices, as some have predicted.

Therefore, the sites I think will do well out of this are those which do one or two things only, and do them very well, by facilitating sharing of a particular kind of content, under various easily-created accounts which are not tied to a single “real” verifiable ID per user. So Blogspot, Flickr, Wayin et al can breathe easy.

However, the flipside of the idea of returning a bunch of control to the users in this way, is that it becomes more difficult for a site to construct a business model; unless all the sites set cookies and users have to accept them it ceases to be possible to construct a useful social graph (which from a user privacy perspective, is A Good Thing), and as users would be consuming something like an RSS feed, it becomes difficult to insert revenue-generating advertising except at the point where users get to add content to their feeds.

So, the outstanding question for a more user-controllable social media, becomes how to monetise it. It could be that this halfway-house between social media-hosted content and local aggregation won’t wash, and the only  way in which people can make money involves letting the pendulum swing completely the other way by social media companies charging end users subscriptions to host their own individual micro-sites on a cloud infrastructure; whatever happens, it’s not going to be dull…