In 2020, I published *This is Fine: Optimism & emergency in the p2p network*(https://newdesigncongress.org/en/pub/this-is-fine). It laid out a clear argument that the #fediverse is irreparably vulnerable because of its p2p nature and political naivete:
*"Anyone with administrator access to an Instance can read anything that travels through that Instance’s infrastructure – including direct messages. The level of risk correlates with the number of cross-Instance interactions between users. If users from different Instances communicate, an attacker need only compel one Instance to reveal the direct messages between all of the interacting accounts. [...] In a peer-to-peer network without encryption, there’s no structure, no agreed-upon governance, and absolutely no protection. Compromising or compelling an Instance or its staff means that all of network traffic
... show moreIn 2020, I published *This is Fine: Optimism & emergency in the p2p network*(https://newdesigncongress.org/en/pub/this-is-fine). It laid out a clear argument that the #fediverse is irreparably vulnerable because of its p2p nature and political naivete:
*"Anyone with administrator access to an Instance can read anything that travels through that Instance’s infrastructure – including direct messages. The level of risk correlates with the number of cross-Instance interactions between users. If users from different Instances communicate, an attacker need only compel one Instance to reveal the direct messages between all of the interacting accounts. [...] In a peer-to-peer network without encryption, there’s no structure, no agreed-upon governance, and absolutely no protection. Compromising or compelling an Instance or its staff means that all of network traffic is laid bare to its assailant. [...] The decentralised community seeks to antagonise a powerful status quo whilst making tradeoffs that do not acknowledge how societies directly threaten their communities."*
Today, Kolektiva - a anti-colonial anarchist instance - announced an FBI raid of one of their admins, which included the seizure of an entire copy of the Kolektiva instance.
This is *literally* the kind of situation I warned about nearly three years ago.
https://kolektiva.social/@admin/110637031574056150
Centralised power and decentralised communities are on the verge of outright conflict for the control of the digital public space.
newdesigncongress.org
vagabond
in reply to shibco • • •you are not seeing the point. It's designed #4opens this is why it works.
What you wont to do is a different project (#4closes) which is fine. Have you thought about doing a bridged companion project.
Both paths have value, but they are different.
Bob Mottram :debian:
in reply to vagabond • • •@Hamishcampbell At this point the fediverse is about 15 years old, and so political naivety is not something which it can realistically be accused of. The kinds of features it has - peculiar though some may seem to Twitter users - are the outcome of numerous battles, scandals and exoduses.
If I am interpreting your lingo correctly then I agree that the right response to scandal is not to go into locked down fully encrypted p2p mode. Making it all "technically secure" against nation state adversaries means that end users have to manage their keys on their own endpoint devices and practice scrupulous opsec. This is something which the average person is never going to manage, and which even experts often fail at. So if you want a public fediverse there are some tradeoffs which have to be accepted.
shibco
in reply to Bob Mottram :debian: • • •This is Fine: Optimism & Emergency in the P2P Network - A New Design Congress Essay
newdesigncongress.orgvagabond
in reply to shibco • • •This text reads like a vanguardist path, based on #mainstreaming reading and narrow #geekproblem thinking. It's missing the paths that hold value in #4opens horizontal activist paths we are taking but. But yes, getting lost on in our the growing #fedivers and the wide spread of #openweb diversity projects.
What it does highlight is the need for social and political thinking is needed, the is value there.
Can you see any of this feedback?
shibco
in reply to vagabond • • •vagabond
in reply to shibco • • •@bob
For the last 15 years most activists have been organising direct action in the #dotcons so a step to the #openweb is a good step.
I was involved in the setting up of the instance we are talking about, when pushing this I pushed it was #4opens after it was out of the hands of #submedia the talk of "hardening" began, and is still ongoing bad pushing of a foles agenda. It's #openweb not #closedweb
They are different paths with only slight overlap.
vagabond reshared this.
Bob Mottram :debian:
in reply to shibco • • •vagabond
in reply to Bob Mottram :debian: • • •Was talking about the text being vanguardist. Best to in courage people to use encrypted p2p chat or better offline for anything that actually needs security.
Admin
in reply to Bob Mottram :debian: • • •@bob @Hamishcampbell
It's hard to stress how "niave" meany devs on the #fedivers are after 15 years is exactly what I have been saying for 20 years.
#openweb #4opens is about building human trust, hard security is a very slightly overlapping but easy to see different path for building non "trust" based connections.
Some surprisingly hard to build bridges might help with this ongoing mess.
shibco
in reply to shibco • • •At the time, *This is Fine* was shared pretty widely across Mastodon, Secure Scuttlebutt and other related communities. The piece generated a lot of discussion, but ultimately nobody wants to confront this undeniable reality: ActivityPub and all of the platforms that fall under the umbrella of the #fediverse will betray even its staunchest champions of decentralisation or anti-capitalism. The same is true for all other p2p or federated protocols. This digital movement is built on tools whose authors deny the very reality that even they themselves face.
From the forensic immutability of Manyverse/Secure Scuttlebutt, to the backyard-run, un-encrypted, metadata riddled design of every Mastodon/Pleroma/whatever servers, to the utterly insane non-consensual and moderation-free data-storage design of Lemmy, you are all organising on platforms built by people who, quite simply, *have delivered a shockingly dangerous set of tools that will eventually be used against you.*
It beggars be
... show moreAt the time, *This is Fine* was shared pretty widely across Mastodon, Secure Scuttlebutt and other related communities. The piece generated a lot of discussion, but ultimately nobody wants to confront this undeniable reality: ActivityPub and all of the platforms that fall under the umbrella of the #fediverse will betray even its staunchest champions of decentralisation or anti-capitalism. The same is true for all other p2p or federated protocols. This digital movement is built on tools whose authors deny the very reality that even they themselves face.
From the forensic immutability of Manyverse/Secure Scuttlebutt, to the backyard-run, un-encrypted, metadata riddled design of every Mastodon/Pleroma/whatever servers, to the utterly insane non-consensual and moderation-free data-storage design of Lemmy, you are all organising on platforms built by people who, quite simply, *have delivered a shockingly dangerous set of tools that will eventually be used against you.*
It beggars belief that any such project could be seen as #queer or #feminist or #anticolonial, because every single server, every single instance is a packaged gift rich with data and ready to inform movements and structures that are out to destroy us.
shibco
in reply to shibco • • •What do we do about this? Honestly, I have no idea. I've spent three years so far trying to get developers and advocates to care about this. I founded my own research firm, New Design Congress, specifically to get platform designers -- *especially in the decentralized community* -- to come to terms with this reality, that all infrastructure are expressions of power, and are at their very core political.
We've been blown off consistently, especially by people who ought to know better and who now either steer massive emerging projects, or act as major ideological activists for these platforms.
New Design Congress spent three years sending proposal after proposal to funders like @mozilla, Reset.tech, @EC_NGI, the @PrototypeFund, and others. We've been knocked bac
... show moreWhat do we do about this? Honestly, I have no idea. I've spent three years so far trying to get developers and advocates to care about this. I founded my own research firm, New Design Congress, specifically to get platform designers -- *especially in the decentralized community* -- to come to terms with this reality, that all infrastructure are expressions of power, and are at their very core political.
We've been blown off consistently, especially by people who ought to know better and who now either steer massive emerging projects, or act as major ideological activists for these platforms.
New Design Congress spent three years sending proposal after proposal to funders like @mozilla, Reset.tech, @EC_NGI, the @PrototypeFund, and others. We've been knocked back every time. We have **never** received direct support or advocacy from civic society organisations who champion the rebuild of a equitable Internet. We have **only** been able to continue our work and grow thanks to our NDC community and a handful of extremely forward thinking private organisations -- or, shamefully, organisations who have already been subjected to the precarity of decentralization.
I despair for the future of the #fediverse #decentralization movement - #bluesky, #mastodon, #peertube, #ipfs, #dat, #lemmy, all of it.
Ed Summers
Unknown parent • • •shibco
Unknown parent • • •Ed Summers
in reply to shibco • • •shibco
in reply to Ed Summers • • •Ed Summers
in reply to shibco • • •shibco
in reply to Ed Summers • • •Ed Summers
in reply to shibco • • •Ed Summers
in reply to Ed Summers • • •Admin setting to disable DMs on instance · Issue #6945 · mastodon/mastodon
GitHubshibco
in reply to Ed Summers • • •vagabond
in reply to shibco • • •@bob
This mess you talk about is not solved by more tech we already have most of what we need.
* Open media is #4opens based on trust, the current ActivertyPub is a relatively #KISS good example of this.
* Privacy is encrypted p2p chat, which the are meany good #UX mature #FOSS projects you can find
The change we need is social, getting people to use the different approaches for different needs, this is surprisingly difficult.
Bridges while dangerous are needed.
Bob Mottram :debian:
in reply to vagabond • • •vagabond
in reply to Bob Mottram :debian: • • •@bob@epicyon.libreserver.org @edsu @rm4 @bob@soc.freedombone.net
Yes at the moment as it's a #OMN based on the #4opens you have very low barrier to running or even developing an instance this is where the value is.
Adding security generally makes a HUGE barriers to Dev and #DIY running an instance.
The #geekproblem has no idea of the damage they do when pushing there "common sense". This creates a signal to noise issue that has been blocking alt for 20 years.
Just stop comes to mind
vagabond reshared this.