ActivityPub is "sufficiently decentralized" in my book. I don't consider decentralizing name registry a requirement — DNS is a sufficiently decentralized name registry we already have and know how to manage. I don't consider cryptographic keys a viable form of identity because they absolutely inevitably leak into the UX and hopelessly ruin all of it. To add to that, as someone who has worked in a real-world popular social media company, I can assure you that account recovery is not something "nice to have", but rather a hard requirement — and it's impossible, by design, in a public-key-crypto-based system.
Odd you should mention, this project is being built as sort of the cryptographic foundations of another protocol adjacent to the idea of worker solidarity.
> account recovery is not something "nice to have", but rather a hard requirement — and it's impossible, by design, in a public-key-crypto-based system.
Can you give some examples of acceptable account recovery systems?
Do they involve either giving up privacy (with government-issued IDs, for example), or delegating the problem to another system like email?
If email is an acceptable system to base account recovery on, then couldn't users just store their recovery private key in an email sent to themselves (or saved as a draft)?
> Do they involve either giving up privacy (with government-issued IDs, for example)
Sometimes, yes. But then presenting a government-issued ID is kinda inescapable — this is also a requirement for participation in crypto. You can't buy cryptocurrency without KYC. And you sure as hecc need some sort of tokens for these "fully decentralized" identity schemes because they inevitably are a cryptocurrency with extra functionality duct taped to the side.
> or delegating the problem to another system like email?
That's also an option.
> If email is an acceptable system to base account recovery on, then couldn't users just store their recovery private key in an email sent to themselves (or saved as a draft)?
And if their email account is broken into and the private key gets into someone else's hands, how exactly do they prevent potential impersonation without starting a whole new online life, ideally without their followers even noticing?
> these "fully decentralized" identity schemes ... inevitably are a cryptocurrency with extra functionality duct taped to the side.
I've not actually used BrightID[0], but my understanding is that you can use it without needing to buy any of their tokens. So it's more like a web-of-trust identity scheme with a cryptocurrency duct taped to the side. (Also I think that buying cryptocurrency without relying on a government-regulated business is probably more common than you're suggesting).
> if their email account is broken into and the private key gets into someone else's hands
This is the same problem that all existing social networks (and probably some government services in some countries) are already vulnerable to. I think a decentralised social network can offer meaningful improvements in user freedom and privacy without also solving every other online/computer security problem in the world.
> starting a whole new online life
In the case of BrightID, you can set up "social recovery"[1] which uses the social graph to allow you to regain access to your account.
There are a lot of issues with DNS - fights over limited names/squatting, per-country rules depending on TLD, unreliability of registrars (see the thread every 6mo "what registrar should I use" with horror stories about every single one), and the fact that once you've chosen a name it's hard to change. I'm not going to claim that cryptographic keys don't leak into UX because I don't know, but I'm not sure what experience you have to guarantee they do. The only system I know of that heavily relies on keys is cryptocurrencies, which aren't social networks and are only one example (and TBH seem to be doing alright in the UX department).
Account recovery essentially means you have a backup method to gain access if you lose your key or it's stolen. There are many ways to accomplish this, many of which work fine with public key crypto systems: 1. If you're just worried about losing it, backing up your primary key, 2. A backup master key/subkey system with revocation, 3. An opt-in service that manages network access for you (including your keys) and provides human recovery mechanisms. The latter is essentially what you get with non-crypto methods but allows decentralization.
> and it's impossible, by design, in a public-key-crypto-based system.
I think anyone believing otherwise should spend a few months as front-line tech support dealing with forgotten passwords and then (perhaps) reconsider.
> and it's impossible, by design, in a public-key-crypto-based system
You can walk back on the security preventing account recovery by giving your keys to a third party.
This is essentially the same as not having the security guarantees in the first place - and it's optional and you can choose who to give the keys to!
So how do you do it? Who would override the authentication mechanism and reset your key? How would that person authenticate? How would you keep your identity when your public key is your identity? How would you stop someone using your leaked private key to impersonate you?
a simple mechanism is using a smart contract to map your key (0x123) to an identity (@alice). the contract can allow you to transfer that identity to a different key (important for key rotation) and also to set up a recovery key that is also authorized to transfer the key if the primary key is lost.
So it's just pushing the problem a bit further away by hiding your real key. See, you have to be able to recover your account even if you've lost every single of your electronic devices. Every one of them. Including flash drives. No data. No backups. None. Zero bytes.
The fundamental problem with keys is that they are files. You can't exactly memorize one, not without torturing yourself. You have to store them somewhere extremely reliably but at the same time completely secretly.
The point here is that self-hosting is _possible_. Most users are almost certainly going to just let a third party host their keys. But if keys are identity primitive at the protocol level, then the protocol prevents full centralized platform capture, similar to email interop.
The key being the identity still has the problem of not being changeable, no matter how you spin it.
Self-hosting is possible with ActivityPub as well, but without sacrificing the user-friendliness. I can already see someone saying "what do you mean I have to start a new account after my private key leaked".
> See, you have to be able to recover your account even if you've lost every single of your electronic devices. Every one of them. Including flash drives. No data. No backups. None. Zero bytes.
Well 12-word mnemonics help here right? It's imperfect, but certainly is as good as most 2FA implementations use for account recovery.
There are alternative approaches people are trying too. For example Coinbase[1] is trying a MPC approach where you delegate two (or more?) people known to you and if they agree it can recover your account.
But this is done using secure multi-party computation so the unencrypted key is never stored - it is only decrypted by the person doing the recovery when all the other parties agree to provide their tokens.
here's an example that might help -- you can allow key A to own your identity and key B to move your identity to another key. But key B can only move the identity after a time delay if key A does not cancel it. So key B is not your "real key" -- as long as key A is around it is an inferiorly permissioned key. But if Key A is missing then key B becomes the real key.
the key insight is that smart contracts can be used to transmute keys from single points of ownership into a distributed set of permissions.
you can compose a whole set of recovery systems with this primitive - key B could be your ledger or it could be a friend or it could be a third party service that offers "recovery as a service" where you have to call them and prove your identity before they will recover it back to you.
> Ownership remains decentralized because the recovery address cannot make a transfer that the custody address does not approve.
This isn't true though?
If I go out camping for a week and the recovery address transfers my identity, I won't be asked to approve; it'll simply go through after waiting 3 days.
Sounds similar to what Jack Dorsey has in mind with "web5" (lol).
'''
Successful social networks are usually built around a new communication primitive. Facebook had the wall, Twitter had the 140-character tweet and Snapchat had the ephemeral message. The idea maze of things you can do with decentralized identities, blockchains and zk-proofs is large, weird and interesting enough that there are probably many primitives waiting to be discovered. Decentralized social networks should explore this as a way to attract users. Offering a product experience that doesn’t yet exist is far more compelling than a clone of an existing network.
'''
This is the quote.
For the decentralized social network, it needs to be 10x better than existing social networks. I have a few ideas, currently playing around in this space.
I think a decentralized social network can at minimum bring 10x the value to users/creators that existing social networks do.
As a quick example, look up how much Tiktok/youtube make per view. Tiktok is something like 2 cents per thousand views. Per thousand views.
I also think a decentralized social network can be much more profitable than a centralized network.
Maybe what will evolve the space is automatic translation from any possible format to any other format using AI.
You don't need to manage a server or store anything in any particular way in any particular place.
Instead, you expose whatever you want in any way you want, whether that's uploading a video to some big tech host, or exposing a bunch of XML over FTP, or a RESTful endpoint that serves binary encoding pictures of cats.
My user agent scoops up everything and presents it to me in a way that I like.
There would need to be some creative ideas involved for, say, "replying" (hashes? webmentions?)
In other words, maybe innovation on the demand side is where the fun is.
'''My user agent scoops up everything and presents it to me in a way that I like.'''
I think this is close to what the future looks like.
For example, it rattles me that no matter what app I am watching 'videos' on I have different options. Some I can watch 2x speed. Some I can tap the sides to go quicker through. Some if I tap it mutes. Some if I tap it stops the video.
All of this for the same type of content.
Insanity.
Not to mention even within certain apps like Instagram is just brutal. For the same content type - videos - they have like 3 (?) different ways to view it.
I wish the trend wasn't for social network companies to rewrite web apps from scratch in javascript when they could simply in this case just hand me the video and my preferred local application would play it.
I get that they can display suggestions for what you should watch next and keep data on how much you watch or how often you pause it or whatever. But if we're going to create a decentralized social network, then maybe we could junk all the metrics that a centralized social network keeps on their users. Let it evolve organically, rather than in a way that best suits one particular small group of people, and give people back their privacy as well as their autonomy.
> Maybe what will evolve the space is automatic translation from any possible format to any other format using AI.
Easier said than done. Facebook, Google, Twitter and Co. like to gatekeep their data and don't allow third party clients access. So you don't just need an AI smart enough to capture the data and reshape it, but also one smart enough to pass whatever CAPTCHA they throw at you, which will likely get progressively more difficult the more popular your tool gets. And of course they'll lock your account when you try, so this is at best a read-only participation in the social network.
The problem has shifted over the last decade, it's no longer about fixing a broken Web, but about a large part of the content no longer even being a part of the Web. Everything is either moving to Apps or getting gated behind login screens and ToS.
CAPTCHA is a big problem but not impossible to overcome. It's an arms race.
That said, CAPTCHA can be defeated by changing the landscape of incentives in favor of giving the consumers what they want.
The consumers will use these user agents when they get so good that they're better than the alternative and/or it's easy enough to "dual boot".
Once one of the above happens, then there is a greater incentive for everyone to make their content available e.g. by uploading to public Google Drive folders.
What I'm trying to get at is that the dream of decentralization can happen perhaps sooner if we focus on building the client side of it as a layer over the existing structure, instead of trying to supplant the current server side structure.
In my opinion decentralization is a non-feature. I.e., I don't believe in people waking up in the morning and thinking "gee, that app would be 10x better if decentralized". What people care about is (1) getting better connections with friends and colleagues. Here lunchclub is doing an amazing job. (2) getting better news then have a look at finclout.io.
If you are a regular posted for whatever motivation, I don't think that the current state of social media works well.
Decentralized Social as an implementation of a Decentralized Social Network is really terrible because it doesn't add anything to the user experience besides a pay-layer which in reality brings out the worst in people "Please buy my coin'
If the words "decentralized" are anywhere in your marketing of a decentralized social network, you have already lost ;p
I didn't intend to mean that by making a social network decentralized it would be 10x better. What I mean is, that by making a decentralized social network it opens up possibilities that are just not possible in a centralized network (or at least very hard).
And those possibilities are real tangible benefits to users/creators that don't directly have anything to do with 'decentralization'.
As I wrote in my original post, I like site like Lunchclub.
Because it is a "single-player" experience where I don't need constantly be hyper-engaged, but can go in and say 'today I want to do x".
Which feels more natural to me.
Let's say I enter a lunchroom at work. There is Cathie from Accounting, Mark from Sales, and Marlene from IT. I can chose with whom I will eat lunch based on what I want to talk about that day. In opposite of yelling into the room / writing on the wall "Hey everyone, I want to talk about my a-ma-ze-ba-ll-s performance the other day" and then wait who replies / likes first to choose lunch.
Tim Berners-Lee has been working on it for a long time, I met him and his team back in 2014 when it was called SOLID. He was just very into making everything work with SPARQL.
His lead developer Dmitri Zagidulin agreed to work with us for a while but ultimately went on to help create the DID standard at the W3C. And Daniel Buchner at Microsoft pushed for years to make ION (sidetree protocol) which Jack Dorsey’s Web5 is based on.
If you want to see truly decentralized and working social networking, here are some examples:
Taking a look now, will drop some questions if they come up!
I am following TBL's SOLID work as well!
Edit: I thought I had reached the bottom of all the decentralized tech out there after a few months of research. qbix hadn't come up, looks really neat!
I think the #1 problem that needs to be addressed is how to completely remove content from a blockchain social network. Otherwise it's going to be a permanent record of every mistake someone makes online.
In Farcaster, deletes are possible. They use a hash chain (new messages refer to previous message's content hash). If a user deletes a cast, they delete the content of the message and the hash is no longer correct. This makes deletion both possible and detectable, since users can self-host their messages. Note that in Farcaster only username mappings are on-chain, the rest of the messaging protocol is off-chain.
it doesnt need to be 10x linear extrapolation, it just has to have 1 extra dimension. The decentralized dimension will never work however, because it is always illegal. Otherwise, gnutella, bittorrent, bitcoin, ipfs all could have become a decentralized "social network", aka "the n-th iteration of gopher/boards/forums"
> can be much more profitable than a centralized network.
The money comes from advertisers, not from users or views. Advertisers perennially spend the same amount (~1% of GDP, barring periods of war) to advertising companies. The pie is not expandable and is eaten by google and FB.
We are building standards for open distributed social media systems, with identity and security built in, and absolutely no centralized management. Everyone can run their own communities, while still having managed identity, and without a single click sending content to everyone in the world.
Re: Novel Social Primitives - I've been reading up on econ because of crypto, and came across E Ostrom's writing about Polycentricity, which seems extremely valuable to the Centralized vs. Decentralized conversation (hint: it's never 0.0 or 1.0 on that scale).
Before DevOps was fully a thing, a coworker and I sketched out a (too-complicated) service-discovery/bootstrapping program using DNS + PGP, and what we thought was a super-clever signing scheme for trusting automatically-spawned processes from our central platform tool. (Turns out, there are better ways)
The ability to build trust a la PGP Key Signing Parties, but at scale - and use them in a polycentric way could change a lot of things for the better.
For example, instead of ever giving out my IlluminatiFreedomCoin address that's tied to my SSN, I could produce a Venn diagram of users who have signed my keys for FB, Twitter, HN, etc. to suggest that I am who I say I am. Not foolproof, but probably sufficient to add a user account or keep a Craigslist deal moving forward, until I can authenticate IRL.
There needs to be an incentive for users to host other people's data. Centralized servers and advertising is the current model. Blockchains with tokenized value is another model.
I don't think you need to incentivise people to host each other's data. People will host their own data, and they may host others' data for free like in BitTorrent.
I am skeptical of the need for filecoin-like systems in the first place. If all you have is a hammer, then every problem looks like a nail.
The hammer here is both. Cryptocurrrency is solving an incentive problem here that doesn't really exist. If anything, File hosters should not be the ones that pay for the hosting, it should be whoever is retriving the file, and those funds should go towards relay nodes and hosting nodes. filecoin's incentive structure essentially replicates that of the existing internet, where file hosters will have to find some other form of income like advertisements or tracking to cover their costs.
Here is a comment I made yesterday on the matter:
>Instead of "liking" or "upvoting" a post on a centralized forum, why not "rehost" or "forward" a post on a decentralized forum: essentially seeding it like in BitTorrent or "pinning" it in IPFS. "Followers" of a user donate their storage and bandwidth to them, combating bureaucratic attacks like delisting and DDoS against popular users.
Yes they do. See: bittorrent and webtorrent-based streaming services.
My friend uses private trackers and his download speeds are unbelievable. But even on public trackers the download speeds are quite good. It does not take that many seeders to serve even a giant video file like an HD film, because even if upload speeds are a fraction of download speeds, the total upload bandwidth will be multiplied by the number of seeders. In fact, even an adequately-seeded torrent is orders of magnitudes faster to download than a youtube video or HTTP file for example.
People like to keep backups of their favorite creator's works. On youtube, when a popular youtube video is taken down, it will usually be reuploaded by fans. From this, we can probably surmise that maybe 1/100000 viewers will archive a given video. That's basically enough to keep a video alive forever on bittorrent, even throughout times of peak viewership as downloaders will also seed the chunks that they have.
> Yes they do. See: bittorrent and webtorrent-based streaming services.
No, people do not have crazy upload bandwidth. A private BitTorrent tracker group is immaterial. They're maintaining ad hoc infrastructure just by leaving a machine on 24/7 and maintaining favorable U/D ratios. Many groups also maintain seed boxes.
This doesn't apply to the population at large. Most people are on phones or laptops on WiFi. They're not running 24/7 and in the case of phones a background service isn't even viable. Many people are on CGNAT and can't "serve" data without some intermediary infrastructure.
As for retention, that's a pipe dream. A torrent more than a few years old may as well not exist unless it is extremely popular and maintains its popularity. There's innumerable dead torrents with no seeders.
>This doesn't apply to the population at large. Most people are on phones or laptops on WiFi. They're not running 24/7 and in the case of phones a background service isn't even viable.
They don't need to serve 24/7, they just need to be available 24/7. Do people not have their phones on and connected to the internet 24/7 in case they receive a message? For social media, most people just share text posts, pictures or a few small videos. BitTorrent is a worst-case scenario where it would be only used for large files like movies.
>Many people are on CGNAT and can't "serve" data without some intermediary infrastructure.
There are ways to get around CGNAT without STUN/TURN.
>As for retention, that's a pipe dream. A torrent more than a few years old may as well not exist unless it is extremely popular and maintains its popularity. There's innumerable dead torrents with no seeders.
This is desirable behavior in social media. Popular content will have longer retention, unpopular content will have shorter retention. Web forums like this one emulate a "fake" version of this with the weighted voting/time system that favors upvoted posts and disfavors old posts.
> Do people not have their phones on and connected to the internet 24/7 in case they receive a message?
A device able to receive a notification is not the same as listening on a socket 24/7. Push notifications on mobile go through the platform's push notification system lest they kill the device's battery. A push notification doesn't wake up a device and power up all the radios to stream masses of data.
Apps on mobile devices can be killed at any time, they're extremely unreliable as servers of content. Laptops are little better as servers of content.
I don't understand why you'd want social media content to only favor popular and recent content. Why would you want a built-in memory hole in the system?
> I don't think you need to incentivise people to host each other's data.
Bitcoin is worth a trillion dollar. Meanwhile 20+ years of effort into creating P2P networks has resulted in pretty much nothing. No Linux distributions are hosted on P2P. No source control is on P2P. No messaging. Nothing of significance. Just a few tech demos here and there.
Proper incentives can make all the difference and given the utter failure of getting any non-incentivised P2P off the ground in the last two decades, I think it's safe to say, it will be necessary. I don't see much point in repeating what hasn't worked in the past.
> and they may host others' data for free like in BitTorrent
BitTorrent isn't free. All the fancy piracy sites have share ratios. The public stuff more often than not has 0 seeders, lots of leechers and is just a lot of dead torrents in general. You are better off just using a centralized share hoster. Even your average Linux distribution agrees. BitTorrent might still be offered for ISO downloads, but it's hardly ever the default anymore, it's all back to plain old HTTPS.
Bitcoin is """"worth"""" a trillion dollars. It's not a free money machine, It's is a shitty payment system, not a P2P network unless you are sharing your blog over OP_RETURN.
>Meanwhile 20+ years of effort into creating P2P networks has resulted in pretty much nothing
IDK bittorrrent and IPFS just work without inventing a free money machine.
You can download linux install disks over BitTorrent.
>No source control is on P2P
With a system like Git there is no need for such a centralized system. Each user has their own copy of the tree.
>BitTorrent isn't free
Bullshit. It is free. Go on TPB, it's still up. I use it every day and it is leagues faster than any alternative.
If someone sells 100 billion USD of bitcoins, the rest won't be worth 900 billion USD any more. A market price does not work that way. The rest would probably be worth another 100 billion or nothing at all. The price would drop even while selling off the first 10%, so even getting 10% of the nominal value out could be impossible when owning every last one at the start.
Or to put it another way: No one, at any point, put that much money into the system.
Also, it costs our environment a lot. Soon I would join the ranks of luddites, if science and anything digital was not that much more interesting to me than plainly surviving.
Server offering person Alice: If I want to use the service, I want to use the service, not get cryptocoin shares. And I usually want stuff on the internet for free.
Server or service using person Bob:
If I want to make money by hosting, I need someone to pay for my hosting-mined coins.
I don't understand as to who in this overview is willing to pay for a place on the blockchain with fiat currency? Someone needs to pay Alice for the efforts she has put into hosting, but who transfers something worth real money to here?
Even the author stated that he wants to use a blockchain for user identification, not monetary incentive. But perhaps he means identification is what is granted to you, no money involved.
But that can't be it either: So you can host a server, to gain the right to use the server? No, that is the status quo.
Lets take a look what happens if you do not run your own server:
So you host a more or less public server for others as the scenario proposed here. A client connects, and sends that that shall be stored in a blockchain (i.e. append only, publicly distributed database) to upload [1] and later confirm their identity. When not running the server, who says that the server is not malicious and uses a different identity for the federated network than it displays to the client that connected to it?
[1] Something like the the Web of Trust exists between existing servers, or the server will have to spend a resource like having coins or a history of already signed up users to gain the right to add user identities to the blockchain?
The Proof of Stake/Work paragraph above probably now again applies for true "trustless" systems, that require full client (i.e. technically server node) equals user identity.
The incentive for me is that the information becomes off-line first. I've been on Scuttlebutt for 5 years now, and all of my discussions are available to me to go back to and expand upon whenever I want, no matter if I'm connected to the internet or not.
Necro-posting (bringing up old discussions) becomes a viable option, as does scouring through old information.
What is more interesting to me, is utilizing this functionality for something beyond a social network, something more productive like an ERP system, yet allowing the social aspect of collaboration improve such a platform.
> Some believe that decentralization requires the entire social network to be on a blockchain. This is unnecessary and even undesirable. Social networks generate petabytes of data every year, which can be very expensive to store on-chain. Blockchains also make it difficult to delete data forever, which is a desirable feature for users. A network design that leverages on-chain systems to decentralize ownership while using off-chain systems for a better user experience is a better path to building social networks.
The article does indicate a blockchain is undesirable
For another decentralized social network (that runs entirely without a blockchain) check out Scuttlebutt (not affiliated)
"The key" to whom? Most people wouldn't know nor care about a blockchain backed social network - most just want it to work and be without all the current baggage. This being "the key" is only to those forcing blockchain into things where it doesn't belong to justify it's existence.
It's not hard to understand the difference between something accruing wealth to the owner or not, being able to be taken down or not, or being able run your own node or not.
People might not care about the technical implementation details. But they do care about what the implication of those details would be.
what distributed database would let you own your identity without any third party party being able to take it away from you?
that's a necessary condition for sufficient decentralization, and the only distributed databases capable of achieving such guarantees are L1 blockchains.
> What distributed database would let you own your identity
Owning a private key file when signing transactions allows to prove your identity to other parties. That is, what a blockchain uses to map identities to accounts/wallets, too.
Having a consensus protocol does not provide identity proving, but the eponymous censensus is based on a share of either state or computational power.
And state is just a database. State that decides what goes into the database is a recursion, voila an example would be Proof of Stake.
Or as censensus protocols go, other names exist for the concept of proof of previously-done-arbitrary-things, which allowed you to mention a share with you cryptographic signature (i.e. hash derived from your private key) in the append-only database. Cases like a "plant a tree" eco-coins.
Also, to see the bigger picture on
> What distributed database would let you own your identity:
from a technically more complex angle: Tim Berners-Lee proposes a DRM system for users to own their content, instead of using this technology against user liberties. That would include owning your identity and enforcing your will on you intellectual property. I found these plans not feasible, yet, but at least people who know about cryptography still research the topics of user rights and P2P networking.
We live in Digital Feudalism, and like feudal serfs, we are used to choosing a feudal lord (Google Suite, Microsoft Office 360 etc.)
To move to a free market, there just has to be something like Wordpress for Web2. Forget Web3 and blockchains (which don’t scale) but we need at least federated software (Matrix, Mastodon) but with a lot more features that we have come to expect from Facebook, Telegram et al
we've also built the first clients for this protocol, which are still in beta. if you have an ENS name and are interested in trying them out, DM me on twitter https://twitter.com/varunsrin
There are so many different problems that come from decentralisation and I really don't think people are all that willing to put up with them. Specially not the kind of people that use social media.
It seems to me sometimes that a lot of these posts come from people that don't really interact with the average social media user very much. People are willingly giving all their data to Facebook, Tiktok, etc. They do that because in reality... they don't care all that much!
How do you expect these kind of people to care about decentralisation? I think the closest we are to a good middle point is stuff like mastodon, but federation is not perfect. Will it not be reasonable for people in the future (if mastodon becomes really popular) to simply default to the biggest server out there?
I think the best we can do is come up with standards for data-transfer between sites as well as basic communication tools... pretty much what activitypub has tried to do. This would go a long way to ensure people are actually capable of moving, not being locked in is I think the key to ensuring decentralisation.
In a few words: people don't care as much as we'd like them to and that's not really a technical problem. Because of this, it is not possible to solve this problem by adding any extra inch of complexity that doesn't come with substantial benefits to users. And I don't think adding blockchain-based market mechanics to it is really going to solve the problem as blockchains add a huge amount of overhead to the problem.
author here - you're right that the average user doesn't care about decentralization as a first order benefit. people typically use social networks to be entertained / informed or to increase their status. we've been building a new, decentralized social network and we've learned this first hand.
but if you've figured out a new social network, building it in a decentralized manner today might give you very strong second order benefits. and its now possible to do this in a way that doesn't compromise the user experience.
I also was reading your post with the mindset "how to regulate social networks". I strongly believe that all big organizations need regulation. It is not easy to regulate social networks, but heck maybe it wasn't easy to regulate telephony or energy.
Obviously not a dumb question at all. My favorite "social network" currently is the Gemini and Gopher blogging community. No bad incentives, people are posting things that genuinely interest them, and it's easy to follow anyone who's posting stuff that interests me. It's also usually easy to directly communicate with people about things they've written, via email.
The bad side is the barrier to entry (a hobbyist-level knowledge of internet protocols, and the ability to either self-host or seek out a managed server). It would be nice for people to be able to just install a program and be able to both write and read things. This is something that will require some protocol and application design to keep decentralized, but there's no reason to believe that a blockchain is needed, or even helpful.
Thought I'd share this here (not feeling ready for a Show HN yet): we're working on something in this spirit, right now it's a Twitter-like app running on the Avalanche Fuji Testnet:
You need to be connected to the Avalanche Fuji Testnet in Metamask (there are some instructions on the site for how to set that up). Feel free to leave us some comments, feedback and suggestions here or on the app :)
Decentralized social networks of the past: UseNet and IRC.
No one owned all the servers for either of these. The problem came with moderation versus spammers and trolls.
The problem still exists with the centralized social networks, although theoretically it should be easier for them to deal with due to centralized identity management. It isn't.
You may or may not be a crypto currency shill, but if you're not you may want to consider that the term "smart contract" in the preview picture will make your article go straight into the trash for a lot of people.
if anything, mastodon and pleroma and pixelfed have shown, even if on a small level compared to the likes of facebook and twitter and instagram that decentralization does not need to be on crypto/blockchain.
>ActivityPub doesn’t provide a way to use a managed host without compromising decentralization.
what does this mean?
i don't get this. if i am hosted on mastodon.social and i want to talk to cawfee.club or a pleroma instance, don't i just message them and the services resolve themselves using activitypub?
what does managed hosts mean? you mean mastodon.social as an example?
Yeah, a managed host means what the fediverse would call a public instance.
The compromise of decentralization is that if you have an account on mastodon.social, they can censor you (for good or bad reasons), or the people you'd like to follow. You can move to another instance, but your identity has to change (though at least now you have a decent likelihood of being able to transfer your social graph along with you). And because discovery of instances is not perfectly frictionless, people tend to just sign up for the big instances (like mastodon.social).
All that said, any solution is also going to introduce new problems. And there's absolutely no reason to think that adding blockchains to the mix is going to do anything but harm.
so how is blockchain supposed to mitigate identity remaining the same?
i am assuming if i want to block a bad actor on the chain, i note that and later whenever someone queries their address, my note is shown so what is it solving?
>And because discovery of instances is not perfectly frictionless, people tend to just sign up for the big instances
the solution exists, sure it might not be frictionless as of now but its not like it is a fundamental problem?
yeah, blockchain is not the solution.
>The compromise of decentralization is that if you have an account on mastodon.social, they can censor you
admins of mastodon.social can but so can any other instance so how is that a bad thing? how do we equally fight spammers/bad actors and at the same time prevent good people who have been banned to say their words?
isnt good/bad inherently a subjective issue that is to be decided by a person? activitypub gives users and admins the power to decide so what is the problem there?
i am not questioning you specifically, just asking
Not only don't you need blockchains you can phrase it more strongly, it renders the entire thing impossible. A social network needs a messaging protocol, data ownership should be private and state local or else it doesn't even scale.
Pushing the entire history of a what is p2p, private communication through a global state machine is entirely antithetical to the use case. Imagine every time you talk to your neighbor you inform the entire country first, there's no point.
Not this one in particular, but the general idea of decentralizing social networks often seems to miss the necessary ingredient that drove people to social networks in the first place and overlooks what social networks originally were - social proof.
Start with the use case, not the tech. I joked that facebook was invented as a way to let people know you went to harvard without having to say you went to harvard. It started by solving the h-bomb problem whereby having a thefacebook account they created an online way to say you went to school "in Boston," which they then extended to "in Newhaven," "New Jersey" and then to any college affiliation at all (.edu domain requirement). That signalling was the use case. It expanded to include people without that status but wanted access to it, and the only way to "win" at facebook was either an Ivy school education or becoming a celebrity. Once it opened up to everyone else, it finally became the cruel spectacle it is today, and the source of our cultural discord.
A decentralized social network isn't a protocol problem. The hardest thing to face is that nobody wants to join decentralized social networks because they confer no signalling benefits or meaningful status to users the way central ones did. It wasn't an artifact of the technology that made the handful of social networks successful, it was their use case.
Clubhouse almost replicated it, but like any elite organization, 80% of the game became not-being the person who recommends someone off brand or un-cool, and so it became contrived and over gatekept, and its growth atrophied from the anxiety.
Git is probably the closest thing to a decentralized social network that confers tenuously analogous status to what FB originally did, where instead of your school tribe and pictures of your butt, it's a competence graph with localized hierarchies.
It's like we can solve every problem except how to become attractive to users, probably because we're indexed not on being attractive, but on emmulating what we percieve as smart and powerful and solving a problem, which is the very thing repelling users from decentralized social networks: The products are self-defined as inferior to the problems they oppose, and not as sharing access to a desirable resource - like powerful tribes and butt pictures. Nobody wants to become like decentralized social users.
Twitter's blue checks are similar, where you can affilliate with people close to the source of official power narrative by "following" them. If they follow you back, it's an endorsement of your identity and status. If I join a decentralized social network, what do I get? A bunch of anonymous fugitives pushing newsletters explaining why it's someone else's fault they're unhappy.
This is a message of mercy to decentralized social projects. Focus on the use cases and build things for specific people you sincerely like and who sincerely like you back, and not anti-solutions to anti-problems for aspirational audiences using obfuscated proxies to simple experiences.
You have a very clear message and it's beautifully written, thanks!
> A decentralized social network isn't a protocol problem.
When the author talked about "the ability to claim a unique username" I was waiting in joy for him to start talking about domain names. But he didn't...
Then the author talked about "scaling networks" and I was hoping he would mention the internet... and he sort of did.
> where you can mint your profile as an NFT, therefore own it
I mean, I don't really care about "ownership" of my social graph. What I would care about is interoperability of it. If I can move my graph and associated links from service to service that would be great. But that's basically just a defined format for an "address book" with a unique identifier for each person on it. I'm not sure what value blockchain is adding there.
Well, ownership implies and enables interoperability. When your profile and content exists in your wallet, everytime you connect it to a given social app, you carry it with you. From a user perspective, its a single handle for every social app that integrates with it, and from the builder perspective, it's a batteries-included content and user registry.
In this paradigm, the blockchain becomes the single public source of truth/database for everyone's content. And what you mean by 'service' is just any frontend app that consumes and presents this content in a nuanced format for its target audience. So as a builder, you can focus on creating an engaging and valuable experience for your users, providing them interesting ways to engage with each other, monetize content, fund common goods, promote or filter content etc without worrying about scaling your infrastructure.
At the same time, you don't need to rely on the blockchain for anything besides user authorization - nobody stops you from just using Lens as just another sign in flow to your existing web2 social media app and keeping your business model intact, while simply increasing your userbase.
> In this paradigm, the blockchain becomes the single public source of truth/database for everyone's content.
Which blockchain? There's scores of public blockchains.
As for infrastructure, are you high? Blockchains are shared among miners, they're not going to carry massive amounts of data. If you try to decentralized storage like IPFS then you have to maintain infrastructure to have data actually available.
If you try monetizing every social media transaction you'll have no users. No one is going to pay money to post a picture of their breakfast or to change their profile picture.
I think Lens is using Polygon (storing interactions, social graph) and IPFS (storing media/content)
So in the context of Lens they're probably pointing to cat photos on IPFS in whatever program they have on Polygon. People seem to be maintaining content on IPFS (I'm no expert but I think via pinning services?)
> If you try monetizing every social media transaction you'll have no users. No one is going to pay money to post a picture of their breakfast or to change their profile picture.
I don't think these frontends are trying to monetize everything, as their users would come to the same conclusion you did. Polygon seems to be a lot cheaper than ETH (coinbase says it's like 50 cents vs $1000 for ETH), you can do a lot more on it for less.
I wonder if people will redeploy Lens on cheaper chains if the price goes up 100x or more?
> Well, ownership implies and enables interoperability.
Does it? Each service has to actually be designed to interoperate with it. And there's nothing about having a legal property right over the data that enables interoperability at all, you can do that with just making the data available for download. XML and JSON already solve that problem in a pretty straightforward way.
I think, ultimately, there's no easy way to do it.
How do you stop spammers and bad actors in general.
> the ability to claim a unique username
Which would require a centralisation, presumably. We have things like OpenID, but that hasn't really caught on.
What we want is internally inconsistent. We want both unique identifiers (this is the "real" "blippage" making this post), the possibility of multiple identities, and the possibility of anonymity.
We also want openness, but are likely to desire censorship for legitimate reasons, too.
Just how are we going to square the circle?
Li'l update: I see NFTs being mentioned, which sounds a bit band-wagony to me. In the Gemini protocol one creates TLS certificates. The Lagrange browser can generate a cert quite simply. So in at least some sense, isn't the identity issue "solved".
Another update: there's also the issue of discoverability. Centralised networks make discoverability easy. It's not insurmountable with decentralised ones (people are willing to host aggregators), but it is harder.
A social network where you pay to join with the ability of only one account per payment method might stop a lot of nonsense. Make the signup fee high (ex. $100 USD) and monthly fee low ($2) to steer people towards 1 account.
That idea won't get traction because people don't want to pay for a social network. But damn do people love "reality internet" - outrageous content, reaction videos and otherwise fabricated "content" I equate to Reality TV like "The Real Housewives of ..."
In my opinion, it should also be closed in the sense of no viral/global messaging. With zero need for advertising money, you don't need eyeball time or to be promoting controversial content above people posting pics of their dinner. Let people be social about stuff they are interested in and connect with people they know. That's the other bit - you can't randomly connect/view content by people not in X degrees of separation from you.
We could imagine a paid social network designed to not engage in this toxic attention-grabbing behavior. I guess such a network would get less attention... I mean, that's almost a condition of success, right? But then, has it "gotten traction?"
Perhaps social interaction could be thought of as sort of like food, and social media could be thought of as sort of like junk food -- maybe this paid social media site could be thought of as a less-damaging form of junk food. The metric for success could be something like <user satiation>/<wasted time>.
I generally disagree about the "pay to join" issue, but the thing you're right about is no viral/global messaging. That's the thing that really turns social networks into garbage. The problem being, though, that under late capitalism, that's what a large number of people really want out of them — to build a personal brand and social capital that can be converted into financial capital.
I understand the disagreement about pay to join. A social network needs to pay its bills somehow and there are 2 methods - users pay or advertisers pay. Or I suppose with sites like youtube its both (users buying stuff with affiliate links, etc.) Pay to join eliminates the need for viral/global messaging which is the draw to get advertisers. Influencers and the like is just bullshit and it promotes look-at-me behavior which is pretty anti-social. I’d argue those types of people are really noisy and fewer in number than casual social network users.
Maybe there is some middle ground where its free for users and advertisers can pay to advertise but there won’t be the viral content that advertisers want. One approach could be the local groups that naturally form - book clubs, mom’s groups, gamers, etc. could be tagged as such so an advertising model can happen.
In my opinion, users should pay for the upkeep of their social network; I just don't think that costs should be used as a tool to try to control behavior or filter out undesirable users (because I believe there will be many desirable users who will be unable to pay, and undesirable users who will be able). In general, I think the "Public Radio" or Patreon model works best for noncommercial social networks.
> Which would require a centralisation, presumably. We have things like OpenID, but that hasn't really caught on.
The article addresses this. We already have a decentralized, credibly neutral identity layer with unique names in production (and pretty wide use, at least in the web3 space): Ethereum Name Service.
The same goes for democracy and politics, how to prevent bad actors from gaming the system and acquire illegitimate power.
When moderating a 5000 person topic focused community I used a ruleset which was easy to understand. Along the way I tweaked the ruleset to defend against bad actors using the rules against me.
Yeah, I think a karma-based system is about the right way to go. One system I thought of was that the karma propagated outwards, as it were. So I award A with +1 karma because I like their content and trust them. If A awards B with +1 karma then the karma trickles up to me and I'm more likely to read B. Not sure how my system could be turned into reality, though.
Per-user karma maybe? You could have global and per-user karma. Perhaps you could generate views server side based on global karma, then sort client-side based on user-assigned karma?
