This suffers from the same problem that so so so many alternative social, federated, self-hosted ideas suffer from. Matrix, keybase, pgp, etc.
It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
> The private key is stored in the browser’s localStorage.
Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out.
(And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
A bit of an off-topic, but the social networking protocol should never be designed for the sake of the protocol itself, or it’ll not enjoy the networking effect. A protocol must offer direct benefits to users, so that they keep participating in the network. This participation is what eventually forms the network of people, a.k.a, society. I always pick BitTorrent as the most successful example of such networking protocol - people just wanted to download stuffs (e.g. movies and pxxxs) but ends up participating in the sharing network.
Personally, I think a possible angle of attack for a new practical social network protocol is data management, as the amount of data people generate, consume, store, and share is enormous these days. More like, manage data conveniently, and share them easily as a side-effect.
I think a good protocol however is key for adoption. Many a good idea has died an early death because the implementation of it was, too complex, insufficiently robust, or poorly thought out for the future.
> By convention, the client looks under /satellite/ by default. If that path is already taken, place a satproto_root.json file at the domain root containing { "sat_root": "my-custom-repo" } — the client checks this first.
Would a `/.well-known/` be helpful here?
.poorly-known
Ah, just like AT Proto when it was released, introducing compatibility hazards and security vulnerabilities by putting stuff in the root rather than in .well-known. Sigh.
Glad to see more of these efforts. But here's what it will really take to decentralize social media and E2EE messengers:
We need something like Discord, except each server is an actual self-hosted server like a Minecraft server. DMs between two users should be handled by a mutual server. Account credentials should be handled by a Nostr-like protocol, which also gives you global tweeting capabilities as a bonus.
Run the whole thing on Yggdrasil Network or something similar so that it's not tied down to IPv4v6 and DNS and all existing hardware infra, but can still take advantage of them. And add reciprocal inter-server onion routing to make it difficult to geolocate servers. Also take a page from SoftEther VPN's book and wrap all traffic in HTTPS and perform automatic NAT traversal, so that people can host servers from behind ISP firewalls.
Anything short of that and we lose to big tech and govs in the long run. But once we've achieved the above, the decentralized web can truly take off: we will get WiFi routers running open-source firmware to make a mesh network to act as alternative physical layer infra for the new web. We can still take advantage of the existing Internet's bandwidth as long as there's an unblockable path to send a little bit of data to discover and coordinate nodes.
Building exactly this; in Mikoto Platforms, "Spaces" can be located on any physical node, and DMs are E2EE routed through multiple nodes
> Anything short of that and we lose to big tech and govs in the long run.
This is not a software issue, it doesn't matter how good the tech is, the masses will always aggregate to big tech networks because decentralized networks will never have billion dollar marketing budgets.
Non big tech solutions don't need billion dollar's worth of marketing. In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree, know what is a private key and how to safely back it up (other comments brought up this exact issue) or even knows what a "static website" means. Non big tech solutions need to give non technical users (read: the overwhelming majority of humanity) a good onboarding experience that does not involve learning ten new jargons and acronyms. Non big tech solutions need to know they have a limited strangeness budget [1] and should only spend it on places it matters. Non big tech solutions need to start actually cater to the unwashed masses before being befuddled by them choosing to stay on mark zuckerberg's platforms instead.
[1] https://steveklabnik.com/writing/the-language-strangeness-bu...
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous
Then maybe you're not the target audience, or you're just not noticing the ads, because TikTok is particularly notable for their aggressive marketing efforts during their growth phase.
> Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree
Non big tech platforms don't need anything. They can never compete with billion dollar budgets and they shouldn't set that as a goal. Everyone enjoys a well designed UX, but billion dollar marketing budgets will always eclipse the alternatives.
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
For the first years of its existence I only new tiktok because they were advertising everywhere.
I don't think that's true. If there really was a good enough open-source Discord alternative, many would already switched. A big part of the problem is there isn't one. Matrix, Stoat, Telegram, etc are all missing something. That's why new ones are being built.
I guess I’d rather have something approaching bittorrent, edonkey/kad, ipfs, blockchain, webarchives.
You have named networks that are federated together, and people can publish to the networks they are invited to or sign up for. The networks survive even with individual servers go down. Data is cached all over at the edges.
Your version is just way too susceptible to rot, unless you see that as a feature. I see it as most of the good content falling into the ether sooner rather than later.
Also can use people viewing the pages as hosts https://gabe.durazo.us/tech/ephemeral-p2p-project/
If we decentralize messenging and social media, all of those protocols you mentioned will survive.
I’m not specifically saying to use those protocols as much as the philosophy of hashes pointing to blocks that are redundantly spread far and wide.
Minecraft servers are a poor metaphor for what ideal decentralized social media should look like. They are the opposite of robust.
The problem with distributed storage is they place too high of a requirement on edge nodes, which people have to host, and they synchronize too slowly for real time messenging. If I upload a 1GB video to my server's chat, that storage load should not be replicated on many other nodes. Who pays for that disk space? The federated model is a lot more robust in this regard.
As far as archiving is concerned, many archiving orgs will pop up if their discussion servers and public facing websites can't be traced or easily shutdown. The protocol itself can't archive things, but it protects the people doing the archiving work and gives a place for websites like Annas Archive to live without relying on IP and DNS. The idea is to amass enough uncensorable social power so that such efforts can't be banned or shutdown, then you can use existing protocols like BitTorrent all you want.
Long ago there was this thing called foaf https://en.wikipedia.org/wiki/FOAF and also https://en.wikipedia.org/wiki/Pingback ... it was the closest I've seen to completely decentralised social media.
Webmention is the modern counterpart: https://indieweb.org/Webmention
(The IndieWeb wiki is probably the best resource for exploring the personal website-based social networking tech nowadays. I recommend the author check it out and maybe iterate on that instead :)
Don't forget XFN!
This is intriguing. But I wish there was a rationale/philosophy document on that site, that explains what the intentions and use-cases behind this project are. Given that cryptography is such a fundamental part of the design, I wonder if public posts are not desired.
I wish I could share a graph of my eyebrow height over time as I read through this part:
> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
But in all fairness it seems like a reasonable system, given the narrow scope of its goals. It does not scale, but that's on purpose. Although I could still see "Feed Aggregation" becoming impractical even with a small number of friends with a modest number of posts.
Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen.
> if you believe quantum computing will ever happen.
... and you don't believe that everything will be totally fucked when it does happen.
If there is a global passive observer, and they get quantum computing, a huge amount of supposedly encrypted private information just got popped. Whether or not I care about my dinky little private social network posts when every ssl/tls connection I've ever made is being cracked and data mined is an interesting question.
Your app picks up a bunch of feeds and composes them into a nice page for you, much like an RSS feed reader. The twist is that each feed is encrypted in a way that only you can decrypt, so the cryptography also gives strong identity guarantees, and allows for private messaging.
It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven.
As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity.
> The twist is that each feed is encrypted in a way that only you can decrypt
Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...)
The content key is common, like the PGP session key is common. But to obtain the content key, you need to first decrypt it by your private key. The content key is encrypted by the public keys of every intended reader, so each can have a secure copy of the content key. Again, exactly like PGP works.
A PGP session key does not span multiple messages, however
So a database, that you can send a network response or request with that data, that when received by a client, builds a static website.
I see.
I see...
> Key Rotation (Unfollow)
_ /
. .I'm curious why not use Nostr?
It would be nice to start with what this actually is from the user’s point of view.
Forking, paths, JSON, decentralized, encryption, key rotation, etc and I still have no idea why I would bother and who else could use it (a decentralized social network is only so much fun if you are the only one on it).
I can think of at least a couple of dozen fairly technical friends who'd be capable enough to set this up themselves, and who're at least adjacently interested in recreational paranoia. And probably another dozen or two who're definitely into recreational (or possibly delusional and/or fully deserved paranoia) who'd be willing to learn or get help setting this up.
Right now, those circles of friends are _reasonable_ well served with some combination of Mastodon (effectively zero security but with decent findability) and Signal (much more limited mostly to only people you'd be OK with having your phone number).
I will definitely take this for a spin, and start having discussions with particular groups of friends to see it I get any traction.
Funny to see people mention nostr
https://satellite.earth/ (Satellite nostr client)
https://nsite.run/ (literally static sites on nostr)
This obviously needs some iteration on the protocol design as other commenters have mentioned, but I'd still be up for partnering up over here at https://anproto.com/
This seems like a thin wrapper around libsodium, maybe I lack imagination but it's hard to see it as a protocol. On wiredove I see people posting with handles and profile pictures, where is that defined?
and thx for being the first person to notice the thin wrapper
userspace
Very interesting idea, love the simplicity.
Question about this:
“Threads are positioned in the timeline by the original post’s created_at; replies within a thread are sorted by their own created_at ascending.”
Does this mean, I, as the person replying to the post can manipulate my reply time to say, 3 minutes before person X’s reply?
If so, I can imagine a few adversarial ways of (ab)using this.
I understand this is more for friend groups, just curious if my understanding is correct.
Yes that's correct.
edit: I guess an easy fix is to append a cryptographic hash to the post ID, but yeah currently I'm assuming you trust your friends.
Signed JSON reminds me of Nostr. I wish Nostr was somehow more mainstream.
I laughed when I saw this because two years ago I built a nostr client called Satellite! https://satellite.earth/
I think: A new way of old school forum would bring real UGC rel="ugc" that brings value to human and agentic readers.
Let's crash the fediverse! https://wire.wise-relations.com/
OctoTown: https://octotown.github.io/
Amazing. I'm building almost the exact same thing. I'll share mine when it's mature enough. :D
Nostr https://nostr.com/
Real question for people who know what they’re talking about:
is perfect forward secrecy no longer considered valuable?
PFS is valuable largely in stable, small groups that rarely change shape or association.
PFS in an open, freely-associable environment is far more complicated when you move beyond even the smallest of group sizes. Realistically, once the group size is beyond Dunbar's number you can reasonably assume that PFS is moot, because you no longer can depend on maybe four or five people's personal security, but 150+. Statistically, someone's opsec failure will be guaranteed.
Seems like a missed opportunity to not put a /satellite/satproto.json file on that site.
have you considered Replace X25519 with a post quantum cryptography key encapsulation mechanism like kyber or saber?
See also org social:
Thanks for this, nice concept. This would be good on a Tor onion service.
This needs a YouTube demo video.
Just use RSS at that point. I don't see the value of encrypting everything, like people are gonna be spying on your random static blog entries.
The client fetches the pub key off the server which is decentralized? There's no part in the protocol that authenticates whether or not a pub key is legit. If its replaced by an attacker and someone subsequently goes to fetch a key they can read those messages. I mean, pub key infrastructure is meant to solve that. With SSL and such... that's why you its a federated chain of certificates with providers vouching that names = pub keys.
This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue.
When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle:
https://en.wikipedia.org/wiki/Zooko%27s_triangle
human-meaningful, decentralized, secure -- pick two
satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon.
This is not true of indieweb's web mention: https://indieweb.org/Webmention
It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between.
Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html
I wonder what the signing is for if you already have a domain name to verify your authorship.
It doesn't use signing, aside from the signing that exists within TLS
I think they mean in s@.
...which doesn’t do signing, but does do E2E encryption? So it’s more like DMs-over-HTTPS.
Webmention is cool indeed. Also one of few techniques that’s currently free of some corp’s greedy roadmap
[dead]
[dead]
Does the polling need to be fast? I think back to mailing lists and the huge delays involved in those conversations. Yet they were/are often very productive. Somewhere between Twitter/X speed and mailing list speed might be acceptable.
Maybe this would be better with a LiveJournal style interface. Medium length posts with threaded comments/replies are an underrated format.
That should scale pretty well. The HTTP fetch of posts/index.json could use conditional get requests to avoid downloading the body when there are no changes. Static files are dirt cheap to serve.
Maybe that's a feature rather than a bug
I could see myself making similar comments. On a practical level, they're valid. But maybe...
If we are ever going to free ourselves of rent-seeking middle men, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
What's wrong with middle men? They provide a service, too.
Eg your bank genuinely helps with finance and transfers compared to transacting directly on a blockchain or snail mailing cash around.
> I think people just want someone else to take care of their shit.
Yes, division of labour!
Nothing wrong with middle men per se, but problems do arise when we all rely on the same middleman: those become way too powerful and can do nasty things.
By that time, no one can do without the nasty middle man as we have forgotten or never learned the skills to fend for ourselves and are thus beholden to the nasty middle man.
Network effect compounds this
Most people don't really care about rent seeking middle men though, so why should they put in effort into doing things themselves?
Maybe it's ok to create something that isn't for most people. That's how the internet started out. It's only gotten worse the more accessible it became to most people. Maybe it's a good thing to create a split based on capabilities and technical know-how.
> we simply have to make a cultural change
Yeah...
I mean, they're impossible, and yet they happen. I've seen cigarettes and seat belts change in my lifetime. As a former smoker and denizen of the world of ubiquitous airplane and restaurant smoking sections, I would have bet anything against the rapidity of change in norms and laws that occurred.
I mean cigarettes give you cancer and seatbelts can save your life. Both of them were supported by massive government initiatives and tax incentives. How is that even comparable to software middle men? The problem is not even on the same scale.
"one does not simply make a cultural change"
1. Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
2. You don't need to know unless you want to implement the protocol! To use (the very barebones) implementation all you need to do is fork the repo & give access, which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
> Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
Having seen enough story in the vein of "if only I still have my bitcoin wallet from 2014" and "our storage server failed and when we tried to restore from backup we found out our last working backup was from two years ago," I have to say I have a rather dim view of how competent people actually are when it comes to keeping backups working.
I am not saying cryptography isn't useful for safeguarding your data, I just think for perhaps 90% of the users out here the risk of being locked out of your data permanently is more realistic than your data being accessed by a bad actor.
> which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
From reading the website, I was under the impression this is a techie oriented project still looking for technically inclined early adopters instead of something you can readily tell grandma to hop on. I sincerely doubt the average friend and family member who needs other's help to set up a personal website knows what the protocol does or why should he or she use it instead of Instagram or Facebook, or Signal, if the point is just to keep in touch with people you already know.
I think a lot of even not very technical people have gotten used to TOTP QRCodes, and being able to store screenshots of them in password managers. (And having experience in losing 2FA keys that they'll go to some lengths to not repeat.)
I wonder if there's a decent way to encode these private keys in QRCodes? You can jam about 4kB in a high density one from memory? (I know that'd be possible from a developer/technical point of view, but if this were my project I'd want a talented UX designer to have complete authority over how this is presented and explained to users.)
One other idea - maybe implement a Shamir's Secret Sharing mechanism where your private keys get sharded and encrypted to a sufficient number of selected friends, so of you lose your s@ private key it can be re assembled by convincing - say - 8 out of 12 selected friends to give you their part?
Or alternatively - automate a "recovery mechanism" where you set up a new key pair and publish it on a temporary domain/site, and can then ask a friend/follower who can authenticate your identity out-of-band - to export all you posts decryptable with your new key, then put you new key and all your old posts back into your main site.
Many years ago, I had an idea to use specially formatted emails as a transport layer for a social network. Predictably, it too, went nowhere: https://medium.com/@hliyan/email-re-skinned-as-a-social-netw...
Cloudflare tunnels are an interesting alternative, self hosted but with external security
Fully agree.
Who's gonna sniff your traffic from home? NSA, your ISP?
They already do.
Same as in corporate networks: your data is MITM anyway.
Fun should be unencrypted. It's not shopping or ssh into server.