This week’s implosion of Twitter has set off an unprecedented migration to alternatives, particularly the ActivityPub based Fediverse. Since that implosion included a complete breakdown of  the verification system (What do blue checks mean today? What will they mean tomorrow?) lots of people started off thinking about identity and impersonation in a decentralized space.

The previous verification system at Twitter was the kind of centralized approach most of us are used to.  Twitter publicly attested the identities of about 400000 accounts belonging to institutions, brands, and various celebrities in the same way most people in the developed world rely on an ID card issued by a government.  To think about how to build an identity system without a central authority, we have to look backwards. Before national ID cards, identity was largely managed through social connections.  You were introduced to someone, in person, by a common acquaintance whom you both trust.  That introduction attests your identities to each other.  This is in essence the web of trust that Pretty Good Privacy tried to build via key-signing.

Of course, the process becomes more complicated when you aren’t in person.  What if that letter of introduction is a forgery?   Oddly, existing social media platforms worked on the electronic version of this problem in a roundabout way, with photo tagging.  When I take a picture of someone and tag them when I post it.  I’m attesting that the account I tagged belongs to the person whose image I posted.  If you also recognize that person’s image, you can take that tag as evidence that a particular account belongs to a particular person.

In the Fediverse, such identity verification as there is relies on having control of some other website.  Mastodon, the most popular ActivityPub implementation, allows you to place a link to your profile with a rel=”me” attribute on your website,  When you add the address of that page to your profile, it appears with a green check.  What this actually does is show that the same entity controls the website and the Mastodon account.

If you control a domain, you have another option, creating a Fediverse server within that domain.  Since you control the domain, you control the Fediverse server. This method is an option for institutions as well as individuals.  mastodon.archive.org  has been launched by the Internet Archive and only IA employees are allowed to have accounts on this instance.  Effectively, IA is publicly attesting the identity of the person attached to each of those accounts. It will be interesting to see if other institutions follow suit.

As the on again off again acquisition of Twitter went on again, focus turned back to mastodon, a federated alternative.  As another wave of users dip their toes in the waters, I wanted to share some thoughts.

Scale

The fediverse is predicated on replacing a single site having one set of policies with a network of sites.This is both technically resilient and resistant to the whims of a single owner. There are, however, different ways to realize this concept.

The web interface of mastodon includes a local timeline, A separate local timeline makes sense when each instance is a distinct community. Initially, standing up and administering a server was not for everyone. Mastodon was designed with an administrator role and those administrators are empowered to set policies on their instances. The model here is a collection of “small towns” each with its own culture.

But then something happened — mastodon became popular and more accessible server models became available, including pre- configured VPS’s and hosted options. This opened a new use case, that of the single user instance.  Here, the local timeline becomes unimportant.  This is more like Twitter, which doesn’t have such a thing.  The official iOS Mastodon client has gone as far as not  even showing the local timeline. We have an interesting scenario in which not only policies and standards but also what it means to moderate vary from instance to instance.

Mastodon and protocols 

Mastodon runs on ActivityPub, the under the hood protocol that allows instances to communicate with each other.  It also supports publishing RSS and Atom feeds.  There are other applications that support ActivityPub. For example, A WordPress site can, with the right plugin, publish an Activitypub stream.  This allows a mastodon user to follow that site as if it were a mastodon user. However, that WordPress plugin generates ActivityPub but doesn’t parse it, meaning if you reply in Mastodon, nobody will see it. You end up with different apps using the same protocol to different ends.  Combine this with RSS support and you need to think about your data flows.

Update: Because of incompatibilities with other plugins, I did not test this on my own site. The WordPress site I followed to test was using a custom configuration that I mistook for a default setting.

Inspired by the most recent twitter hack, Ian Bogost wrote this week in The Atlantic about the failings of decentralization. I was struck by one passage:

“Twitter isn’t just a place for memes or news, or even presidential press releases meted out in little chunks. It’s where the weather service and the bank and your kid’s school go to share moment-to-moment updates. Though seemingly inessential, it has braided itself into contemporary life in a way that also makes it vital.”

The thing is, you don’t need a central site to collect these moment-to-moment updates. RSS has been around for longer than Twitter. There used to be little RSS buttons on lots of web sites. What would our online world look like if Google hadn’t killed Google Reader and RSS had hung on.

It occurs to me that inadequate discovery tools were the hole in the decentralized internet. Google got its foot in the door of the web by solving the search problem. Once that was centralized, Google ( and then Facebook, and then Twitter) , bit by bit, centralized everything else. Was there a way to make finding things less centralized. Is there one today as we look at web alternatives like Dat or IPFS?

In reply to https://twitter.com/Iwillleavenow/status/1202373255811584000.

I am eager to read Mark Pesce’s new essay , “The Last Days of Reality“.  Unfortunately it’s subscriber only at the moment. You can listen to his talk at one of the launch events. At first glance the notion of reality ending used to seem to be a stretch. Now we have “fake news” and Vox writing about epistemic crisis.

Technology has now gotten so advanced , it can obscure standards of truth, whether that’s changing the weather in a picture or the text of an audio.  What happens to truth when images and audio are no longer authoritative?  We actually have an idea of the answer to that question, thanks to the past.

James Burke described the opposite transformation in episode four of The Day the Universe Changed, “A Matter of Fact.” The episode begins with a description of epistemology prior to the printing press.  Burke argues that truth, in a mostly illiterate society, was grounded in relationships. Something was true because someone you trusted said it was.  Burke points out that this epistemology is preserved in things like oral personal testimony in court. He then goes on to explain how printing changed that.

Is it possible that “everything old is new again?” We see this in the way social media has changed news consumption.  More and more of the news we see comes from the things our friends bring to our attention.  Our news world comes from the people we trust.  Sound familiar?

There’s of course a huge difference in this model now and how it worked hundreds of years ago.  In the middle ages, most people communicated face to face.  You knew that your source was who they said they were because you looked them in the eye, with a few notable exceptions like Martin Guerre. Today, things aren’t that simple. Given the relative lack of encryption in person to person communications, there are few assurances that the email, tweet or facebook comment comes from the person who is its alleged author.  It’s possible that improvements in usable encryption will make it easier to verify identity online. If we are going to rely on relationships for our personal reality, this sort of verification is very important. Even if verification improves, what if , as Vox alleges is already happening, there are no shared authorities?

For a number of years, college and university general education requirements have , at many institutions, included some sort of mandatory course on computers and technology.  Several decades ago when I met the requirement, I did so by completing a course that was mostly about how to use AppleWorks.  These days, students are more likely to use Microsoft Office and various web applications.  If we are educating our students for citizenry, that’s not good enough anymore.

For the last couple of years, I’ve been thinking about what I want my children to know about computers, technology, and the net, and I’ve decided that it’s not MS Office.  It’s not even how to code. Instead what I want them and everyone to learn about is how technology is changing our society.

As a thought exercise, I’m going to set down in writing a sketch of what such a course might look like.  I haven’t done much comparison research, and I’m sure some other institutions have already created such a course.  Nevertheless, here it goes with  a topic list and some suggested readings:

A Brief history of networked, decentralized , and recentralized computing.

A Declaration of the Independence of Cyberspace – John Perry Barlow
The Web We Lost – Anil Dash (Video)
“Reclaiming the Internet” with Distributed Architectures: An Introduction – Francesca Musiani and Cécile Méadel
The Mission to Decentralize the Internet – Janus Kopfstein

Algorithms

Big Data: It’s Worse than You Thought – Frank Pasquale
Weapons of Math Destruction – Cathy O’ Neil
We’re Building a Dystopia Just to Make People Click on Ads – Zeynep Tufekci (video)

Blockchain/DHT

The Trust Machine – The Economist

Data Collection and Surveillance

Snowden and the Future – Eben Moglen

Encryption

Don’t Panic: Making Progress on the “Going Dark” Debate – Berkman Center for Internet and Society, Harvard University
The Case Against a Golden Key – Patrick Ball

The Control of Technology and the Technology of Control

Lockdown: The Coming War on General-Purpose Computing – Cory Doctorow
Twitter and Tear Gas – Zeynep Tufekci

I recognize that many of my sources here have a leftward lean. Does anyone have suggestions for:

1. Writers who are more politically conservative but have a good understanding of the capabilities and limitations of technologies?
2. Topics and/ or resources I should have included but didnt?

In the wake of recent FCC plans to repeal net neutrality regulations, people are starting to talk about decentralization, both of infrastructure and of the platforms we use to communicate on the Internet.  The latter has moved more quickly than the former, since it’s arguably easier to write code than to lay fiber optic cable.  In the last few months, I’ve experimented with :

• Mastodon
• Beaker Browser
• GNU Ring
• Matrix
• ZeroNet
• RetroShare
• Twister
• Patchwork (SSB)
• Friendica

Note that those indicated in italics are more web replacement than social network platform.

That’s quite a few apps to open regularly.  Wouldn’t it be nice to aggregate this content so you could follow everything from one app. There have been some attempts at this (seesmic/tweetdeck/etc.) aimed at the major commercial social networks, but , since feeding into an aggregator undermines the revenue model of the social network (remember how Twitter used to support RSS?) they were either acquired or left to wither. Since decent platforms don’t have a revenue model to protect, why can’t they be more aggregation friendly? Mike Caulfield suggested that smartphone OS’s were functioning as aggregators via notifications.

There are actually three problems to solve, reading, which is relatively easy,  posting, which is harder, and social graph management, which is quite complex

Reading various streams in an aggregator would be most easily accomplished if various decentralized platforms would support stream output as password protected RSS.  Twitter was on the right track before revenue growth got in the way.  Subscribing to my personal timeline(s) with my favorite RSS reader would bring everything together, especially if I had a reader that listed items chronologically independent of source.  The potentially difficult part is dealing with and indicating private v public messages.

Posting is more challenging.  Not only does the client need to implement correctly the API’s of various platforms and keep track of what options and constraints to present to a user depending on which platforms they were posting to.  It looks as if Withknown has made some progress in this area with syndication plugins.

Managing your social graph is sort of the next level.  One of the disadvantages of centralized social networks is that Twitter/Facebook/etc. maintain your social graph and can therefore mine it for data and monetize it.  Several years ago, VR celebrity Mark Pesce (famous for his invention of VRML) did some development on Plexus, software that he described as “plumbing for the social web.”  The premise here was that your social graph would live on your device.  This would be possible because you would create multiple accounts on each social network, one for each friend/follower relationship.  Highly compartmentalizing your social presence is good for privacy but makes discovery more challenging, as software on your end has to parse your streams and sort out connections on your social graph.

How do we decentralize the web without so decentralizing our own social presence that it becomes unmanageable?