Winning back the Open Web

The web was born as an open, decentralized platform allowing different people in the world to access and share information. I got online in the mid-nineties when there were maybe 100,000 websites in the world. Google didn't exist yet and Steve Jobs had not yet returned to Apple. I remember the web as an "Open Web" where no one was really in control and everyone was able to participate in building it. Fast forward twenty years, and the web has taken the world by storm. We now have a hundreds of millions of websites. Look beyond the numbers and we see another shift: the rise of a handful of corporate "Walled Gardens" like Facebook, Google and Apple that are becoming both the entry point and the gatekeepers of the web. Their dominance has given rise to major concerns.

We call them "Walled Gardens" because they control the applications, content and media on their platform. Examples include Facebook or Google, which control what content we get to see; or Apple, which restricts us to running approved applications on iOS. This is in contrast to the Open Web, where users have unrestricted access to applications, content and media.

Facebook is feeling the heat from Google, Google is feeling the heat from Apple but none of these Walled Gardens seem to be feeling the heat from an Open Web that safeguards our privacy and our society's free flow of information.

This blog post is the result of people asking questions and expressing concerns about a few of my last blog posts like the Big Reverse of the Web, the post-browser era of the web is coming and my DrupalCon Los Angeles keynote. Questions like: Are Walled Gardens good or bad? Why are the Walled Gardens winning? And most importantly; how can the Open Web win? In this blog post, I'd like to continue those conversations and touch upon these questions.

Are Walled Gardens good or bad for the web?

What makes this question difficult is that the Walled Gardens don't violate the promise of the web. In fact, we can credit them for amplifying the promise of the web. They have brought hundreds of millions of users online and enabled them to communicate and collaborate much more effectively. Google, Apple, Facebook and Twitter have a powerful democratizing effect by providing a forum for people to share information and collaborate; they have made a big impact on human rights and civil liberties. They should be applauded for that.

At the same time, their dominance is not without concerns. With over 1 billion users each, Google and Facebook are the platforms that the majority of people use to find their news and information. Apple has half a billion active iOS devices and is working hard to launch applications that keep users inside their walled garden. The two major concerns here are (1) control and (2) privacy.

First, there is the concern about control, especially at their scale. These organizations shape the news that most of the world sees. When too few organizations control the media and flow of information, we must be concerned. They are very secretive about their curation algorithms and have been criticized for inappropriate censoring of information.

Second, they record data about our behavior as we use their sites (and the sites their ad platforms serve) inferring information about our habits and personal characteristics, possibly including intimate details that we might prefer not to disclose. Every time Google, Facebook or Apple launch a new product or service, they are able to learn a bit more about everything we do and control a bit more about our life and the information we consume. They know more about us than any other organization in history before, and do not appear to be restricted by data protection laws. They won't stop until they know everything about us. If that makes you feel uncomfortable, it should. I hope that one day, the world will see this for what it is.

While the Walled Gardens have a positive and democratizing impact on the web, who is to say they'll always use our content and data responsibly? I'm sure that to most critical readers of this blog, the Open Web sounds much better. All things being equal, I'd prefer to use alternative technology that gives me precise control over what data is captured and how it is used.

Why are the Walled Gardens winning?

Why then are these Walled Gardens growing so fast? If the Open Web is theoretically better, why isn't it winning? These are important questions about future of the Open Web, open source software, web standards and more. It is important to think about how we got to a point of walled garden dominance, before we can figure out how an open web can win.

The biggest reason the Walled Gardens are winning is because they have a superior user experience, fueled by data and technical capabilities not easily available to their competitors (including the Open Web).

Unlike the Open Web, Walled Gardens collect data from users, often in exchange for free use of a service. For example, having access to our emails or calendars is incredibly important because it's where we plan and manage our lives. Controlling our smartphones (or any other connected devices such as cars or thermostats) provides not only location data, but also a view into our day-to-day lives. Here is a quick analysis of the types of data top walled gardens collect and what they are racing towards:

Walled gardens data

On top of our personal information, these companies own large data sets ranging from traffic information to stock market information to social network data. They also possess the cloud infrastructure and computing power that enables them to plow through massive amounts of data and bring context to the web. It's not surprising that the combination of content plus data plus computing power enables these companies to build better user experiences. They leverage their data and technology to turn “dumb experiences” into smart experiences. Most users prefer smart contextual experiences because they simplify or automate mundane tasks.

Walled gardens technology

Can the Open Web win?

I still believe in the promise of highly personalized, contextualized information delivered directly to individuals, because people ultimately want better, more convenient experiences. Walled Gardens have a big advantage in delivering such experiences, however I think the Open Web can build similar experiences. For the Open Web to win, we first must build websites and applications that exceed the user experience of Facebook, Apple, Google, etc. Second, we need to take back control of our data.

Take back control over the experience

The obvious way to build contextual experiences is by combining different systems that provide open APIs; e.g. we can integrate Drupal with a proprietary CRM and commerce platform to build smart shopping experiences. This is a positive because organizations can take control over the brand experience, the user experience and the information flow. At the same time users don't have to trust a single organization with all of our data.

Open web current state
The current state of the web: one end-user application made up of different platform that each have their own user experience and presentation layer and stores its own user data.

To deliver the best user experience, you want “loosely-coupled architectures with a highly integrated user experience”. Loosely-coupled architectures so you can build better user experiences by combining your systems of choice (e.g. integrate your favorite CMS with your favorite CRM with your favorite commerce platform). Highly-integrated user experiences so can build seamless experiences, not just for end-users but also for content creators and site builders. Today's Open Web is fragmented. Integrating two platforms often remains difficult and the user experience is "mostly disjointed" instead of "highly integrated". As our respective industries mature, we must focus our attention to integrating the user experience as well as the data that drives that user experience. The following "marketecture" illustrates that shift:

Shared integration and user experience layer
Instead of each platform having its own user experience, we have a shared integration and presentation layer. The central integration layer serves to unify data coming from distinctly different systems. Compatible with the "Big Reverse of the Web" theory, the presentation layers is not limited to a traditional web browser but could include push technology like a notification.

For the time being, we have to integrate with the big Walled Gardens. They need access to great content for their users. In return, they will send users to our sites. Content management platforms like Drupal have a big role to play, by pushing content to these platforms. This strategy may sound counterintuitive to many, since it fuels the growth of Walled Gardens. But we can't afford to ignore ecosystems where the majority of users are spending their time.

Control personal data

At the same time, we have to worry about how to leverage people's data while protecting their privacy. Today, each of these systems or components contain user data. The commerce system might have data about past purchasing behavior, the content management system about who is reading what. Combining all the information we have about a user, across all the different touch-points and siloed data sources will be a big challenge. Organizations typically don't want to share user data with each other, nor do users want their data to be shared without their consent.

The best solution would be to create a "personal information broker" controlled by the user. By moving the data away from the applications to the user, the user can control what application gets access to what data, and how and when their data is shared. Applications have to ask the user permission to access their data, and the user explicitly grants access to none, some or all of the data that is requested. An application only gets access to the data that we want to share. Permissions only need to be granted once but can be revoked or set to expire automatically. The application can also ask for additional permissions at any time; each time the person is asked first, and has the ability to opt out. When users can manage their own data and the relationships they have with different applications, and by extension with the applications' organizations, they take control over their own privacy. The government has a big role to play here; privacy law could help accelerate the adoption of "personal information brokers".

Open web personal information broker
Instead of each platform having its own user data, we move the data away from the applications to the users, managed by a "personal information broker" under the user's control.
Open web shared broker
The user's personal information broker manages data access to different applications.


People don't seem so concerned about their data being hosted with these Walled Gardens since they've willingly given it to date. For the time being, "free" and "convenient" will be hard to beat. However, my prediction is that these data privacy issues are going to come to a head in the next five to ten years, and lack of transparency will become unacceptable to people. The Open Web should focus on offering user experiences that exceed those provided by Walled Gardens, while giving users more control over their user data and privacy. When the Open Web wins through improved transparency, the closed platforms follow suit, at which point they'll no longer be closed platforms. The best case scenario is that we have it all: a better data-driven web experience that exists in service to people, not in the shadows.


dragonbite (not verified):

I see your chart does not include Microsoft which also collects a lot of data on users and their habits. They don't have a "walled garden" unless you count their Windows operating system and its connectivity with their MS Account (which provides email, calendar, etc.). This includes, or will include, what apps you install on your desktop through their store.

Not long ago they had a tight relationship with Facebook so you could chat with Facebook friends in In a way it gave them more information on the user and/or granted Facebook more information on the user. I do not know if that relationship is still present.

June 23, 2015
Kristof Van Tomme (not verified):

Even if I abhor a closed outcome, I think it is not at all sure that there will be a clear turn towards the open web.

In the last decennia we've seen several open vs closed battles, sometimes open has won, but not always. Even today Microsoft's monopoly on the desktop is still going strong, there are some cracks, but the only real reason that it is becoming irrelevant is the demise of desktop computing as a whole.

Most of the people in our industry that know, and should be more cautious are just like any other consumer happily selling out their personal data in exchange for less hassle (I am one of them).

Network effects are really important for user data, the current closed players have evolved into their monopoly positions, and are being cemented as standards that we default to. It is really hard to go against this as a startup.

Initiatives like TheGoodData COOP that aim to become a personal user data broker exist (disclosure: I am a cooperant). But I think they will up for a serious uphill battle to try to establish a mainstream service.

June 23, 2015

I agree with you on the network effect. Here is a question: how can we build an interoperability layer between independent sites (like my blog and your blog) so we can connect related discussion, connect the people interested in those discussions, and get scale benefits?

I wasn't familiar with TheGoodData COOP but I'll check it out. Also of interest seems to be Project VRM.

June 24, 2015
Kristof Van Tomme (not verified):

I think there will be at least 2 parts to this puzzle:

  • First and foremost we will need a new business model, unless somebody is able to reclaim a lot of money they are missing out on, nothing is going to beat a model that relies on the power of free.
  • I also think that there needs to be an empowerment angle, where people reclaim ownership of their data, because they learn it's valuable and under threat.

Buying a "free" product in exchange for your personal information is a bit like buying on credit without knowing how much you are paying for a product.

I think there is a strong parallel with the banking world, where COOPs have been very successful in the past, Raiffeisen was a pioneer for the COOP movement. I think that the core principles of self-help and especially of self-governance and self-responsibility are relevant to this problem.

A few weeks ago I attended the AG of NewB a new Belgian COOP bank, that aims to become a sustainable bank for the Belgian market. They launched a new product: "Good Pay". First I was a bit sceptical, but after hearing all it's features it made a whole lot of sense. One of their key features is that you can make credit card payments without sharing your personal data.

NewB combines idealism - that is able to rouse an army of hard core evangelists - with the kind of no-nonsense personal interests - that is needed to convince the masses. To succeed we would need both also for this effort.

That is why I think a COOP with the right business model might be the answer. A bit like a bank but instead of money you deposit personal data and attention. Individuals or businesses can then take a loan to start building their (social) capital.

June 24, 2015
Tiago Santos (not verified):

Great post Dries, it really got me thinking. I guess one way to create a "personal information broker" would be through the establishment of some kind personal distributed computing (via smartphones e.g.) that could provide better data control for users, and create a new plethora of services and business models that could evolve around this concept.

About your question, I think that The Coral Project led by the Knight-Mozilla OpenNews, The New York Times, and The Washington Post is working in something similar with what you described.

July 3, 2015
Mike Gough (not verified):

I like the “personal information broker” idea, my concern echoes the point in your conclusion; people in general aren't that bothered or don't want to invest the time to configure something like that at the moment. While people say they are concerned about their privacy, despite numerous scandals they don’t stop using these services.

It would take a big shift in general awareness and opinion to get people to accept that this is a matter of principle and for a period they may have to accept a reduced user experience to regain control over their data. Obviously the best case scenario is where we have beautiful experiences with data control, but we’re not there yet.

There are alternatives out there like the Ello social network and the DuckDuckGo search engine but their usage, while it is growing, is small in comparison. But the more we talk about these issues and create viable, attractive alternative solutions the better, maybe we can get to that Network Effect where there is enough value for a step change.

The change definitely starts here, with the communities of people who are concerned about the status quo and envisage a better state, we have to build the community and increase the debate. The question you asked about how we can build an interoperability layer to better connect the community is a good one. I don’t think there are easy answers to that outside of creating a new social platform or leveraging something like Ello.

From my perspective it starts by us talking about these issues every day and promoting discussions where we find them, ironically leveraging the walled gardens to do so!

June 24, 2015
Ryan (not verified):

Unfortunately, Facebook and others operate as free personal information brokers already via APIs like Facebook Connect - you authorize applications to access specific parts of your profile, and if the application ever changes that contract, it is forced to ask for a reauthorization.

Their price point is going to be hard to beat, as you already pointed out. : )

So, if we want to rule out the data mining revenue stream, what remains? Perhaps there's enough value to be gained in aggregate statistics that you could contract with your users to make money from the service's data en masse but not the individual users' data. I'm skeptical consumers will choose to start to pay for such a service.

Anyone who expects to succeed in this space will have to innovate a new business model. GoodData seems to share a thought I've had before that I'd be willing to trade specific pieces of personal information in return for a blatantly commercial service. (e.g. do you mind sharing your birth date with this website if it results in a x% discount or a monthly special offer?)

But that whole idea still feels too complicated to gain traction. We've already proven that humans aren't good at assigning value to their private information; I could see people using it and just defaulting to sharing everything all over again to fetch a hypothetical deal or better experience. : P

June 24, 2015
David Urban (not verified):

Dries, I am happy that you open such topics, thank you. However I find your view of the walled garden concept too one-sided. The user needs to look into the business model and be aware of it when subscribing. Google as advertising giant offers a simple deal – your personal data for Google services, however this model is not the same with Apple or Microsoft. Their motivation to gather and use the information is not based on selling it via serving targeted ads, but by improving their users' experience. In other words the make money on selling software/hardware while others (like Google) make money on selling the personal info.

To sum it up, I feel more secure providing my personal information to a company/organisation that has no reason to share it with 3rd party. And I pay for it by buying their products. Because the only other way I see would be to pay for the proposed "personal information brokers" service. Otherwise it can not be trusted not to misuse the information.

June 25, 2015
Alex De Winne (not verified):

Walled gardens are winning because they create optimized experiences and conveniences with the data they've collected. This data is however localized to the walled garden. Their weakness is their inability and unwillingness to share data with each other. This is where I think the open web can have an advantage by giving people the option of maintaining their own local local repository of personal preferential information that is shareable, but under the control of the individual. This is where I believe the opportunity lies.

Another interesting concept is the decoupling of authentication / identification and personalization. Currently, they're tightly coupled, but they don't need to be to get a personalized experience. Only preferences need to be communicated. Walled gardens require authentication / identification. With a localized model, it's not strictly required to bring a personalized experience. It's one less step to getting an personalized experience if you don't need to create and account, login, remember your password .... etc

The key I believe is making things easy for people to adopt and providing experience value. It needs to be more than free. It needs to be value for free. The most direct way I see this happening is on the browser. A plugin is one way to approach it, however, having this baked into a browser like Firefox, that's a win-win.

Mozilla I believe would be very interested in these concepts.

June 25, 2015
Kristof Van Tomme (not verified):

These are great points, starting from the browser could be the key.

This way a user could choose to either authenticate on a case by case basis as we do now, or to have a session in a specific persona that doesn't require any login actions with a minimum amount of personal information that can be extended when required. So that you never need to login, you are logged in by default.

There is a big need for this, witness all the single sign-on implementations organisations ask us for on web projects...

June 25, 2015
Ryan Wyse (not verified):

I can see personas in the browser as a great tangible benefit to users. Much like Netflix affords multiple users on a single account to keep suggestions more tightly tailored and appropriate. Maybe I have a 'work' persona and a 'weekend' persona that I allow access to depending on what personalization and suggestions I'm wanting to receive. It's still work for the average user, but the payoff of better suggestions may be worth it.

June 28, 2015
Kristof Van Tomme (not verified):

The old authenticate per session model was based on a world where computers were shared. Now that computing is more ubiquitous and more personal it would be a good idea to revise this assumption. A lot of applications on the phone already assume that the devise is personal, extending this to web applications on mobile devises and on the desktop is a great angle.

June 25, 2015


Add new comment

Updates from Dries straight to your mailbox