Mastodawn

Lots of exciting #decentralization protocols and technology out there. Some are not ready for usage, others are not following the paradigm I prefer, I love that we're spoiled for choice.

IMO I still love #SecureScuttlebutt, for me it is still the best offline-first local-first gossip protocol out there. Yes, it has dangerous corners and design issues, but it works and I can build apps with it for my friends.

I find it has pretty intractable scaling problems. So like... it works... at first. But gets bigger and slower pretty much exponentially. What was that non-blockchain network... Briar I think?

https://briarproject.org/

Secure messaging, anywhere - Briar

Secure messaging, anywhere

@cy
> What was that non-blockchain network... Briar I think?

Briar is a neat experiment, but they've never shipped apps for anything but Android. The problem with depending on one proprietary OS ought to be obvious, Goggle's recent decision to start farming Android app devs is a good example;

https://keepandroidopen.org/

So until it's cross-platform, Briar is a fun toy, but not suitable for production use.

Keep Android Open

Advocating for Android as a free, open platform for everyone to build apps on.

Can't say I've looked into it before. I got tired of nodejs projects back when they switched to the new module format. Good to know, at least!

In my opinion, a good project would write programs, not "ship" "apps." Dunno what one would be good though.

CC: @[email protected]

@cy
> Dunno what one would be good though

Depends on your use case/ threat model. Ask yourself questions like; who do I want to communicate with and why? Are you looking for software for an existing group/ network of people who can make and action decisions about where to communicate? Are you wanting to adopt an app to make new contacts among its current network? How sensitive are the communications? Etc, etc.

I just use the Fediverse, nothing else seems worth bothering with. I kind of gave up a while ago. I don't have an existing group, or anyone at all really. Met some nice people on the Fediverse though. (None of them are interested in whatever network I might propose.)

CC: @[email protected]

@cy
> I just use the Fediverse, nothing else seems worth bothering with

Same. Other than email and SMS, and occasional use of Matrix and even less often XMPP.

@strypey @cy the fediverse is indeed cool, but it is not the p2p I aim for. It is very costly to run an instance in terms of bandwidth and also it is server to server and that is just federation, which is cool in its own way but not comparable. It has the best of both worlds and also the worst.

@soapdog
> the fediverse is indeed cool, but it is not the p2p I aim for

Pure P2P networks have been the holy grail of every new generation of cypherpunks since the 90s. They've never worked out. Everything that's turned out to be practical for use beyond dogfooding has some kind of supernode, and that's not even a bad thing;

https://bridgeseat.substack.com/p/in-defence-of-servers

> It is very costly to run an instance in terms of bandwidth

If you use Mastodon, sure. There are much more efficient fediverse servers.

In Defence of Servers

Why pure peer-to-peer networks aren't always better than federated ones

Bridge Seat Cooperative

Supernodes aren't bad things, but gatekeeping supernodes with no deniability are. That's why the Fediverse uh... sucks. That and we're tied to one specific supernode.

Also substack are Nazis so don't read them.

Secure Scuttlebutt works just fine for p2p. My only complaint is it uses a blockchain for no reason other than it makes it somewhat more difficult to erase what you've said in the past. Which is like the opposite of good from a privacy standpoint.

CC: @[email protected]

(1/3)

@cy
> gatekeeping supernodes

The option is there to be your own gatekeeper, eg with a GoToSocial instance. Most people *choose* to outsource this work. But no one is forced to.

> with no deniability

Huh?

> we're tied to one specific supernode

Not if you use Hubzilla, Streams, Forte, or other apps in theZot/Nomad branch of the 'verse.

Folks are working on FEPs for enabling other AP apps to become nomadic;

https://wedistribute.org/2024/03/activitypub-nomadic-identity/

I'd like to see those FEPs happen. As long as you're not sharing your private signing key.
The option is there to be your own gatekeeper
Can you afford to buy a domain name? How about an SSL certificate? Both of the financial barriers involves paying rent to some parasite who doesn't even do anything. Do you have a computer that can run 24/7, with an always available network? Finally do you have some hours to learn how to set everything up?

I'd love more people to be self-hosted, but as you just said, servers are not a bad idea. If we're all self-hosted, the network won't work as well. And there isn't much of a choice for many people, who only have a phone on a flaky network at best.
Huh?
Deniability is where you're delivering people's messages, but you can't look inside them to see what they are. When you can do that, governments can (and will) force you to spy on people, convicting you with their crime if you refuse. Because clearly you're complicit, since you're legally liable for every message that has illegal words in it.

Think like the post office, where they're required to not read your letters. Compare with a US prison, where they get to read and creatively edit any letters you try to send.

If I was making a network, I'd have it so servers or supernodes only saw encrypted messages. To decrypt them, they'd have to be participating in whatever conversation was going on. Just to save them from getting in trouble when I say something stupid like "I want to kill the Pres—" (screeching tires from black van)

CC: @[email protected]

@cy
> As long as you're not sharing your private signing key

The details of how it works are in the draft FEPs, which are linked in the article. Have a skim and see what you think.

(1/2)

You raise some valid concerns about the costs (financial and otherwise) of self-hosting. But my point remains; the option is there.

@cy
> Can you afford to buy a domain name? How about an SSL certificate? Both of the financial barriers involves paying rent to some parasite who doesn't even do anything.

Not with SSL certificates, thanks to Let's Encrypt;

https://letsencrypt.org/how-it-works/

How It Works

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain browser-trusted certificates without any human intervention. This is accomplished by running an ACME client on a web server. To understand how the technology works, let’s walk through the process of setting up https://example.com/ with an ACME client. There are two steps to this process. First, the ACME client proves to the Certificate Authority (CA) that the web server controls a domain. After that the client can request or revoke certificates for that domain.

(2/?)

True, domain names can only be leased not bought and that's annoying. I proposed one way around that here;

https://disintermedia.net.nz/a-free-online-birth-certificate/

But a domain name costs about NZ$20-$50 a year. That's about what we pay per month to be connected to the net here. It's hardly a high barrier.

> there isn't much of a choice for many people, who only have a phone on a flaky network at best

They could use managed hosting;

https://codeberg.org/fediverse/fediparty/wiki/Hosting-services-offering-managed-fediverse-servers

A Free Online Birth Certificate

A modest proposal to liberate us all from second-class citizenship online

Disintermedia

(3/?)

@cy
> a phones on a flaky network

... is just as much of a problem in P2P networks, as the dev of ManyVerse found out the hard way.

Anyway, remember the context; my argument is not that everyone ought to self-host. My opinion is kind of the opposite, for reasons laid out in that Bridge Seat post about the value of servers. I'm just pointing out that using someone else's server isn't compulsory.

(4/?)

OK, I understand what you mean by deniability. I agree that the fediverse is not a suitable place for sensitive non-public discussions. *Unless* you and all your correspondents are self-hosting, or trust all the admins/ mods of the servers you're all using.

That's something that Matrix or XMPP+OMEMO is better for. See;

https://disintermedia.substack.com/p/get-a-room

But that doesn't mean the fediverse isn't useful in general. Clearly you think otherwise, because here you are ; )

Get a Room

The challenges of having reliably-private conversations in decentralised networks

Disintermedia

(5/5)

Also worth noting that SocialCG (W3C Social Community Group) has a taskforce working on using (D)MLS to make it possible to send E2EE private messages over ActivityPub;

https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/