When people propose blockchain solutions, I always think: How would it work with just a regular database? How would a blockchain make it better? What coalition of people will run the blockchain, and why would they be more trustworthy than whoever would run the database?
There are good answers to these for some applications, but I don't see what they are here.
I would like to add:
Do they understand that it's impossible to delete anything that got commited to the block chain once a block is accepted? I mean at least if they think about a blockchain in the sense of the Bitcoin blockchain. Implementing a deletion of prior blocks is an interesting problem.
You can absolutely delete. You just append data that represents a delete, and the client doesn't show that item or shows it as deleted.
Yes, it doesn't remove that data from the chain and a client could easily end up undoing deletes, but if you think that server based deletes actually remove the data, you might be in for an unpleasant surprise depending on the servers in question.
In the case of social media, this isnt enough. Certainly someone will create a client that shows you everything that’s been deleted. Can you imagine if you had used social media since you were a pre-teen and every bit of it was public record? I’m sure no one would use that service.
But that's how it works. You should assume everything you've ever posted to another server could someday become public record. Especially with social media since it's being posted specifically to be viewed by others who may copy and redistribute that data at any time.
People redistribute snaps all the time even though they're supposed to "go away", yet people still use it.
However, a blockchain is still actually useful for a P2P Facebook. A blockchain that uses a consensus algorithm (PoW, PoS, etc.) is not scalable enough, though. But that is okay, as we do not need to solve the Double Spending problem for tweets/photos (see the previous link as to why).
So what does a "blockchain" mean then? A blockchain is a cryptographically signed linked list, often a DAG (Directed Acyclic Graph). But these graphs would more likely be social networking data, which is naturally a graph - and they would be signed with user's public/private key pair.
Solving for that is pretty easy, we already have it working:
And our goal is to build a social network that has distinctly different properties than Facebook, one that is based on psychological research and emotional intelligence:
Finally, the hardest factor is to remove the complexity of cryptography. There turns out to be a good security standard that lets user emulate username/password combos (see the middle link for more details), in summary:
You use PBKDF2 to extend a user's password with a salt, this creates a Proof of Work which is used as an AES symmetric cypher key to decrypt their private key. Fully P2P, but with a traditional UI that users understand, yet PBKDF2 makes it impractical for a cracker to guess (or even a dictionary attack) against the user's account.
Hi Mark. I really like GunDB but i see your comments on hacker news so often that i almost started to think that you are a bot. I mean it is great to market your database but GUNDB can't be answer to everything.
I would understand if you were pushing some alternative social network like Scuttlebutt/Patchwork but pushing database on every hacker news post with social media theme is strange.
Thanks for your comment, I appreciate it. Here is my reasoning process.
Ultimately, I have to choose one of two philosophies:
(A) Be ashamed of the free (MIT/ZLIB/Apache2 Open Source) code that I have spent tens of thousands of hours donating for others to use.
(B) Or strongly believe in why I've devoted so much of my life to, fixing these problems, and be proud to share and evangelize it with the world.
Obviously, I don't want to come off as a bot, but ever since the first day I started working on GUN I've gotten haters saying things. As a result, it forced me to grow a thick skin. Even if you try to do nice things, people try to hate you, be skeptical, or be suspicious (this is a natural human tendency).
So, do I be (A) fearful to not post or comment, simply because I know some will not like it or get tired of it? Honestly, the thought crosses my mind every time I basically do anything in life, but I've decided "No, that is an easy trap of depression and pessimism to get stuck in."
Instead, I've decided to be proactively do (B), that even if only 1 person gets value out of my post, and they discover "Aha! This is a free MIT/ZLIB/Apache2 system that does EXACTLY what I need!" then my belief is that the world is better off. Better off for them, better off for me, and hopefully better off for the users who use the app they create.
If I forced you to pay me $$$ to read my articles or $$$ to use my code, then there would be a strong argument that my behavior is unethical.
Or even if I tried to show you ads or mine your data, then that would be unethical.
The problem is, I'm building tools that fight that type of unethical behavior. But that immediately puts us at a disadvantage compared to those who do exploit/manipulate people/the-masses into doing things.
Now, what is the relevance of the week-long HackerNews-obsessed Facebook debacle?
Well, I hope my comments have pointed out clearly, that nobody would be in this situation if they used P2P/decentralized end-to-end encrypted systems. And that is exactly one of the reasons why I've built the tool, and donated it for anybody to use. However (perhaps this is my pessimism coming through), it seems like people get more glee complaining/griping about how evil Facebook is for hosting all their pet/child photos for free, while still playing the victim card, AND doing nothing to change their behavior or spend time/energy/work to build alternatives. (To clarify: We shouldn't pity Facebook, they profit a lot off of people, but building solutions is a better win for the world than complaining about it. Although I'm afraid comments like that will cue the haters.)
I do occasionally mention SSB, Mastodon, etc. but they also have their problems (Mastodon is federated, will lead to the same thing as with email, everybody will use gmail), SSB is way way way better.
Whew, finally a comment with some actual details on how this might all work and be useful.
How do I delete data in this scheme? Maybe by signing each data "node" with a separate key, which can then be shredded if I want? Where would those keys be stored?
> What coalition of people will run the blockchain, and why would they be more trustworthy than whomever would run the database?
No person or company is allowed to own more than 24.9% of a banking charter, and preferably not more than 10%. The reason is that having multiple entities each pursuing their own agenda makes it less likely that everyone will collude and run off with the money. It doesn't especially matter who those entities are, as long as they're not closely affiliated with one another.
Similarly, for whatever problems democracies have, they tend to function at least marginally better than corporate-owned countries like Rhodesia, Batavia, etc. And economically, there is a reason why currencies tend to be a better store of value over time than in-app credits or company scrip.
Personally I think creating government privacy legislation would be a much better use of time than trying to build a social network on blockchain, but I understand the thought process.
The one main advantage that I'm aware of is that a distributed, decentralized database for a social network would mean that there is no one private company that gatekeeps, owns, and sells the personal data within.
For all intents and purposes, Facebook's database is closed source. The community doesn't know exactly what this private company does with this data. We have to trust them with it. A blockchain database is trustless.
That's a complete bastardization of the concept of "trust" as applies to distributed systems.
You're not 'trusting' a single entity in that case because you're making literally all the information public for anyone to see, use, resell, etc.
That's like saying we shouldn't have to trust Equifax, let's just make everyone's name, address, SSN, and credit history public on the internet to begin with.
There are plenty of distributed file systems that securely store confidential data on untrusted nodes by having well-design encryption. Is there a reason for which it would be worse with blockchains?
It's not actually trustless, though. It's just less clear whom you're trusting.
With Bitcoin, the people you're trusting are miners, and they are highly incentivized to preserve the correct functioning of the system because they get paid in bitcoin and they want it to stay valuable.
With a federated social network blockchain, there'd have to be an incentive to preserve privacy greater than the incentive to do any other bad thing like manipulating elections.
You'd set up another centralized honey pot that these psychopaths actively look for.
> How would a blockchain make it better?
Besides censorship protection, the platform could reward users to make itself better. Lots of things become possible when you have control over the reward system and don't just extract the value to the top.
> What coalition of people will run the blockchain, and why would they be more trustworthy than whomever would run the database?
This is the decentralized aspect. Whoever starts the project isn't necessarily more trustworthy. They might build that trust over time(or not). Either way the project doesn't live and die by them if successful.
> Alternatively sites could be developed that give access to the network and do their own filtering.
...and add their own content, which is only viewable from that site and not elsewhere on the network. And the most popular one of those will eventually just displace the decentralized network.
There are good answers to these for some applications, but I don't see what they are here.