Follow

it frustrates me that I believe that the way we're handling identity and social relationships on the current iteration of the fediverse is Very Wrong, but it's just a lot of talk from me until I can demo with real code I guess

I hope we don't get locked into dangerous antipatterns before it's too late to shift the direction of the network

I should be clear, the reason current popular rollouts of activitypub are doing imo identity wrong is *not the fault* of the people building it, in the sense that they are building activitypub based on what's currently well understood patterns for developing things. So I get why it's happened.

Show thread

how the current fediverse does identity wrong, how we can do better 

Okay, lots of posts about "could you elaborate" so let me attempt.

What would we like?
- Strong resilience to abuse, spam, dogpiling
- Networks which focus on *deeper* relationships with your community rather than *popularity*... in depth vs breadth, depth matters more (this ain't a high school popularity contest)
- support for anonymnity and multiple identities without increased support for abuse, spam, dogpiling

Show thread

how the current fediverse does identity wrong, how we can do better 

One more strong piece of desiderata: the network should be more "peer to peer", in that if your instance goes down, you and your friends don't lose the history of that.

(I've talked about decentralized identifiers before helping with that, I'm leaving out that conversation of this post. Following conversation involves things we can do *today*.)

Show thread

how the current fediverse does identity wrong, how we can do better 

Okay, this all sounds great, but how can we pull this off? First we should overview Zooko's Triangle, which says that names can be either: decentralized, globally unique, human meaningful... pick two. Guess which two we picked? You're right, globally unique and human meaningful... but notice that this means that it's not decentralized. And indeed, DNS (and SSL CAs) centralize our federated networks.

Show thread

how the current fediverse does identity wrong, how we can do better 

The assumption currently on the fediverse and rollouts of ActivityPub are: well, people are used to email style identifiers, so let's use webfinger. Webfinger does succeed in bringing a globally unique and human memorable name in (though it is strongly vulnerable to phishing attacks).

But consider a tor .onion address: alice@agsdgaotasetoyaseotihg15yab51po8ysdga125bp98byz06likhg086086gnboiy08.onion is not a memorable name

Show thread

how the current fediverse does identity wrong, how we can do better 

Note that ActivityPub's spec does not include webfinger at all, it uses URIs. That's extended behavior popularized by current implementations. Anyway...

Show thread

how the current fediverse does identity wrong, how we can do better 

So back to alice on the tor .onion address, how could we ever remember that? We know we can't, but it's okay. Turns out you can layer something on top called a Petname System, and it's probably familiar to you already because it resembles contact lists you already use, and your own friendship networks ("say, do you have Alice's phone number?"). (Incomplete) writeup here: github.com/cwebber/rebooting-t

Show thread

how the current fediverse does identity wrong, how we can do better 

The great thing about petnames is they resemble the way you remember people in real life. You can have your mom recorded as "Mom" in your contact list, and if you want to ask your Mom what Uncle Bob's contact info is, she can tell you... Mom => Uncle Bob. Petnames can also absorb central naming systems: we don't need to throw out dns, make dns a petname then dns => dustycloud.org

It's also less vulnerable to phishing.

Show thread

how the current fediverse does identity wrong, how we can do better 

Okay anyway I said a lot of things here... but here's the general idea: current federation rollout assumes:

- there's one you
- there's one path to get to you
- one naming authority should get to define our names
- when it comes to breadth vs depth, popularity is more important than deep relationships

But these assumptions comes from surveillance capitalism social networks. Reverse all of these and things get interesting.

Show thread

how the current fediverse does identity wrong, how we can do better 

If you're thinking "gosh, isn't the opposite route of what several 'let's simplify activitypub' threads" have been going towards then yeah, it's in the opposite direction, because I think there's a real risk of losing a better future with making that the "standard".

So if you wonder why ActivityPub doesn't include webfinger, it's because we left ActivityPub open to be the fediverse of the future, not just the fediverse of today.

Show thread

how the current fediverse does identity wrong, how we can do better 

And with that final nuclear take I'm out of this thread for the evening.

Show thread

identity, how we can do better, oh wait I forgot something 

OH SHIT I FORGOT SOMETHING

What about content that stays alive even if your server goes down? Here's the answer: Content Addressed Storage. Use URNs for the content of the post as the id, not some http address which will disappear in 2 years. *Anyone* can host content identified by its hash and that's valid, even distribute it peer-to-peer!

Show thread

identity, how we can do better, oh wait I forgot something 

"But Chris, if people are distributing content by its hash then can't everyone see your private posts in a peer to peer network?"

Great question! There's an answer to that: have *two* parts to the identifier... encrypt the post and distribute that, content-addressed. Anyone can have that but not everyone can read it. To the people who can read it, give them that *plus* a symmetric key to decrypt.

Tahoe-LAFS implemented that.

Show thread

@cwebber you mean we’re lacking something like Keybase? Where we use crypto keys to verify our online accounts?

@ilovecomputers @cwebber Keybase is only one side of the missing pieces. The fact that we have to sign up and remember passwords and details for every instance we want accounts on is sort of a huge stumbling block.

@wakest @cwebber yeah. I’ve been using 1Password to make this less of a headache for me, but most don’t have such software. We need to bring in something like openid

@cwebber thats a big deal coming from you. Though I agree. I think we really really need some uncoupling of identity and content. That was the big dream of OpenID but then google/facebook/etc killed that dream with their branded login buttons everywhere.

identities in tech 

@cwebber This feels like you're asking for bang paths, which I guess I find entertaining and not altogether bad.

Beyond that, how are nicknames phishing resistant? Is this the "you can't accidentally send something to the wrong person on Facebook! You know everyone's name!" argument?

how the current fediverse does identity wrong, how we can do better 

@cwebber This has been an eye-opening thread, thank you!

@cwebber so sounds like you should be super on board with what SSB is doing

identity, how we can do better, oh wait I forgot something 

@cwebber
The question here is, how do you send them the symmetric key without the instance admin being able to read that key?

It can't be stored server side, so it must be stored in every single client.

UNLESS... the key is stored in the server but encrypted with a passphrase, which the user must enter upon logging in.

Then again, if the admin is rogue, he might be able to serve their users a trojan page so their passphrase is exposed.

identity, how we can do better, oh wait I forgot something 

@cwebber
In other words, a rogue admin can read their users' messages, no matter what encryption schemes you use. Period.

identity, how we can do better, oh wait I forgot something 

@cwebber
But that's a different problem than the one you're talking about - related, but different.

identity, how we can do better, oh wait I forgot something 

@rick_777 E2E options are possible. Even better, self hosting becomes much more feasible and desirable on a peer to peer network. What if we tear down a lot of the distinctions between client and server?

identity, how we can do better, oh wait I forgot something 

@cwebber doesn’t IPFS implement more or less what you’re describing?

identity, how we can do better, oh wait I forgot something 

@stevenleeg IPFS and SSB both implement some of it... further commentary will have to wait for a time when I'm not dead tired

identity, how we can do better, oh wait I forgot something 

@cwebber @stevenleeg I tried some social network based on SSB but it was clunky and unstable and didn't work on mobile. Tech is cool but it's not there yet. I see mastodon as perhaps a bridge to the Better Future?

identity, how we can do better, oh wait I forgot something 

@regnskog @stevenleeg Sure and I agree that Mastodon has done a great job, and being a bridge is great!

The impetus for this thread though is a) concerns the current mechanisms won't be able to survive a coming wave of abuse and spam and b) this is an interesting and valuable direction for the future, and various implementors have asked "but why not tie some decisions to the fediverse we currently have for simplicity".. well, this is why

identity, how we can do better, oh wait I forgot something 

@cwebber @stevenleeg yeah. I see this as a staging area of sorts, but I also think that the fully P2P solutions are more complex and therefore inherently harder to reason about, which is slightly alarming

identity, how we can do better, oh wait I forgot something 

@regnskog @stevenleeg I think they aren't necessarily more complex and harder, but they're *different* then a lot of the patterns we've been walking forward in tech, and I agree that means that it's a harder path to walk since there may be more surprises

@cwebber

> how the current fediverse does identity wrong, how we can do better

build a better, more friendly, and secure system that people want to use more that "current fedi" if you can't win, then your ideas don't mean much, do they?

how the current fediverse does identity wrong, how we can do better 

@cwebber Can you elaborate on what you mean with

> when it comes to breadth vs depth, popularity is more important than deep relationships
?

how the current fediverse does identity wrong, how we can do better 

@schmittlauch breadth vs depth is admittedly a bit too computer science'y... what it means there is, assume you have a deep and wide structure to traverse. Do you focus on wideness, covering as many areas as possible but none in major detail? Or do you prioritize going deep on detail along some specific paths?

I'm advocating that having deeper relationships is more important than *more* relationships. Quality over quantity.

how the current fediverse does identity wrong, how we can do better 

@cwebber thx. I don't have any problem with cs, but it didn't come to my mind that one would try to model the depth of a human relationship with graphs.

*mumbles* tooting about favourite flowers, so I must already be in 7 layers of friendship

how the current fediverse does identity wrong, how we can do better 

@cwebber petnames for public keys is how all internet services should be addressed. 💯

@cwebber we could throw out IP addresses, DNS, the TLS CA system, DHCP... and things would work *better*

how the current fediverse does identity wrong, how we can do better 

@cwebber So that sidesteps Zooko's triangle right? Because global unique identifiers don't need to be human-meaningful. But you'd still have to have an initial step of creating the mapping (like most people currently do with phone numbers), right?

how the current fediverse does identity wrong, how we can do better 

@cwebber mmmm this is where I start to get annoyed at the rhetoric. calling a petname system familiar because it resembles address books is a little like calling blogs familiar because they resemble a diary. just because someone has used a diary doesn't mean they could run a WordPress blog. the *action* is the same but the systems are entirely different.

how the current fediverse does identity wrong, how we can do better 

@nightpool Yeah but we use metaphors all the time to help people become familiar with things.

It's true it's imperfect, but any time we introduce a technology, we have to show the bridge to something already understood. And what I mean to say is that petnames are dramatically more familiar than they appear at first, and even resemble the naming system used offline way more than DNS does.

how the current fediverse does identity wrong, how we can do better 

@nightpool Here's the problem with everything I just said: it requires buy-in from your clients. Your client has to know how to talk to that contact list to make sense of things. That's not infeasible but it's another step, especially if you have more than one client.

For that, we could set up an extension to the AP C2S system that says "btw here's how you find the contact list and how to interface with it".

how the current fediverse does identity wrong, how we can do better 

@cwebber this should maybe be a reply to your entire thread, not just me?

how the current fediverse does identity wrong, how we can do better 

@nightpool just because I work on communication systems doesn't mean I'm good at communication

@cwebber I'm not complaining about the metaphor, I'm complaining about the lofty level of abstraction at which the metaphor rests. saying "petnames work like address books" obscures a huge gulf of design and detail that has only begun to be hashed out, in a way that saying "ActivityPub works like mailing lists" or "mastodon is like twitter" doesn't.

@nightpool Well, that's true for a full petname system, I agree, because it also includes edge names and intro names. For the petnames themselves, it pretty much is a contact list / bookmarks.

how the current fediverse does identity wrong, how we can do better 

@cwebber Some years ago I sketched the idea of a network where your identifier to the network was a public key, you published endpoints that people could drop encrypted messages to, and as you made connections you could send "introduction" messages to people you already had relationships with. That was the primary way to build the network.

I figured people wanted discoverability, though, and this didn't have it.

distributed identity 

@zigg @cwebber
In fact, this is exactly how Secure Scuttlebutt #ssb works, though only direct messages are e2e encrypted. Discoverability *is* a problem! Pubs help a bit (a pub is a bot user that does introductions, and is also always up for passing messages), but the main way you get introduced to people is either seeing them referenced by people you know, or through hashtag subscriptions.

distributed identity 

@gcupc @zigg Yes, in fact SSB uses petnames! But the interfaces are not fully correct (does not distinguish between your petname and an "edge name" by introduction)

distributed identity 

@zigg @cwebber
Hashtag subscriptions are Very Bad, though, in terms of abuse and spam -- just look at Diaspora* where they are also a primary feature. They only work on ssb, because ssb is so small.

distributed identity 

@gcupc @zigg Yes this is true. I think that a more common way to "meet" people is through group interactions and people reposting each other things, etc.

In fact that's the main idea behind Spritely: to trick people into adopting this kind of system by hiding it in a shared multiplayer social game. Too bad Spritely is still vaporware :)

how the current fediverse does identity wrong, how we can do better 

@cwebber
Stored identity on IPFS, multiple layers of encryption for different aspects of the profile so the user can authorize what information each server has access to.

@cwebber I've read a bit of what you've written, but maybe not enough to get the substance of what you think is wrong. Can you explain the problem to me?

@cwebber Perhaps it's not the right way of thinking but I feel the viable solution is to build a higher order identity framework on top of the existing @$user@domain one, and treat the latter as more ephemeral. Making that work is going to be "interesting" I am sure, but experiments of decentralisation that don't utilise existing rails are going to struggle to gain traction

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!