Hacker News new | past | comments | ask | show | jobs | submit login
The problem with federated web apps (devever.net)
128 points by hlandau on July 1, 2023 | hide | past | favorite | 170 comments



The problem is also that federated doesn't really solve the problem of decentralization and that's the problem we ought to be solving. I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant. Coupling accounts to instances of the federation might be the easy solution, but it doesn't solve the problem we actually should be solving. This was already something I disliked about Jabber/XMPP and this was 20 years ago, we ought to have solved this by now.


Yeah, I agree it all feels very disconnected. I think this problem extends to the communities on federated platforms too. Taking a look at the Reddit like federated alternative (lemmy), there's multiple instances of the same 'subreddit' on different servers. Makes it hard for everyone to gather.

I think federated projects really look at federation as an add on to their platform, not a core feature. E-Mail did this well where everything was automatically federated by default (I.e you can send email from anywhere to anywhere for the most part) whereas some fediverse software, specifically lemmy, require that federation be enabled (and I believe you choose to federate with servers on a per-server basis).

Where I work we're working on a solution to this where your identity remains sovereign between servers [1]. We currently have a Twitter-esque microblogging demo setup [2].

[1] https://gitlab.futo.org/polycentric/polycentric

[2] https://polycentric.io


The big problem with federation-by-default in the current incarnation of federated software (at least Lemmy, I'm less familiar with Mastodon) is that you will likely end up publicly hosting any content from instances that you choose to federate with.

With email, it doesn't really matter if someone is using your email platform to spread controversial political ideas or using it to share pirated media or whatever, because you're not hosting it for the general public to consume.

With the fediverse it's different. If I own fedifoo.app and allow my app to federate with neonazis.app or tankies.app, then eventually neonazi or tankie content will be accessible at fedifoo.app/c/unpleasantcommunity. I don't want that, so I defederate, but now the fediverse is fractured and "it doesn't really matter which instance you choose" is no longer true.

Disabling federation by default helps protect new hosters from the unintended consequences of federation, which is good, but it leaves us starting out on a fractured footing.


The solution to this is to have a unified namespace which is distinct from hosting. So then /c/unpleasantcommunity is only hosted by instances that choose to mirror it, but if anybody goes to /c/unpleasantcommunity and their default instance doesn't mirror it, it redirects to an instance that does.

Then you don't have to host anything you don't want to but you still have a unified network.


Yeah, I also think having the option to censor communities in specific is a good way to do it. So you could just choose not to host /c/hatefulcommunity. I'd imagine blocklists and community reputation systems would be created much like what exists with e-mail.


The generally right way to do this is to put actual censorship on the far side of impossible but give individuals good filtering tools. So then maybe your instance provides a default blocklist, but if something gets blocked, it isn't just silently invisible, it shows up as a collapsed comment that you can unfurl or a warning page that you can click through if you really want to. And if you don't agree with an entry your instance added by default, you can strike that one out and choose to always see it.

The key is to never let anything like a central party impose censorship that can't be overruled by the user, but still allow them to filter out 99% of the crap by default.


Yeah, Polycentric lets server operators choose to censor individual posts or entire users. Your client can query anything that's censored from one server by querying it from another where the content was published. It's fairly easy to tell when a post is censored since each post has a logical clock per user that is incremented per post, so you can pick out any missing logical clock entries.


i quite like how censoring is done in the fediverse. there is no censoring but each user can chose to block content from showing up in the client. i don't like the idea of censoring. some authority decides what other people are allowed to see.


Sadly Lemmy’s implementation is quite poor. The owner of each instance can choose which other instances to federate with. So shortly after the Reddit exodus, many are already forming tight ideological bubbles. For example, Beehaw defederated with almost every other instance because they want an ideological safe space. This despite the fact that the protocol already gives individuals plenty of tools to block and avoid users and communities they don’t like. So there is a strong push to control the experience for all users in an instance, instead of allowing individuals that control. And I see a lot of support for this model in other, “less” authoritarian instances like lemmy.world.

I think many people are just very authoritarian today, and don’t appreciate the internet as we knew it 20 years ago. They’re not content to control how they interact with the internet. They want to control how everyone interacts.


I'm unconvinced the majority of people are like this, but the type of person who becomes a moderator will be, it's self selection. This happens in every community on any subject matter, I've seen moderators on power trips in phpBB forums 20 years ago, it's nothing new.

The type of person who we want as moderator don't want to be moderators. A real decentral solution needs to give power and sovereignty to the users and take it away from admins and moderators. Some group of elite privileged few federated servers with all the power, demonstrates how worthless Lemmy and fediverse are.


Not a fan of ideological censorship myself, but deferderating from instances such as pedo.school, cum.camp, various kiwifarms instances and hentai.baby, seem reasonable to me.


Sure, but they defederated from a lot more than those four instances. They also defederated from 400 others, including lemmy.world, which is about as milquetoast as it gets.


That’s my point. There’s valid reasons to defederate and then there’s ideological reasons.


Beehaw did not do that. They defederated 2 large ones because of open sign ups, and Lemmy not having other modding/admin tools available yet


That was the claim, but it’s clearly a lie. First, they’ve defederated with and blocked hundreds of instances, not two. It looks like close to 1,000. You can review yourself here: https://beehaw.org/instances

Second, it appears they have even more moderators than the instances with which they defederated. More than enough to keep illegal content off the instance. But that’s not the intended goal. They want content off the instance which is ideologically opposed to the owner. They make that clear in the instance description. They want more moderation than Reddit, which is already filled with insular ideological spaces.

The users are all very much on board with this ideological purity. They freely admit it, so I’m not sure why you would contend it.


> It looks like close to 1,000

It’s 400. Versus over 3000 linked instances. That does not sound like an insanely long list, considering how many spam instances there are and those with questionable content.


> It’s 400.

I don’t understand how this argues against my premise. This is decisive evidence that they want strict ideological adherence.


I like it in principal, but I think it's hard to keep up with spam in a manner like this.


How does a user choose to block content without seeing it, say in order to avoid seeing gore videos from war zones or such?


A big problem with this is that certain kinds of content are illegal both to host but also to link to, in many parts of the world (including the USA). Your solution works well for legal-but-reprehensible-to-the-admin content such as nazi or tankie content (or porn or [...]). But if you end up linking to illegal pornography, or to drug selling, or even to gambling etc, then you're likely still liable and the fact that you're not directly hosting the content is not going to protect you that much (look at torrent trackers to see how well that defense worked).


Basically Usenet then?


Yeah, literally a modern Usenet. Reddit is barely different than Usenet anyway


You can't login to Hotmail to read your Gmail email. You can however have an e-mail client that pull your mail from both.


You can't censor content on a federated platform without fracturing that platform.


But email is the same as xmpp or DMs on "social media" - you can comunícate with various instances. the problem arise with groups (so mailing list, multi user chat or "communities") - in case of email you have mailing list which is not federated and is tied to particular server / address... same issue so it wasn't exactly solved. it's just it's used slightly differently.


All I get from polycentric.io is "Please add Polycentric to your home screen" (Android browsers call it installing) - even after I added it to my home screen (Firefox on Android). Works on Chrome though.


It somewhat works if you tell Firefox to get Desktop Site...

But they also broke the back button


Wow, that's odd.


We'll look into it. Thanks for checking it out


Both current Firefox for Android and Safari 17 (Beta) have a bug where display-mode: standalone doesn’t return true when running standalone, that’s probably what’s broken.


Perhaps a safer way is to use a different url (parameter) for the standalone mode.


Same on safari on iOS 17.


There’s an open issue on Lemmy’s GitHub about making it easier to combine multiple communities on separate instances: https://github.com/LemmyNet/lemmy/issues/818

Seems like something they’re thinking about solving.


I think you might be missing that federated systems are not supposed to be fully decentralized. Federated is a pit stop along the spectrum between centralized and fully decentralized that makes trade-offs in order to reap some benefit of decentralization (no single owner of the entire network, allows some measure of user choice), while not having to deal with the problems of a fully decentralized model (no central authority brings moderation challenges, how to handle spam when each account is fully independent and not tied to a blockable instance that likely has no account verification enabled, there's nobody to appeal to if you lost account access / password reset challenges, among other things)

Being federated doesn't solve the problem of decentralization because it's specifically a middle-ground. It's supposed to be a compromise with some benefits of both centralization and decentralization - and I think a lot of people are happy with that compromise.


Sure, but if you don't have instance reputation as a stand-in for user reputation, then you are back to ground zero on the spam problem and sybil problem. This is not solved anymore than Bitcoin or Hashcash (anti-spam tool) it was based upon, or any more than email spam was in the 90s, or usenet spam in the 80s.

Every time I've brought up that content federation and identity federation aren't the same thing and that having centralized IDPs handle the burden of keeping spammers out of the network, people chime in with "yeah, and don't limit me to google and facebook!" and kind of miss the whole point. Centralized is one of the few solutions to the spam problem, it's worked with email for example. The other ways are some kind of a reputation web (finicky and gameable) or to force people to put down cold hard cash (proof of stake/proof of work).

This is all intimately tied up with crypto and spam because this same problem hasn't been solved for 30+ years and keeps popping up over and over again. Reputation networks are hard.

(and, you can do identity federation without actually melding your content with theirs, and that in fact melding content into a global namespace isn't inherently desirable. There there may be cases where you want to do something different with the "domain"/"subreddit" than another instance, or what most other people are doing with that domain/subreddit - reddit "technology" is not the same thing as 4chan "technology" even though these boards share a discriminator, it's not even the same culture or style of discussion even if they shared a mechanical format.)

But yes generally speaking the real problem here is there's like 10 different factions that all want to solve slightly different use-cases. Some people want self-hosted reddit, some people want self-hosted reddit with global boards, some people want explicit networking to specific instances, some people want something much closer to the decentralized/single-person instance with individual custom IDPs, etc. Nobody even agrees what they want to build.


> There there may be cases where you want to do something different with the "domain"/"subreddit" than another instance [...] reddit "technology" is not the same thing as 4chan "technology"

Or "china" (porcelain) versus "china" (a band) versus "china" (one, possibly two countries) etc.

One option would be an explicit mapping step:

1. Communities are only able to stake out boring UUIDs, those are the only official ID and are used in any invites, links, etc.

2. Instances may choose to suggest a "foo"->UUID link for users on that instance

3. Users may choose to override that "foo"->UUID link within their own settings if they disagree

4. When a user references community "foo", what actually gets shared is a link based on their current mapping settings.

5. If someone else sees that link and their settings designate a different "foo", the link should render in a way that makes it obvious that it refers to something contradictory.

Yeah, it's complicated UX-wise, but the thing is it's actually closer to the underlying reality of how humans use names: There is no single global and timeless "Bob Smith", there's just one in a given context between me and whomever I'm talking to.


Nostr solves this. You don't need to "create an account", you just generate a key pair. That is your account. On what relays you store your data is orthogonal to this. As long as an event is signed by your private key, it is your event.


I think DIDs[0] are an interesting idea for dealing with the problem of centralized registration in federated systems.

It would be great to be able to create one identity that if I want to leave an instance and bring all my data with me to a new instance I can do so without friction. That's currently a big issue I have with Matrix for example -- there's no way for me to go from @user:matrix.org to @user:myowndomain.com and have that be the same identity with the same friends list, etc.

[0] https://en.wikipedia.org/wiki/Decentralized_identifier


We’re currently working on account portability (https://github.com/matrix-org/matrix-spec-proposals/pull/401...) and experimenting with glueing bluesky style DIDs onto it (so as to provide DMs for bluesky via Matrix, should they want them)


Ah, as usual if there's a complaint there's an open spec proposal for it. Thanks for sharing!


The minute you introduce the concept of "key pair", you've lost 99% of people.


True, but you might be able to store it/hide it away in some DHT behind a username and passphrase, even that might not be necessary. You can solve a lot of complexity in the protocol by good frontend people who understand UX.

Even Whatsapp is using PKI, its just all hidden away from the user.


Yeah, Apple's passkeys is trying to do this too. Their UX is good but it's still pretty immature


They managed to sell cryptocurrencies by proxy; maybe somebody else holds your keys, and you log in using a traditional method to have that provider use the keys where they are needed or rotate and update them when you want them rotated and need to broadcast that fact. And people who can handle it themselves, handle it themselves.


I think this is the decade this problem goes away.

Of course, the phrase that gains traction won't be "keypair".


Holding a private key in a way that is both usable and secure is not easy, for fundamental reasons. As such, it is impossible for this to catch on with the general public, ever.

A far mor likely outcome is for government-managed identities to become the only way to access certain kinds of services, for better and for worse. Governments already have the identity management part handled, with the legal system acting as the ultimate fall-back for any corner case. The integration is already widely used for certain services (the entire financial system relies on government-managed identities already, all around the world), so it's just a matter of extending this. It also helps solve certain less talked about problems of identity systems, such as preventing children from accessing certain kinds of content.

Ideally, instead of the current solution of every institution having access to all of your personal details so they can check your identity with the government, governments could start working for the opposite model - a government-issued and managed IdP, where only the government knows your personal details, and where enterprises get an opaque token they can use to ask the government about a set of details they need to operate their business.


That looks closer to the right solution, but...

> Remember, your private key is your identity in Nostr, so if it is compromised you'll lose your followers and will have to start from scratch rebuilding your identity.

This is the same gripe I have with home servers on the fediverse: home servers come and go, and private keys sometimes need rotating. Making you lose all your friends and content when that happens is not an acceptable tradeoff.

I think the solution is entirely separating "identity" from every single other concern such as security (private keys), hosting (home servers), and public identity ("display name").


>I think the solution is entirely separating "identity" from every single other concern such as security (private keys), hosting (home servers), and public identity ("display name").

I'm not sure you can separate it from security (private keys). If there's nothing stopping others from using the same identity then it's not _your_ identity.


Nostr does not solve this. There is not "one big Nostr" network because there is no consensus across the network. Your view of Nostr is whatever the peers that you connect with say it is, and they have little reason at the limit to share with each other or to be honest with you.

Nostr is just going in circles with federated networks all over again.


> Your view of Nostr is whatever the peers that you connect with

Clients don’t connect to peers on nostr. They connect to relays.


Relays are peers in Nostr. They're supposed to share posts with each other and altruistically create a consistent view of the network for their users.


> They're supposed to share posts with each other

Relays are not intended to connect with each other. Clients send notes to relays. Relays store notes and send them back to clients.


Yeah Nostr is cool but like others have pointed out, there's an even steeper learning curve. And besides that, Nostr claims to be censorship proof, which sounds cool on the surface but will inevitably lead to a cesspool of hate and personal attacks.


unlike censored platforms like twitter that become a cesspool of hate and personal attacks. as usual it depends on who you interact with.


Twitter has the option to steer the moderation in any direction they want.


And so will you, when you can block, defederate, etc with whoever you choose :) such is the beauty of decentralization.


This misses two important points about moderation/censorship:

1. I don't want to trawl through garbage to reach posts I like. Even a single gore video or such is enough to ruin most people's day.

2. It's not enough for me to block content I don't like - in certain situations, I have a legitimate need to block others from seeing content I don't like. Specifically, if someone is spreading lies about me, or pornography of me, the fact that I can block that person is not going to help me, I need a way for the platform to stop showing those lies/pornography to others, or at least to automatically attach my own version of the story to those lies (of course, I should first have to somehow prove those are lies).


In a properly decentralised model you’ll be free to subscribe to privately created block lists, which include users and instances considered “unsafe.” You’d subscribe to that and go about your day.

The authoritarian approach is that you want to ensure no one else sees what you don’t like. You don’t want to give them the choice.


So how do I stop people from spreading pornography of me to my friends, family, and employers?

I'm not talking about preventing other people from listening to flat earth conspiracy theories that I don't like.


The same way you should approach any illegal activity: you report it to the police.


Ok, say I win an injunction in court against this image/movie being shared. How is the court system going to enforce this injunction on the Fediverse or Nostr or Blusky?


You don’t need to win any injunctions if the activity is illegal. It will be a criminal case, not civil. The police will handle all prosecution. They’ll go ahead and shut down any suspected illegal activity by order and/or seizure, provided they have jurisdiction. You might just be asked to testify.

The globally distributed nature of the internet complicates jurisdiction, but this has always been true of the internet. If someone uploads porn of you to 300 porn sites and 10,000 tor sites, it’s very difficult to get it all taken down. That doesn’t mean there’s something wrong with the internet. It’s accomplishing its original intent.

Edit: but perhaps that is your complaint? You believe the internet is fundamentally flawed in that there is no central authority which has the power to control all information? I understand the allure of this, but I believe this wound be ruinous for the internet and human progress.


My point is only that some amount of censorship and control of information is necessary. The particular example I gave is actually quite realistic, and happens to many people each day. While getting it off of the whole Internet is hard, getting it off Twitter/Facebook/Google/Reddit/PornHub is, thankfully, quite easy. The fact that it may linger on Tor and some less reputable porn sites or other places for a longer time is not as problematic, since few people access those.

Overall, what I'm saying is that many people who espouse the virtues of decentralized or federated social media forget or minimize some of the actual benefits of centralized social media with strong moderation [0].

While I think it's great that the internet as a whole is uncontrollable, I don't think "living" in the less controlled parts of the internet for most of your online life would be a pleasant or healthy experience.

[0] I should note that I have some serious qualms about the harm some of this content does to the moderators themselves, but I'm not sure how to grapple with that particular issue.


I don't think there is a simple answer to this. I agree that we cannot wish for a world in which nothing can ever be taken down. I guess we're just going to have to find the right balance.

But right now something very conerning is happening in western democracies that threatens to shift the balance very far in an authoritarian direction. And leaning on centralised platforms is at the centre of it.

Platforms are no longer just told "here's this revenge porn video, it's illegal, take it down!". If proposed laws are actually passed it will be more like "if people are discussing stuff on your platform, you better make sure no one comes to harm or else!"

In my view this is a sea change. Pretty soon we may no longer be able to discuss a wide range of subjects on mainstream platforms (such as psychological or health issues for instance). Kids in particular will be severely restricted in who they can talk to about what. In some cases it may prevent harm. In other cases it could be catastrophic.

If the balance moves so dramatically in one direction, I think it is ony reasonable to think about how to mitigate the effects of this to preserve some freedoms and escape hatches. The efforts I see are very very feeble anyway compared to the full force of what we are facing politically.

In my view, no control should ever be total, even if on the whole we cannot wish for a total loss of control.


The tools to do this are still mediocre at best. I want tools to do content-based blocking or defederation, not identity-based.


Not if a decentralized platform claims to be censorship resistant, as Nostr does. But yeah I assume you could just block keys, or IP-addresses at some point.


Yeah, as far as I can tell, nostr does indeed solve the issues discussed ITT. I think it stems from the fact that nostr is a protocol, just like HTTP. So instead of federating or decentralizing on top of http, we needed a different protocol all-together


>. I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant

Sounds like centralization. Now if Activity Pub goes rouge ALL instances are affected.

Making accounts on your favorite instance and communicating with other instances prevents this, in theory. You may need to make a new account if Lemmy dies but you should (again in theory) be able to move your content seemlessly to a new instance. Becsuse Lemmy isn't facilitating the content, simply providing a view for itz based on its usage of ActivityPub's API


No, in the same sense as creating a Bitcoin wallet "sounds like centralization". "True" decentralization does not give any power at all to instances, the same way a Bitcoin node has no power at all over the Blockchain and it would be a bug if they did.


It's not centralization if you can set up an account tied to your own domain name (similar to an email address for your own domain) without needing to self-host an instance.


I agree. I was interested in using Mastodon, but found the necessity to choose a server off-putting. Why? Because they mostly seem to have "themes." Why would a person joining a general-purpose communications platform want to pigeonhole himself into a special-interest group? And subject himself to banning and censorship at the caprice of the moderators of THAT instance? I've had enough bullshit from lowlife Reddit moderators; I'm not signing up for more.


A lot of instances have "themes" because they are a way to gather likeminded users. There are also general instances without as all-encompassing themes, and of course you can use say a tech-oriented instance to post your own art if that is permitted by it's rules.

You sign up for the moderation you want, and if it or you changes you can jump ship while being able to retain connections (trust me, I've seen several users having migrated instances).

What's great about the Fediverse is that you not only sign up for the network, but the point you start from inside it, and the moderation you want. On a fully decentralized platform you'd either be subject to some form of easily gameable group-moderation or be left to the task of filtering content all by yourself.

I don't care that I might be missing out on some maybe nice person on a instance defederated on my home instance. I care that I feel that I belong on my home instance and my feeds are full of people whose community I can feel like I belong to as well. One that has been very easy to grow organically without an algorithm telling me what I want.


Thanks for the reply. I respect that, but I'm not interested in a particular community. I'm interested in a variety of topics and subject categories, on a global level.


Honestly, we need a physical product that's like 30 bucks and the size of a USB stick (or Ras Pi for the MVP).

It includes 3 years of free hosting for your domain name, a small web server, and a sync service that copies your files to a central server so they can be made available at that domain name. The default server would be the company that made the product, but you would own the domain, and you'd be able to change where you're syncing to with two clicks. And the canonical version of your files would always live locally (one-way sync).

Could be used for email, website hosting, and local media server capabilities. Throw some solar panels on it, and boom, you have my dream device.


Tim Berners-Lee's Solid project is working on that. Put data in "pods" that are stored on pod servers, which are federated. You can self-host.

It could be a federated layer of identity & personal content decoupled from social platforms.

https://solidproject.org/


Have you used Soild out of curiosity?


Not much. I got a pod and that's about it. It's in a pretty nascent state. Most of the public servers say they're for development/testing.


This problem of decentralization was already solved by Usenet decades ago: your user ID is your email address and the various servers (Usenet instances) all mirror each other's posts.

The problem with that was that email addresses are easily forged and Usenet lacked adequate spam filtering and content moderation tools because of its decentralized nature and the general lack of effective spam filtering in the late 90s/early 00s. So it was replaced by forums which were in turn replaced by social media.


But email is a federated system itself. Complaining about having to sign up for a particular instance is like complaining you have to sign up to a particular email provider and not all of email.


IMO the difference is not really about federation, but about the degree of context and trust the user has--or can have--when it comes to choosing servers.

There's no guarantee that name@majorisp.com is going to stick around forever, but there was a contract relationship plus a certain degree of too-big-to-fail-ness.


Not at all though. I can use an email address from my own domain name and then switch email providers without losing the identity I have built up.


Honestly a modern Usenet isn’t the worst idea. Isn’t it still used for piracy?


Either you control what is being relayed or you don't. The latter was not very successful (zeronet was a CSAM cesspit).

If you choose control then you end up with the fediverse, because there is no such thing as the "one big fediverse" if every moderator makes different decisions.


You're absolutely right and the attitude from many users and admins is extremely blind to the problem because they WANT a very close an narrow minded system that follows the admin authority and follows a "love it or leave it pattern".

It's the opposite of user choice/power and, ironically, less flexible than reddit in some respects.


I have an account on a pleroma instance. Cool.

I am able to

Follow anyone

Comment on any peertube video

Comment, follow, reply anyone on mastodon, pixelfed

I can reply to anyone on Lemmy or kbin

You will only need an account if you want to post original content on a particular instance, like if you want to upload a video on peertube or pixelfed or Lemmy. For the most part, users are consumers so they WILL only need just a single account


Though cross-software usage of different formats of (social) media is unintuitive. Browsing Peertube or Lemmy you'd probably be better off with an account on such an instance.


If you are already following a thread, then its transparent but yes, it does take a bit of time getting used to. You have to search for a username and then use that to follow or interact with it.

It could be better but its not like something doesn't exist


> I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse, which instance I use should be completely transparent and irrelevant.

This is the fundamental tradeoff. What you are asking for cannot be done and still be federated. Sorry.

The problem is that "federation" has only a small technical component; the majority of the "federation" problem is social not technical.

The social problem is "Bad actors exist. 1) How do I identify them? and 2) How do I extend or revoke trust?"

Even email, which everybody holds up as "federated", hits this problem and defers to centralization. For email, we anoint the DNS records as the primary repository of "identity" and are what are used to extend "trust" via DKIM, DMARC, and SPF.


> This is the fundamental tradeoff. What you are asking for cannot be done and still be federated. Sorry.

Can't you use a torrent-like discovery system for users?


You might be interested in the p2p design of Peergos. You sign up to Peergos[0]. Your initial server is just responsible for storing your data (although you can run as many live mirrors as you like), and clients verify all updates. You can automatically move server (by running a command) and all your data is moved, and old links continue to work, and you keep your social graph and identity.

You can also log in through any instance, including localhost. Links also work on any server because they include a capability to the content in the link.

This is the beauty of content addressing plus public key based addressing.

[0] https://peergos.org


That'll never happen for two reasons, decentralization means a user-driven internet. It has to, even if corporations have the freedom to join, decentralization by default means any private person can host a part of it.

And when users host things they give of their own resources to other users, which means there is trust involved. And whenever trust is involved we need a better insight into who signs up. For example; request access with a bio, or a donation.

The other reason is that what you describe is centralized authentication, to a decentralized backend, so it defeats the purpose. Who owns the authentication?

If we want freedom from a corporate internet, we'll just have to bite the bullet and accept a certain learning curve.

Which is also why the centralized corporate services will never go away, and most likely remain a majority.


Nah, you want an account which you have full control over and is the bearer of your generated content, rather than your content spread across thousands of independent servers which you have zero control over.

People are fundamentally misunderstanding thier needs and how they can be properly implemented.


> I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse

Just host one instance, use it only for managing your identity, and tada! you've exactly what you wanted.


> I don't want to create an account on the X instance of the fediverse, I want to create an account on the fediverse. It should be one big fediverse

You keep using the word 'fediverse'. I do not think it means what you think it means.

The whole point of a 'fediverse' is that there isn't a central authority for accounts. That an account on any of the federated systems is an equal participant in the system. That spinning up your own federated host to issue accounts is allowed.


What really grinds my gears is that all of the signup pages and “how to join” pages just say to pick a random instance because it’s federated and it doesn’t matter which one you join.

What if the random one I pick gets defederated? Now I need to find a new instance and make a new account?

This will make federated services into even MORE echo chamber ultra-moderated spaces than Reddit ever was, as the fear of defederation will cause lockdown policing of wrongthink.

I honestly think it may be worse for free speech.

Then again, I’ve never joined a federated service and I have no actual anecdote or evidence to back myself up, I’m kind of just spitballing thoughts.


It's not a big problem - just pick a reasonable instance, which 4/5 instances are anyways. Yes, if you pick an instance like lemmygrad on Lemmy that's specifically built to be an echo chamber, the chances of being defederated are higher. But picking a popular instance or an instance made for access to the fediverse (like what social.lol does) won't put you at much risk of being left out.


This seems like the correct approach. Two or three large instances with slightly different flavors that keep each other in check, then a long tail of specialized instances.


> This will make federated services into even MORE echo chamber ultra-moderated spaces than Reddit ever was

That already happened. In fact that’s the main selling point of the Fediverse. Make your own bubble and enjoy the likeminded people


the lemmy instance I've looked at is already a terrible echo chamber, as bad as some of the worst parts of reddit. I think defederation is going to lead into more insular communities unfortunately.


I've thought about it further.

'Federation' or decentralization is a fantastic idea. There is really only one way that it truly 'works' as a decentralized service...

Each and every user runs their own instance of a federated server. This way, they can 'defederate' anything they please, without affecting the whole. This way there is still no 'central' service that can be monetized, locked down, etc. and all of the federated data is available to all private instances, akin to BitTorrent or a (and I shudder typing this) blockchain.

Maybe I'm wrong.


>Each and every user runs their own instance of a federated server.

That's not federation. Federation is a distinct concept from decentralization; federation does involves trusting a third party of your choice (namely, whoever's running the instance you joined), but simply offers choice of which third-party you choose to trust.

The "everyone can run their own server" thing is just a side-effect of federation not blessing anyone with any sort of exclusivity over power to be a third-party.

Outside of tech circles, your idea is DOA because nobody wants to run their own server just to use facebook. Plenty of people don't even know what a server is, and had the ISP set up their router (and BTW they don't know what a router is either). With federation, you can still have a fairly normal app and get most of the benefits of centralization.

The point of federation is to avoid giving anyone absolute power over the community without recourse, not to completely avoid trusting anyone whatsoever.


That's because instance operators in EU became extremely uncomfortable with the majority content on the second, third, and half of top 10 largest Mastodon instances. That destroyed the Fediverse and it's more than half dead.


> But this model breaks down because it wasn't designed under the premise that interactive applications would then be built on top of individual websites

Heh I was just reading "The Innovators" by Walter Issacson and found this interesting conflict between the inventor of the WWW and the inventor of Mosaic:

> There was something about Andreessen's browser (Mosaic), however, that disappointed Berners-Lee. It enabled rich media for publishing eye-catching pages, but that came at the expense of making it easy for making normal users to be able to write as well as read web pages. With Berners-Lee's browser, any user could edit web pages just as easily as reading them, just like using a word processor. But users of Andreessen's browser had to write the HTML code themselves and upload it. Berners-Lee feared that this might limit the ability to express themselves on the web to those who were technically astute.


Funny because Andersen also made the choice to use text based pages instead of binary with the same profile in mind- making it easy for users to make stuff.


Phony "federated apps" are mostly "fragile self-hosted with linkrot, convenience, and pseudo robustness".

Robust federation works as a distributed overlay network and doesn't require any leader. The irreducible issues become:

0. "Which systems should store what data, i.e., blobs (files), entities, and entity sequences?"

1. "How many copies should there be of 0.)?"

(1.5. "What will keep scrubbing 0.) for integrity and duplicating 1.) below a given threshold?")

2. "Where should functions against 0.-1. run?" #

3. "How many copies of 2.) should execute?" #

4. "How should the operators of persistent systems recoup the microtransactional costs of compute, storage, and networking of 0.-4.)?" (Client has a pool of credits purchased through some crypto means used to rent storage capacity, net transit, and processing of media, metadata, and code #.)

5. "How many copies of next nodes and node paths do you maintain?"

6. "Which nodes should this node remain connected to?"

7. "How many fixed default nodes can be run around the world to always seed a node's initial network topology?"

8. "How much anti-correlation traffic should fill the encrypted link when there is no traffic?" (Otherwise, it becomes very easy to poison and unmask overlay networks.)

# If the platform has a serverless function concept, where it's unknown where it will run until it does.


I think the main problem is the cognitive and the technical overhead. Most users just want to use the site, they don't care about the underlying infrastructure. Federated services always have a cognitive overhead (where do I register? who do I follow) which centralised services don't have.

The real solution would be a regular, centralised service run by a non-profit.


Any amount of the use of words like "instance" or "federated" just confuse people. "Cognitive overhead" is the perfect phrase for this issue.

In the RedditAlternatives sub you can find the most hilarious responses to "I don't understand lemmy, it's way too complicated!". Quickly someone will respond with "It's not complicated at all..." then proceeds to type out a paragraph of instructions and FAQs without a hint of irony.

Like you said, users just want to hit the ground running. They don't care if your using php/asp/vbb/[insert a multitude of framework names here]..decentralized, partially centralized...they just don't want to know.

For the record I do like Lemmy, but I'm a sucker for novel implementations.


Are people really struggling to sign up for KBin/Lemmy. The act of subscribing to magazines is a bit confusing but signing up was like any other of the hundreds of websites at this point. Sign up, browse the front page, click in, comment. No more complicated than Reddit.


I think it needs a centralized client that can read all the instace is a easy way like how rss feeds work.


I'd work on this if I had ramen funding (I can support my family on 3k/mo, with some upwork/Fiverr gigs on the side of need be.

I'd set up a social benefit company that's co-owned by workers and contributors. We'll create scoring mechanisms for every action, and for hourly w2 work, etc. Pay out dividends based on your points.

Points would also give you power in town meetings, we'd also create the idea of regions so the fantasy and sci-fi region with the GOT, star wars, star Trek, etc subs could meet and decide on matters affecting their subs.

Each major sub with 10k or more could schedule a one on one with the board, but issues and feedback are always accepted.

Protocol wise the major differences are: we'd centralize auth/login as well as taxonomies like channel names or subreddits, or things like tags. We'd also centralize usernames.

Doesn't matter what server you sign up on, your username is still just username, not username@stupidserver.com, and any channel in the Reddit app namespace could only have unique sub names, so AMA could only be added once, so there's that one topic one major community thing Reddit has going for it.

The rest of my ideas are TBD, though I'd like if Reddits could have need subreddits.


I don’t understand the problem. The Fediverse already solved this. I can log into my Lemmy instance from any Lemmy app, same with Mastodon. There are also PWAs that do this.

Yes, I can’t log in from another instance’s website/frontend, but does it really matter?

The real problem is that my identity/account is coupled to the instance. If the instance disappears, so does my account and I lose everything.


There is another problem. Instances are already fracturing and forming tight ideological bubbles. See Beehaw. This means that to access all federated content, one will need to have many accounts on many instances. This is really poor UX.


I don't think this is a huge problem. You just have to pick an instance that matches your values. I deleted my account on Beehaw as I don't want that much moderation. Others might want it.

Sure this could lead to echo chambers/filter bubbles, but that is already the case on every platform. I think most people actually want it that way.


I thought Beehaw aligned with my values. Turns out I was wrong. Many of us discovered we were wrong. Beehaw didn’t announce at the beginning their intent to do this. The owner changed their mind at some point and significantly altered the experience for everyone. This is the risk: the capriciousness of the instance owner.

This is compounded by the fact that defederation goes both ways. I can’t find an instance which hasn’t blocked at least some other instances. So no matter what, if I want to have access to everything (until such time as I decide to block it), I have to sign up to multiple instances. I also have to regularly check what the owners might have blocked in case I need to sign up for other instances.

I tried really hard to like it, but all in all, Lemmy has been a crappy experience.


After a quick internet search I found some straight forward tutorials about moving instances.

So you don't loose followers/follows but can't move posts (but they are kept alive as long as the old instance is active). That is IMO not that bad at all.

Maybe it is just a matter of time we get full account moving, I don't see why that would be technically impossible to do.


You really can, and the ways to do it are "theorized" by the OP's blog post.

https://webapps.stackexchange.com/a/170880

tl;dr

For this answer, let's consider an example where:

You want to subscribe to https://lemmy.ml/c/cryptography Your local instance is https://lemmy.ca

Either search in lemmy.ml for https://lemmy.ml/c/cryptography or search in lemmy.ml for !cryptography@lemmy.ml or go to https://lemmy.ca/c/cryptography@lemmy.ml


Matrix tries to solve this with matrix.to (https://github.com/matrix-org/matrix.to), which will eventually hopefully segue into a separate matrix:// protocol in URIs.


> you would need to decouple the resource being accessed from the application being used to access it

Nostr does exactly this.


Yeah, I think nostr is the obvious solution when you realize this article is all about the issues of federating/decentralizing on top of HTTP. The P in HTTP is protocol. So the solution is that we need a different protocol: nostr


I think we could support decentralized protocols like IPFS or Freenet 2.0 at the browser level. Or even perhaps build in some type of UDP that could be easily enabled or a separate download.

I assume these ideas are blocked partly because companies like Google that have influence over browser features very much do not want a decentralized web.

Tying web pages to specific servers is also maybe something that deep down people won't or can't accept or understand about changing.

Maybe part of it is that it's hard to make p2p protocols work well and so people just aren't willing to try to tackle that and the challenge of getting that technology into browsers at the same time.


This doesn't really solve the problem, as it's incredibly easy to get IPFS support in your browser right now with a simple extension. No tinkering necessary. Yet IPFS is still rarely used, even within highly tech-literate communities.


An obvious problem is no servers. You'd have to get really creative to build a forum on IPFS, and hosting Wordpress is just not possible.


what if we had some sort of ICANN like service for usernames and app names, and to store metadata about all the networks, including a graph of the federation, ie who's federated with who... to me the biggest failings is usernames, and taxonomies. If I register a channel or username on lemmy, can I create the same channel and username on kbin? That's a huge fail, when you want something like Reddit, and I think Reddit was the best social network ever until the Corp destroyed it.

The premise though, curated content and forums like Wikipedia meets Usenet, was brilliant. What comes next needs to be maybe partially centralized mostly federated.


This is where content addressable URIs shine. IPFS is still pretty rough around the edges to use, but it allows hosting and distributing assets on the web without them being tied to a central server operator.


I'm not sure that applies here. If data is migrated from one app to another, content may change.

We could create a protocol for requesting content-addressable URLs over HTTP, but it wouldn't help with the problem described either.


I’m not sure why the data would change. I can have a blog post in Markdown that spans across multiple apps, same with other standard data formats like MP4 and PNG which do not need to change when porting from one site to another.


The post body is just one property of a JSON-LD document in ActivityPub. The rest of it is metadata, relations, etc, that different apps may present ever so slightly differently.

It's more like an API with multiple implementations.

(Even just JSON serialization differences will pop up. For example, PHP always likes to escape forward slashes.)


I agree with almost every comment in this thread, except that few seem to appreciate that "It should be one big fediverse, which instance I use should be completely transparent and irrelevant." is impossible without decentralized permissionless consensus: yes, blockchains. This is the thing they've been calling "web3", as much as HN seems to hate it.

web1 -> peer-to-peer decentralized networks without built-in consensus or economics; end up de facto centralized; SMTP, Nostr, RSS, etc.

web2 -> corporate owned networks; from iMessage to Tiktok to Reddit, this is most major networks today

web3 -> networks whose decentralization is enforced by cryptography and economics; Ethereum being one such example of a programmable network/computer

If you don't have cryptographic and economic mechanisms to encourage decentralization and resist centralization, we will just end up with a federated/fragmented system or a centralized one. We will keep repeating this loop over and over again until we fully appreciate that networks need built-in economics or someone else will build it and control them (see git/Github; RSS/Twitter; SMTP/Gmail; many others).


It is really tiresome just how much damage cryptocurrency brain rot did to any remotely novel peer to peer developments made in the last decade.


Oh wow so I'm not the only one who felt like this.

Having different unsynchronized servers has been a gigantic turn off for me.

That's like the one thing that shouldn't be the case with anything social online.


The centralized platforms seem doomed to reach a point where they’re squeezing as much cash out of users as they can while users provide their content for free. If we need to create multiple accounts to fight back against enshittification, I think that’s a fairly minor downside for increased competition.


Creating and managing multiple accounts is also shitty, if not enshittification. If people have to choose between shitty-hard and shitty-easy, they're going to choose shitty-easy or just opt out entirely.

Twitter is just text messages as spectator sport, people can do without it. The real problem is a narrowing range of media in general through active state action, continued consolidation, and the fact that tech multibillionaires just buy outlets like twitter, The Atlantic, the WaPo etc. and use them for egotistical social manipulation instead of to inform and stimulate important discussion. If it weren't for that, twitter would be the celebrity bore that it always was before weird twitter took the piss out of it. Now it's serving as an outlet for every frustration because those frustrations have been censored out of traditional media.


I mean, Decentralization sells itself on that. Look how well centralized platforms have done this year.


Decentralisation doesn’t necessarily mean federation (the source of “unsynchronised servers”), though. RSS/Atom is still a thing (and more widely supported than ActivityPub).

The only issue for microblogs is needing multiple accounts for comment sections, which can be solved by SMTP, anonymous guest posting, social login, or WebMentions (which I don’t really like due to the complexity and federation, but thought I’d mention).


Mailing list posts show up on HN all the time, but I've never seen anyone complain that they can't reply right there in the browser.


Why pretend request headers don't exist? Any app can send a request header to the same URL and have the response tailored, or am I missing something here?


You need to decouple the location of the url from the location of the resource. Like having a /resource/ branch with logic that decide which server have the resource and redirects or proxy or whatever to that content. And all locations have the same logic.

So, wherever you start on, you will access the content of the whole federation.


I've thought about trying to do something like this as a side project. For lemmy in specific, I think having a "lemmy directory" that redirects urls to their correct server would be nice. (I.e lemmydir.com/c/homelab would 301 to lemmy.ml/c/homelab. People would register their redirects on a FCFS basis and some amount of activity on the community would be required to register the redirect)


I would like to see a p2p architecture.Something that relies more on the clients,like how bittorent and rss work


Nostr with the nodes acting as relays, instead of having separate relays?


mail is federated, but web mail apps seem ok


Mail breaks down as soon as everyone starts broadcasting to everyone else.

Also the reason why ppl behind mail and chat never saw social media coming. Social media can't work on top of those protocols so they thought it would fail.

Nor did anyone imagine that everyone has such a desperate craving for Attention or this Need to broadcast their thoughts to the entire planet every day. Its still not clear why this even has any value. Its sort of like trying to build a brain where every neuron has broadcast capability to every other neurons. Our brains would just fry if such capability existed. There would be so much noise nothing would make sense.

But ppl have decided this is what they need to build to escape Google and Facebook or whoever. And the whole story doesn't really make too much sense.


I don't think you really understand social media if you think everybody talks to everybody.

Building an audience is a job for many people. It takes work to have your message be heard.


Ppl are not thinking to deeply abt what problem is being solved. They are just reacting.

Telling everyone to build and grow audience is very nice, until you realize (1) the Total Available Eyeballs are not growing. So new problems are being caused by this unescapable fact, as ppl try harder and harder for less and less (2) lot of ppl who deserve attention just get drowned out.

If you ask the decentralizing crowd what should be done about it or whether their work is going to make a diff they haven't thought about it. What's the use of designing essentially decentralised broadcast to replace centraliazed social media broadcasts without thinking about the limited eyeballs/info overload problem?


>Its still not clear why this even has any value.

It's simply human nature. The scale simply increased from a family ornfriend group, to community, to a world population.

Media reflects reality in this case.


I've had the opinion for years that any federated social media platform should fallback to email as a default. This helps solve the problem of bootstrapping an audience. You should be able to "tweet" at your friends by using their emails. It should show up on the public record as an unclaimed account.

That account could authenticate at any time through their email to claim it. You could send a "tweet" by just sending an email to post@this-new-platform.com. [follow-up verification link can be sent to approve with one click to prove email.]

I don't understand how this idea isn't more obvious to all these new platforms. We need to lower barriers to entry to decentralization.


My assumption here is that ActivityPub doesn't have a full implementation of email protocols. I don't know how difficult it is to bridge this.

Also, unfortunately eMail has long fallen to spam. If I'm not searching for it, I won't actively look too deeply into an email from an unknown user.


I don't know, but I dont remember POP/IMAP/SMTP to be lean enough for that kind of usage. Fast social media timelines are in few kpost/sec. range.

e: but sounds like a correct approach too


That's a good point and it illustrates what the solution is too. Email, is a series of protocols: POP3, SMTP and IMAP; thus they don't suffer issues with HTTP (a different protocol) that this article describes. The Web mail apps are just a client to serve your email protocol data to you. While the web apps do suffer from the HTTP issues, you at least have the freedom to switch your clients, and even the servers of your email data.


webmail doesn't tend to have the problem of sharing pieces of content via hyperlink, which is the problem the author is talking about.

fediverse apps do fine as clients to access pieces of content through their own dedicated communication channels, in the same way webmail clients do.


Emails aren't sent to the whole world and linked to on websites though


I don't think it's as huge of a problem as this article claims because:

a) you can request the same resource from multiple servers

b) it is not just the address bar which can control the server it's requested from -- servers can link to each other.

Of course, if one server is unavailable, the browser may not know to try another... but that's a small improvement which can be added.


I don't think that the author explained it very well, but the difficulty with (a) is that currently, when you follow a fediverse link, it will open in whatever server the original poster uses, rather than your own server. Odds are you aren't logged into the same server that they were, so that leaves you unable to interact until you jump over to your own server and access the same document.

This can be remediated somewhat within fediverse apps, because they can detect cross-server links and convert them into internal links if possible. But that doesn't help following a link from HN.

There might be a browser extension already to solve this problem—it would need to know which instances your server federates with and how to translate links to those instances into links to your server.


I might be misunderstanding OP here but that's not how I see it. In fact, the Mastodon web UI frequently shows profiles and posts from other servers on your own "home" server, in your own format. All example.org (your home) does is request JSON from eample.com (the remote), and displays it in whatever format fits your home server.

And it seems to me that it uses the first option that the author suggests, being example.org/user@example.com/thread


The HN article Twitter Is DDOSing Itself (sfba.social) https://news.ycombinator.com/item?id=36553236 links to https://sfba.social/@sysop408/110639435788921057

The instance of mastodon that I have an account on is https://techhub.social

I can't interact with the sfba.social toot directly. Clicking 'boost' (retweet) gives me instructions:

> With an account on Mastodon, you can boost this post to share it with your own followers. Since Mastodon is decentralized, you can use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one.

> On a different server

> Copy and paste this URL into the search field of your favourite Mastodon app or the web interface of your Mastodon server.

---

Similarly with 'reply'.

So, I can only interact with that toot on my home instance which is a bit of friction. Not necessarily a bad thing, but there's friction there.

Mastadon isn't too bad however. Interacting with it on my home instance only brings that toot over. One and done.

Subscribing to a community or trying to interact with a post in Lemmy, however, puts a larger and ongoing operational cost on the server as new comments appear and votes are cast.


That's when you start on example.org. But if I copy and paste a URL to you and you end up on the post on example.com, the best that Mastodon can do is suggest that you search for the link on your home instance.


Thank you for explaining. I couldn't make heads or tail of what the article was saying, and most of the comments in this thread are discussing different problems with federated services, rather than specifically this problem with federated web apps.


Axiom 2a of the web emphasizes this,

> a URI will repeatably refer to "the same" thing

And further,

> the significance of identity for a given URI is determined by the person who owns the URI, who first determined what it points to.

Which explicitly goes on to say ownership is not well defined because different schemes can have different behaviors.

https://www.w3.org/DesignIssues/Axioms.html#same

The trick is to actually have clients know & understand where instead to link people. If a server shuts down how does that alt-location get persisted & spread?

Effort has faced headwind, but I also really dig Signed Exchanges, which let's servers sign the content it sends & then bundle it together (WebBundles) so other servers can serve it in a trusted way. But the browser will only trust the content for 7 days, because as per this article, the dns owner might change & thats the security compromise. But an app could still parse & use that content, which makes extra sense now that we have Certificate Transparency expectations.


I agree where the author is going.

A problem with the federation is the combination of the identification, client, and backend into an instance, yet depending on the web/nets dns. I’d like to see more of a separation between the account, client, and data akin to google reader / third party reader client / rss. Before reader shut down, you could log into any reader client with your google account and all your feeds followed.

A good fediverse client would have separate settings pages for your accounts, and what you follow. I should be able to share a link to data that anyone can open in the client of their choice.

Another way to solve the authors problem is to make a new protocol.


> a) you can request the same resource from multiple servers

Can I? With PeerTube for example it's a massive hit-and-miss. Many mirros don't have the torrents or vice versa. There's no reproducible way to mirror/federate YouTube content and so on.


So matrix:// just is a standard URI scheme, seems to solve at least this particular problem for the matrix.org ecosystem.

A different problem: While the federated protocols seem to work quite well, there's not enough work on the business development side of it. Or do you know any profitable Open-Access fediverse server?


Why do they need to be profitable? There are plenty of instances that get enough funds to keep things online without any profit motive.


Infact, if there was some practice, like advertising, that could make an instance profitable, that would be incentivised. Ad-based instances and others with paid extra features that are not protocol-compatible might start popping up, and fedi would be enshittified, just like it's predecessors.


I don't see the link between for-profit fedi instances ruining non-profit ones?


Good point, but I think the feature that I can paste any fediverse URL into the search field on my own mastodon instance and view it there, solves around 40% of the problem.

There are also already browser extensions which automatically redirect you to your own instance I think, but those need access to all browsing :-/


If I run a local proxy, it can do all kinds of tricks. Think about VPNs and DNS resolution.

If I use an aggregator, it can do all kinds of tricks. Think about Usenet, email, RSS feeds.

If you build on top of IPFS or something, there's lots of options.

BitTorrent comes to mind.

There's lots of options.


All these discussions sound like people who don't know how cars work, but they do know how to use a wrench, screwdriver, etc, and they try to design new cars.

A "federated web app" is literally just a web app that uses OAuth. You can do "more federation" with OpenID or OpenID Connect. It seems "the fediverse" is intended for more of the same, but with specific data types (e.g. "social media data"), which does not seem scalable.


confused how the author is defining 'application'.

Is it a server-side or a client-side entity? Seems to use it interchangeably at different points in the text, perhaps purposefully, perhaps not. Or if there is another property that that defines it as an "Application", what is that? (and how is that different from a 'Resource')


Ghosh, a second “terrible take about the web” from Hugo Landau in a week (after the “I intentionally mix-up threat models and also I don't understand service workers”[1] we got on monday)…

[1]: https://www.devever.net/~hl/webcrypto


As i see, the fediverse was born to fight with monopoly systems ?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: