Let’s Build A Decentralized Social Network

From IIW

Let’s Build a Decentralized Social Network

Wednesday 6J

Convener: Pete Rowley & Ricardo J. Méndez

Notes-taker(s): Phil Wijs & Ricardo J. Méndez


Tags for the session – technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Photos here

  • We already have some! Examples:
    • Mastodon (federated Twitter), first one to really gain traction
    • Pixelfed (federated Instagram)
    • Both are built on ActivityPub
    • Diaspora, which does its own federation thing
  • ActivityPub
    • Federation protocol
    • Christopher Webber was a co-author
    • Only 3 actions: New item, delete item, update item
    • Your identity is attached to the server where you create the account
    • Webber is expanding it for secure authentication flows through the Spritely project
  • Federation
    • Trivial example: e-mail
    • A single domain can host a bunch of users
    • Several trust boundaries
    • All sites communicate through a standard protocol
    • Allows one host to view the users an updates of one in another (Mastodon can view updates from Pleroma, Friendica and others)
    • Every server can do whatever it wants, e.g., establish its own internal content rules
    • Needs care early on to ensure that not all users end up in a single server
    • It’s decentralized but not fully distributed
    • Can be self sovereign if you host it yourself
    • Creators for both Mastodon and Pixelfed periodically close access to their instances to ensure people user other instances, avoid becoming a centralization point themselves
  • Problems for users
    • User discovery
    • If federated, identity provider might die
    • Account recovery
  • Possible approaches for key recovery
    • Social recovery, e.g., DarkCrystal for Secure ScuttleBut
    • Multi-party computation, e.g., Kzen's ZenGo
  • Decentralization axes
    • Something that is distributed among many servers but organizationally centralized (Google crunching data across farms).
    • Something that is organizationally decentralized but it’s logically centralized (it’s in a single state the whole time, e.g., Ethereum)
    • Something is logically decentralized doesn’t need every node on the network to be on the same state (Mastodon, IPFS)
  • Secure Scuttlebutt
    • Can be fully encrypted
    • Uncensorable
    • Have a private key
    • Write for a public key
    • Completely peer to peer
    • Doesn’t need an internet connection
    • When we sync, all messages go to the other system
    • Eventually the messages make their way to you, but there’s no guarantee
    • Usability issue: you never know if the person will receive the message
    • Unclear if it scales
    • Not as efficient as always-on social networks, different trade-offs
  • Other notes and questions
    • How do I bring my identity and network with me?
    • Our networks and identity should live on our smartphones
    • Facebook wants to do “privacy” but it won’t really be private if you know who's being assigned what ads (even if the data is analyzed on device). It’s more of a sales pitch.
    • Samsung and Apple make money on devices and value-add services.
  • Marketplaces can be a way to fund this
    • A lot of talk about data marketplaces. “Sell your data and get paid for it”. Terrible idea and ignores privacy-as-a-commons.
    • Data analysis marketplaces. Someone wants to run a study and only cares about the result, not the raw data. There’s an intermediary that can gather a bunch of data, crunch it privately, and spit out a result. End users would opt in.
  • Health care and privacy
    • People need medical care and they’re trying to find a way to cover the cost of healthcare. A pharmaceutical company may need your data if you’re testing a new drug. Your data is worth a lot of money to them. In a self sovereign way, you own your data and it’s cleaner for them to have your data.
    • Australian health care system is set up MUCH different. But you may want to choose who you give your data to. Does the person that is handling my data protecting it enough.


IIW28 WED 6J LetsBuildDecentrlSocMedia(1of2).jpg


IIW28 WED 6J LetsBuildDecentrlSocMedia(2of2).jpg