Hacker News new | past | comments | ask | show | jobs | submit login
Resistant protocols: How decentralization evolves (medium.com)
59 points by okket on July 28, 2018 | hide | past | web | favorite | 23 comments

That was a great read, thanks to the author for making sense of entangled history between decentralization and file sharing.

I don't see why they seem to conclude that decentralization can only exist to circumvent the law, though : it's not because it happened like that in the past that it can only happen like that in the future.

The author is noticing that privacy is a big concern nowadays, but is somehow discarding quickly that remark. I see it as fundamental. Nowadays, privacy is not just a theme for activists or weirdos whom most people think "they're going too far". Nowadays, my aunt and my grand mother speak out privacy concerns about facebook (ironically, on facebook). There is also in the general public mind this vague idea that we're allowing a few companies to be stronger than governments (and thus, than democracies) and that they now own internet.

All of this is very fertile ground for decentralization, we'll see if that ground expands or shrinks, but this is clearly not about working around the law.

Author here, thanks for reading!

Regarding "decentralization can only exist to circumvent the law", I don't think that in the long term (>5 years out). I touched on this a bit in another comment: https://news.ycombinator.com/item?id=17641098

Regarding privacy, I'm with you there, but I'm very skeptical that very fuzzy privacy concerns can switch enough people away centralized systems with network effects (FB, Twitter, Reddit, YouTube). I think these systems will see adoption from a few groups:

- Privacy advocates and people otherwise interested in the tech by itself - Ostracized groups. For example, see how Voat (not a decentralized system, but an example of a Reddit clone with a ideological mission) wound up as a hub for the alt-right. - The most extreme people trying to boycott platforms like Twitter. For example, people demanding way more censorship from Twitter that are trying to make Mastodon happen because it has content warning stuff and other anti-harassment stuff from what I've heard - Communities that are forced out by the law, like r/DarknetMarkets moving to Dread: https://medium.com/@jbackus/minimum-viable-decentralization-...

So, subcommunities definitely will exit I think but whether they go to other centralized systems depends on UX (which is harder with decentralization) unless a legal reason makes decentralization the only option.

Hi, thanks for reply.

I see your point ; I think there is actual and genuine interest in privacy and decentralization from what I see within my friends circle, but I may be biased because I'm active around ssb myself (and my friends may very well be interested in this because ... I'm interested in it). Time will tell :)

Regarding incentive for legal reasons, there's an other possible one that may happen (mentioning it for exhaustivity). Yesterday, I was reading an article about how an extreme-right candidate was favorite in brasilian elections. I was thinking : "oh look, an other fascist about to seize power". It feels like it's been a recurring theme this decade. And this is terrifying : could you imagine what the gestapo would have been with access to facebook data?

It doesn't even need the entire world to go mad before the incentive for privacy becomes very strong, 10 or 20 countries with strong engineers would be enough to kickstart it.

I think the author generalizes too much from one example re: decentralization existing to work around the law.

Author here. I'm mainly writing about decentralization that is supposed to be mainstream while also looking for historical examples. With that in mind, I've looked at:

- Dozens of file sharing apps and their protocols (focus on Napster, Gnutella, FastTrack, and BitTorrent) - Tor, I2P - Tor hidden services - Original p2p Skype

If we generalize "decentralization" into "creative uses of distributed systems and/or cryptography for the sake of privacy and resilience" then we can include a bit more:

- PGP - Willfully blind centralized systems like mega.nz

Then finally if I dip into older attempts that IMO didn't get real adoption, we can include some other interesting examples:

- Freenet - Tribler - Mojonation

There are systems like Diaspora and Mastodon, but they're too close to the present IMO to use as historical examples. There are also obviously decentralized/distributed systems that serve as the backbone of the internet and I do want to allocate more time to learning these deeper, but they don't feel the same.


Anyways, I'm not even really disagreeing with you but mainly trying to point out that I'm trying to draw from as much as possible. The original Skype stands out as a case where it seems to have no relationship with the law (https://twitter.com/backus/status/1014726515592818688).

If you have examples (failed or successful) that you recommend looking into, I'm all ears. As I've pointed out in a few other places, my point regarding the law isn't to say that this is all decentralization will ever be for. Instead, I'm saying this seems like the main point in the past for mainstream applications. Maybe decentralized apps will work as well as centralized apps in the future, but it seems like this might be far enough out that it would be incredibly risky for a startup to decentralize today when it doesn't need to.

I could say more, but this is already a lot. Thanks for reading my article!

I feel like the next frontier for decentralisation is the need for decentralised websites. If a website just contains read-only static text then it can perhaps be replaced by a PDF shared over bittorrent, but I don't think there's yet a very good technology that can be built into mainstream web browsers and that allows complex web apps to run (including functionality like searching and posting comments) in a domain-agnostic way. Hosting the website as a Tor hidden service probably achieves something similar to decentralisation, but support for the Tor network is unlikely to be included as standard on most operating systems.

One set of technologies that might get us closer, though, is allowing offline signing of websites. This would mean you could trust the public key for a webapp once, and then run that webapp from any domain that serves it correctly. Any data sent or received by users of the webapp (like comments or likes or bids, etc.) would have to be signed by the keys of individual users, meaning a malicious server could only filter messages you send and receive, but not spoof them. For persistence of data across sessions, and synchronisation between the mirrors, the back-end data store could be a web-API database accessed over Tor by the servers hosting these mirrors of the web app.

The IPFS [1] is close to this. Websites (and all other resources) are P2P hosted with a distributed hash table. For example, there's an reasonably uncensorable Wikipedia mirror [2].

I don't know what the state of web apps on IPFS is, but believe some people are working toward a pubsub-based system.

[1] https://ipfs.io/ [2] https://ipfs.io/blog/24-uncensorable-wikipedia/

Decentralized web apps already exist, built with our tool ( https://github.com/amark/gun ). For instance:

- Decentralized Reddit ( https://notabug.io/ ) can push terabytes of daily P2P traffic.

- Decentralized YouTube ( https://d.tube/ ) gets millions of uniques every month, built with IPFS/Steem/GUN (upcoming release will have end-to-end encrypted private messaging).

There are plenty of other dApps being built. This isn't an Ethereum pipedream, you can build them today! We'll even be releasing an IPFS storage adapter for GUN coming up soon, too!

How is GUN related to dApps? The server seems like a regular daemon running on a regular machine.

The apps built with GUN are decentralized (thus "dApp", the browser can even store/serve data), however browsers still suck with WebRTC, so there are fallbacks to WebSocket and stuff, but the dApps do not require/depend upon a daemon/central host.

Hey, your Odoo apps look pretty neat. I'd love to learn more about how you've managed to make a business on top of OSS, wanna chat? Check my profile for my email. :)

Sorry if I'm misunderstanding, but aren't these only partially decentralized?

While GUN seems to be a p2p system, both those applications are single points of failure due to each being hosted on a single domain. Are there additional ways to access the same content?

Both those apps have multiple other peers running it, they're also open source so you can run one, AND the browsers also contribute storing/serving data!

What we'd like to see next: Browsers natively supporting more P2P tooling. WebRTC still kinda sucks. :/

What I'm keen for is a decentralized google docs clone, supporting collaboration and syncing.

Of course, I'd like the ability to have my notes be private as well.

Is there anything like that on the horizon?

Yes, we did a whole interactive explainer article on this:

http://gun.js.org/explainers/school/class.html (cartoon version)

Although, from a algorithm side, you may enjoy a talk by Martin (a CRDT researcher) for a more thorough technical overview:


Our team has a model for applying end-to-end encryption to this as well. It isn't a high priority for us to do it ourselves though, so if you are interested in getting involved, we can help explain all the algorithms for implementation!

I've seen that class.html explainer.

It's a great tutorial but it's a long way from that high-level explanation of how it should work to a functional, working google docs clone!

I know you've already done a huge amount of work but enduser acceptance is what separates what you're doing from all the previous academic protocols out there. Nobody is going to switch from google docs to gundb if they are expected to write all the code themselves. OK, a small percentage, but not many.

Has anyone made anything similar that an enduser can just install and use? Even just a collaborative plain text editor would be a great start.

I would be interested in helping but my javascript skills are rudimentary at best.

I've been interested in dat/hypercore lately. Is there any way that gundb could piggyback on hypercore for storage, or in your opinion would the fact that it's an append-only log be too limiting for gundb?

Sounds a lot like you’re describing the work being done with Dat and Beaker Browser. Here’s a recent talk by Tara of the Beaker team: https://www.youtube.com/watch?v=rJ_WvfF3FN8

You might want to check out https://beakerbrowser.com

It is p2p and built on top of the Dat protocol (datproject.org)

This got me thinking about Mastodon, Peertube, etc. These are decentralised services for sharing content. Their user-base mainly favours them, iiuc, because the operators of centralised services were being too heavy-handed in their restrictions on content - not just legal but objectionable in various other ways (eg. adult content, instructions on making explosives, or fair-use of copyrighted material).

The article suggests that in each step we'd expect a decentralised solution to make the smallest possible change, and indeed we do: All these services work by decentralising the operator. Every mastodon instance is able to censor itself, or its own view of the other instances, but when this kind of failure occurs users can easily find another instance that is more accommodating.

Is decentralization cheaper or more expensive than centralization?

I cannot come to a conclusion on that question.

Decentralization smears the cost over time and space as constant cost to everyone and constant small failures everywhere. Centralization concentrates it into smaller spaces and larger but rarer failures.

Depends on your metric. But typically, there's quite a bit of overhead in most decentralized systems, that's one of the reasons they don't gain widespread adoption.

I guess that question gets answered when the last email was sent and all communication happens through WhatsApp or similar.

> I guess that question gets answered when the last email was sent and all communication happens through WhatsApp or similar.

Not so easy: There are lots of other factors than cost which decide what wins in a market, such as

- trends/hypes

- convenience

- being available at the right time (in the right place)

- ...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact