
A decentralized web would give power back to the people online - endswapper
https://techcrunch.com/2016/10/09/a-decentralized-web-would-give-power-back-to-the-people-online/
======
zer0gravity
So nobody can "give the power back" to anybody, but people can stop giving
their power away to others. We all have power, and we manifest it through our
actions and choices.

Some say knowledge is power, but in order to gain knowledge you have to make
that choice. One can try to educate people about the benefits of hosting their
own data, but unless they make the choice to listen and understand it's all
for nothing.

I tend to agree with others that posted here, that in general, people are just
not interested. It may be too hard for them to grasp the real implications of
giving all those informations about them to third parties.. They may also
consider that it's too hard to handle all those problems by themselves so
they're willing to pay the prices...

I don't think that the change can happen unless the people who do understand,
do something about it, but usually these people are more interested to cash in
on the ignorance of those who don't...

~~~
cocktailpeanuts
The "People don't understand" is a condescending statement and is exactly the
reason why the people who try to build these decentralized systems never
succeed, because they don't even understand why people use information silos.

If you really think that's the problem and you think you know better than
other people, you should quit using every single centralized system out there,
like your bank (they take your money and invest it elsewhere! And most people
don't even know about it!), credit card (It's just a small piece of plastic
but you have to pay them money just to pay money, and they even track your
purchase history, how ridiculous is that!), etc.

Sure there are shitty aspects to this (and I don't like it either), but the
reason they are still around is NOT because most people don't know, but
because most people have better things to worry about. I know EXACTLY what's
going on but still use centralized silos for certain things because it makes
sense at the moment, even though there are many downsides.

It is these "decentralized" people who are out of touch, not the ordinary
people.

~~~
normalhuman
It's a tragedy of the commons situation.

Even if you understand the downside of centralized systems (and most people
really do not), you cannot individually do anything to stop them. So you use
them out of convenience.

"Decentralized" people are out of touch only to the degree that they believe
that they can change the world based on collective altruism. That is an uphill
battle. They are not out of touch in realizing the dystopia that we are
heading towards.

I imagine two possible scenarios for decentralized systems to take over:

a) Dystopia goes mainstream -- one scenario: "social credit scores" become
common practice and people start to fear using the web to an extreme degree;

b) Someone comes up with a decentralized system that is able to do something,
only possible with decentralization, that everyone really really wants.

I hope b) happens first.

~~~
jfoster
People would change the way they use the web, not stop using it.

~~~
TelmoMenezes
Yes, that is precisely my argument. Make the normal web sufficiently
oppressive, and the freedom provided by decentralization becomes so compelling
that people switch to it.

~~~
SXX
Do you seriously expect that in dystopian scenario altenative going to be
available? Even if decentralized services going to remain available do you
think people will risk using them?

Most likely they won't going to do that. This is proved by China and more
extreme example of North Korea also available.

Or just look at any country with totalitarian regime: they increase
regulations really slowly so people "too busy" to think about that, but at
some point they simply too scared to do anything.

~~~
TelmoMenezes
You have a point. What I imagine is that some underground "resistance" would
develop and use such systems, and once the authoritarianism eventually
collapses, the mainstream will then be afraid of centralization.

Take as an example the Germans' insistence on privacy, to extents that even
seem ridiculous to a lot of people (e.g. the right to blur your house in
Google maps), and then consider their historical context.

------
chestnut-tree
A real barrier to a decentralised web is the difficulty of installing software
on a server. I know that sounds really mundane and inconsequential in the
broader debate about a decentralised web, but consider the following...

Imagine if installing a server-side chat app, message board, project
management app, or CMS were as easy as installing a desktop app. In a desktop
app, it's usually one click to start the install and then, if necessary,
you're guided through a few screens to complete the install. Want to
uninstall? The OS (operating system) will provide a feature to manage that.

Now consider how complicated installing on a server is in contrast. Upload you
files to a folder or directory, enable permissions, set configurations not
just for your server but also the language the program is written in - the
list goes on. No wonder SaaS (Software as a Service) is thriving like never
before. Who, other than technical folks, could possibly have the time,
interest or inclination to set up a self-hosted solution when the barrier is
so high? Perhaps some in the tech field would like to keep it that way? Would
Saas be less attractive if installing a self-hosted solution was simple, easy,
quick and secure?

Surely an essential part of a decentralised web is that companies,
organisations and individuals choose to run their own software using open
protocols and data formats. But until the ease, security and simplicity of
installation improves for web software, it simply won't happen on a large
scale.

~~~
adekok
> A real barrier to a decentralised web is the difficulty of installing
> software on a server.

Also, economies of scale.

If people used a decentralized service called "UnFaceBook", the total cost of
servers, administration, etc. would dwarf the cost of Facebook running their
data centres. From a business perspective, it's just not feasible.

Hmm... perhaps everyone running their own systems is, in fact, doable. Most
people have smart phones which are much more powerful than servers from 6
years ago. Why not just use that?

Have the content at the edge, and controlled at the edge. Scalability can come
from lots of caching at the core.

Not a startup I'd want to do, but it's technically feasible.

~~~
tajen
Economics and scale can be a strange beast. The sum of Amazon EC2 + Google
Cloud + Digital Ocean + Rackspace +... is about 10,000,000 servers, which
makes... 1 server per 7,000 inhabitants on Earth. Have you ever looked at it
this way?

And that's only for public cloud, not including Facebook, Google's internal
servers, Apple's infrastructure, ISPs, and servers hosted by all companies. So
to provide all IT services to citizen of modern economies, we're certainly
close to 1 server for 100 inhabitants. Sometimes I wonder what we're doing
with so many servers on Earth: I don't spend 24hrs a day sending requests to
public servers, and even if I did, the server I'd be pinging could handle a
few thousand users at the same time. So where does all this processing power
go?

And there's even more computing available if you include everyone's home and
work PC, phone and router, but those are not always-on.

> Hmmm... perhaps everyone running their own system is, in fact, doable.

Crunching the numbers, we're already above one system per person ;) So we
might as well go full-decentralized, if we could conceive a theoretical model
around it.

~~~
FooBarWidget
> So where does all this processing power go?

Security, redundancy and isolation. Often times you have an extra server not
because you need the processing power, but to separate things for security
reasons, to provide failover and to avoid noisy neighbors.

------
Gys
To most people (99% ?) Facebook, Instagram, Google etc offer everything they
want. So they do not feel a need for getting the 'power back'.

It all comes down to perceived (!) value. Once people use one thing, they will
only switch if something else offers a clear higher value. At that point
offering the same value is not enough anymore. This higher value has to be
something that makes every day life in a very obvious way a little better. I
am afraid something abstract like 'more power' will not do the trick.

~~~
catscratch
Where the change will come is when we are no longer dependent on paying for
network access. That will be the financial incentive.

A fully decentralized web would be delivered peer-to-peer via a mesh network
or something similar. Anything else is a farce, because it's not just about
who holds the data on the network, it's about the network itself. If any link
in the chain of the communication can be controlled by some centralized power-
it's not decentralized.

On a fully decentralized network, three things restricting freedom and privacy
would be:

* the personal device used to (inter)connect, like malicious code hiding in firmware

* those controlling the power needed for the device

* those that can interfere with communication or alter data on the distributed network, either as a peer on the network, through malware/disruptive communication on the network, or those blocking communication

The problem with the decentralized web, though, is that when the web is fully
free- if everyone stores part of the content from everyone else, then they
could be storing things that are illegal and that they don't agree with. I
personally don't want to participate in any network where I can't control what
data is stored locally.

~~~
JohnStrange
This won't happen anyway, because it's a classic collective choice problem. If
all people put some alternative software on their WIFI router at the same
time, this fully decentralized mesh web would come into existence at once in
most densely populated areas in Europe and the US (all big cities at least),
and almost everybody would have an immediate advantage from it. But if only a
few people do it first, they'll have tremendous disadvantages from it due to
freeriders, abuses, etc. So it won't happen ever.

I remember to have seen a protocol for such ad hoc mesh networks that wasn't
even IP-based and could be implemented on most routers. The network can
dynamically self-configure, route around failures, and nodes can go in and out
of existence whenever they want. It looked pretty cool but unfortunately can't
remember where I've seen it. :/

~~~
c22
Are you thinking of cjdns?

[https://en.m.wikipedia.org/wiki/Cjdns](https://en.m.wikipedia.org/wiki/Cjdns)

[https://github.com/cjdelisle/cjdns](https://github.com/cjdelisle/cjdns)

------
mark_l_watson
I went to the Decentralised Web conference in June. Fantastic venue, good
talks, and lots of interesting people to talk with during the breaks. I
blogged about the experience [http://blog.markwatson.com/2016/06/action-items-
after-attend...](http://blog.markwatson.com/2016/06/action-items-after-
attending.html)

Until recently, I was trying to go 'all in' by favoring GNU Social over
centralized social media, almost always running Linux on the laptop, etc.

I have backed off somewhat, realizing that my workflow for writing books and
consulting is more efficient using OSX, and sometimes Facebook and G+ are much
better at connecting with friends and better for publicizing book updates,
etc. than GNU Social.

I am trying to live in a practical 'middle ground' where I can get my work
done and still participate in keeping the web open and decentralized.

Two new developments that are promising: a Ruby version of GNU Social that
uses the same protocols that looks much more hackable, and TBL's W3C Solid
project.

~~~
nojvek
Facebook and goog is build by armies of full time folks with average salaries
of 150k. Competing with volunteers doesn't get you far.

Even the rise of git was because of github. A for profit centralized company.

May be the best case is to have open, decentralized protocols, with for profit
companies providing hosting and simple signup.

ICQ or XMPP, never quite took off like slack. Is it because of the interface?

~~~
adrianN
A couple of years ago everybody had ICQ, at least here in Germany. I wouldn't
say that it "didn't take off".

~~~
flukus
Same in Australia before MSN messenger (and now facebook messenger) supplanted
it. I set my phone notification to the default ICQ sound and if I get a
message in a meeting I see the instant wave of nostalgia across everyone's
face.

------
userbinator
Does anyone remember the "decentralized web" of the early 2000s? Varous P2P
protocols existed that allowed everyone to share content freely, and they did.
Content that was not even originally in digital form was digitised and nothing
but a search away. It was amazing. The copyright/media industry didn't like
that. Security paranoia (possibly assisted by the industry) also heightened
its demise.

I really do hope we see another "rise of P2P", but there seems to be strong
commercial interests against it. (Bitcoin itself is rather commercial in
nature, as it deals specifically with currency.)

~~~
oldmanjay
Are you of the opinion that p2p piracy has somehow gone away?

I do have to question the notion that free entertainment is what empowers
people, but I suppose it isn't the stupidest attempt at justifying piracy I've
ever read.

~~~
userbinator
_Are you of the opinion that p2p piracy has somehow gone away?_

It hasn't, but it's far diminished than what it used to be.

 _I do have to question the notion that free entertainment is what empowers
people, but I suppose it isn 't the stupidest attempt at justifying piracy
I've ever read._

Not only entertainment, but information in general. Various books and
journals, some of which you probably wouldn't even be able to buy a physical
copy of, obscure software, etc. "Knowledge is power." Piracy isn't just movies
and music...

~~~
oldmanjay
> Piracy isn't just movies and music

You're right, of course, but this is one of those situations where 99% of
cases ruined it for the rest.

And I would argue heavily that p2p is diminished in any way. I don't have
anything to do with the piracy subculture and it took me under 5 minutes to
find torrents of current movies, tv shows, and albums.

------
infodroid
Decentralized services have not been able to compete with their walled garden
counterparts due to lack of resources and access to capital, as well as the
coordination costs of federation. It's a structural and not a technical
problem. I can't see how this will ever change.

Most decentralized services are open source projects maintained by volunteer
developers. They are competing with centralized commercial projects with deep
pockets and the ability to hire not only smart developers but also artists,
testers, sysadmins, designers, marketers, researchers, and project managers -
some of the things you need to deliver a best-in-class service to users. The
odds are stacked against the decentralized service from the beginning.

Even when these projects attract commercial interest, such as Dat or Ethereum
named in the article, it is not clear how their funding will be sustainable
given that decentralized platforms are more difficult to monetize than
centralized ones. And it's really hard to see Github as a "posterchild" for
the decentralized web, since it is really a centralized service.

~~~
JohnStrange
I don't think so. Decentralized services never took off very much because of
tremendous technical difficulties with reliable NAT traversal/hole punching.
Companies like Skype spent unbelievable efforts to get around these problems
and kept them a closely guarded secret. There are a few more libraries now,
but it's still surprisingly difficult to achieve reliable p2p connectivity
without some external, centralized server to get the process started.

This in combination with a few other problems with ISPs, slow upload speeds
and the "intellectual property" watchdogs prevented 1-click installation.
Without extremely easy and fast setup that even the dumbest person can manage,
no software will achieve wide popularity. Shareware authors have already
realized this in the 90s and this hasn't changed since then.

So my verdict is: technical reasons, mostly, although I wouldn't exclude the
possibility that there were some "dark forces" behind them in some countries.
Genuine P2P has always scared the shit out of traditional companies and
politicians.

~~~
infodroid
> my verdict is: technical reasons, mostly

This conclusion is not really supported by the facts.

The failure of decentralized VOIP services to achieve mass adoption was not
due to technical reasons. Let us remember that SIP was standardized in RFC
2543 in 1999 and had a head start over Skype. The first STUN (Session
Traversal Utilities for NAT) RFC 3489 to help solve the NAT traversal problem
was published in 2003, the same year as the first release of Skype. There was
no technical reason stopping the SIP community from building reliable VOIP
clients to compete with Skype. One might object that due to NAT, SIP required
most users to use a STUN server. But this is not a technical problem: it is
similar to the situation with XMPP, which required users to register and then
connect to an XMPP server, yet XMPP is still a decentralized protocol.

Besides, decentralized services encompass a lot more than just VOIP. For
example, they includes instant messaging, file storage, and social networking.
The first Jabber/XMPP protocol RFC was published in 2004, even though the
server software had been open sourced since 1999 or so. The decentralized file
storage service Tahoe-LAFS was first released in 2007. The micro-blogging
service and Twitter-alternative GNU Social was launched in 2008. The Diaspora
decentralized Facebook-like social network was launched in 2010. None of these
services were able to compete with their commercial counterparts, yet there
was nothing _technical_ stopping them from doing so.

These services and their spiritual descendants have failed to gain mass
adoption because they didn't have the same resources as their centralized
commercial counterparts, and so could not offer users a better or comparable
product in terms of quality, features, usability, reliability, or even "cool
factor".

There is a parallel here with the mythical Year of the Linux Desktop, which
never seems to arrive.

~~~
jonathanstrange
> This conclusion is not really supported by the facts.

Oh yes, it is. I have to wholeheartedly disagree with almost everything you've
said, I'm afraid.

STUN requires a centralized outside server. As I said, by now there are better
libraries that didn't exist ten years ago, but even they fail often. NATs
behave very differently form implementation to implementation, some don't even
get UPnP right, and it takes a lot of resources to get p2p reliable _without
special user interaction_ (e.g. with their home router) and _without any
server outside_. AFAIK, there not no single library or method that works
reliably without a server outside of the NAT. Also don't forget that I was
talking about why _decentralized_ p2p didn't take off, so we're talking about
a of 1996-2010 not about now.

Adoption of technology does not work the way you describe, it works similarly
to language change. It doesn't have much to do with resources of companies.
Here is how it works in reality:

1.) If there is already an easy to use service that covers the functionality,
new ones will likely fail. (Just like possible word compositions are often
blocked when there is already a word for sth.)

2.) If end users cannot get it running within a few seconds, the technology
will likely fail. (If it is intended for a mass market, I'm not talking about
specialized tools or b2b software, of course.)

Decentralized p2p failed because of 1.) and 2.), and the reason for 2.) was
primarily the lack of a cross-platform, reliable way to punch holes through
NATs.

All of the examples you give fall under 1.) or 2.) respectively. On the other
hand, Bitcoin is a typical example of p2p that satisfies both conditions, and
that's why it was successful.

But there are are more conditions (though not the ones you suggest). One major
factor was also that for an ISP, it's most desirable not to see strange server
traffic from their ordinary, non-business end-consumers. So even if you
succeed with NAT and complicated network topology issues, ISPs might still
mess with the traffic or even block it. In fact, some infamous ISPs even
disallowed running servers at any non-standard ports for some time, and used
other methods to limit the Internet to passive web consumation for their
customers. My ISP in the late 90s, for example, used PPP over ADSL for no
technical reason, and switched off the connection once a day for no technical
reason other than making it a bit harder to get a continuous server to work.
And let's also not forget that most consumers nowadays are behind ADSL, where
upload speed is usually limited 10 times less than download speed. That alone
makes p2p harder.

Again, all mostly technical reasons. By the way, the Linux Desktop is also not
successful for mostly technical reasons, contrary to what you claim. First,
there is the application barrier maintained by commercial companies - a
technical issue that could easily be overcome if besaid companies would work
on interoperability standards (they do the opposite, of course). Second, there
are numerous issues with usability on Linux that will _never_ be resolved,
because they would require everyone in the Linux world to pull on the same
string at the same time. But these issues are still technical in the sense
that there would be technical solutions to them, if there was some sort of
"benevolent Linux dictator" who could force every programmer to use a given
API like Apple forces their developers.

------
mtgx
Because Techcrunch didn't link to any of the projects they're talking about,
here they are:

[https://ipfs.io/](https://ipfs.io/)

[http://dat-data.com/](http://dat-data.com/)

[https://blockstack.org/](https://blockstack.org/)

[https://www.ethereum.org/](https://www.ethereum.org/)

~~~
subliminalpanda
I've been playing a bit with ZeroNet
[[https://zeronet.io/](https://zeronet.io/)] lately; it's quite usable despite
being a fairly new project.

------
dgudkov
I believe the internet is naturally drifting to "governed countries" (e.g.
Google or Facebook) and one of the biggest drivers is not just convenience,
but decreasing security of the web in general. Just like the wild West
eventually became a number of states with borders, police and government. It
became especially relevant in the recent years, when harvesting exploits en
masse has become a huge industry. Yes, centralized "web governments" have
exponentially increasing attractiveness for attackers although they can
benefit from scale, applying good security practices more consistently than
multiple decentralized self-governed "nodes". The criminals tend to self-
organize and centralize. Why? because it's more effective. As long as there
are centralized "bad guys" "good citizens" don't have any other choice than
unite and develop a centralized policed "country". And "the bad guys" won't go
anytime soon. The decentralized web is like youth -- it's a wonderful
idealistic time but it's gone and will never return back.

~~~
pessimizer
Very cynical, but I tend to agree. I think the idea of the libertarian
individualistic decentralized web is a non-starter for the general public. If
you see the decentralized web as a matter of _degree of centralization of
individual services_ , however, a continuum where you can have a web for your
family, a web for your job, your own personal web, a web run by your
neighborhood, a web for your government etc. and conventions/interfaces to
allow strictly regulated communication between those levels, I think you see
it as an inherent quality of the web.

The problem isn't that Facebook mediates the relationship between you and the
people you went to high school with, or that twitter mediates the relationship
between you and Washington Post reporters; it's that once those relationships
have been well-established and don't need any more protection (or need
protection from Facebook itself), there's nowhere to take them to on the web.
It shouldn't be easier to send baby pictures to my mother and aunts through
Facebook. If one of us wants to make the effort to get some off the shelf
appliance (or appliance that needs Debian installed and apt-get run
periodically) and hook it to the web, and establish a hub for the family that
provides most of what facebook provides, it would be better if it were both
possible and easy to create and access.

------
melvster
The most advanced decentralized system Ive seen in web 3.0 is also the one Tim
Berners-Lee talks about, solid. While still very new, I think it has more than
sufficient power to take back your data from the large monopolies. One nice
feature, as you'd expect from the inventor of the web, is that it's 100%
backwards compatible with existing Web technology.

[https://github.com/solid/solid](https://github.com/solid/solid)

Link to github repo above

~~~
EGreg
Have you seen our platform? We spent 5 years building it and it's also 100%
backwards compatible with the Web. See my comment elsewhere in this thread
about the Qbix Platform.

 _If anyone here knows Tim Berners-Lee and can introduce us, please hit me up,
that would be extremely helpful._

~~~
melvster
I hadnt, but thank you for the pointer. Please feel free to pop into the solid
gitter channel. Tim is a participant when he has time.

[https://gitter.im/solid/chat](https://gitter.im/solid/chat)

~~~
Arathorn
why on earth are you using a centralised chat product for Solid?! Please at
least give [https://riot.im](https://riot.im) a go - you can bridge it
straight into Gitter for people who like the gitter UI :)

~~~
drivingmenuts
On a side note, Riot is a site with really annoying animation.

Whatever else it may be, the animation banner just killed it for me.

~~~
mxuribe
In the same vein as this discussion, you can actually set up your own client -
and tweak it to suit your needs, such as removing any banners, adjusting
style, etc. - and still interact with others via matrix.org protocol.

~~~
drivingmenuts
It was just the website, not their software. The website put me off going any
further.

------
1propionyl
It would really be interesting to see something like a "personal SOLID server"
that runs on your phone, and is reachable in IPv6 only (or through tunneling
via "DNS for people", replacing phonebooks conceptually and handled as a
separate distributed service).

The biggest obstacle to running a personal server is that it must always be
on, and always be connected. Using cell phones (which certainly have the
capacity for most individuals) would make that easy, and also refocuses "my
data" into a physical concept. When you used to unplug your phone, the entry
in the phonebook would fail. Now, when you turn off your phone, you "go dark"
in the truest sense. It would be very easy to have a secondary battery that
powers a low power coprocessor optimized for this task so that even when your
phone dies, the server lasts a while longer (say 48 hours?).

I think ultimately if we're going to live in a world of personal data
ownership in the truest sense, our data must be something tangible we can
carry with us (and that isn't an extra thing to carry).

Of course, you'd want to back up that server config and your data, so there
would be monetized services for that. Celebrities and business owners would
have substantially more traffic or need to be online all the time, and as a
result would need to actually pay for hosting and maintenance as a function of
their utility. This introduces yet another market.

And throughout this whole system, you are now explicitly _trusting_ your data
as an object to a company for their services. You are not participating on
their platform while they farm your interactions.

Any thoughts or criticisms?

~~~
unexistance
exactly what I had in mind, as most of user's 'smart' phone capability are
under-utilized, so it's not a problem of hardware / software / usability, it's
more to make it appealing for user to adopt, which is the hard problem since
forever :p

------
mixedCase
"A decentralized web would be very slightly inconvenient to the people so
forget about your freedom and privacy who cares about that."

More realistic title. It would make for a shorter article though.

~~~
dcposch
Switching from Facebook to, say, Diaspora or something is more than just
"slightly inconvenient". One of them has all of my friends on it and the other
has none.

\--

Two ideas for how we can help decentralization win.

1\. Don't just clone an existing app.

The two decentralized protocols with the most adoption by far are Bitcoin and
BitTorrent. Both of them have capabilities that no centralized system can
match. Same with Ethereum, Namecoin, etc. So the goal of a decentralized
system should be to _exceed_ the functionality of what came before, not just
to clone an existing centralized service.

2\. Run your open source project like a startup.

That means gathering metrics, tracking week-on-week growth, getting press
hits, creating a brand, caring about product and UX.

I've seen cool decentralized projects get no adoption because the people
running them focus on the technical aspects and ignore things like usability.
BitMessage, for example, is impressive technology, but the client is called
"PyBitMessage" and it looks lolbad:
[http://i.imgur.com/ydY6PIX.png](http://i.imgur.com/ydY6PIX.png)

~~~
keyle
I'm totally with you on number 2 - but don't those things require money? UX,
design, consistent look, all require money. And honestly, the press is a lot
more likely to talk about you if you have money invested and shiny offices. To
get such things, you have to have a profoundly interesting argument to
investors, which usually does not rhyme with "we want to free the people,
privacy, etc". There are, of course, exceptions.

~~~
kowdermeister
> but don't those things require money?

Congrats, you've found the reason why a 100% decentralized web is more like
fairy tale. The reason why vast majority of people use services like Facebook,
SnapChat or Uber is because they are so easy to use. Good UX is not free,
service stability is not free and new features are also not free.

People don't care about the underlying technology. If one wants a
decentralized web, they must demonstrate a 10x increase, not a tiny bit shitty
alternative service.

------
skybrian
The problem with this plan is that it doesn't really tackle the first rule of
the Internet: spam and abuse make everything suck.

The last really popular decentralized service was email, and users migrated to
large providers because they had better spam filters. Also, setting up your
own mail server has become increasingly difficult, due in part to anti-spam
measures. As a side effect, email has become pretty lossy.

Centralized services are far from perfect on this, but they have a somewhat
easier time of it. They can fund dedicated teams to deal with abuse. So, the
result is feudalism, where you join a larger organization that provides some
measure of protection. (Not enough protection, according to many people.)

I'm hopeful that Sandstorm (or something like it) will make it easier for
people to run their own server-side software, but it seems more for private
use; you can publish a blog but it's not designed for large-scale sharing like
a social network. That still seems like an unsolved problem.

~~~
inimino
I don't think that's the problem with these plans.

Imagine that email didn't exist, and you were designing it from scratch. There
are many easy solutions to the spam problem if you start with a clean slate.
The problem is that nobody would ever adopt email today if it was new.

More recent decentralized solutions haven't failed because of spam, but
through lack of adoption.

------
BjoernKW
Ironically, GitHub is a prime example of why centralisation is harmful. If
GitHub suddenly disappeared tomorrow (or even just went offline for a few
hours), many software build processes in the world would grind to a halt.
Sure, because Git is a decentralised protocol eventually it'd all be brought
back up again but it'd cause a major disruption and at the very least create
enormous costs.

~~~
ekianjo
You could easily move tomorrow to another git based service. The only stuff
missing would be issue management.

~~~
fredsir
Many rely on Github for more than source control hosting and issues. It's
really not a non-issue.

~~~
Rexxar
I would like to have some basic issue tracking in git like in fossil
(www.fossil-scm.org if you don't know, by the creator of sqlite). It's a shame
that git has eclipsed all other options.

~~~
chriswarbo
You can use distributed bug trackers with git, like
[https://github.com/tst2005/nitpick](https://github.com/tst2005/nitpick) or
[http://www.bugseverywhere.org](http://www.bugseverywhere.org)

------
Alex3917
The real issue is that we need to make it illegal to give out free content,
unless it's distributed under an open license. Otherwise advertising-supported
businesses will always be able to outcompete everyone else via dumping, and
these businesses always benefit from being increasingly centralized. That's
why we don't have liberal newspapers anymore in the U.S., because ad supported
papers put them all out of business.

At the very least people need to be trained that it's unethical to surf the
web without using an adblocker.

~~~
imglorp
The centralization is a good point, but I wanted to ask about why

> we don't have liberal newspapers anymore in the U.S.

Most conservatives would say the papers and media outlets are _all_ liberal.
Would you expand on that spectrum?

> it's unethical to surf the web without using an adblocker

It's also unethical to insert malware into ads, or to hire syndication
services that allow it. I'll continue to block until that's fixed.

~~~
Scirra_Tom
> Most conservatives would say the papers and media outlets are _all_ liberal.
> Would you expand on that spectrum?

Really? Isn't Fox ranked at like number 2? If anyone think that's liberal they
need to realign their gauges

~~~
ocdtrekkie
It may be worth noting that the OP referred solely to newspapers, and Fox is a
TV channel. Noting that the parent did say "papers and media outlets", which
is definitely less true, because of Fox.

Note that Fox is likely so popular because of how few strongly conservative-
biased media options there are.

------
bogomipz
In my opinion one of the disturbing trends increasingly presenting a
"usability" issue is the insistence of sites putting content behind a login
wall, Pinterest, LinkedIn, Glasdoor etc. Some of these make a subset of
content viewable but then prohibit me from scrolling further until I sign up.
Usually the sign up requires selecting one of FB, Google, et al as an Oauth
provider. So by extension you kind of have centralized control of third party
content as well.

------
oconnor663
[https://whispersystems.org/blog/the-ecosystem-is-
moving/](https://whispersystems.org/blog/the-ecosystem-is-moving/)

> We got to the first production version of IP, and have been trying for the
> past 20 years to switch to a second production version of IP with limited
> success. We got to HTTP version 1.1 in 1997, and have been stuck there until
> now. Likewise, SMTP, IRC, DNS, XMPP, are all similarly frozen in time circa
> the late 1990s. To answer his question, that's how far the internet got. It
> got to the late 90s.

> That has taken us pretty far, but it's undeniable that once you federate
> your protocol, it becomes very difficult to make changes. And right now, at
> the application level, things that stand still don't fare very well in a
> world where the ecosystem is moving.

> Indeed, cannibalizing a federated application-layer protocol into a
> centralized service is almost a sure recipe for a successful consumer
> product today.

------
greenyouse
The is awesome! I hope they're able to bring their vision of a decentralized
web to fruition!

The biggest outstanding problem that nobody seems to be talking about though
is how to monetize a decentralized business. With the current web there are
lots of options that have varying degrees of nastiness for their users but
ultimately pay developer salaries: 3rd party ads, IP/API licensing, pay for
product, data collection, in-app purchases, e-commerce, etc. Since not all of
these carry over well to a decentralized web, how can it be profitable for
companies?

The problem of building a generic, distributed platform (or at least some
technology for decentralized services) probably comes first but putting money
behind its development couldn't hurt. I think if engineers won't be able to
make money with it, then it will be much harder to sustain development in the
long run.

Any ideas for this part?

~~~
alecco
There's no need to monetize user generated content. That's what these
companies do. They make people generate content for them for free and use it
to sell ads while creating an orwellian dystopia.

~~~
greenyouse
I wasn't really suggesting that businesses keep using the same web 2.0 models.
Just fishing for ideas for the distributed web. If teams are actually going to
commit thousands or millions of work hours into making products, then there
should be a way for them to be rewarded for their job. Making money isn't
inherently evil, but making it at the users' expense is.

idk, there could be client-side Bitcoin mining if somehow you can find a
breakthrough mining algorithm (maybe using Algebraic Cryptography or
Satisfiability Theory) that runs an order of magnitude faster than current and
users are OK with running it.

e-commerce could have some kind of payment system with escrow where you could
charge a small operating tax. Hard to ensure everything works though since all
code is running client-side, which can't be trusted.

pay per download probably still works.

others?

I agree that ads, tracking, IAP, and other stuff should be left out.

It's weird to think about services which as the creator you really have no
control over once it's released (I'm thinking of Freenet or GNU social style
services). There aren't any services that I know of which are both 100%
distributed and making money on the regular.

Not really well thought out ideas, just putting stuff out there.

------
brador
A decentralised web is not viable until we can create an NP soft or better
mesh network. Until then the network load to manage itself crushes it before
it can walk.

~~~
mark_l_watson
+1 for bringing up mesh networks. I have been reading about mesh network
projects in Germany and other places. What I think is needed to increase
adoption is something like the raspberry Pi, a cheap and open mesh router that
would allow setting up community networks, with hooks for volunteers to
provide low bandwidth gateways to the web, tools for sharing locally hosted
copies of Wikipedia, projects for local social media, market places for local
commerce, etc.

When there is a low cost system available, then I can visualize myself
starting a class at the local library, etc.

In an increasingly centralized world (central banks, the awful one worked
government philosophies, winner take all hubs on the web, etc.) it is too easy
to lose track of the fact that local issues, economy, and life are more
important than global issues.

~~~
zzzcpan
There are many millions of people who don't have the problems, that can be
solved by mesh networks. They live in countries, where ISPs are not
overregulated and are very competitive, bringing cheap high quality high speed
internet to every household. In fact, those ISPs and the whole broadband
market there emerged from similar communities of local networks you describe,
except they weren't mesh networks, but wired networks.

And yet there is no decentralized web there either. Because it's not
technology, that's stopping it from happening.

~~~
mark_l_watson
Thanks for your comment. I see mesh networks as an alternative to be used
alongside the web. Also, in the USA, local mesh networks were useful in
dealing with the aftermath of Hurricane Sandy, as another example of utility
of mesh networks.

------
milansuk
I think that article is missing one important thing. "Web 3.0" needs a killer
app! Something which is not simple to duplicate in current centralized web and
still It's very attractive to web users.

~~~
1propionyl
It still pains me to see that Mozilla Persona failed.

~~~
chriswarbo
I see a lot of HNers lamenting the loss of persona. The code's available, so
what's the major issue preventing its continued use?

Is it the use of de facto addresses, like the fallback login.persona.org?
Couldn't that be mitigated by either establishing a new de facto standard
(either commercial or community run), or by adding a fallback field to the
protocol?

------
foobarbecue
It seems to me that one significant barrier is that most people don't have a
static IP. If we can move to IPv6, will ISPs start issuing static IPs for
everyone by default?

~~~
newscracker
A static IP brings along privacy and tracking concerns when public facing
servers/services are mixed with personal browsing and use. Even if ISPs are
handing out IPv6 addresses, it would be better for people to get addresses
that do change often or on demand.

~~~
p1mrx
You can't reasonably expect ISPs to provide anonymity; that would be like
asking the Post Office to change your mailing address on demand.

It makes more sense for ISPs to focus on efficient delivery, while anonymity
is handled by things like overlay networks.

------
stevewilhelm
In my experience, one of the largest hurdles decentralization faces is agent
identity. Or simply put, how do you determine who is who on the network. The
original Internet failed to address this problem.

The successful solutions I have seen to this issue have employed
centralization. SSL certificates from Verisign and login with Google Sign In
so consumers can trust your website.

Don't confuse this with distributed authentication. They exist , but I would
say difficult to use.

I am talking about identity.

~~~
LukeB42
Does this contact come back with the same public RSA key each time? Could they
sign a small piece of data with the key? It probably [is/isn't] them, then.

In Synchrony[1] this forms your address (like an email address but for editing
web pages / chat / RTC teleconferencing / multi-user JS/WebAssembly
applications), which contacts can then put a name to in the UI by mousing
over.

The address has the form network_name/node_id/user_id, where network_name is
an opt-in namespace (so Synchrony can select routing tables based on their
overall trustworthiness), node_id is 160 bits based on the SHA1 of
"ip:port:pubkey" which peer nodes can then verify, preventing one another from
assuming node IDs that correspond to popular URLs, so no one can
computationally inexpensively monitor popular URLs for financial gain[2].

Note that the RSA keypair is per-instance of the software and not per user-
identity - that when we ask a node if it can sign for some data it's the
installation rather than the individual user identity being checked.

[1]
[https://github.com/psybernetics/synchrony](https://github.com/psybernetics/synchrony)
[2]
[http://www.tm.uka.de/doc/SKademlia_2007.pdf](http://www.tm.uka.de/doc/SKademlia_2007.pdf)

~~~
zigzigzag
Keypairs are not useful identities though. They don't encode any meaningful
attributes (e.g. name) and it's too hard to manage them.

------
dannyrosen
The nature of the net us to centralize and then decentralize, it's a cycle.
See 90s AOL vs the open net as an example. At this point it's more about
usability than it is about access. The open tools that are being built still
have a ways to go towards fluid user on-boarding and compelling retention
experiences.

~~~
adrusi
There's very little evidence to support this claim. Some things were
decentralized in the past, now most things are centralized. That does not
establish a cycle.

~~~
zerognowl
The Internet has many centers and choke points, most of which gather in the
U.S. The Internet needs country level network diversity and more stuff
happening on the _edge_ of networks instead of the center. Maciej Ceglowski
explains it better than I:

The Internet With a Human Face:
[https://www.youtube.com/watch?v=fWFo1VaQNmU](https://www.youtube.com/watch?v=fWFo1VaQNmU)

------
hhnn
It's nice, how alive and kicking IRC still is. If you are into startups, there
is a channel called #startups on freenode that has a lot of likeminded people.

------
amelius
I think the European union should fund the research and development of a
decentralized web. Because right now all their information is flowing to the
US.

~~~
njharman
Decentralization won't stop information flowing to the US. We'll just have to
buy additional peerage points. Our budget and desire to spy on the world is
greater than the world's resolve to not be spied on.

------
partycoder
Well, initially the web was a fantastic place to be. People used the web for
entertainment and people used to trust people online. Every website was unique
and handcrafted.

Then, as evil started going online in the form of harassment, fraud, scams,
spreading malware... people started to be reluctant of following any link, and
people started to seek for "trusted websites".

In addition, people gave away the ability of customizing webpages in return
for searching people by name, real time cross platform publishing, and photo
sharing with access control lists.

------
shmerl
Also, interoperaibilty. The major problem of all these major services is not
just centralization, but the fact that they can't even communicate with each
other. Their stupid walled garden nature and the fact that they on purpose
avoid open standards prevents it. That's what disgusts me the most about
Whatsapp, Hangouts, Skype and etc. They are stuck in the non interoperable
stone age of computing, while e-mail, much older technology managed to break
through years ago as federated and interoperable standard.

------
erikb
The internet is decentralized. The thing is that you need to get the data from
person A to person B. And neither A nor B can alone afford the infrastructure
to enable that.

------
z3t4
Many people think Facebook is the web, just like people think the web is the
Internet. I'm sure both web and Internet will outlive Facebook though.
Facebook have introduced a lot of new people to the web/Internet. It's just a
matter of time though, until those people discover that there's more, like
Youtube for example.

------
drivingmenuts
All this has happened before, and all of it will happen again.

Decentralizing will be great until people realize that they need access to
information outside their enclaves, then there will be another push for
centralization.

Additionally, who are these People the author writes about? All of the tools
cited, while freely available to anyone, are geared toward power users in
installation and operation. That doesn't sound like "The People" to me; it
sounds more like an elite group (although a pretty large and diverse elite
group, within itself).

If all you're going to do is stand by the highway and wave signs and shout
slogans, I wish you well with that plan but I don't think it's going to work.
The people you're opposing (who are actually people, too) have got better and
more convincing arguments, as well as positive results that matter to their
customers.

------
hkt
This remains a bit of a silly argument. It is like saying we can wipe out
poverty if only more people were able to get rich: the way that people
progress is through collective provision.

That means the state, or associations of people who value privacy (who may not
all be technically savvy!) who can pool their resources and offer something
normal people can use. This, unlike the decentralised web, could engender the
same kind of network effect that whatsapp and facebook benefit from.

I've written about this and heard more people make the same argument lately:
it isn't technology that will bring about privacy on the internet, but a
democratic organisation, founded by concerned citizens, governed by anyone who
has an interest in promoting privacy and run on behalf of _anyone_ who wants
to benefit from it.

There are a lot of benefits to this approach: you lose the engineering
challenges of VC backed companies (no data mining operation) and of cyberpunks
setting out to let everyone be their own little island (protocols and amateur
operators). Jurisdictions can offer different advantages, like company forms
with regulated purposes written into their founding documents, or more
favourable privacy laws.

Off the shelf software can scale all the way that is required for this sort of
thing (think apache kafka as the basis for a messaging system like WhatsApp)
and the organisation would only have to be financially sustainable like
Mozilla, rather than profitable like Facebook.

It also puts privacy into the hands of normal people, who can take part in
governance and protect their data that way, rather than having to learn techie
things they don't care about.

Talking about the decentralised web is great, but we often forget what
motivates people to want to decentralise in the first place: the fact that
their desires are not something the market can cater for, and that what they
believe should be their right is simply not available any other way. If we
want privacy, we should think about _all_ the means by which we can provide it
in the general case, including by collectively owning the means of
communication.

~~~
jamez1
Where does the world wide web fit into your model of the world? (it didn't
need "collective provision")

All the article proposes is that we don't have our data locked up, that it's
not centralized, so that we have control.

This is a pretty simply concept I think you're the only one here who is
confused. Your comparison to poverty doesn't make sense, privacy isn't
constrained by resources.

~~~
hkt
Privacy is constrained by technical skills in most people's model. Thats where
the scarcity lies.

People talk about it as a software problem, but don't understand that lots of
people have not even a slight grasp of why Facebook and the other silos are
bad.

The web fits the analogy perfectly well: it has many actors and many near
monopolies. This is not unprecedented: just as most people in the 19th century
had houses and access to roads, people have computers and the internet now.
Neither precludes domination by large companies or the very wealthy, but
domination can be precludes by collective endeavours. Landlords were thwarted
by building societies and mutuals, coercive employers thwarted by cooperatives
and unions. Similarly, platform cooperatives can solve the problem of people's
private information being commodified. Lots of software approaches have been
tried to solve this problem but none have succeeded, even with sponsorship
from large companies (think xmpp and google).

As yet, nobody has tried my approach because it isn't a natural avenue for
exploration among people whose sole consideration is technical implementation.
It has a high initial barrier because it demands a multidisciplinary approach,
but once established it would only require a small team (think WhatsApp and
its dozen or so employees).

------
wineisfine
We should not be worried about chat apps, but rather the cancer that is called
Facebook

------
EGreg
The example of GitHub they use is actually telling. Git is decentralized, so
why use GitHub? The answer may be surprising:

 _It 's because social has not been decentralized._

Yes, status.net existed for a while but it was just about publishing short
updates. Also, a few years ago several guys from my college raised money to
make Diaspora. That didn't fulfill the promise of a decentralized social web
either.

Bitcoin is decentralized money. Email is decentralized communication. The Web
is decentralized publishing. But what about decentralized social?

Ideally, it should start with the Web and enhance it. It should:

\+ _Work on every device out of the box, and take advantage of the special
characteristics of each device (eg mobile phones are private to the user, and
work as endpoints for text message invitations with auto-confirming links_
[https://qbix.com/platform/features/invitations](https://qbix.com/platform/features/invitations)
)

\+ _Be as easy to install as WordPress by organizations, who can choose the
hosting provider to grow their community, and be able to move it anytime_

\+ _Seamlessly support user identity AND contact lists across domains. Be able
to sync with personal address books, social network friend lists, etc._
([https://qbix.com/platform/features](https://qbix.com/platform/features))

\+ _Seamlessly support a standardized access control model, ideally where
roles correspond to contact groups or friend lists._
([https://qbix.com/platform/features/contacts](https://qbix.com/platform/features/contacts))

\+ _Be modular, so developers working for organizations can easily use
components, developed and maintained by different developers, in the
organization 's social apps._

\+ _Allow people to subscribe to certain streams of information. Take care of
real time updates via WebSockets for online users while delivering offline
notifications for people who subscribed, via text, email or native
notifications._
([https://qbix.com/platform/features/streams](https://qbix.com/platform/features/streams))

\+ _If done correctly, such a system would decentralize search engines and
social networking sites, allowing local communities to get massive value from
being networked without having to send all their signals to California and
back, or connect to Facebook 's "web for India" or "web for Africa" just to
organnize meetings or talk to someone next door._
([https://qbix.com/platform/features/distributed](https://qbix.com/platform/features/distributed))

That is what we built. And we are slowly rolling it out. And it's free and
open source. You can downoad it right now and play with it:

[http://qbix.com/platform](http://qbix.com/platform)

(It took us about 5 years to make it, so some screenshots are a bit dated.)

 _If anyone here knows Tim Berners-Lee and can introduce us, that would be
extremely helpful._

~~~
sukilot
Don't forget that for email to get popular, it had to be mostly centralized
(Hotmail, Gmail, etc), we are lucky it's still at least federated.

Bitcoin, same story -- mass adoption turns out to be dependent on service
providers hosting the wallet, and most users are not miners, eroding many of
the decentralization benefits.

~~~
rlpb
Don't forget that for email to get popular, it had to be mostly centralized
(Hotmail, Gmail, etc)...

I'm not so sure. Before Hotmail and Gmail, every ISP provided email accounts
to its customers. Desktop POP3 clients were the norm, and email was as popular
as the Internet was. Centralization wasn't needed for email popularity.

Hotmail, Gmail etc. have now taken over, perhaps partly due to the economy of
scale in dealing with the spam problem. But the smaller players are still
present and working, so I'm not sure that email would fail without today's
major providers.

~~~
flukus
And most companies still maintain their own mail servers, I'd say the majority
of email is through decentralized servers.

------
j2kun
In addition to spam/abuse and the difficulty of setting up a server, another
area of centralization that hasn't yet been solved is payments. If we want a
truly decentralized web, we need a way for computers to posses and spend money
without human intervention. This compounds the difficult of spam/abuse and
server setup, but is still a huge factor in why the web is the way it is
today.

------
tango12
What kinds of business models will decentralized applications have? Any good
examples?

A decentralized web seems like a logical next-step. Although, it's hard for it
to happen just by developer power alone. Once viable business models and
success stories emerge around decentralized applications (like ads on P2P file
sharing client?), IMO, this will really pick up steam.

------
Animats
So far, nobody has a federated social network that 1) doesn't suck, and 2) has
a worthwhile user base.

Someone in college should take one of the federated systems, polish it up, and
market it to fraternities and sororities at name schools as FratNet. This
would give all the cool kids a private social network that they controlled.

~~~
stevewilhelm
Networks don't tend to stay siloed.

Very quickly members move on to graduate schools and then jobs. The social
network boundaries expand beyond their original fraternities and sororities.
You end up with one large social network.

~~~
Animats
That's the point. As Zuckerberg taught us, you have to onboard the cool kids
first. _Then_ you grow. The federated network people don't get this.

------
Paul-ish
One area that may be ripe for the picking is video chat, as this article
starts out describing. I think everyone is sick of having half a different
applications to talk to their friend. Why can't this be a protocol like email?

I think the technologies exist and have existed for a long time; RTC, SIP,
ICE, etc... The hurdles are social and political.

------
LukeB42
Here's a decentralised caching proxy I made earlier this year:
[https://github.com/psybernetics/synchrony](https://github.com/psybernetics/synchrony)

Future plans include a C port (already in the works) and dialing down on the
contacts API to bootstrap a three.js CAD tool.

------
Animats
We need handset-to-handset encrypted communication without a server. How good
is IPv6 inbound connectivity?

------
dredmorbius
Successfully attacking this problem means progress on numerous fronts:
technology, connectivity, bog-simple configuration and operation,
recoverability from user or system/hardware errors. Whittling these down over
time may work. Most significantly, _hardware costs are not presently
constraining_ , limitations lie elsewhere.

Google and Facebook's advertising support strongly tend to centralisation.

Kicking the legs of advertising out from under the stool of publishing might
be a means of attacking that particular tendency, which would make a more
distributed technical model much more viable.

There's the question of just how distributed you'd want a system to be. There
are problems at both low and high levels of centralisation. A fully
decentralised model might have a tendency to go rogue, or be subject to petty
dictators. It's been interesting to note that even a well-capitalised entity
such as the NSA is reported to prioritise specific and generally small values
-- single-digit, often single-hand -- of systems for specific attack and
interest. There's an argument to be made that strategically weak targets, such
as the perennially troubled Yahoo, headed by the morally compromised Ms.
Meyer, can be made to crumble where a more commercially robust firm, say,
Google, Apple, or Facebook, would be willing to resist. I'm mindful of this.

There's some reason to believe that perhaps a suite of Free Software
alternatives would offer more robust installations, and compromises would
impose high workfactors, for any given would-be surveillor. The question of
creating systems by which data exfiltrations might be more readily detected is
another area for exploration.

Going back to the publishing world, there's a long-standing practice of
including intentionally fictitious entries within compilations, maps, etc.,
whose observation in the wild would indicate copying. This might be worth
pursuing on a formal basis, particularly through such indicators as financial
accounts, email or communications addresses, URLs, etc., extant as canaries
which would reveal a data breach.

A huge problem for any widely distributed infrastructure is maintenance and
administration. I'm reluctantly concluding that a world in which individuals
and households host and administer their own personal data servers isn't
viable. I'm not abandoning all hope, but it seems a difficult problem, and one
which the Internet of Shit seems determined to prove intractable.

Much of this has to do with the financial underpinnings of the infotech world.
As several recent authors have noted (Paul Romer, Jeremy Rifkin, Paul Mason),
information-dense goods function poorly in a market-based economic system.
They have numerous characteristics which make for poor price discovery and
dynamics, with informational asymmetries, heavy up-front (and hence average &
fixed) costs, low-to-zero marginal costs, susceptibility to low-cost copying
by others (notably China, though this is a practice with ancient traditions --
see Ha-Joon Chang and Frederick List), diminishing marginal returns, long-tail
support obligations, and unintended and non-evident consequences (to vendors,
users, and bystanders).

A few possible models for a largely-distributed personal informations ervice
suggest themselves.

One is the residential-server-as-utility model. Comcast has had such an
offering for nearly a decade, that I'm aware of. Essentially, it's a set-top
box which can take on additional responsibilities, including home automation
and security functions. There are several other utility-type providers who
might offer similar capabilities.

There might well be ad-hoc collections of friends or neighbours. A tech-
oriented person could easily provide services to hundreds or thousands of
others on commodity equipment. The main limitations here are trust and
discoverability.

There are arguments for making email into a government-provided service, via
the post office. This introduces the risks of government surveillance (already
an issue with postal systems), though the protections of legislative
restrictions, and public-sector union whistleblower protections, against gross
abuse. The fact that physical mail delivery already ensures a brick-and-mortar
point of presence in virtually any habitation means that one of the perennial
problems of information technology -- establishing, asserting, and recovering
identity -- can be achieved through a local visit.

The early Internet spread through a set of social institutions, largely
universities. These provided points of access, administration, and
accountability to populations of users ranging from a few hundreds to a few
tens of thousands per site at major public universities. Whilst this was not
an all-encompassing level of provisioning, it is a model of access and social
organisation which might be useful to draw on for a more modern
implementation.

Public libraries, as an alternative to universities, might offer another
option. They already serve as an internet access option for a significant
population.

Banks, schools, major retail establishments, and religious centres might be
other options.

I'm not sure what exactly will work, but the dynamics I'm pointing at here
involve:

Technical capabilities and equipment. A very low bar, and getting lower all
the time.

Connectivity. Slightly more difficult, given distribution, land-use, and
reliability concerns, but still generally tractable.

Trust. A major factor, especially in a world of eroding social institutions
and values. This plays into the dynamics of various systems providers /
maintainers quite heavily.

Workforce technical capabilities. Information management skills are
remunerative, and could prove difficult to retain. This might change, possibly
rapidly. The present market is, however, exceptionally geographically
centralised. A distributed node-and-service model might allow for greater
flexibility in specific node administrators and technical staff to operate in
a much broader choice of areas, including those with lower housing costs than
New York City or San Francisco, closer to family or hometowns, etc. I expect
some de-skilling of routine obligations, but technology tends to require at
least a modicum of fire-fighting capabilities, and perhaps some engineering
and planning capacity as well.

Identity and pseudonymity. Both matter. Balancing the risks of data disclosure
with those of data loss gets complex. Principle control over data, plus remote
backups, ensures against physical loss. Encryption with some model of key
escrow, in which a set of parties, several with strong and vested interests in
personal privacy can balance privacy against the problem of loss of specific
tokens (physical or otherwise).

Ease of use / access. This stuff has to be bog-fucking-simple to provision,
deploy, and maintain.

Copyright and copyright compliance. Ultimately, my view is that we're going to
have to recognise that attempts to re-bottle the genie, and provide
centralised or authorial control over reproductions is doomed. Information-as-
public-good strikes me as increasingly inevitable. (Which isn't the same as
"inevitable", though it's getting warmer.)

Misbehaviour. People can be asshats. Another reason for forms of key escrow
and the like is to allow specific access to specific individuals' information
in specific instances, subject to very strong controls.

Search. Traditionally this has relied heavily on data-center based operations.
There are distributed alternatives, but none I've seen are particularly adept.

So: yes, challenges, but the fundamental capability (hardware) is well in
hand. Spitballing at approaches should eventually see something stick.

~~~
schoen
> This might be worth pursuing on a formal basis, particularly through such
> indicators as financial accounts, email or communications addresses, URLs,
> etc., extant as canaries which would reveal a data breach.

This is a great idea, but it's not clear how many adversaries would do
something in an automated fashion that would give away their existence like
this.

Apart from the kind of discredited story about Coventry
([https://en.wikipedia.org/wiki/Coventry_Blitz#Coventry_and_Ul...](https://en.wikipedia.org/wiki/Coventry_Blitz#Coventry_and_Ultra)),
I was just reading somewhere again that there _was_ a policy about Ultra that
nothing could be done in response to an Ultra intercept without first creating
an alternative cover story -- parallel construction, if you like -- about how
the Allies knew about it. (See
[https://en.wikipedia.org/wiki/Ultra#Safeguarding_of_sources](https://en.wikipedia.org/wiki/Ultra#Safeguarding_of_sources)
on this point, although I can't remember where I was just reading about it.)

Automatically contacting or attempting to use accounts or URLs mentioned in
random data is probably exactly the kind of thing that wouldn't be done by
anybody exercising a similar kind of caution today.

~~~
dredmorbius
I'm actually fairly certain the fictitious entry concept exists in some shape
or form. Even name+company@example.com addresses used for email registration
are tells of misuse of registration information. Various honeypot traps
utilise similar elements. I'm all but certain financial institutions have at
least tracking, if not fictitious entry, accounts seeded within various data
lists whose use triggers alerts, though I'm not sure those specifically
indicate leaks. Document and video/audio tracking have also been used to
determine leak sources. So it's not an original idea.

While parallel construction may be used to create an appearance of plausible
discovery, an attack against a resource _which does not exist_ would be a
strong suggestion that supposedly secret data aren't.

I suspect you're overestimating your adversary. Some will act with extreme
reserve. But odds are strong that a curious adversary stumbling across what
appears to be public URL or IP + service address, and tickling it will happen
with some frequency. Other tells could be constructed of a nontechnical nature
-- false documents and such. Behavior consistent with access to that
information would be an indication. Audits of non-existent financial accounts,
inquiries of non-existent companies or people, etc. The hit rate needn't be
perfect, but a single tell would be sufficient.

~~~
schoen
Huh, now I'm thinking Cliff Stoll did something like this in _The Cuckoo 's
Egg_ with making up a fake project that intruders then wrote to ask for more
information about... or am I misremembering?

~~~
dredmorbius
Yes, via Wikipedia:

 _In order to entice the hacker to reveal himself, Stoll set up an elaborate
hoax — known today as a honeypot — inventing a fictitious department at LBL
that had supposedly been newly formed by an "SDI" contract, also fictitious.
When he realized the hacker was particularly interested in the faux SDI
entity, he filled the "SDInet" account (operated by the imaginary secretary
Barbara Sherwin) with large files full of impressive-sounding bureaucratese.
The ploy worked, and the Deutsche Bundespost finally located the hacker at his
home in Hanover. The hacker's name was Markus Hess, and he had been engaged
for some years in selling the results of his hacking to the Soviet KGB. There
was ancillary proof of this when a Hungarian spy contacted the fictitious
SDInet at LBL by mail, based on information he could only have obtained
through Hess. Apparently this was the KGB's method of double-checking to see
if Hess was just making up the information he was selling them._

[https://en.m.wikipedia.org/wiki/The_Cuckoo%27s_Egg](https://en.m.wikipedia.org/wiki/The_Cuckoo%27s_Egg)

------
applecore
If Twitter led the charge to decentralize the web, starting with their chief
product, I believe the company would be worth 10-100x more than it is now
(i.e., a market capitalization between $100B and $1T).

~~~
newscracker
Can you explain what they could do or how they would do it?

------
jamesbercegay
Decentralized web would not work for nation state type attacks. They have too
many resources. They could dilute and attack it seems.

------
ommunist
Ehm... how can you decentralise backbone services, that can do anything to
your ISP if it does not comply. Say, tomorrow as a counter-terrorist measure,
your ISP will be enforced to close all encrypted p2p traffic, you won't be
able to do anything to circumvent top level traffic control policies.

------
ommunist
The only real way to 'give power to people' and 'decentralize' is to run your
own ISP and launch your own satellite, and to negotiate gating your uplink to
those forever centralized, otherwise your free netizens will only be able to
ping each other within your enclave. And, if I may ask, what shall you do as
'free ISP' without IP addresses, huh? Like Agent Smith told Neo:"What good is
in phone call if you are unable to speak?"

------
susurrus
Do they even have proofreaders at TechCrunch? They keep repeating paragraphs!

~~~
dredmorbius
Well, they were similar, but showed variation. Now all we need to do is
introduce selection, and the articles can write and evolve themselves!

~~~
Arathorn
I have no idea where the mangled paragraphs came from - they weren't in the
version I sent TechCrunch :(

~~~
clydethefrog
Maybe inform them? Several comments on (centralized ;) ) social media are
criticising the article because of the way it's written instead of discussing
the message of the article, sure TC doesn't want that.

~~~
Arathorn
yup, I mailed/pinged them within 45 mins of it going up; no response yet :(

~~~
Arathorn
...and now fixed.

~~~
Arathorn
...apart from the bits they didn't fix. I give up.

~~~
Arathorn
...and finally fixed entirely(!)

------
otempomores
Actually if you gave people acomfortable centralized tool to admit and
withhold data and rights to entitys by groups across all devices..
Decentralization would be there

------
ommunist
May be yes, may be no. It really depends from who owns agenda of
decentralizing the web.

------
avadhoot
Isn't that what blockchain is trying to achieve?

