
The internet has been stolen from you. Take it back, nonviolently - datamonsteryum
https://medium.com/@flyingzumwalt/the-internet-has-been-stolen-from-you-take-it-back-nonviolently-248f8d445b87#.xjs07vyey
======
buovjaga
Some context:
[https://en.wikipedia.org/wiki/Comparison_of_software_and_pro...](https://en.wikipedia.org/wiki/Comparison_of_software_and_protocols_for_distributed_social_networking)

What the author wants does exist already: Retroshare is a secure p2p
communication platform you can install on your computer. It even uses
Bittorrent's DHT to speed up connecting to peers. You can also install it on
your server and use its web interface (recently rebuilt with Mithril.js).
Retroshare development started 10 years ago. PRs welcome:
[https://github.com/RetroShare/RetroShare](https://github.com/RetroShare/RetroShare)

~~~
nickpsecurity
From a Schneier blog thread:

"Retroshare has enough layers of security that the even the nsa will have to
work really hard if they want to get in there." (Benni from Germany)

"And it's written in a risky language using shoddy libraries on platforms NSA
has 0-days and automated attack systems for. I'm sure that this combination
will be "really hard" for NSA to penetrate. ;)" (Nick P.)

It's a nice idea and little project worth some development, though. I agree
it's the closest thing, outside Freenet, to what the OP describes. It needs to
be clean-slated in a safer, but low-level, language with the risky libraries
substituted or improved. The protocols will need to be verified and
implemented by high-assurance security community. Covert channel analysis. The
works. Then, it will be good enough to stop many high-strength attackers
enough to matter.

Of course, anything like that will be throttled and filtered by ISP's. Might
be best to start disguising the traffic as HTTPS connections or something like
my homebrew solutions did.

~~~
buovjaga
This security company is reviewing Retroshare:
[https://www.elttam.com.au/blog/a-review-of-the-eff-secure-
me...](https://www.elttam.com.au/blog/a-review-of-the-eff-secure-messaging-
scorecard-pt1/)

~~~
nickpsecurity
Good to know. What sysrems has that company built that resisted nation-state
or top-tier effort to break the security? Probably nothing? Further, is this
one time or will they review in parallel with each code submission?

These kind of questions should lead you to the conclusion they'll merely find
and patch some flaws. Others will remain or be introduced.

------
noam87
For the immediate future at least, federation seems much more feasible than
wholly decentralized systems. At least for websites / applications that are
expected to gain any mainstream traction.

Building a federated Wikipedia, Reddit, Twitter, Amazon, App Store, etc. that
does not have a single point of censorship / failure is perfectly doable.

Hell, any of those websites _could_ start federation initiatives today if they
so wished (Waiting any day now for a Big Name to experiment with a federated
model).

However from my experience p2p services (IPFS / Freenet etc.) still require a
combination of technical skill and political awareness (to go out of one's way
to use a service that is much less convenient -- and to develop for a platform
that will make you no money) that the average user does not have.

Not to say they have no place: the internet itself was a fringe, nerds-only
technology at one point. But it only became a mass phenomenon once uses were
found that brought 10x improvement on things the nontechnical user already
needed (sending a letter, looking up information).

Decentralized technologies (today) offer no such improvement.

And let's face it, for the average Joe, p2p offers nothing: a p2p service can
_at best_ be of equal quality as a centralized service. There's no way around
it: there's nothing simpler and more performant than talking directly to a
central host.

With federation, the user needn't even know the difference.

~~~
jpetso
While it's clear that p2p is going to face an uphill battle to demonstrate its
value to the average Joe, I would also argue that federation doesn't address
the underlying issues with user control of data.

Email is federated. Does it give us any more control over our data? No,
because one company controls the largest email service and monitors not just
that user's emails but also the ones I send to them.

XMPP is federated. One company managed to get a large enough market share, at
the first opportunity they lock other federation servers out and change the
protocol.

Federation for established websites is long a thing, CDNs are taking care of
that for them. Central points of contact combined with P2P distribution like
WebTorrent is the worst of both worlds: The centralized site still owns all
your data, and in addition you're paying with your bandwidth and CPU resources
to reduce their bill.

A fully client-centric model isn't anywhere near likely to make it big in the
near future. However, client-first (with personal servers provided by friends
& non-profits) is the only feasible approach for reclaiming ownership of our
data.

For-profit companies don't have any incentives to let you store large amounts
of encrypted data on their servers for free, at best they'll use it for cross-
selling. At worst they'll push for a modified protocol version that relies on
the central company server for crucial functionality, scheming the next lock-
in.

If the past is any indication, the future looks bleak for idealists who
(merely?) want a user-controlled alternative to those data-driven monopolist
platform ecosystems.

The technology might be getting there, but the average user's priorities make
it a super hard sell. In the face of the Google/Apple duopoly, open standards
are more and more an optional gimmick - instead of standard data transfer
protocols we get CarPlay and Dropbox, instead of wireless standards we get
Chromecast and Apple Multipeer, instead of mini-computer smartphones we get
constrained consumption devices with tracking built in as a core feature.

The value of client-first P2P is really not about censorship or failure. It's
about control. By giving control over protocols and platforms to a handful of
large service providers, we got more convenience in exchange for our
opportunities to tinker and improve on the status quo. Instead of being able
to change things as a society, now we have to rely on shareholder-controlled
entities to decide what's good for us. It used to be just code and Windows vs.
Linux, now it's data and Google vs. basic assumptions of privacy.

And the user doesn't even know the difference.

~~~
noam87
Agree wholeheartedly. I'm a linux/GPL proselytizer among my friends. I've
customized my development environment beyond recognition; I love it. That's
what technology is to me: the ability to transform the world around me using
my imagination. It's a beautiful, empowering feeling that I wish everyone
could feel.

Every day I am saddened by enormous drift between what I know is possible with
today's already existing technology (we cary supercomputers in our pockets!)
and what we are actually doing with it (supercomputers we use as neutered
mass-media consumption and ad-delivery devices).

I also know a lot of non technical people. Even young people, smart
professional people, politically aware people; just not technical. And to 99%
of the public, control is even more of a non-issue than privacy / censorship /
security. "This glowing rectangle is a black box, why should I care if company
A locks it down with binary blobs or if company B releases it under some GP-I-
dunno-what?"

Even technology companies choose slack over improving and extending open
standards. Convenience is a bitch.

Sadly, the only selling point I see today for p2p is piracy. The only issue
that will get people riled up is when they lose free access to their favorite
TV show. Which only further stigmatizes the hacker mindset as a front for
would-be criminals. Privacy is _somewhat_ making its way to the general
population, but the message is muddled and confusing to most.

I wish I had a solution. How do you sell the inherent beauty of open, hackable
technology to non-geeks? Selling it on its social merit alone seems too
abstract.

------
cypherpunks01
It seems to me like the Merkle DAG decentralized infrastructure with by far
the most momentum right now is IPFS. It would be great to have a usable social
network developed on top of that.

This article seems to culminate in a call to action to support a github
project consisting solely of a README.md. I think a call-to-action post that
is much better than this one is the archive.org one:
[http://blog.archive.org/2015/02/11/locking-the-web-open-a-
ca...](http://blog.archive.org/2015/02/11/locking-the-web-open-a-call-for-a-
distributed-web/)

~~~
datamonsteryum
[CORRECTION/RETRACTION]: I misunderstood ipfs. You can totally edit your DAG
in ipfs (which gives you "delete" ability). So Yes cypherpunks01 is completely
right.

The explanation of how you do "deletes" in a DAG still stands.

[Original comment:] ipfs doesn't have delete. It's basically a global
immutable data store. Brilliantly well suited for a "permanent web" but not
well suited for the kind of communication where people want to edit or delete
the stuff they've put out in the past.

~~~
cypherpunks01
Isn't the purpose of any merkle-dag infrastructure to be an immutable data
store? How does hypercore support editing in this way?

~~~
datamonsteryum
If you append to a merkle-dag then yes it's immutable, but you can always do
the equivalent of a git rebase -- effectively removing a portion of the tree
and then selectively re-applying the parts that you want to keep. That creates
a new DAG, one that diverges from the DAG that was shared before. For example,
if you accidentally commit a database password into your git repository and
push it to github, you can go back, edit the git history to exclude that
commit, and force-push the new tree to github. This completely removes the
info from your git repository. Of course, if someone has already pulled that
old code from github, they already have your password -- you can't change
that!

~~~
mjevans
I don't see a problem with the truth of the internet being reflected in ipfs.

Consider the internet to be write only, forget maybe (you are not in control
of that). If you accidentally commit a password someplace the correct response
is changing that password.

~~~
wlesieutre
That works for passwords, but not for everything. What happens when someone
goes "Oops, didn't mean to drop those nudes into my gallery of vacation
photos"? Are they irrevocably published? Or can you unpublish them and hope
that nobody noticed while they were up?

~~~
warrenpj
IPFS reflects the truth of the public internet (and public speech/media in
general): With IPFS, and any other internet technology, you can choose to stop
sharing data with others, but you can't force other people to stop sharing
copies they already have (except through some means outside the protocol, such
as DDoS or the law).

I think a design goal of IPFS is that if you publish your nude photos to your
personal IPFS node, it wont be sent to another node unless they explicitly
request it by content-address. So you can use it to share sensitive data, and
you can always layer encryption on top. [1]

[1]
[https://github.com/ipfs/faq/issues/47](https://github.com/ipfs/faq/issues/47)

------
FussyZeus
We don't need to take the Internet back from the various platforms, we need
serious and strict legislation about what they do with both what we share and
what we are. There is nothing wrong with a Facebook inherently; the simple
fact is we as users have been extremely complacent in what companies like
Facebook are allowed to do. I think that's starting to get better as the
population gets more savvy but at the same time we're still nowhere close to
where we need to be.

I think it's a fundamental problem with how you approach the relationship with
a service like that: They give you a Terms of Service, or what you're allowed
to do to be able to use that service. I think we need to flip that around
entirely and instead mandate that Facebook has to ask, explicitly, for
everything. And more importantly there need to be serious consequences for
when those rules are violated. Every relationship with a network of any kind
starts at a position of they own everything, and then they tell you what you
actually own and I think it's backwards. We should start from a position of we
own everything, and this is what you're ALLOWED to take and use.

I think that's far more feasible to do than a distributed Facebook. Not saying
it's impossible, just saying it's a shorter route and betters the relationship
we have with the things and companies we do business with overall.

~~~
qznc
That is what just happened in the EU parlament:
[http://www.europarl.europa.eu/news/en/news-
room/20160407IPR2...](http://www.europarl.europa.eu/news/en/news-
room/20160407IPR21776/Data-protection-reform-Parliament-approves-new-rules-
fit-for-the-digital-era)

> The new rules include provisions on: A right to be forgotten, "clear and
> affirmative consent" to the processing of private data by the person
> concerned, a right to transfer your data to another service provider, the
> right to know when your data has been hacked, ensuring that privacy policies
> are explained in clear and understandable language, and stronger enforcement
> and fines up to 4% of firms' total worldwide annual turnover, as a deterrent
> to breaking the rules.

We'll see how that turns out.

------
api
Virtually everything the author wants exists in a technical sense, but it's
not usable for the average person.

I've said this many times, pretty much whenever this topic comes up:

A thing that works is maybe 10-20% of the way to being done. The rest of the
work is making it into a product non-experts can use.

UX is tedious, time consuming, and painful. It involves a lot of the kind of
work most devs hate. As a result people generally have to be paid to do it.

Almost nobody does UX work for decentralized open systems because they are
free. There is no economic model. You can't make a living.

Until this changes nobody is ever going to use this stuff.

IMHO this is The Problem and if you are working on decentralization without
trying to solve it you are spinning your wheels.

------
powera
I don't get this article. Other than defining a bunch of new words, what are
they exactly saying the problem is, and what are they saying the solution is?

Just saying that <the solution isn't diaspora, it's swadeshi> is complete
nonsense. And the problem seems to be <something big corporations do> but they
never really say what.

~~~
gingerrr
The problem:

> The internet has been stolen from you. Scooped out of your hands without
> much of a fuss. A small number of corporations are locked in a zero-sum game
> of land grabs.

The solution:

> The solution is to decentralize further, relying on a peer-to-peer
> model...In short, create an app, one that you run on your computer or phone,
> that writes social data (aka “posts”) into local databases and then
> replicates those databases to peers using a peer-to-peer protocol

Directly from the article, and it's surprisingly detailed in implementation
suggestions - I'm forced to conclude your lack of understanding is willful.

~~~
landryraccoon
> The internet has been stolen from you.

This isn't a felt need. I don't feel inconvenienced by this. I don't feel the
loss of something I once owned or had the benefit of.

> The solution is to decentralize further,

The solution solves a very abstract problem. I would go so far as to say it's
a religious or spiritual need only that is solved by this. Decentralization
will not improve my life or meet any felt need (I am not less hungry, less
lonely, more clothed, more sheltered, or more socially connected as a result
of this product). The only benefit I could have is if I had a religious belief
in the moral need for this type of system, and that system satisfied that
moral belief. I think that's a very small minority of users.

------
nickpsecurity
This article is idealism that's not grounded in anything close to reality. The
real problem is the demand side of the equation ensures things like Facebook
and Comcast are more likely to succeed to point they drown out everything else
with network, legacy, and development pace effects. Anything they build must
consider and conquer that problem in its design/implementation to succeed. A
better, centralized offering that respects users rights down to the company's
charter and license agreement is an easier start.

Funny they mentioned Diaspora. I predicted very accurately what would happen
to them sometime around 2011 on Schneier's blog:

"Diaspora is a joke. The thing is being designed, analyzed and implemented
primarily by amateurs. A truly safe social network must be designed by people
with expertise in cryptography, protocol analysis, secure software design, and
low-defect implementation. Throw some testing and UI people in there to boot.
I like that there's people trying on this, but I wouldn't trust anything that
project produces. The independent reviews we've gotten so far confirmed my
suspicions.

As for secure/private social networking, I don't know if there's really a way
to do it that would take off. Non-paid internet services depend mainly on ad
revenue. An advantage of current social networking sites is that analysis
allows targeted advertising & brings in lots of revenue. Take that away & you
get very little revenue in comparison. This is a problem if you are running a
secure web service with tons of cryptography in it, which takes MUCH more
resources to achieve performance of something like FB."

People want these independent, private, secure spaces but are unwilling to pay
for them. Most of their friends and family probably are both unwilling to pay
and unwilling to _use_ them. Plus, you have to recreate most of the usefulness
of modern web platforms. You have to do all that... very expensively to
develop and run I'll add... while making almost no money on almost no users.
Good luck.

------
landryraccoon
This project doesn't serve a felt user need. If you've ever worked in a
startup attempting to do a consumer product you know exactly what I mean. It's
extremely hard to get a user to even use a product that solves a problem for
them, and much harder if they already have a product that they think solves
the problem. If they don't feel the pain of the problem being solved, it's
impossible. I don't think many users have a felt need for this product,
whether or not the developers believe it solves an abstract moral or spiritual
need.

------
kaiku
I like the post, and the ambitious GitHub repo with a single README made me
smile. We're re-discussing an existing idea to see if maybe something sticks
or clicks. An idea might be the same, but circumstances change.

That said, I agree with a lot of the comments here. Like coding, let's see if
we already have a library that does what we want before writing it (again). A
good question is, what's the most pressing problem we face, and how does this
solve it?

I don't have a problem using Twitter or Facebook to, let's say, organize a
grassroots movement or lead a protest, but I ought to be concerned about the
viability of these platforms for such activities when they're unpopular with
the company or government behind it. How might we solve this? Maybe this
project leads to some solution...?

------
Mz
I have no idea if this project has legs, but I enjoyed reading about the
concept of Swedeshi and being reminded that Ghandi successfully sought
political independence by pursuing financial independence. I have my own
hypotheses about the importance of independent stuff. My confidence in the
viability of it sometimes falters. This was a nice read on a day when I have
been wondering "Why bother?" about a lot of things.

~~~
nickpsecurity
That part I liked. I hadn't heard of the term before despite reading on
Ghandi. It even sounds neat. The rest of the article... not so much.

------
woodandsteel
One way to motivate ordinary users to decentralize is money. Facebook et al
give you all these "free" services so they can monetarize your data. If you
could own your data, then you could sell it.

Also, I am surprised the author missed ipfs and ethereum, since they are
pretty advanced examples of decentralizing the web.

------
ourcat
Cue: Medium-level Irony Klaxxon

------
leepowers
This project - Swadeshi - it's an idealistic and foolish idea. Which is why
I'm interested in seeing where it goes. I generally make pessimistic
assumptions, and I'm assuming this project will go no where. But we still need
audacious ideas. Even if the concept itself doesn't succeed, the project may
create and disseminate related ideas and technologies that could be
transformative - a successful failure.

What follows are a few blockers, or possible failure modes for Swadeshi. The
biggest potential issues are not with the technology, but with the ecosystem
it has to live in.

 __Network Size __\- Facebook, Twitter, et al. have the great advantage of
having huge numbers of users. To use an alternative requires not only that I
adopt the alternative, but that that I convince some significant part of my
friends /family/society to use the same.

It's like Bitcoin - Bitcoin is not that difficult to use, and has a number of
features missing from traditional currencies. But the great potential utility
of Bitcoin comes from having nearly everyone use it. Currencies, like social
networks, require large numbers of users to be widely useful.

One important exception is for users who can't or won't participate in
"normal" currencies or networks. Which is why Bitcoin became the de-facto
currency the Silk Road and other black markets. And why, initially, Swadeshi
will most likely be used by those groups who can't openly participate the
normal social networks - child pornographers, white nationalists, islamic
fundamentalists, freedom fighters, revolutionary groups, etc.

The danger here is that "stink" or "danger" of these out-groups will be
associated with the project in popular consciousness. The network may be de-
centralized, but people still think hierarchically. Swadeshi could easily
become "the kid-toucher's social network" much like "Bitcoin is the Sewer Rat
of Currencies"

 __Capture __\- Swadeshi is de-centralized, so there 's no single entity
controlling the state of the network. But that doesn't rule out capture. Look
again at Bitcoin. The idea was to create a virtual currency (which it did).
But it was quickly captured by speculators to the point of crippling the
network. Control and capture are two different things, and solving for one
doesn't preclude the other.

 __Facebook can still win __\- Suppose the Swadeshi project gains millions of
active users. That 's real momentum for a Facebook replacement. But Facebook
can still win by embracing and extending the technology behind Swadeshi.
Facebook could be all-Swadeshi under the hood, but present the familiar FB
interface, with their value-adds of Photos, Groups, Pages, etc. Moderation
could be FB's major advantage. If Swadeshi is the wild-west of social
networks, FB could bolt on their anti-spam and abuse reporting mechanisms to
tame the unruly bits.

------
chinathrow
Posted on Medium, a central, private, for-profit publishing platform. Oh the
irony.

~~~
datamonsteryum
+1. And you read it because you're visiting hackernews (also central, private,
for-profit). It's a systemic problem. That's why we need new tools that let us
operate outside that system.

~~~
striking
But how would I discover content if I didn't use HN? Is there a way to
aggregate and rank content without an authoritative server?

Also, HN isn't for-profit (although YC is). Like, yeah, it's not a non-profit,
but it's not designed to make any money either.

~~~
reitanqild
> Is there a way to aggregate and rank content without an authoritative
> server?

Something like RSS: Pick up all posts tagged such and such from these users.

I've thought a bit about this and if we really wanted to we could get really
far with just a few hundred lines of code as well as some html templates.

Problem is, most people like facebook and instagram :-/

~~~
true_religion
RSS doesn't really have a method for 3rd parties to rank content, does it?

The thing about HN is voting and comments, both of which require manual
moderation to be effective.

~~~
quikoa
Couldn't the moderation be distributed as well? Pick the moderators you want
and the posts are filtered with their moderation actions.

~~~
reitanqild
Agree, I could share (a subset of) my sources as could you.

We could even automate it so if my post reader notices several of my sources
following another source it will ask me if I want to look at or follow that
source, etc.

------
justinlardinois
Interesting idea, but just reads like a lot of hand wringing to me. And
comparing centralization of the web to colonial rule is ridiculous and
honestly pretty insensitive.

I like that it acknowledges that running a personal web server is out of reach
(technologically and financially) for most people. But I'm not sure if its
proposed decentralized network is any better, because creating web content and
having a large number of people see it are not easy.

At the end of the day, most people using the web do not have a technical
background and really just want to microblog to their friends using a simple
interface. Facebook/Twitter/Instagram and hell, even Snapchat do that. I'm
having trouble imagining a decentralized network that replicates that.

------
alanwatts
>The internet has been stole from you.

It was never "stolen" because "you" never owned it in the first place. The
internet infrastructure has always been a monopoly.

[https://en.m.wikipedia.org/wiki/AT%26T_Corporation#Monopoly](https://en.m.wikipedia.org/wiki/AT%26T_Corporation#Monopoly)

~~~
goldenkey
It is kind of great to think that though the phone lines held all the
bandwidth, we escaped those, right? Which means that escaping the most popular
and dominating websites should be considerably easier..I like the federation
idea.

~~~
krapp
But all you have to do to escape the most popular and dominating websites is
not use them.

People act as if Facebook and a few other sites have literally become the web
but they haven't. Extremely popular, yes, but it's not as if the web gets
smaller when Facebook gets bigger. Even the linked article uses the term "land
grab" as if there was a limited amount of "web" to go around.

