panos 22h ago
Huh, this is very cool! Just came across this project, and it's actually the same concept as an idea I had in 2023, when we were discussing with Kainoa the possibility of a Firefish app - I told them, what if your mobile phone becomes your server and you store everything locally? But we didn't come up with a way to do this technically, and the idea for a Firefish app was quickly abandoned anyway. It's awesome that someone found a way to do this!

Has anyone used this? I made an account but I doubt I'll have time to explore it much. Any practical drawbacks to the implementation? How's battery usage, for example?

#holos

RE: https://toot.fedilab.app/users/apps/statuses/116076316842011863
Show threadJulian Fietkau15h ago

@panos The main drawback is that the architecture puts the maintenance/redundancy burden on each person. If you lose your phone, you lose your identity and your data. Unless you have up-to-date off-site backups, which by definiton compromise the privacy advantages of the approach.

The times we live in, threat models that I used to consider aimed at journalists and dissidents are relevant to more people, so I don't want to dismiss the idea. But I still think it risks being too fragile for most.

Show threadpanos 15h ago
@julian yeah, you're probably right for most people. But many people on fedi use autodelete for older posts, which means that they probably don't care that much (or they care more about privacy), so I can see how this has a potential audience - limited but far from non-existent.
Show threadJulian Fietkau15h ago
@panos Your posts are one thing, your connections another. I know a number of people with ephemeral posts, but only a few with a habit of ephemeral accounts. They are a delight in their own right, sometimes posting “hey btw I'm here now” without warning, and occasionally not even letting their old followers know. 😄 But I think a great majority is interested in some kind of contiguous identity, which requires keypair backups and recovery procedures at minimum.
Show threadpanos 15h ago
@julian I think I saw some talk on their site or fedi account about future multi-device support, so I guess that wouldn't make it much different than, say, Signal.
Show threadJulian Fietkau
@panos I think actually Matrix would be an apt comparison, as it does similar things with on-device key management and faces the same challenges in cross-device session and identity verification. I don't know Signal's internals much at all, but I believe it's backed by some sort of central identity directory, right? I think Holos doesn't want to do that, which makes some aspects (technical and UX) more complicated.
5:08pmWeb
Show threadpanos 15h ago
@julian yeah, you're right, matrix is somewhat closer to the concept, although the user still has to do with one server practically for their data in both cases. It's just that Signal has one server, in Matrix there are many - but still one per user.