
The Ecosystem Is Moving [video] - olivernyc
https://media.ccc.de/v/36c3-11086-the_ecosystem_is_moving
======
sweden
Every time I see Moxie talking about decentralization, I can't help to think
that this is all a big disguised agenda used to promote his own business for
selling the Signal technology to any messaging vendors (WhatsApp, Facebook,
Google, etc.)

He keeps bringing data privacy and data encryption as the sole motive for
decentralization but that's not really the point. The main point is data
ownership and freedom of usage.

WhatsApp and Signal are good messaging services indeed but:

\- We are tied to their official clients.

\- Which means that we are tied to the platforms they support

\- We are also required to have Google Play services installed on our Android
phones

\- We are tied to phone numbers

\- And if (for whatever reason) we trip on their abuse detection services, we
might get banned and completely prevented of using their own service (mistakes
on their side can happen as we have been seeing with Google)

The point of decentralization is to avoid all these annoying constraints.
Encryption and privacy are a bonus, not the selling point.

Also, all of his points about centralization are completely refuted by the
efforts of the Matrix project.

~~~
pa7ch
There are trade-offs in user experience between a centrally controlled effort
and something like Matrix.

If you've listened to him talk many times before, it seems almost disingenuous
that you'd believe he hasn't made this choice because mass-adoption and user
experience are the first priority of his design constraints.

It doesn't mean your criticisms aren't valid wants in a messenger but there is
a logical and publicly explained motivation to why Signal is the way it is.
One piece of good news is that being tied to phone numbers is a problem Signal
appears to be solving in the near future. [1]

[1] [https://signal.org/blog/secure-value-
recovery/](https://signal.org/blog/secure-value-recovery/)

~~~
sweden
It seems to me that these design constraints are more to their benefit than to
the benefit of the users because it simplifies a lot the maintenance of their
infrastructure:

\- By relying purely on phone numbers for user accounts, they remove a good
chunk of infrastructure for having to deal with problems with logging in or
missing passwords or stealing accounts.

\- And by relying on Google Play Services, they avoid having to maintain a
push notification infrastructure.

And I'm okay with this! It's smart and effective but I just wish he would be
open and honest about it and not spread FUD about decentralization and other
alternatives as an attempt to justify Signal's design decisions and make it
look like "the only true way of messaging securely".

When he was asked by the public during his talk about the phone numbers, he
went a long way to give an answer that didn't really answer the question. It
was almost like a politician trying to justify an ulterior decision.

He is a salesman, a very good salesman. A good part of his presentation was
not even about the "ecosystem", he just was wandering off-topic walking the
public through his point of view. You could see this when he started to
sneakily dismiss decentralization with saying "I host my own email" basically
saying "So I am an authority on everything about decentralization".

~~~
Vinnl
> \- And by relying on Google Play Services, they avoid having to maintain a
> push notification infrastructure.

It was mentioned in a sibling comment to GP, but Play Services are no longer
required. If you don't have them installed, Signal will use its own push
notification infrastructure.

Indeed, this was not always possible, because they had to implement and
maintain it first, in a way that would provide a good user experience for
users. (And even then, the non-Play Services version is still somewhat
detrimental to the user in the sense that their battery depletes more quickly,
so it's a trade-off they'll have to make themselves now.)

------
thekyle
So in the beginning of the presentation Moxie brings up some valid cases where
it's good that centralized services can rapidly iterate and improve such as
WhatsApp being able to roll out end-to-end encryption with a single update,
while email is still not encrypted despite the tools existing to do so for
years. Basically centralized services can roll out changes quickly and
decentralized ones are more or less set in stone.

However, I feel that maybe he isn't considering the downsides of being able to
change quickly. Sure WhatsApp was able to add end-to-end encryption with a
single update, but they can just as easily remove encryption with another
update. Additionally, while I will admit that it sucks that email is not
encrypted, knowing how many people and businesses rely on email every day, it
should be incredibly difficult to make changes to it. I don't want a single
person or company to be able too suddenly decide to change how email works.

One area where I am sympathetic towards Moxie and Signal is requiring phone
numbers (mentioned at the end in the Q&A). Personally, I don't see it as being
all that big of a deal and it does bring several advantages with it:

* Users get to store/control their own social network in their phones address book

* Users can switch easily between WhatsApp/Signal/etc.

Although I agree that requiring phone numbers does reduce the privacy of
Signal users, I think it is a worthwhile trade off for making the app usable
by the public.

Also, it seems like usernames might be supported in the future:
[https://signal.org/blog/secure-value-
recovery/](https://signal.org/blog/secure-value-recovery/)

~~~
fauigerzigerk
This idea of phone numbers being easy to use is baffling to me. Phone numbers
come with so much red tape it's unbelievable.

I'm still paying for a phone service in a country where I previously lived (5
years after leaving) because I can't move all the stuff that's linked to that
phone number. I even had to send them a government issued photo ID recently so
I could keep the number.

And to use the number without switching SIM cards I have a separate phone that
I'm booting up just for that purpose. I actually bought a third phone to
manage all my SIM cards. This time I was smart. I bought an Android phone with
dual SIM slots in spite of being an iPhone user.

After listening to Moxie's talk, I realise that many of his arguments sound
entirely plausible from a US centric point of view but make far less sense if
you live elsewhere.

Building on top of phone numbers also assumes that end-to-end encrypted
messaging will always be permitted in the mobile app stores. It's a reasonable
assumption as far as the US app stores are concerned. I wouldn't bet on it
here in the UK though, and even less so in many other countries.

~~~
geogriffin
Phone numbers are useful for exactly the reasons you find them frustrating:
stability -- as you said, everyone and everything you associate with can and
will store and contact you via your phone number indefinitely -- and
portability -- everyone accepts and understands phone numbers, modulo
international dialing.

Sure, something could and maybe should replace phone numbers, as the system is
definitely messy wrt international dialing and countries changing numbering
plans.. But the thing that replaces phone numbers in their usefulness will
bring the same frustrations you express.

Email has mostly the same characteristics, especially for non-computer-people.
My parents were paying $10/mo for dialup up to ten years after switching to
DSL and Gmail, just to keep their old email address. I bring that up not to
point out the extortion -- email could theoretically have had address
providers decoupled from hosting provider through DNS, if it had been made
user-friendly -- but to point out the value in the stable identifier. I know
this is an anecdote, but the story of AOL email is similar, that 2.5 million
people [1] were still paying $20/mo for their dialup and bundled email when
"some of whom" (sorry there's no better information on this) had since
switched to a different ISP, but kept paying AOL to keep the email.

> I even had to send them a government issued photo ID recently so I could
> keep the number.

Governments will always want to link users to their stable identifiers. It's
in their policing interest, for better or worse. Switching away from phone
numbers will just shift the problem.

[1] [https://consumerist.com/2013/08/08/believe-it-or-
not-2-58-mi...](https://consumerist.com/2013/08/08/believe-it-or-
not-2-58-million-people-still-pay-for-aol-service/)

~~~
fauigerzigerk
_> Phone numbers are useful for exactly the reasons you find them frustrating:
stability -- as you said, everyone and everything you associate with can and
will store and contact you via your phone number indefinitely_

No, not at all. Most of my contacts don't have my current actively used phone
number or the old one I'm forced to keep. I have a whole box full of SIM cards
I once used for one reason or other. Most of them no longer work (I think).

It's the same thing in the other direction. I have tons of phone numbers of
some people and I have absolutely no idea which ones actually work.

You're right that email is the same mess, at least for people who don't have
their own domain (which is most people).

But Signal is a centralised service. So why not use usernames?

The reason is not stability, because phone numbers can hardly be more stable
on Signal than Signal's own usernames.

I believe the reason is that Signal was hoping to get faster traction by
showing people who else in their phone book has Signal installed.

I find that creepy to say the least. And it's a very bad reason force the
whole usability disaster that is phone numbers, SIM cards and phone companies
onto all Signal users.

------
bertman
This talk is basically an elaboration of Moxie's blog post from 2016 with the
same name [1]. See also a response to this blog post by Daniel Gultsch,
developer of the popular Android XMPP app Conversations [2].

[1][https://signal.org/blog/the-ecosystem-is-
moving/](https://signal.org/blog/the-ecosystem-is-moving/)

[2][https://gultsch.de/objection.html](https://gultsch.de/objection.html)

~~~
bertman
Backup link because the OP 404'ed: [https://berlin-
ak.ftp.media.ccc.de/congress/2019/h264-hd/36c...](https://berlin-
ak.ftp.media.ccc.de/congress/2019/h264-hd/36c3-11086-eng-
The_ecosystem_is_moving.mp4)

------
vanitasvitae
Its funny how he mentions domain fronting as a technique to counteract
censorship, and even uses Google as an example, while in fact Google (and also
AWS) banned them from doing domain fronting a long time ago...

[https://signal.org/blog/looking-back-on-the-
front/](https://signal.org/blog/looking-back-on-the-front/)

~~~
seanieb
Still works with other CDN's. No point in putting those companies on the
spotlight.

------
dpc_pw
Great talk. It could be an Urbit ad since most if not all of the mentioned
problems (and many more) are exact reasons it was designed the way it is.

Stagnation of development is caused by fragmentation of platforms. For every
app we need to develop the same app over and over and over, and then keep them
in sync. That's why we need a precise, unified, and well designed OS/VM layer.
Only then we can run and update the same app on many systems with ease.

The reason why it takes so many engineers is the byzantine stack of layers
we've developed over the years and platform fragmentation. Which compounds
with the fact that every decentralized app has to develop the same set of
things over and over. If only the OS/VM layer had it ... built in - like in
Urbit.

Censorship resistance problem described in the talk is not an issue if the ID
is decoupled from the infrastructure. Something that I still don't understand
why federated protocols don't get (I'm looking at you Mastodon). If you make
them scarce and transferable it will additionally help fight the abuse.

The list would go on, but it has all been described many times.

~~~
cheschire
> That's why we need a precise, unified, and well designed OS/VM layer. Only
> then we can run and update the same app on many systems with ease.

Is this not exactly why the web has become a platform for apps? And wouldn’t
all of the issues inherent in the web also then apply to this OS you describe?

~~~
dpc_pw
Web is built for client-server architecture. And that's what we've got - bunch
of big companies, storing all the data, and our thin clients downloading only
the part we look at.

Urbit is built for p2p architecture.

------
waldfee91
Backup on PeerTube:
[https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-...](https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270)

------
saurik
In this video, Moxie Marlinspike--the developer of Signal, someone who has
been consistently extremely negative on not just the idea of federated and
decentralized systems but of open protocols and alternative clients for
centralized systems (to the point where it shocks me he still does any
development as open source, given how hard he pushes on the idea that people
who fork his clients are actively doing something that harms the world by
leaching resources from his organization for their own client, which I feel
like misses the entire point of why people are doing those forks in the first
place)--makes the argument that, because decentralization doesn't
_automatically and inherently_ solve hard problems _merely due to the
technology being decentralized_ , we should not waste time working on
decentralized systems and instead work on and support centralized ones (one
would imagine, particularly his).

While he clearly understands it not only was _but still is_ a very difficult
problem to make a centralized service private (as he points out how much work
has gone into making some basic aspects of Signal seem usably private), he
doesn't want to admit the idea that someone could or should spend commensurate
time also working on researching or improving decentralized systems :/. In the
process, he ignores attempts to work on what I'd consider the primary problem
(something someone thankfully poked him about during the Q&A, though I'd say
not hard enough)--transport obfuscation--and thereby goes so far as to claim
that decentralized systems are fundamentally less private (using an example
involving peer-to-peer video/audio calls on Signal that they decided to
instead route through their centralized servers) based on that assumption of
non-private transports (as clearly we should all trust Moxie Marlinspike and
the handful of people who work at Signal with our metadata over anyone else we
might want to be able to choose to trust).

As part of this, he spends a lot of time trying to argue that people don't
actually have any useful control in a decentralized system anyway, which is,
of course, extremely convenient given how he doesn't really acknowledge that
the entire point of his thesis is that he and his centralized organization not
only should but in fact _must_ maintain _all the control_ so that he can
follow the moving ecosystem :/. Meanwhile, he cites federated systems of the
past as clear and unmitigated failures, including specifically IP, a layer
upon which he somehow manages to build Signal on top of despite being
supposedly fundamentally and horribly flawed due to being a decentralized
protocol frozen in time and nearly impossible to change (which isn't even
true! IPv6 was insane for actively going out of its way to break transition
paths, but as many people have pointed out it didn't have to be that way; and
even within IPv4 we have seen a lot of manipulation and progress in the form
of protocol extensions. many of his other examples are also clearly flawed if
you know anything at all about the protocols involved).

"Finally"\--a word I use here both in terms of it being the most repetitively
frustrating things about this talk (and so I list it last) but also as it came
up again at the very end (thereby closing the video) due to a question from
the audience poking him hard on this point (to great applause)--he continues
his apologetic rhetoric for the idea that phone numbers are somehow _better_
as an identifier than any other possible alternative--something that is so
wrong on the face of it that we can point at _ludicrously_ popular chat
systems, such as Kik, that were largely popular _because_ they did not use
phone numbers at all, in addition to the vast majority of popular social
networks that merely use phone numbers for account password recovery (and
while many of them now require phone numbers to sign up, that is entirely
unrelated to the service and how you use it, and was usually not the case when
the service first came into existence: it was way more common to require an
e-mail address than a phone number)--to the point of seriously claiming
multiple times that ceding control of identity to the telecom infrastructure
(something we know is horribly insecure even if you trusted all of the
players, which I don't think anyone does) is one of the things that makes chat
fundamentally better than e-mail (?!?).

Really, the best line from the video came from someone in the audience asking
a question, leading with: "thanks for the thought provoking talk... you said
so many things I disagree with, it is tough to pick a question" :/. For me,
that feeling goes well past just this talk and his positions on chat systems:
his love for Intel SGX--a technology that has been broken multiple times and
whose key feature, Remote Attestation, is just "DRM" by another name--puts him
on what I would argue is "the wrong side" of the war over general purpose
computing, wanting to rely on user-hostile hardware to protect decentralized
cryptocurrencies (such as his MobileCoin) from attack by anyone... other than
Intel, obviously, as they can be trusted?... or any governments that can lean
on Intel, as maybe we like those governments?... or of course, anyone with a
zero-day hardware side channel attack, as we can pretend all of those have
been found? :/... essentially, in the end, most of his positions just seem
like a way to shill for centralized government control over everything, with
metadata being protected only by the security of the memory of his servers
(something which was pointed out by yet another question from the audience,
and for which he didn't really have a good answer) wherein the best case
scenario is that laws like the DMCA end up being what protect us from
attackers as opposed to actual math :/.

~~~
x0x0
> because decentralization doesn't _automatically and inherently_ solve hard
> problems _merely due to the technology being decentralized_, we should not
> waste time working on decentralized systems and instead work on and support
> centralized ones (one would imagine, particularly his)

That is an extraordinary mischaracterization of his talk. What he actually
says is that decentralization makes many desirable characteristics --
enumerated at some length in this video -- more difficult. The implicit
argument, then, is since we're struggling to achieve certain desirable
characteristics even in centralized systems, we should focus our efforts there
first.

~~~
glogla
The talk can be taken in two ways.

1) It's a reasonable comparison of centralised and decentralised systems.

2) It's a way to discredit decentralised systems so people move to Signal
because Moxie is a corporate / government shill or want to be the personal
Jesus or something.

Which explanation looks more likely to someone, is mostly based on how they
personally trust Moxie. And a lot of people in the community don't consider
Moxie trustworthy.

In my personal opinion, this talk made a lot of people angry, precisely
because Moxie went to Anarchist club (CCC) and had a talk that can be
summarised (again, in my personal opinion) as "give up on decentralisation,
give all power to ME ME ME and I'll take care of you, pinky swear." Of course
Anarchists don't want to hear that.

But to someone who trusts Moxie or centralised power in general, this might
seem like a crazy interpretation.

~~~
shrimpx
3) Sharing his belief that centralized trumps decentralized for a bunch of
practical reasons and of course Signal is going to be a centralized system
based on this belief.

(I don't necessarily agree with Moxie but I saw his talk as neither of your 2
points.)

------
inputmice
The irony of a talk that speaks out against decentralized systems being only
available on decentralized backups of the centralized original…

------
hncensorsnonpc
The link gives me an error

~~~
waldfee91
Backup on PeerTube:
[https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-...](https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270)

------
geuis
Link is dead now. 404

~~~
waldfee91
Backup on PeerTube:
[https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-...](https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270)

~~~
mixedCase
The irony of having to rely on a federated system to watch this video because
the centralized one removed access to it is not lost on me.

------
Glosster
Why is he saying that email is not encrypted? Isn't it actually encrypted when
traveling from server to client? Who uses ports without SSL or TSL anymore?

~~~
Ninn
He is referencing end to end encryption. Google can see Your
to/from/subject/metadata headers even if you bother to use gpg

~~~
Glosster
Then that's a problem with us using a centralized system (Google) for emails,
right? So email is not really decentralized.

~~~
cyphar
Replace "Google" with "your email provider". Even if there were many diverse
email providers with significant adoption, the problem would remain.

Unless you're using PGP (and -- critically -- the other people know how to use
it as well), then your email is stored as plaintext on your email provider's
email server (and the email provider of anyone you send the email to, as well
as any forwarding agents that passed the email along).

