
Scuttlebutt, a Decentralized Alternative to Facebook - bpierre
https://www.inthemesh.com/archive/secure-scuttlebutt-facebook-alternative/
======
tschellenbach
I think it's fascinating to see distributed social networks from a tech
perspective. From what I've seen so far they exacerbate the problems that
Facebook has been seeing so much backlash against.

1\. The whole Cambridge Analytica issue was caused by APIs that are too open.
For distributed systems there are more ways to exploit the APIs and gather
data on users.

2\. There is a clear issue with Facebook's accountability in these areas.
Distributed systems are typically open source, they run on multiple servers by
different owners, this leads to zero accountability.

3\. GDPR compliance about deleting data is almost impossible in a distributed
system.

4\. Some of the problems with Facebook are more about usability and clarifying
how things work to users. For instance the scandal with people giving away
access to their private messages. Open source software and distributed
software tends to be much harder to use.

5\. Any future concern/issue will be much harder to resolve if there are
thousands of different instance running decentralized social networks.

6\. Using AI to detect abusive content or spot fake news is much harder if you
only have a subset of the data. So it becomes harder to address those concerns
in a distributed setting.

So while I think this stuff is awesome from a tech perspective, in many ways
it just makes these problems harder to solve.

~~~
notheguyouthink
> The whole Cambridge Analytica issue was caused by APIs that are too open.
> For distributed systems there are more ways to exploit the APIs and gather
> data on users.

Huh? Scuttlebutt is fully encrypted.. doesn't that make the API vastly more
locked down than Facebook/etc?

> There is a clear issue with Facebook's accountability in these areas.
> Distributed systems are typically open source, they run on multiple servers
> by different owners, this leads to zero accountability.

This is no worse than Facebook though. With Facebook, your friend could steal
all of the data you let them see. With Scuttlebutt, your friend could steal
all of the data you let them see.

At least with this I control who sees my data, no? Sure, I can't have
accountability with a friend, but at least no company/etc has access to my
data.

> GDPR compliance about deleting data is almost impossible in a distributed
> system.

Doesn't GDPR apply to companies? If my mom sends me a physical card, do I have
to adhere to GDPR laws with her address/name? How is that any different than
Scuttlebutt?

~~~
agmcleod
It's worse than facebook because there's no one to have responsibility to be
accountable. This ties in with your question about GDPR. While I'm not a
lawyer, as far as I know it doesn't matter if you're a person or a company, if
you're collecting data, it's something you can be liable for. So in a
distributed system, all parties who maintain the data sources would be liable.
I actually wonder how this works logistically in terms of storing account info
on something like Ethereum.

~~~
notheguyouthink
> It's worse than facebook because there's no one to have responsibility to be
> accountable.

I guess I just don't understand what accountability there is to be even had?
If I send an encrypted message to my friend, who is accountable? What are they
accountable for?

If I'm sending illegal content to someone only I can be held accountable _(and
possibly the person I 'm sending to)_. Is that any different in Scuttlebutts
case?

~~~
agmcleod
Ah i think i may have misunderstood how the system is made. It is purely peer
to peer. So any issues could be if the software has a security vulnerability,
but I'm not sure how that ties in with things like "as-use" open source
licensing. This post explained the network fairly well I found:
[https://staltz.com/an-off-grid-social-network.html](https://staltz.com/an-
off-grid-social-network.html)

As far as GDPR goes, you're right because you're specifically choosing people
to send it to. However, having a mechanism to delete your messages on other
people's systems when they sync would probably go a long way.

~~~
aeorgnoieang
Are you claiming that GDPR holds _individuals_ liable to delete info they
might have about another person on request?

~~~
icebraining
Only if they are using that data in a professional or commercial activity.

------
staltz
Okay Hackernews, I get it. Scuttlebutt isn't fully ready for everything yet. I
wrote that article hoping that it would sparkle interest to both use it, plus
make it happen.

This is not your usual startup launch, it's a community project by multiple
open source hackers. If something is missing, you can make it happen. And
there are so many ongoing developments right now (see list below), that it
really doesn't make sense, at this point, to point out the current problems
with the protocol. It's evolving fast, and can evolve even faster if you
choose to make it your own and do something about it.

Here are a couple of things being developed:

\- Mobile app for Android

\- Better cryptographically-verified user invites

\- P2P replication over WebRTC

\- P2P replication over DHT (Kademlia)

\- Better scalability (Epidemic broadcast trees)

\- GitHub alternative

\- "Out-of-order" replication (get messages from distant friends of your
friends)

\- Private groups

\- Moderation tools (every person as a moderator)

\- Socio-technical discussion around data accountability

\- New RPC stack, rewrite

\- Rust client

\- Go implementation

\- C implementation

\- Groundwork for iOS support

\- Multi-devices accounts

\- Scuttlebutt on Firefox as an extension

\- Overall improving onboarding and docs

\- Replication over Bluetooth and Wi-Fi P2P

\- Web viewer

\- Scuttlebutt cloud (easy way of setting up servers)

\- Websites on scuttlebutt

\- etc

It's a moving target

~~~
nemo1618
Can you point me towards the Go implementation? I'd love to contribute.

~~~
staltz
[https://github.com/andyleap/go-ssb](https://github.com/andyleap/go-ssb)

~~~
Vendan
(I'm the author of the repo in question)

Note that this repo has been sidelined, as I have fundamental issues with the
protocol SSB is built on. Unless there's changes to how the messages are
signed and verified, I'm not planning on putting any serious effort into SSB.

~~~
lgierth
I'm curious to hear about the issues. SSB's network transport is supposed to
be pretty okay: [https://github.com/auditdrivencrypto/secret-
handshake](https://github.com/auditdrivencrypto/secret-handshake)

~~~
Vendan
example message:

    
    
        {
          "previous": "%26AC+gU0t74jRGVeDY01...MnutGGHM=.sha256",
          "author": "@hxGxqPrplLjRG2vtjQL87...0nNwE=.ed25519",
          "sequence": 216,
          "timestamp": 1442590513298,
          "hash": "sha256",
          "content": {
            "type": "vote",
            "vote": {
              "link": "%WbQ4dq0m/zu5jxll9zUb...KjZ80JvI=.sha256",
              "value": 1
            }
          }
        }
    

Signed example message:

    
    
        {
          "previous": "%26AC+gU0t74jRGVeDY01...MnutGGHM=.sha256",
          "author": "@hxGxqPrplLjRG2vtjQL87...0nNwE=.ed25519",
          "sequence": 216,
          "timestamp": 1442590513298,
          "hash": "sha256",
          "content": {
            "type": "vote",
            "vote": {
              "link": "%WbQ4dq0m/zu5jxll9zUb...KjZ80JvI=.sha256",
              "value": 1
            }
          }
          "signature": "Sjq1C3yiKdmi1TWvNqxI...gmAQ==.sig.ed25519"
        }
    

The signature covers the whole message, and is then added into the message it
signed. The way this works means you have to encode json exactly the same way
as the "main" node.js implementation. Emojis, unicode, html literals,
EVERYTHING. Or else it will fail to verify. I've gotten most of it working,
but there's still edge cases where I gave up trying to get them to work
correctly.

~~~
zeveb
I know that I sound like a broken record, but this is _exactly_ the issue
which canonical S-expressions were designed for, and which SPKI wrestled with
& solved twenty years ago.

The SPKI version of a message would look something like (I've removed the hash
property, because I don't think it makes sense for an object to specify the
hash to be used to refer to it, but one could add it back in if one wished):

    
    
        (message
         (previous (hash sha256 |XphMUkWQtomKjXQvFGfsGYpt69sgEY7Y4Vou9cEuJho=|))
         (author (public-key (ed25519 |FCX/tsDLpubCPKKfIrw4gc+SQkHcaD17s7GI6i/ziWY=|)))
         (sequence 216)
         (timestamp "2018-04-19T17:53:26Z")
         (content (type vote)
                  (link (hash sha256 |DlBH/hCmXfVzks2uY+WIll4aTzxrfBA8m/3GIdX3Vew=|))
                  (value 1)))
    

The transport version would be this (you can Base64-decode it to see the
canonical version):

    
    
        {KDc6bWVzc2FnZSg4OnByZXZpb3VzKDQ6aGFzaDY6c2hhMjU2MzI6XphMUkWQtomKjXQvFGfsGYpt
        69sgEY7Y4Vou9cEuJhopKSg2OmF1dGhvcigxMDpwdWJsaWMta2V5KDc6ZWQyNTUxOTMyOhQl/7bA
        y6bmwjyinyK8OIHPkkJB3Gg9e7OxiOov84lmKSkpKDg6c2VxdWVuY2UzOjIxNikoOTp0aW1lc3Rh
        bXAyMDoyMDE4LTA0LTE5VDE3OjUzOjI2WikoNzpjb250ZW50KDQ6dHlwZTQ6dm90ZSkoNDpsaW5r
        KDQ6aGFzaDY6c2hhMjU2MzI6DlBH/hCmXfVzks2uY+WIll4aTzxrfBA8m/3GIdX3VewpKSg1OnZh
        bHVlMToxKSkp}
    

And a signed message might look something like:

    
    
        (sequence
         (message
          (previous (hash sha256 |XphMUkWQtomKjXQvFGfsGYpt69sgEY7Y4Vou9cEuJho=|))
          (author (public-key (ed25519 |FCX/tsDLpubCPKKfIrw4gc+SQkHcaD17s7GI6i/ziWY=|)))
          (sequence 216)
          (timestamp "2018-04-19T17:53:26Z")
          (content (type vote)
                   (link (hash sha256 |DlBH/hCmXfVzks2uY+WIll4aTzxrfBA8m/3GIdX3Vew=|))
                   (value 1)))
         (signature (hash sha256 |XphMUkWQtomKjXQvFGfsGYpt69sgEY7Y4Vou9cEuJho=|)
                    (hash sha256 |5hHMWc1PqfrwFVfALci5JXCWqW7VC4I4iS4+Utvr44w=|)
                    |z7W1ERg9UYZjNfE72ZwEuJF79khG+eOHWFp6iF+KLuSrw8Lqa6IousK4cCn9T5qFa8E14GVek4cAMmMbjqDnAg==|))
    

Canonical S-expressions already buy you bit-for-bit identity when hashing, and
SPKI (as an example) wraps signatures rather than injecting them — the only
sane choice.

Why do I bring this up? Obviously it's possible to make JSON be a
cryptographically-sound format (either by foregoing objects for arrays, or by
rules around object-field ordering, along with other rules about encoding),
but using it instead of an already-sound format indicates an unfamiliarity
with prior work in the field.

~~~
walterbell
Which large scale open-source or commercial software is using s-expr today?

~~~
bwbw223
WebAssembly text format? [https://developer.mozilla.org/en-
US/docs/WebAssembly/Underst...](https://developer.mozilla.org/en-
US/docs/WebAssembly/Understanding_the_text_format#S-expressions)

------
ibdf
2018 will be the year of "alternative to facebook" apps that are in no way an
alternative to facebook.

To be an alternative to facebook, it should at least do 50% of what facebook
does, and it should be accessible to all.

Anything that takes more than 3 steps to get it running it's going to keep
people out. And if you keep people out, you don't have a social network, at
least not anything like facebook where your grandma and people you went to
school with but never met (or pretend you never met) are.

Plus you need marketing, a business plan, and so much more than just code that
puts people together on the same page.

I hope for a social network where the data belongs to the user, but unless you
get the complication out of it... it will be just something cool but not worth
the time.

~~~
twtw
"You need ... a business plan."

I don't agree. What is the business plan of email (by which I mean SMTP, not
some webmail provider)?

~~~
Kalium
You're absolutely right! A protocol doesn't need a business plan.

Of course, a protocol by itself isn't very useful. You need services using it
and systems implementing and supporting it, which do cost money and require
some kind of resourcing model...

~~~
gregknicholson
You don't need services when you can just use tools.

Is Morse code less useful because of the lack of viable Morse code service
providers?

~~~
Kalium
You're once again absolutely right! You can use tools without service
providers.

You can use Morse code without any service providers whatsoever! Though using
it to send messages solely to yourself might not be the best of all possible
uses, it's absolutely a viable use.

Similarly, you could implement SMTP for yourself on paper. It might not be
quite what was intended or maximally useful, but it's certainly a use. Some
people might opine that it's far more useful with services implementing it
widely and making its benefits available to many. I can't say they're being
wildly unreasonable.

------
patrickbolle
I really love the concept of this. I travel a ton and am without internet for
days/ weeks at a time. Scuttlebutt allows me to keep up to date with friends
and communities while offline and when I do eventually get online, just grab
the newest updates and download them locally.

This is such a cool thing in my eyes for parts of the world with little / no
internet access. The creator of the project (AFAIK) sails around the world
and, again, has little internet access. this allows him to keep people updated
when he eventually does find internet.

~~~
tzakrajs
What is this "offline" you speak of?

~~~
ytjohn
When I'm on a plane and Gogo is moving about dialup speeds, while blocking
protocols that would make dialup usable.

------
codingdave
It isn't an alternative to Facebook unless my grandma can use it, and she
couldn't set this up for herself.

The idea that centralized storage is the problem masks the actual concern.
There is nothing inherently wrong with centrally stored data. There is a
problem is when it is locked down by a 3rd party, and/or you don't control how
it is used.

~~~
madamelic
>It isn't an alternative to Facebook unless my grandma can use it, and she
couldn't set this up for herself.

Facebook isn't an alternative to email if my grandma can't use it.

Computers aren't an alternative to telephones if my grandma can't use it.

Telephones aren't an alternative to mail if my grandma can't use it.

etc.

\---

It'll get easier and simpler, I promise.

~~~
squeaky-clean
My Grandma definitely skipped from a corded phone to an iPad with Facebook and
right over email. It's still too complicated for her.

~~~
guelo
And yet billions of people use email. Goes to show the grandma argument is not
very useful.

~~~
ThurmaUman
Most of them using an interface like gmail, which unsurprisingly looks a lot
like (facebook) messaging.

~~~
strypey
Sure, thinking about user experience and designing user-friendly UI is
important. But multi-million dollar UI and the ability to scale without losing
performance (due to deep pockets) are the only reasons to use FB, goOgle or
any of The Stacks. Once more UX people and graphic designers start working on
decentralized, free code apps, and organic growth via community-hosting
(userOps) allows them to scale as well as corporate server farms, where does
that leave The Stacks?

------
remir
I downloaded Patchwork after someone talked about Scuttlebutt on HN, but when
I tried to join any pub servers on their Github repo, none of them
worked/connected. 30 minutes later, I uninstalled the thing.

The idea was interesting, the UI was pleasant, and I could see this working at
some tech conference where people connect with each-other and there's a common
pub server so people can keep in touch afterward, but I don't see uncle Joe or
grandma using this thing over FB.

~~~
pythonaut_16
I joined a pub but 90% of the messages in my feed were other people joining
the pub and subscribing to topics. 9% were people introducing themselves as
new to Scuttlebutt. 0.9% were either talking about Scuttlebutt or unreachable,
and 0.1% were actual content.

~~~
nanomonkey
Sounds like you joined during a wave of new people and were only getting posts
from your shared pubs. Did you contribute any content yourself and build out a
network and thus increase your feed? I've been on for a year now and there is
a ridiculous amount of information to read.

------
newscracker
It's not an alternative to Facebook (or even Google+) for two reasons on
viability for users. Firstly, it seems to have one client in development for
Android, and none for iOS. Secondly, it doesn't offer a way to use multiple
devices (with activity synced). [1] This restricts the platform a lot. I've
been looking at Scuttlebutt once in a while for sometime, but I don't think
it's developing fast enough to be a contender.

I'd really like to have a decentralized offering, but unless it provides the
key features Facebook does, like the timeline, newsfeed, groups and pages,
it'll be a very hard sell to get others on board.

[1]: [https://www.scuttlebutt.nz/faq/applications/multiple-
devices...](https://www.scuttlebutt.nz/faq/applications/multiple-devices.html)

------
macawfish
Okay, but the immutable references sure make it hard to get rid of stuff once
you've put it up there...

I much prefer the DAT protocol, which has mutability built into its
assumptions about how people will use it.

I know you _could_ do the same thing with an immutable protocol, but
Scuttlebutt is a perfect example of why immutability shouldn't be the default.
Try deleting something you put on there and maybe you'll see why. I couldn't
figure out any obvious way to do this. I'd imagine that's because nobody has
coded the "mutability feature" for deleting posts.

Mutability needs to be built in. You shouldn't have to reinvent the wheel
(mutability) every time you need it.

Beaker Browser/DAT is a much more interesting decentralized experience in my
opinion.

------
Promarged
I wanted to take a look at how it works but the on-boarding process is not
really welcoming. Getting started [0] redirects to this weird site [1] served
over plain HTTP, installer is also not signed :(

[0]: [https://www.scuttlebutt.nz/getting-
started.html](https://www.scuttlebutt.nz/getting-started.html)

[1]: [http://dinosaur.is/patchwork-downloader/](http://dinosaur.is/patchwork-
downloader/)

~~~
wolco
Have we reached the point where plain http seeks not welcoming. If the site
above doesn't require you to login why do you think you need https? Is the
only reason to hide your visit to that site from your isp?

~~~
cortesoft
Umm, the site in question is a big button to download something to run on your
computer. You don’t think it would be bad if someone hijacked that and had
people downloading malicious software?

You seem to misunderstand https... for one, it doesn’t hide your visit to that
site from your ISP; they know the IP address you visited, and due to SNI, they
will even know the domain. The point is to make sure you are connecting to the
site you think you are connecting to.

------
sergiotapia
Anyone else not even use social networks anymore? Privacy or not, it's just
garbage. Facebook, myspace, hello, whatever it's all the same crap with
different CSS values.

Do we even need social networks anymore?

~~~
JetSpiegel
Ironic words from a HN user with over 10k karma.

~~~
sergiotapia
This isn't a social network. Do you see me posting picture of my
bathroom/kids/furniture/food?

~~~
exolymph
Forums are typically considered social networks, although I suppose the
definition is debatable. Whether users discuss their daily lives is not the
standard, though. On Twitter everyone just kvetches about the news, and it's
still a social network.

~~~
projektir
I haven't started hearing the term "social network" until myspace showed up.
While forums may be that by some technical definition, in practice, there
seems to be a core difference.

For one, forum communities tend to be focused on a relatively small group of
people in that forum.

Twitter, Facebook, etc., tend to be fully global with the idea that anyone can
access anyone else. Presence of media, I think, also matters a lot. On many
forums media exists, but is not visible to unregistered users. There's an
aspect of "you join or you're an outsider, and if we don't like you we can
make you stop joining".

I don't know if I can straight up define it but there seems to be some
fundamental difference between Facebook and your random hardware forum.

------
hackbinary
I thought this was being done by Diaspora?
[https://diasporafoundation.org/](https://diasporafoundation.org/)

What's new/different here over this and other efforts?

~~~
jeswin
Diaspora is federated, which for non-technical users is worse than FaceBook
itself. The individual nodes (to which thousands of users are connected) will
have far fewer resources to secure themselves than a behemoth like FaceBook.
Also, uptime, badwidth etc.

ScuttleButt is peer to peer, somewhat like torrents but for data feeds.

~~~
notheguyouthink
Minor note to readers, it's partially p2p. It uses gossip, so at times your
peer might be a semi-centralized server, and at other times it could be a
peer.

I know that doesn't make it not p2p, but reading p2p makes me think I need
direct connections with peers. Gossip is sort of nifty that way.. though I'm
not a fan of semi-centralized redirect servers.

~~~
maemilius
Considering it didn't seem particularly difficult to operate your own relay
server, I don't really consider that much of a negative.

Spin up your own relay, generate some invites for your friends, and share all
of your gossip through a server that you control yourself.

------
blamestross
I like scuttlebutt but it is not in a form sutible for public consumption yet:

\- Providing a "secure" system in nodejs (it does not matter how good your
crypto code is I I can poison left-pad)

\- Bad privacy behaviour: you can follow anybody, limited ability to have
private/friend-only messages.

------
daniper
Not to be too meta, but the magazine this was published in is all about
decentralization — I'm biased because I was involved in it, but if you're on
this thread, you may want to check it out. Just launched:
[https://inthemesh.com](https://inthemesh.com)

~~~
severine
Nice, no RSS feed?

~~~
ocdtrekkie
When in doubt, add /feed and it probably works:
[https://inthemesh.com/feed/](https://inthemesh.com/feed/)

~~~
severine
:) I knew it, but now I won't forget it!

Added, thanks and thanks!

------
hw
Why are we finding alternatives to Facebook, when in fact we should really be
educating ourselves and people to stop sharing every single bit of personal
information about themselves online, be it on Facebook or a decentralized
application.

The problem with Facebook is that it holds way too much personal information
about a person - phone numbers, emails, a person's likes/dislikes, hometown,
current location, etc, and because society has been 'programmed' to share so
much about themselves, no thanks to social networks like Facebook that
promotes building your 'profile'.

In fact, strip away all that personal information and have people share their
thoughts and their dinner photos and what you get is just Twitter, Instagram,
Snapchat or a blogging platform.

A decentralized alternative to Facebook will not solve the problems Facebook
has because in the end even if you own the private key to your own data it's
up to you if you want to share your data with someone or an app, and once
you've done that to a malicious party, your social network is compromised. And
as some have pointed out in this thread, a decentralized and open source
alternative would be worse.

In the end, it's up to the individual to be smart about what to share and what
not to share, and reveal as little about themselves as possible rather than
parade it all out to the world or to their 'friends' list. All it takes is for
someone not too technical to download a hacked 'client update' to their
decentralized Facebook alternative to have everything they thought to be
secure be leaked out.

An alternative that promises to be more secure than what it's replacing is
just asking for more complacency. I'm sure we thought Facebook was extremely
secure at some point, so why not share everything?

~~~
bigphishy
A large point of concern I do not see discussed with centralized currator like
FB is the ability of massive cesnsorship

------
dlwiest
I still think that's an awful name.

~~~
deckar01
Ya, I would be afraid to ask an acquaintance if they are on scuttlebutt. It
sounds like some kind of illicit pirate drug in that context. I wonder if
Facebutt would be trademark infringement...

~~~
twohearted
Faecebook

------
johnny313
I love the name,
[https://en.wikipedia.org/wiki/Scuttlebutt](https://en.wikipedia.org/wiki/Scuttlebutt)

------
madez
The fact that one cannot delete or modify the history of a feed one "owns" is
a show-stopper. Of course, people can always mirror stuff, but that is no
argument against modifications.

~~~
coatmatter
If one stops to think about it, not being able to ever delete _by design_ is a
ludicrous concept when it comes to social networking. It takes relatively
isolated cases of people mirroring and publicising stuff without consent to an
extreme.

Never expecting to need to delete is akin to expecting that you've peaked in
life already and future-you will not be looking back and cringing.

Facebook's "On this Day" feature I believe has helped a lot of people realise
this - at least when it comes to users who have been around for ~10 or so
years.

It might well be possible that the solution to Facebook and Twitter isn't more
internet social networking, but more real life networking. So while some
people appear to be raving about the merits of Steemit and Mastodon, many more
are probably already too jaded to continue on yet another "social" network.
The problem isn't necessarily the technology if the problem is us. Fixing
societal and political problems by trying to throw more technology at it isn't
the answer.

------
jancsika
Are there others like me who tend to read "alternative" as a misnomer in
stories about "decentralized X as alternative to centralized Y?"

I take git vs. svn as what I think is a fair reference point. Someone can
still argue in favor of svn, but I don't think they could seriously argue that
git isn't a viable alternative.

Moreover, git is so popular because it specifically targeted svn's users.
Scuttlebutt does not yet meet that standard-- at best its a framework on top
of which a yet-to-be-built Facebook alternative might sit.

I don't want to be a pest but the barrage of FLOSS "alternatives" to
Facebook/Twitter can have a numbing or frustrating affect on readers who don't
reflect on this discrepancy.

------
icc97
Perhaps this is just a depressive thought.

But I don't see any of these services taking over Facebook or even making a
slight dent. What might happen is that Facebook dies a slow death and none of
my friends keep in contact on there. But then none of us really built up and
real friendships on there so there's no incentive to start again on another
site.

I guess, even say we all got our wish and Facebook died, I don't see utopia
running up behind it. Utopia for most geeks was probably the early days of the
internet. I don't see anything bringing those back.

~~~
coatmatter
I don't think it's so entirely depressing if you can recognise Facebook for
what it is and be free enough of it while your "competition" stays there and
stagnates.

Focus on what _you_ want from life and ignore the rest.

------
_Marak_
Scuttlebutt is a great idea and has some really smart people working on it (
like Andre and Dominic ) .

With that being said, I don't think Scuttlebutt has any chance of succeeding.
SB network has some fairly serious architectural issues which may or may not
have solutions that are achievable with the current design. I ended up
uninstalling.

~~~
mr_spothawk
toxic users is a definite thing, but I think scuttlebutt is the best
alternative social network I've ever found. the development community & the
rest of the community are largely awesome, and they actually have a ton of
funding.

~~~
_Marak_
Can you show us any links or documentation that Scuttlebutt is actually
funded? Or as you put it, "a ton of funding".

I believe the actual number is 0. Would be pleased to hear otherwise.

~~~
lifty
They recently received 200k from the Dfinity project

~~~
_Marak_
Did they though? All I've been able to find related to this is a markdown
document not updated in two months.

The company mentioned to give the money, "Dfinity", has no mention of
Scuttlebutt on their Twitter, Medium, or company website. I can only seem to
find things related to the Dfinity token presale and airdrop, which I assume
is an ICO.

Scuttlebutt would greatly benefit from having a real source of funding. If
anyone can provide proof Scuttlebutt is now funded please post it here.

~~~
neftaly
There is a regular recurring grant process:
[https://viewer.heropunch.io/channel/ssbc-
grants?showAll](https://viewer.heropunch.io/channel/ssbc-grants?showAll)

The grants issued this month are for client maintenance/features, hosted pubs,
and on-boarding.

FWIW, most SSB talk happens on SSB, and "Funded" has a very different meaning
to the VC world.

------
fenwick67
The biggest problem with SSB right now as a FB alternative is there's no way
to sign your messages so only your friends can read them, unless you have only
7 friends.

The utility of Facebook is that I can share things privately with friends and
family. There are already lots of alternatives for public sharing.

------
profalseidol
Since it's AGPL, why not call it Free Software instead of Open Source.
[https://github.com/ssbc/patchwork/blob/master/LICENSE](https://github.com/ssbc/patchwork/blob/master/LICENSE)

~~~
no_u
What's the difference? I've been calling my AGPL and MIT licensed projects as
free and open source.

~~~
carapace
"Why Open Source misses the point of Free Software" by Richard Stallman

[https://www.gnu.org/philosophy/open-source-misses-the-
point....](https://www.gnu.org/philosophy/open-source-misses-the-point.html)

~~~
no_u
Visible source proprietary code is not libre and not necessarily free. Potayto
potahto.

~~~
profalseidol
[https://github.com/ssbc/patchwork/blob/master/LICENSE](https://github.com/ssbc/patchwork/blob/master/LICENSE)

------
EGreg
If I may, a decentralized alternative to facebook would be community-based,
allow people to do group chats, discover and post events, see attendees, meet
each other, add each other to contacts, maybe even drive each other to the
events, date, book group reservations at local businesses etc.

Like this:
[https://m.youtube.com/watch?v=pZ1O_gmPneI](https://m.youtube.com/watch?v=pZ1O_gmPneI)

Yes that’s my project. Would love to get feedback.

(The things I mentioned above are actually social things, the main thing that
distinguishes them is that they are taking place in the future and group
collaboration online is always leading to a goal. Anything that doesn’t
satisfy those two criteria is more about socializing online than offline.)

~~~
codingdave
FWIW, I did a survey of people asking which features from Facebook that
absolutely must have to consider switching to a replacement. As much as people
say the events, chats, and local community features are important... exactly
zero people checked those boxes in my survey results. Pretty much the only
thing people checked was 'connect with friends'

~~~
exolymph
Worth noting that what users say they will do and what they actually end up
doing frequently diverge.

------
tzakrajs
Could the Iranians have a malicious node join the scuttlebutt network to crawl
and identify nodes hosting content for dissidents? Aren't scuttlebutt nodes
more susceptible to DDOS than Facebook or Twitter? Are there features in
scuttlebutt to mitigate this?

------
twtw
Does anyone know how this compares to ActivityPub?

~~~
strypey
Very roughly:

* AP is a decentralized protocol, like email or XMPP, that standardizes federated interactions from server-to-server, and interactions from server-to-client. Sharing data between end users depends on one or more servers.

* SSB is distributed protocol, more like Git or BitTorrent. It has a concept of "pubs" which play a supernode role vaguely similar to that of BitTorrent trackers, or maybe a WebRTC server. Sharing data between users is P2P, not mediated by a server, although the pubs help user locate each other.

EDIT: formatting

------
sam152
I started looking at trying to write an implementation of the protocol
documented here: [https://ssbc.github.io/scuttlebutt-protocol-
guide/](https://ssbc.github.io/scuttlebutt-protocol-guide/). I was surprised
just how little information exists on the handshake and message exchange
protocols. The reference implementations of both seem quite immature.

Was there no existing protocol for sending P2P messages between clients this
could have been built on top of?

------
CiPHPerCoder
I was noodling around with a basic protocol design the other day, and it turns
out it already exists.

I'll definitely look into contributing to Patchwork / Scuttlebutt. It's a
great idea.

------
notemaker
> What makes Scuttlebutt unique is the simple idea that users should own and
> control all of their data.

I find this to be fundamentally wrong. After you post something on
Scuttlebutt, you have no control of that data. Sure, it's stored on your
computer, but it's also shared with your whole network who now have as much
control of it as you have.

I'd instead put it like this:

> What makes Scuttlebutt unique is the simple idea that no one entity should
> control all of the users' data.

~~~
tzakrajs
Can I chip away at that final assertion even more? If the data is easily
discovered through crawling the network, and nodes on the network are less
resilient than Facebook's sprawling infrastructure, you've potentially given a
single attacker control over reading and denying access* to data. There will
need to be protocol to mitigate attacks on the network by sharing information
between nodes.

*if they can determine where the copies reside

~~~
notemaker
How would the attacker be able to deny access to data?

~~~
tzakrajs
DDOS the limited nodes that are known to have the shards of data you care
about

i.e. Iranians ddos shard nodes that contain dissident communications

------
brightball
Would be great if they could set this up to work over your email account. Just
add a rule to hide the data passing messages from your normal inbox activity.

------
mdu96
"Of course, unscrupulous firms like Cambridge Analytica are also able to
access some users’ personal data by finding exploits in Facebook’s policies."

The "unscrupulous firms" did not find an exploit in Facebook's policies.
Facebook designed those policies so that 3rd-party developers had access to
user's data, and they knew it since the very beginning.

------
roadbeats
Imagine if Mark created Facebook as an open source alternative for Myspace.
Would it ever succeed ?

Good technology is not enough to replace a popular product. We need to find
the next popular product. The next cool, fun product can be also an ethical
one if right team works on it. It's harder than building a robust
decentralized network.

~~~
fenwick67
Imagine if Linus created Linux as an open source alternative for Unix. Would
it ever succeed?

------
brylie
Just spent about 30 minutes trying to install and connect to a hub. Ended up
at a GitHub bug report with no way forward.

While SSB looks very promising, and I REALLY hope we can re-decentralize the
web, SSB seems to have a long way to go to match the simplicity of getting
started on a service like FB.

------
some_random
I set this up a few months ago and found basically nothing. I wasn't expecting
much, but there was literally no conversation anywhere. Perhaps I didn't put
enough time in or connect to enough shards, but after about an hour I wasn't
interested in continuing.

Has this changed?

------
haolez
I think that the main obstacle of descentralized social networks is
collaborative censoring.

I don’t want to see posts in my timeline about ISIS propaganda or child
pornography, for example.

Are there any solutions around which allows users to block (most of) this kind
of content?

~~~
roywiggins
Now that machine learning classifiers are more and more mainstream, I'd hope
someone would build a system of pluggable ones you could use to dynamically
block what you don't want to see.

When it comes to systems like scuttlebutt though, can't you just pick who you
follow and if someone posts stuff you don't like, unfollow them?

------
LinuxBender
Perhaps I am being dense, but I don't see a public repo with the source code
and technical documentation. Is this an open source framework? What language
is it written in?

~~~
nanomonkey
It's written in nodejs, here is the repo: [https://github.com/ssbc/secure-
scuttlebutt](https://github.com/ssbc/secure-scuttlebutt)

~~~
LinuxBender
Ah, I was being dense. Thankyou! I've never run anything with nodejs before.

------
_davebennett
I think projects like these are cool for tech nerds out there. But to the
average user, unless it's super easy to use and looks pretty, they don't care
for it.

------
ilovecomputers
All these decentralized alternatives don't have iPhone apps. It's app store
policy that is blocking devs, ain't it?

~~~
staltz
I'm working the mobile app for Android. Groundwork for iOS is underway:
[https://twitter.com/andrestaltz/status/981622147864039424](https://twitter.com/andrestaltz/status/981622147864039424)

~~~
s73v3r_
They're not native apps?

~~~
gregknicholson
Staltz is working on _a_ mobile app for Android. Other people can make other
apps too.

------
anateus
The way I've described scuttlebutt to folks is that it's "what if Facebook
felt like Usenet in the 90s".

~~~
seattle_spring
...Until the voat/the_donald/conspiracy/incels crowd ruins it within a few
weeks of it gaining any momentum.

~~~
fwn
That is just a problem of offering good filters.

Every bubble other than the own is unpleasant. Social networks need to
reproduce the filters we create in real life (social, territorial, etc.) to
represent human interaction.

Facebook is sometimes famously called out for creating those filters. ...
although I often struggle to unfollow unpleasant (stupid/hateful/hivemind/low
effort) content fast enough.

~~~
strypey
> That is just a problem of offering good filters.

True, and this is a solved problem in the fediverse. Mastodon dev team have
been particularly good at implementing filtering tools at both the user and
instance level (like the email filters that block whole domains used only for
spam or other abuse).

We've had a couple of waves of folks banned from the birdsite turn up, get
asked to set up their own instances, and after a while, you just stop noticing
they're there. It's like a normal after-work drinks pub and a skinhead bar
being in the same street. You occasionally walk past some unsavoury
characters, but you don't have to interact with them.

> Facebook is sometimes famously called out for creating those filters.

No, what FarceBook and goOgle (among others) are called out for is creating
echo chambers, not filters. The difference is subtle but crucial. In a
nutshell, filters allow you to mute people who abuse you; spamming, flooding,
flaming, dogpiling, sea-lioning, all the old favourites from UseNet/ mailing
lists and a few new ones. Echo chambers quietly disappear the opinions of
people who may disagree with you, however politely, and regardless of how many
peer-reviewed citations they offer. You don't even know its happening, leading
to dangerous levels of false consciousness, and uncritical partisanship.

~~~
fwn
There is no universalizable qualitative difference between filters that create
a bubble/echo chamber and filters that do not. The word echo chamber and
bubble are just meant to transport a value judgement against their existence.
Which is why people often talk about other people's echo chamber and their own
legitimate anti-abuse filters.

If you hold a non mainstream position you would probably want to teach your
feeds to stop bombarding you with the respective mainstream position. A
hundred years ago you did that through selecting a fitting club or reading a
specific newspaper over another. Today you adjust filters.

What's creating a "dangerous level of false consciousness" is IMO just
ignorance and media illiteracy. If people think their media diet is also
everyone's media diet, they just weren't properly prepared for sophisticated
media.

------
valeg
Looks interesting but I think that something like Mastodon is more
approachable for a general audience.

~~~
yellowsir
why do you think that? i was looking at Mastondon and i can not find out what
it's advanced is. e.g. compaired with scuttlebutt

~~~
valeg
Simpler concept to grasp, just works in browser alone, looks like twitter.

------
zealsham
Only tech heads will understand the importance of a decentralized social
network. Casual people who make up the bulk of social media won't .

------
jason46
openDNS blcoks inthemesh.com for malware

------
michaelchisari
Good luck.

------
Bye_Felicia
Hate to be a jerk, but the name is all wrong. Again, I apologize, it's just
the mood I'm in, but seriously, the name.

~~~
osdiab
Agreed, I've seen Scuttlebutt around but I can't help but feel that it will
ever be mass market with that name.

------
CloudYeller
wtf were they thinking when they named it that? if any non joke product with
"butt" in the name ever succeeds, I will eat my hat.

~~~
romwell
While I agree with your general premise, you might as well start picking your
favorite hat condiments.

H-E-B is a wildly successful grocery store chain in Texas, and also the in-
house brand for many of the products sold in that store.

The marketing slogan is "HEB: Here Everything's is Better!"

The reality is that, while it _is_ often better than the competing chains
(sometimes sadly so, killing Krogers and other chains in my area), HEB are the
initials of the founder.

And B stands for Butt.[1]

It didn't even start as HEB - the original name was "C.C. Butt Grocery Store".

Hope your hat tastes well.

[1][https://en.wikipedia.org/wiki/H-E-B](https://en.wikipedia.org/wiki/H-E-B)

~~~
carapace
Okay, but see, that's Texas. If I lived in Texas I would shop at the C.C. Butt
Grocery Store and not think twice, except to smile.

It's all about the character of the state...

I once saw in Colorado a university that had the "Alferd Packer Cafeteria"
(sic) ;-)

------
senatorobama
Terrible name.

------
gjmacd
"As soon as I put the card into my phone, Scuttlebutt automatically updates
and syncs with the new posts that my friends or I make."

Yeah... so I'm out. Where's that card going to fit into my iPhone?

~~~
allannienhuis
That was just an example for how your data could be transferable for fully
offline/airgap type uses. Its not the ordinary use case. The ordinary case is
simply that your data resides on your device's storage.

[https://www.scuttlebutt.nz/getting-
started.html](https://www.scuttlebutt.nz/getting-started.html) has links to
more information on how it all works.

So far, I like the implementation (I've checked out the patchwork client). The
issue for me is the ease of getting started, and the social graph issue.
Social networks are only useful to me if my friends are on it. I'm not a
twitter kind of guy, I'm a facebook kind of guy and I'm not sure what the
solution is when everyone else is on facebook.

~~~
strypey
> I'm a facebook kind of guy and I'm not sure what the solution is when
> everyone else is on facebook.

 _Somebody_ was the first person you knew who was on FarceBook, otherwise,
from what you're saying, you wouldn't be on there. Be that someone for your
network of family and friends, on a user-respecting platform. May the source
be with you ;)

~~~
allannienhuis
the effort to get started and the social graph issue are related. If it were
easy to install and get my friends connected to the same networks I'm
connected to, then I'd be way more inclined to be the first person in my
network to recommend it to friends.

Today the bar is really low for 'easy' \- clicking on a web link and providing
some credentials. I think having a really nice introductory web experience and
the ability to have the same experience on multiple devices for the same user
is a must-have for this. I understand they're working on it, but in my mind
it's the #1 barrier to adoption.

