Hacker News new | past | comments | ask | show | jobs | submit login
We need decentralized communication (medium.com)
73 points by johnboyer 16 days ago | hide | past | web | favorite | 56 comments



A big thing that annoys me about buzzwords like "decentralized" is that they're not binary. Another one that's largely lost meaning is "blockchain". Decentralized is relative and depends entirely on the context.

They do tend to represent ideas like anti-censorship, individualism, and (sometimes) privacy. I think it makes more sense to discuss these topics in terms of the actual implication of what you're decentralizing, and how it actually helps.

For example, the Internet itself is decentralized. But from the perspective of your particular ISP, it's not at all decentralized (if your ISP turns off your Internet, it's game over).

Email is also decentralized, but so what? Most people use the same email providers so it's somewhat meaningless for SMTP itself to be decentralized. Google can still read your emails.

The problem with using these terms instead of more tangible language (i.e., language that describes what the thing is actually doing) is that they tend to get hijacked by scammers/marketers who just want to harness their popularity for their own ends.


> E-mailadres is also decentralized, but so what? Most people use the same email providers so it's somewhat meaningless for SMTP itself to be decentralized. Google can still read your emails.

I actually think email is almost the ideal implementation of a decentralized network. You're always going to have giants in any communication network- that's simple the reality. Email allows people to use these giants or, and critically, it allows people to join in the conversation while not using those giants. It is open. Suppose this were to happen with twitter or facebook, where the protocol was open and people using networks like mastodon could simply join in. That is a way to achieve decentralization, with the benefits that go with it. If you don't want google to read your mail, you and your correspondences can choose not to. Twitter and Facebook offer no such choice.


The issue here is that it is fairly difficult to not be automatically filed as spam, and you can easily be blocked from communicating with large chunks of people if something nasty happens. Of course, if you know these people directly, they can put in various exceptions, but most people you're interacting with won't


>You're always going to have giants in any communication network

I suppose you make that claim based on the assumption that any electronic long range communication system at most reduces to a network?

If so, your assumption—while applicable to our current global communications network—doesn't cover the communication systems which could (& hopefully would) already exist if the ARPAnet originators hadn't messed this up by dropping the Internet layer and renaming the Network Layer to the 'Inter'net layer. It got Telcos exactly what they needed to remain giants.


> if the ARPAnet originators hadn't messed this up by dropping the Internet layer and renaming the Network Layer to the 'Inter'net layer.

Can you send elaborate? Genuinely curious.


https://en.wikipedia.org/wiki/History_of_the_Internet

Back in the day the network layer was not standardised nor interoperable. The "International Network Working Group" provided a communication protocol (TCP/IP) capable of hiding the differences of the different networks.

> the job of the TCP is merely to take a stream of messages produced by one HOST and reproduce the stream at a foreign receiving HOST without change. [Cerf]

That network of networks demonstrated the feasibility of the concept of interconnection. The resulting net eventually became the global inter-network... INTERNET


Not my point tho, see here:

https://news.ycombinator.com/item?id=21108739

Interconnected Network Networking (what we have today)≠Interconnected Internetwork Internetworking (what we should have but don't)

The latter enables recursive structures, the former doesn't.


Thank you, this is what I was looking for.



It was more based on the idea of the network effect, because any service in communication systems may benefit from additonal users. This effect is uncoupled from the actual technical implementation, though that is also an important factor of course.


Well, in the context of privacy decentralization doesn't have a lot of meanings. Just a couple, like leaking as little information as possible to a single party and giving as little control as possible to a single party, because if you can't trust a single party having to trust many independent parties with much less information and control is much better for privacy (theoretically not a single party should be able to decode a single bit of useful information about others, even a resoursful malicious party doing sybil attacks, etc.).


> For example, the Internet itself is decentralized. But from the perspective of your particular ISP, it's not at all decentralized (if your ISP turns off your Internet, it's game over).

Yes the ISP is a chokepoint and thats why:

1. People push for regulations like net neutrality to legally prevent them from doing something like that.

2. Use VPN's to deny ISP information they could use to decide whose pipe to turn off.

3. Some are trying to build meshnets and physical peer-to-peer infra.


> Email is also decentralized, but so what?

Client implementations being possible is a huge one.

The security claims of a product like WhatsApp (in the news lately) would be far more verifiable if it weren't essentially a black box. It's also just like, basic computer hygiene and _nice_ to be able to have custom clients.

Imagine if the Gmail web interface were all you had and software like Thunderbird or Mutt was just completely impossible.


> We need decentralized communication

> Although Riot has made significant progress in the past few months, there is still a long way to go before it becomes a suitable drop-in replacement for platforms such as WhatsApp or Discord.

The problem with adoption client based on Matrix protocol is clearly lack of the quality of clients and being so annoying for users. I think it also stands true for other protocols like IRC or XMPP. In my humble opinion, clients for all 3 are far behind Telegram or WhatsApp or even BBM.

Looking on commits in repos of various Riot clients, I am not sure if there is significant progress (yes, it's a bit unfair to said that, but comparing to let's say webpack repository, number of random contributions is quite low). For Android there are two versions - Riot and RiotX. RiotX is in early stage development (I'd say it's unusable), while the Riot just gets minor changes. iOS client is OK. Web and desktop client (based on electron) is not as simple as Slack to get start and running. I keep fingers crossed for Riot developers and spontaneous contributors to improve those clients - without good, simple to use clients there isn't any chance for Matrix to be adopted widely as WhatsApp or Telegram are.

Centralization is not really important factor for most of people during selection of communicator. IM is a tool and if it does not do its job properly, people will look for better alternatives. Just, please take a look how many sysadmins/devops switched to Slack from IRC. Please stop writing yet another article how centralization is bad - just help Vector.im, TheLounge.chat or other group to bring such IM client where most of people will be comfortable to use it.


In other words, the project needs UI and UX designers, and more of a focus on a polished user experience.

Which seems to be an issue a lot of open source, decentralised projects have to be honest. They get a lot of programmers involved, but seem to struggle to get the aesthetics/design side up to par.

What would it take to get the kinds of designers found at the likes of Slack, Discord, WhatsApp, etc working on open source projects lke Matrix?


....money?


https://www.youtube.com/watch?v=KbWfzyQBWrU

> Most Popular Instant Messengers 1997 - 2019

WhatsApp has approx. 2 billion users. The beginning of that video starts out with messengers (not including things like IRC and email) that have a few million.

This is just the Eternal September effect.

You and I can just crack out nginx and host a site. The author of this post didn't even do that; what hope is there for the rest?

An instant messenger, even a secure one, needs a proper marketing budget in order to succeed out in the real world. It doesn't just need to be superior - it needs to be _advertised_.


> Decentralization is paramount to restoring privacy and freedom to the internet.

We have to start with reconquering our phones. A decentralized app cannot be hinged on a centralized appstore.


Android/iOS will always have a chokehold on their users. The Librem 5 is a potential alternative, a Matrix-integrated and fully open source phone. Although it still has some rough edges to be ironed out.


F-Droid [1] has addressed this pretty well for Android devices.

[1]: https://f-droid.org/en/packages/im.vector.alpha/


Until F-Droid removes the app from the store for whatever reason


F-Droid supports adding additional repositories, so there is no "the store."


Where's my sledgehammer these days...?


This looks like a throwaway answer, but it's really the only right one: the only phone that offers privacy or anonymity is one that is smashed to dust. Anyone who is concerned for their security in any way beyond, "Hey, don't tell Jim, okay?," should never, ever use their phone, and I don't see a way to fix that. The makers of phone hardware, the software providers, and the service providers are completely unworthy of trust, and I can't see that changing.


There’s some juicy irony in seeing “We need decentralized communication (medium.com)”. I see no mention the the elephant in the room.


I can just imagine it: "But you see, I'm only using medium.com because it's convenient. Other people shouldn't, but I'm just using it for now and will switch to something better, someday. I just don't have time at the moment."

I don't think there's anything wrong with using Medium, but this is always where decentralization/security/open-protocols utopia seems to die: convenience and the UX. Where everyone seems to be trying to convince you that something like IRC is the best while using Discord because it's better.


Can someone fill me in here please, how did medium become the place for these sorts of posts when self hosted wordpress, ghost, Squarespace, wix and just basic HTML were created so that you can host a text blog running on a server you control from wherever you want? How did medium take hold and why?


Medium was originally a great experience for the reader. No interstitials, no ads, no unrelated photos, no pleading to "follow" or "become a member". Just your text, nicely formatted.

Compare a simple article, across the years:

2014: https://web.archive.org/web/20141201191740/https://medium.co...

2019: https://medium.com/@fields/now-its-about-the-things-that-you...

Once they started achieving critical mass, like every other free-to-use webpage, they loaded it full of crap.


Maybe that was a bad example or my ad-blockers are working really well, but the 2019 edition only has ads at the bottom for me which is easily ignorable.


Medium offered expanded reach. A lot of people used to cross-post their personal blog on Medium; some comparisons I've seen showed nearly 10x more views from the Medium post.


I only clicked this so I could say this same thing. I'm glad I'm not alone in seeing this as a completely ridiculous juxtaposition between wanting decentralized communication while using a horrible centralized service. This author should start with creating a static blog or something.


Just because you need something, doesn't mean you need to use it. Decentralized communication is a fallback in the event that centralized communication fails, in the same way that cash is a fallback in the case that credit cards fail/are blocked. I don't carry cash, and I don't use decentralized communication methods, but I still think both are very important to have.


If you need cash because the card network is down, then it's already too late to get cash. Thus, it's important to test the decentralized methods, just like it's important to test your backups. And if they haven't been tested (and have up to date instructions!) the only safe assumption is to assume they don't work.


Governments are thinking about abolishing cash and when there are few enough users they will. Use it or lose it.


If you can't beat them, join 'em. At least until you can.


A technically-inclined person can beat them pretty easily (at least on the privacy/ethics front) by spending $5 on a Digital Ocean droplet and spinning up Nginx.


But then you don't have medium's discoverability.


At this point in time, does Medium offer much discoverability? I know it used to, but at the moment, it seems like anything that isn't being charged for gets buried. As does much of anything outside of a publication, or not created by a social media influencer.

(and the percentage of people who even check the latest story for a tag has fallen even further since the last redesign).


Or do it for free using GitHub pages + Jekyll.


That's pretty dang centralized.

Then again, so is using a VPS, just at a different layer


It's pretty dang easy to move a Git repo of Jekyll pages anywhere, and serve them with 100% fidelity. In fact, the normal way of using GitHub Pages naturally makes it trivial to copy your content anywhere, and serve it from any web server.

That does not appear to be true of Medium blogs.



You want to send something sensitive, mail a letter. In the US, the protections on ease dropping on physical mail is quite good. Requires an actual warrant in an actual court, unlike most electronic communications.

Otherwise, assume your communications are being collected and perused.


The analysis I have read here is far over-indexed on the technology and privacy aspects. Pushing a new messaging platform involves a fundamental change in consumer behavior and this in turn requires engineering, product, design, and marketing to execute in concert. This is why corporations continue to out-deliver Open Source in anything that touches the consumer.

“If we build it, they will come.” Is just a lazy fantasy that lets you stay in your comfort zone, fixing bugs, refactoring modules, and pushing features for the next release.

If Matrix is to succeed as a technology it needs a real, highly competent go to market team and strategy. And I think you have to build some very compelling user experiences to drive switching and combine that with import/invitation features and outreach (pushes, email, etc) to even have a look at the basket. Alignment across platforms is just table stakes.


Oh for crying out loud. No, we need UNcentralizable communication, as to avert undecentralization/recentralization.

Federation=bad:

https://news.ycombinator.com/item?id=19959687

Unfortunately, any communication protocol which mathematically always reduces to ye olde beads-on-a-string with enough extra steps to hide this even from most experts makes this fundamentally impossible… — …and both IP 4 and IPv6 fall into that category, despite their very name implying otherwise:

https://news.ycombinator.com/item?id=19867467

Two brief quotes from over there:

"[…]

This does not mean that we should be doing OSI. Good grief, no. …

[…]

————

[…]

[22] Someone will ask, What about IPv6? It does nothing for these problems but make them worse and the problem it does solve is not a problem.

[…]"


We could have decentralized communications if we ever actually use IPV6 in production. Static IP's for all, much easier to self-host.

The other large issue is once you self-host, you're now liable for moderation of illegal content. I'm not sure how to fix that part.


No we couldn't, because, despite its name, IPv6—just like it's predecessor—functions as a network protocol and can't support internetworking at all.

Consider RINA and/or GNUnet instead. IPv6 just represents a bandaid.


"This means the only way WhatsApp could comply with these demands is by completely altering their software with insecure cryptography."

I get what the author is trying to say, but getting technical details like this incorrect makes it difficult for me to want to keep reading these types of articles. There is no need for WhatsApp, et all to make the crypto insecure, all it needs to do is keep a record of the keys in a centralized database. That's why having centralized Commination isn't good, all you have to do is own the key handling process and you're good.

To follow the analogy in the article, the lock is fine, just 3 letter agencies have the key.


It was my understanding that the asymmetric key pair was generated locally, and only the public key was exchanged. I am unsure about whether or not this is a requirement of the Signal protocol, but Signal itself will only store the private key locally, meaning they would need to alter their software in order to store said keys in a centralized database.


You are correct. However, that doesn't make the cipher insecure.

The reason I make this distinction is because it makes other attack vectors different. If the cipher was made insecure, then the whole thing couldn't be trusted because anyone can now attack the cipher.

However, if the keys are being stored in a database, it means that the cipher it means you can either attack and get the keys on the local device or the center database.

Those are two radically different attack venues with entirely different consequences on the encryption scheme.

Edit: Thinking about it too, it also makes the defense against it a lot different too. Say I'm in a country that only allows WhatsApp for this reason (WhatsApp allows key sharing). If I wanted to, I could crack the software and just stub out the part that sends the key (or send a dummy key as well). You still get the protections of a secure cipher, and no one else has the key now. If the cipher was weakened, then you couldn't do this.


Semantics. It doesn't matter if the protocol is 'secure' if the private keys aren't.


See my other post. It does in fact, it means the attack vectors are completely different.


"[...] used against suspected terrorists, pedophiles and other serious criminals."

This isn't even a slippery slope, 'suspected, other serious criminals' is subjective enough to apply at will in any instance.


Joker 2: The mayor of Gotham recruits Batman, because law enforcement has no jurisdiction over silly criminals


My beef with Riot (at least as of 18 months ago) was how cumbersome it was to set up encrypted channels, especially on multiple devices. I'm not at a place where I can do much about that, but happy to support somebody who can (if its still an issue).


Like IRC?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: