Freedombone Blog

Your Data. Your Server. Your Place.

The Ecosystem is Moving Away from Monoliths

At the recent 36C3 Moxie Marlinspike - the developer of the Free Software chat app Signal - gave a talk about the problems involved with with decentralization. It was recorded by accident and then later taken down from CCC's media site, but essentially it was an elaboration upon a blog post which he wrote in 2016.

Even in 2016 it was a contested opinion that decentralized or federated systems could not compete with monolithic ones, but in the intervening years the case for decentralization has become stronger. So while the ecosystem has moved, Moxie's opinions have remained stuck in 2016. "Move fast and break things" is no longer considered a desirable mission statement, even within silicon valley.

In 2020 running a global chat system from a monolithic server on AWS, and in a manner which requires you to give out your mobile phone number, doesn't seem like all that great of an idea from a security and general ethics point of view. For example, how do we know that "ghost members" aren't being added to chat groups, as GCHQ suggested? Who is auditing Moxie's server and who else at Amazon has physical access to it? Use of phone numbers also opens up a variety of security problems. And that's even before wading into the quagmire that is the Electron-based desktop client.

Undoubtedly there are problems remaining to be solved in the decentralized chat space. If you've ever tried using OMEMO for group chat on Conversations then you'll know what I mean. It soon turns into a comedy of errors, because every participant needs to have the public key of every other participant. Assuming that people often have a couple of devices this makes it a 4N^2 problem. It needs to become possible to do secure group chat with 20 people without requiring herculean coordination efforts.

Matrix/Synapse may be doing better with its private chat room feature, but there also need to be usability improvements to eliminate the key verification nightmare.

So the ecosystem is moving. Not in Moxie's direction, but it is moving. An easy prediction is that the next decade will be more volatile than the last. Expect economic, political and environmental shocks. The last decade may have been the era of tech monoliths, but in the turbulent future those systems are going to fail, and fail hard.

Government Internet

It has come to my attention that Jeremy Corbyn is now promoting the idea of a "British Digital Corporation". This mostly seems like a bad idea to me and I'm in favor if keeping the government out of my internets as far as is practically possible. Having a nationalized version of something like Facebook would be really bad for privacy, because when the government knows the contents of your private life then this doesn't usually go well. In the last century using far less sophisticated equipment governments used knowledge of people's private beliefs against them in terrible ways and it would not be a good idea to repeat that.

Also there's currently a lot of interest in regulating the internet, but I think we should be really cautious about this. Many privacy-centric people approve of the European GDPR, but regulation cuts both ways. One day it might be in your favor and the next it might not. We already know that governments tend to intensely dislike encryption and want to spy on their citizens as much as possible. After Snowden there was no rollback of government surveillance powers - quite the opposite.

If a hypothetical near future Corbyn government were to try to improve the condition of the internet with some sort of decentralization programme then what should it do?

The first thing is incredibly easy: fund free software development and have a policy that any software created or supplied for government use must be under a Free Software license. No more proprietary lock-in.

Instead of a "British Digital Corporation" make something like a "Free Technology Fund" and divert whatever money would have been spent on proprietary software or SaaS subscriptions into it.

Designate some of the radio spectrum to be used for public internet provision. A sort of "citizens band" but for internet data. That will enable long distance wifi on a band which doesn't require individual licenses.

Regulate the ISPs to supply municipal mesh networks to every city. Some percentage of any new infrastructure must be municipal mesh. Once a significant number of people start to realize how much public mesh networks chould change the communications landscape then I think there would be a big "aha moment" and a whole new phase of technology development.

Regulate in favor of encryption. That citizens have an inalienable right to communications privacy if that's what they wish to do. Make it illegal for the government to interfere with private digital communications (aka "equipment interference").

Regulate that internet routers supplied by ISPs must at a minimum be able to run some number of internet services. Things like an xmpp server or cloud server such as NextCloud. That's well within the capabilities of current technology and would greatly assist with decentralization of services.

Solid Venture

Tim Berners-Lee has started a company called Inrupt to back his decentralized web project called Solid. There's an article about it here.

I'm sympathetic towards anything which is trying to re-decentralize the web and bring it back to a condition which isn't one of "everyone in my database", as happened with web 2.0. But being backed by venture capital isn't a good sign. Producing public code with venture capital always seems to result in one of two outcomes:

  • The venture fails and the project becomes abandonware
  • The venture succeeds and the software users get locked into some very contrived and usually disagreeable commercial arrangement which they hate

With venture capital the terms of exit - that is, how the users of the system are eventually going to be monetized - has already been pre-arranged at the beginning. If you've seen the relevant TV shows where entrepreneurs "pitch" to capitalists you'll know what this is about.

In the software context exit from venture capital typically means forcing people to take out subscriptions or switching the license to something proprietary or doing the "open core" thing where the core codebase remains as a useless stub and anything of value is in the form of closed addons or a closed enterprise edition. Or you just sell it to Microsoft or Google and they shut it down because it's rivalrous to their existing products or goals. That has happened plenty of times.

A recent-ish example of venture capital would be something like Makerbot. Lots of hype about how great open source hardware/software is and how it's going to change the world, create decentralized manufacturing, etc. After venture capital exit the whole thing goes closed. Taking a look at the website now it's totally corporate and I notice not only is the software closed but there is not even a GNU/Linux version. That must have been quite a kick in the stomach for the original founders, or perhaps they knew that was going to happen as part of the exit deal.

So what would be better? I think the evidence on this is pretty clear. He could start a foundation or a non-profit organization or a "social purpose corporation" like Purism. That would increase the chances of avoiding having his project cynically used and then dumped as so many venture capital backed things have been in the past.

If it looks as if Solid is going to be something useful and it's under a suitable Free Software license then I'll include it in Freedombone as an app. Solid has already been around for a few years and the code is up on Github, but as far as I'm aware it's not in a production-ready condition yet and forming a company is about trying to get more developer effort focussed upon getting it into a viable condition.

On the decentralized web

Decentralization is maybe on the way to being a buzzword. I was reading a Guardian article about it recently, and the article was sufficiently awful that I thought I'd do a deconstruction of it here.

The proponents of the so-called decentralised web...


Isn't the so-called decentralized web really just the web?

With the current web, all that user data concentrated in the hands of a few creates risk that our data will be hacked. It also makes it easier for governments to conduct surveillance and impose censorship. And if any of these centralised entities shuts down, your data and connections are lost. Then there are privacy concerns...

This is all true, but it's not the primary reason why decentralization is desirable. If you're running your own decentralized web server there's also a risk that will be hacked too.

The main reason why we want decentralization is that centralized governance doesn't work. Also silo companies which are practicing governance (badly) but claiming that they were mere neutral carriers of information are hypocrites.

Not only does centralized governance in silo systems not work, it produces bizarre and unjust outcomes. See some of the articles written about Facebook's censorship rules and how they're applied. Also see Twitter's defense of far right thugs. Attempting to do governance by AI will be even worse, and I think we're just at the beginning of seeing the consequences of that.

The services are kind of creepy in how much they know about you

Well, yes, but if it was merely about creepyness I could almost live with that. The problem is that the current situation with silo systems goes far beyond creepyness into the territory of doing actual damage to the lives of their users. Not caring about people getting harrassed or dogpiled is part of that problem. Technology is supposed to be an enabler improving life, not something which disempowers and which you may fear using.

The same tech that can protect users in the DWeb from central surveillance might also offer a shield to criminals

See, there are plenty of criminals on Twitter. Not only are they on Twitter but they're being shielded by it. Occasionally Twitter has purges in which some bad people are kicked out, but most remain and often there's a lot of collateral damage of innocent bystanders. There have been dubious bots creating a murky economy of selling followers for the best part of a decade, and they mostly ignored it.

How will my everyday experience of using the web change? If it is done right, say enthusiasts, either you won’t notice or it will be better

"Enthusiasts" is a curious word to use here. Not "experts" or "people who built the internet"?

Trying to market the "DWeb" are merely "better" also misses the point. What we're trying to find a solution to here is nothing less than how to practice good governance in the 21st century. A dictatorship of Facebook and Twitter isn't working out real well with regard to that question.

For the internet, and therefore the rest of life, to be well governed it needs to be run by and for the people who are using it. People need to have a stake in the game. Not just "Zuckerberg calls the shots and the rest of the world falls into line". This isn't about whether apps are convenient to use or not. It's fundamentally about what kind of life you want to live, and whether you want to be a contender or merely someone being "nudged" by an algorithm.

One thing that is likely to change is that you will pay for more stuff directly – think micropayments based on cryptocurrency

One of the biggest problems at the DWeb summit which this article mentions is the conflation between decentralization and blockchain technology. Cryptocurrencies which currently exist - especially Bitcoin - aren't really decentralized. Yes, anyone can run a node, but who generates the new currency and who is getting the most value out of it? Not just theoretically, but practically, in reality. So far that's always been a very exclusive club of beneficiaries, who are mostly the usual suspects. This isn't true decentralization. It's more like a pyramid scheme with cryptography.

At present I'm not convinced that blockchains have much of a role to play in decentralization, but append-only lists might.