Surprised to see no mention of GNUNet. GNUNet arguable has the most complete stack and they have a GNU Name System so they can go beyond public key as direct identifiers.
I would really love to see matrix use GNUNet and GNU Name System as their P2P layer. It just hides so much information by default and its looking for a 'killer app'.
Would be great if a security-head would write up a deep dive on Gnunet's codebase.
I think the long-standing assumption is that it could do what it advertises if the users were there. But it'd be nice to know what the actual state of the implementation really is.
I've been excited about GNUnet in theory for a very long time, and they have some great ideas... but despite that, I've very rarely been able to run any of their actual software and have it work reliably.
And that's understandable, given that their website states prominently: "GNUnet is still undergoing major development. It is largely not yet ready for usage beyond developers." But it started around two decades ago; at a certain point I stopped expecting that I'd be able to use it anytime in the near future.
That's why I would love somebody like Element to look into it and potentially actually using it, helping solve the problems that prevents it form being commercial.
I just like the model of having multiple layers of encryption, helping hide metadata, having a name system and routing across different protocols.
Twitter simply becoming a large ActivityPub server sounds nice in theory. But in practice it would be no different than it is today, because they would just blacklist servers and make everyone submit, right?
A more attractive approach would probably be something more p2p like SSB or the Iris project. But at that point, Twitter can’t really do much to “brand” that as Twitter.
What I think Twitter could do is to become a managed service (like G Suite is "Google for your domain", Twitter could offer its own suite of services on custom domains).
In practice probably every AP server that doesn’t say “we refuse to blacklist anyone” would probably blacklist Twitter anyway, it’s too fucking huge to moderate.
What a mess that would be. A user has to keep in their mind which servers they can and can’t talk to while also remembering which servers their friends are on to begin with.
My 2cts: It would be ok to soft-block huge servers: making them opt-in only, on user-by-user basis. Ie you could follow from/to twitter on some other AP server, but no notification on (unrequested) mention, shared #tag searching, etc. Imho you never should to talk to "the world" (especially with microblogging, it's door open to drama, troll and everything abuse). Not sure if this exists in AP servers, heard the moderation is missing some stuff. Anyway I never used any microblogging.
Surprised that Retroshare isn't here. I feel like it's been tackling the distributed network problem for quite some time, and I see a lot of references to it among the SSB crowd I'm connected with. I've been playing around with it to connect my family, and while it's rough around the edges, it has a lot of functionality (forums, chat, channels, links) that has overlap with the networks mentioned in this paper.
"Secure Scaleable Scuttlebutt" is a tagline/slogan that appears at the bottom of Scuttlebutt's website. I guess these folks eat at "i'm lovin' it"
The project is universally called "Scuttlebutt" though its full name is "Secure Scuttlebutt" — originally to distinguish it from the early prototype also called "Scuttlebutt", which is now a historical artefact — similar to "World Wide Web" versus "Web".
> Content cannot be easily edited or deleted, but the append-only log ensures that the network converges towards the same state despite partitions.
I don't think that's right. First, there's no single network, so I don't understand what “converging” means here. Each person has a different subset of all the scuttlebutt messages that exist.
If a client discovers conflicting messages claiming to be Alice's message number 21, the client ignores both messages and all subsequent messages in that feed; the feed is “forked” — nothing converges.
The purpose of the append-only log is as the paper says later:
> Messages cannot be faked, omitted, or re-ordered, due to the signed append-only log nature of the feed.
---
> An ignore will simply not show that data to the user's node, although their node will continue to pass their data through the network.
Which client implements ignores like this? I thought that for most clients, ignore means “I won't replicate this feed, but I also won't publish a message announcing that I'm no longer replicating this feed”. The same as blocking, but without announcing it.
---
> For example, a client could store data from 2 hops away, but replicate data from 3 hops away
No, you can't replicate data you haven't stored! You could store and replicate data from 3 hops away but only display data from 2 hops away.
---
They're a little confused, but they've got the spirit!
This is the Bluesky report. Here's my take when this was first posted a few days ago:
Twitter, as a company, has a horrible track record in supporting the developer community. This seems like a good project on its face, but ultimately (IMO) serves as a distraction. While the paper released today is worth reading and the people on the team are sure to have good motivations, I wouldn't get my hopes up on this.
Is it, though? The @bluesky Twitter account linked to it, but the word ‘Bluesky’ only appears in it once - not around the title or author affiliations.
Did Twitter compensate the listed authors? Are they the “Bluesky” team Twitter’s been claiming to fund as a wholly independent group (initially) or hire as employees (in later comments) for more than a year?
Every other social media company not backed by a block chain decentralized technology should be considered dark web heresy. You cant verify your data integrity. You cant verify the identity of anyone. Entirely a scam.
twitter becoming activitypub compliant would be a welcome step for that community. why? because it would give instant credibility to the federated network of thousands of nodes who can now talk to twitter as well.
doesnt matter if twitter becomes another "instance" because technically it would be.
i for one am running a bunch of "off grid networks" which are currently only in my home network because thats what i care about but i am thinking of opening up to the internet as a private network.
this would mean i can allow a twitter user to communicate with my private network without them having to switch over to my network entirely or create yet another account. sure twitter can ban all outside connections, make this decentralized only in name but what benefit would that give? as far as i know, twitter is looking to avoid the responsibility of moderating its users by "federating", i think give reddit like mod roles to users for a specific community? or something else?
right now if they do go ahead with activitypub, they can safely say "hey, here are our Terms. if you break them you are out, otherwise you can join any of the twitter "instances" managed by these people with their own terms.
23 comments
[ 3.2 ms ] story [ 60.9 ms ] threadI would really love to see matrix use GNUNet and GNU Name System as their P2P layer. It just hides so much information by default and its looking for a 'killer app'.
I think the long-standing assumption is that it could do what it advertises if the users were there. But it'd be nice to know what the actual state of the implementation really is.
And that's understandable, given that their website states prominently: "GNUnet is still undergoing major development. It is largely not yet ready for usage beyond developers." But it started around two decades ago; at a certain point I stopped expecting that I'd be able to use it anytime in the near future.
I just like the model of having multiple layers of encryption, helping hide metadata, having a name system and routing across different protocols.
A more attractive approach would probably be something more p2p like SSB or the Iris project. But at that point, Twitter can’t really do much to “brand” that as Twitter.
Also, would be nice to have Oasis added as a desktop "SSB social app".
The project is universally called "Scuttlebutt" though its full name is "Secure Scuttlebutt" — originally to distinguish it from the early prototype also called "Scuttlebutt", which is now a historical artefact — similar to "World Wide Web" versus "Web".
I don't think that's right. First, there's no single network, so I don't understand what “converging” means here. Each person has a different subset of all the scuttlebutt messages that exist.
If a client discovers conflicting messages claiming to be Alice's message number 21, the client ignores both messages and all subsequent messages in that feed; the feed is “forked” — nothing converges.
The purpose of the append-only log is as the paper says later:
> Messages cannot be faked, omitted, or re-ordered, due to the signed append-only log nature of the feed.
---
> An ignore will simply not show that data to the user's node, although their node will continue to pass their data through the network.
Which client implements ignores like this? I thought that for most clients, ignore means “I won't replicate this feed, but I also won't publish a message announcing that I'm no longer replicating this feed”. The same as blocking, but without announcing it.
---
> For example, a client could store data from 2 hops away, but replicate data from 3 hops away
No, you can't replicate data you haven't stored! You could store and replicate data from 3 hops away but only display data from 2 hops away.
---
They're a little confused, but they've got the spirit!
Twitter, as a company, has a horrible track record in supporting the developer community. This seems like a good project on its face, but ultimately (IMO) serves as a distraction. While the paper released today is worth reading and the people on the team are sure to have good motivations, I wouldn't get my hopes up on this.
Did Twitter compensate the listed authors? Are they the “Bluesky” team Twitter’s been claiming to fund as a wholly independent group (initially) or hire as employees (in later comments) for more than a year?
doesnt matter if twitter becomes another "instance" because technically it would be.
i for one am running a bunch of "off grid networks" which are currently only in my home network because thats what i care about but i am thinking of opening up to the internet as a private network.
this would mean i can allow a twitter user to communicate with my private network without them having to switch over to my network entirely or create yet another account. sure twitter can ban all outside connections, make this decentralized only in name but what benefit would that give? as far as i know, twitter is looking to avoid the responsibility of moderating its users by "federating", i think give reddit like mod roles to users for a specific community? or something else?
right now if they do go ahead with activitypub, they can safely say "hey, here are our Terms. if you break them you are out, otherwise you can join any of the twitter "instances" managed by these people with their own terms.