Decentralized risks: Hosting information for others comes at a cost

This touches upon an aspect I worry about in regards to scuttlebutt as well yet is of a different kind. In your example you mention being faced with data you would rather not partake in, I have found that blocking does indeed hinder most forms of data sharing which I would like to avoid. The one case i have witnessed a lot of discussion around is the same as with facebook/instagram of the “annoying uncle/aunt syndrome”, in which one has a social obligation to not block the individual yet would rather not see the unfiltered spouting on their feed. Facebook/instagram has solved this by simply opening up for “opting out” of seeing their content in your feed. This would be simple to implement on the application layer of SSB for example.

On the other hand, speaking of hops and the spread of data, comparing the amount of privacy (in the sense of who has access to your data) SSB is by far more private than current internet standards and platforms. This ties into the core issue of all kinds of flat-structure tools/platforms used for private communication, that they can easily be used for hiding shady information as well, something one inevitably has to take a stance on.

In regards to designing for communicating privacy/lack-thereof /quirks of the new protocols, security expert Eileen Wagner had a great workshop about this at Radical Networks last year :slight_smile:

1 Like

This is actually interesting to discuss though! I had a conversation with the an IT guy who had done a lot of research into GDPR lately to ensure his company fit the regulations. What he said he’d found was that GDPR did initially serve it’s purpose of ensuring that European data stayed within Europe, but it had simultaneously opened up a new market for American companies to make money by charging the companies who used their services (such as GDrive) for ensuring that their data would be stored in the companies European servers.

Inherently I don’t think GDPR suits it’s purpose of ensuring the data privacy for it’s “citizens” as it’s an issue rooted in the infrastructure of the default-web rather than how the already faulty system is implemented.

In general, spot on regarding GDPR’s effect on SSB though @alberto :smile:

1 Like

Could you say more about this issue rooted in the infrastructure of the default web? How would you describe it?

That seems a very partial take on the GDPR. Its main effect is that people are waking up to the fact that the cowboy era of data hoarding is over. “Data minimalism” has become a thing (for example, it is a tenet of City of Amsterdam’s digital strategy: a far cry from the alcyon days of the “smart city”). IT folks focus on the costs of compliance, but the bite of the GDPR is that it creates digital rights; puts the liability for infringing those rights on the entities that collect data; and then steps aside and lets the courts do their job. The GDPR has inherently more bite for large corps than for small ones, because class actions are much more of a real risk for them. No one is going to go through the trouble of suing Edgeryders. Facebook, though… that’s another matter.

1 Like

Yess! I completely agree, it’s a much needed statement indeed, setting a precedent for the future and targeting the big companies. In reality though it makes it difficult for smaller companies to continue their work as they are reliant on the bigger companies which in turn can profit from this reliance with the rules of GDPR as a backing.

But yes, it’s a much needed statement, if executed in a proper manner is disputable, or if it’s even possible to take action in a positive form when the infrastructure itself directly contradicts personal ownership of data.

This leads into @johncoates question:

Could you say more about this issue rooted in the infrastructure of the default web? How would you describe it?

The infrastructure of the default web is

  1. Centralized, as seen in this image
  2. Inherently distributes the ownership of data away from the users
  3. Relies on middlemen to deliver the data itself which sees all meta-data

With the structure above as a basic foundation of how the https protocol works it is practically impossible to organize for private data where the individual has ownership of the utilization of the data itself since the user can’t control who has access to the data or how the data is stored.

The movement of Distributed / Decentralized webs are all centered around re-organizing this foundational infrastructure, and more, such as in the case of Mesh networks which goes even further and looks at the hardware infrastructure of the internet.

2 Likes

It looks like a movement that is gaining in numbers energy and power.

1 Like

I think that is why Tim Berners-Lee is doing the Solid thing now. It’s not quite there yet, but if we get this right, it’ll be a nice middle ground where everyone stays in control of their data, but we will still have sort of centralized app & service providers. (Because, let us be frank, no one wants to have to worry about the uptime or safety of their data storage.)

2 Likes

And another similar initiative is Wireline. I saw their demo recently, and it seemed pretty stable. Apparently they are very close to releasing.

Maybe @leobard has some updates? Last time we talked he was hanging out in a chat channel with Tim Berners-Lee.

1 Like

Hosting info for others definitely comes at a cost, both for the host and the guest, considering “there’s no free lunch”. I’m quite interested in Solid, as it feels like a “middle-way” from the mainstream Internet as we know it but with the capacity to give users more power and give them control over their data - especially if self-hosting data. Also with the possibility to doing it in an association, co-op or a company they own or are a member of. Works well with the https://mydata.org framework, would love to see a combination.

I looked at the blurbs of both Solid and Wireline. The idea has been floating around for quite some time: I remember hearing about it for the first time at an event called Public Services 2.0 in 2009. So, I guess my questions would be:

  • In a world that normally moves quite fast, what is delaying deployment? Maybe @RobvanKranenburg has some answers here.
  • What is keeping entities accessing your “pod” or “data wallet” or whatever saving a copy of your data, and then cross-referencing it with whatever else? Technically, of course, they have to copy your data. Legally (at least under the scenario of restrictive data protection regulations) they are supposed to delete them, but… will they? Facebook is rumored to have an “you account” even if you yourself do not have a Facebook account, and never had one. Would this kind of scenario be prevented by Solid/Wireline? Because if it would not, we go back to good old antitrust policy: forget about the tech, just never allow companies to grow too big, break them up, nationalize them, whatever.

Edit: Cory Doctorow seems to share this point of view.

Or maybe regulating them in certain ways makes them stronger.

so, just read this in email from the alt-right “social network” Gab:

After three years of work and after being banned multiple times by both App Stores, Gab finally has dozens of mobile apps for our users to choose from. Recently we moved to an open source and decentralized version of Gab that makes your Gab account compatible with a variety of different apps.

You can search both app stores for “Mastodon” “ActivityPub” and “Fediverse.”

Anyway, thought I’d throw it out there. I wonder if they know they’re being used by alt-right and if there’s something they can do against it.

1 Like

I would be surprised if they did not, although I have to admit to the possibility. I remember years ago when so many of us were reveling in our newfound and newly named online communities as if they were known only to we who wanted to use these tools for planetary enlightenment and cooperation. I soon learned that in fact online bulletin boards and, yes, communities had already been going on with real sophistication in the world of hard-core survivalists and white supremacists. And when I dug deeper, I saw that in fact they were out in front of us on using the technologies. Did the makers of the software know about it? Did Ward Christensen, inventor of the first reliable downloading utility, Xmodem, know his work was being used by the KKK? I don’t know. But I can’t see how they could have then, or could now, do something to prevent it being used for what they might see as dark purposes.

1 Like

prevent maybe not, but this brings this discussion perhaps in a different direction: should we (as society, community) do something about hate speech online. It is a very thin line of course, but this Gizmodo article does show how the internet can be a rabbit hole

America is a country without hate speech laws, one built on the premise that it’s not the government’s job to decide what types of speech should be prohibited. In the internet era, that sort of governance is largely left up to the private companies responsible for the technology powering all our digital communications. As spectacular incidents of hate-based violence draw headlines and the web is flooded with extremist content, there’s been an increasing public pressure for companies to take that responsibility more seriously.

And I did some reporting about this and Dylan Roof in this newsletter for Coda Story:

And while the cyber warriors find their way into our hearts and minds, so have they been able to spread conspiracy theories and cults. Although the response to Donald Trump’s claim that windmills cause cancer has been met with derision, the spread of conspiracy theories online is more worrying. WhatsApp conspiracy theories leading to murder in India, the “Pizzagate” conspiracy, and Q-Anon supporters believing all of Trump’s enemies will be arrested and executed for being murderous child-eating pedophiles.

How it works : Dylan Roof, who murdered nine people, said that after hearing about Trayvon Martin’s death he decided to Google him, finding an abundance of links to “black on white crime.” Radicalization in today’s world, often starts with a simple question online. Our story on HIV denialists in Russia shows how one simple search online can drag people into online groups and forums in which they are bombarded with the conspiracies, finding “like-minded’ new friends and alienating themselves from friends and family - just as the old cults did before.

But of course, censorship is difficult as well. Mainly because it gives governments a tool to censor anything critical of them.

5 posts were split to a new topic: Social media manipulation

In practice, they can’t really do more about it than Apple could to against nazis buying iPhones. These are general apps for using any implementation of specific decentralized protocols. You could compare any of these apps to a radio - you can set them to any frequency and they will play what’s there. None of Gabs data is actually hosted by Mastodon, so to bring the analogy further, nobody working at Mastodon can even see what “frequencies” the apps are tuned to.

1 Like

Late to the party…

My perspective on this is that I welcome gab and others far outside my own mindset to use federated tools like Mastodon (as to me the endpoint of federation is everybody running their own instance of such tools). The main benefit is that choosing your own server to host your stuff also is choosing your own bubble: you are denied amplification. No outrage machine like FB or Twitter will elevate you to the foreground. They’ll be as isolated as their opinion really is. In a distributed setting they and ‘us’ will need to earn their amplification the hard way: by convincing other without an opportunity to scale.

2 Likes

How does Mastodon work?

Mastodon provides Twitter like functionality, as in people can exchanges messages or broadcast them, like Tweets.

Mastodon uses a protocol called ActivityPub (AP), which defines an inbox and outbox on your server per user. A mastodon instance can let other instances using AP read the public parts of outboxes, and write to the public part of inboxes. This means Mastodon instances can federate, also with other AP implementations. (My WordPress blog has an AP endpoint so I can post to my blog to reach Mastodon users on some other instance. Though I don’t do that currently)

I run a Mastodon instance where I am the only user. From it I interact with others who can be on a variety of instances. Discovery is an issue there. Similar to e-mail, you need to know on which server someone is to approach them. I’m at @ton@m.tzyl.nl but there’s no way you can find that out other than me telling you or stumbling over someone who is following me.

Any instance can choose to accept or not accept traffic from any other instance.

That is why I wrote I think it’s ok that gab and others start using AP. It mostly means they will be stuck in their own instance(s), as any other part of the network can choose to ignore them, and all of their traffic. Not as on Twitter, one troll at a time, but entire instances at once.
By keeping an instance small, internal moderation is easy (in my 1-person instance non-existent even), and small instances are much less likely targets as the attack-surface for trolling is so small, and each instance can cut-off any other.

An issue still is that most Mastodon users are on a hand-ful of instances, so there’s not much real distributedness yet.

See https://m.tzyl.nl/@ton for my public Mastodon profile.

2 Likes

Very interesting indeed.