Is decentralised federated social media over engineered?
Can’t get this brain fart out of my head.
What would the simplest, FOSS, alternative look like and would it be worth it?
Quick thoughts:
* FOSS platforms intended to be big single servers, but dedicated to …
* Shared/Single Sign On
* Easy cross posting
* Enabling and building universal Multi-platform clients.
* Unlike email, supporting small servers
No duplication/federation/protocol required, just software.
All of the shared/single sign on and easy cross posting would probably be trust or allow-list based.
As the platforms would be FOSS, anyone could run their own instance and start their own “circles of trust”. So even with big vs small server friction, there could be a few “gardens” of small and big server networks providing different “spaces” for different purposes … all without having to worry about defederation and the software difficulties of building against the protocol.
Single sign in to the fediverse seems awful. Then we are logging in to it through American big tech servers. Forget anonymity and no tracking. Probably see ads on the login screen too.
But otherwise, sure. A single server is not always a bad idea. In practice, this is how Lemmy is too. Most people are on Lemmy.world, and they picked that server because they don’t think decentralized is important.
Single Sign On doesn’t mean that “American BigTech Servers” have to be used.
Essentially, for the users, it means that an account for site A can be used to login on site B because site A and site B trust each other.
A concept to Google if one wants to know more is “federated login”.
Yea this is exactly what I was thinking about.
The idea being that there would be circles of trusted platforms and once you have an account with one you have an account on all of them. Which, I imagine, would allow easy/quick cross posting from one platform to another when desired and make it easier to build and maintain an aggregating client that allows you to view all the platforms within such a “circle of trust” that you’re interested in through a unified interface.
@maegul How would servers share accounts and passwords? Allowing any server to know what a user’s password should be is not very good for security.
@Aatube @1984 @mindlight @[email protected]
Yea I don’t know the best approach to that. Either a separate server for managing IDs. Or you always a principal server that manages authentication for its platform and others within the trusted “circle”. And then, should the principal server fail, you can switch to another server as your principal. Hubzilla/Streams has some process like that AFAIK.
Trusting other peoples identification and authorizattion isnt about sharing accounts and passwords. If user A of server X want to log in at server Y, server Y asks server X if it knows this user A. If so server X handles the password/mfa check and just gives the green light to server Y.
@joeldebruijn Ah, that makes much more sense. I guess this could be also used for phishing, but that may be unavoidable.
True! One of the main building blocks, sadly.
@Aatube @[email protected] @1984 @mindlight @[email protected]
Couldn’t it be like public-private keys such PGP protocols, where the users have the private key and the platforms have the public key? It’s seems quite good privacy, some would even say it’s “pretty good privacy”.@Sean Nice pun :D
I don’t think requiring users to use a really long and virtually unmemorizable password (the private key) would be a pretty good idea for a social network either.
@Aatube @[email protected] @1984 @mindlight @[email protected]
The private key doesn’t need to be memorized, it stays saved on the device that the client software is on, allowing the user to integrate mobile device’s biometric reader (fingerprint/face/iris/whatever) to confirm identity, or use security key, there are already different ways to implement it that doesn’t require pw memorization.I’ve got a long unmemorizable string for Firefox sync, Brave, Proton Mail/Pass, it’s still more secure than pw memorized
Maybe good old blogosphere with comments pingbacks and pubsubhub(?) was a sort of simpler proto version of the fediverse.
Yep. Add a good aggregator client (hmmm, Google should make one) and you’re cooking.
@maegul @joeldebruijn I think you have something there. a simple protocol, something like the blogosphere with RSS but with some additions:
- a properly defined markup language that can be read by clients, not the HTML5 monstrosity.
- it would work like RSS in the client fetching new entries from servers, but extend it so it can submit comments directly from the client.
- make something like WordPress, but orders of magnitude smaller, that can make hosting your own blog or server a breeze.
- ideally some other software like WriteFreely where multiple less technically inclined people can sign up and have their social blog without any setup required. this would be hosted by volunteers, like mastodon instances.I’m not sure if something like this would work, but wanted to share it.
@maegul @joeldebruijn clients would also have an option to send new blog entries to your own server. this would allow for a seamless UI not too different from Mastodon clients, but simpler and less cluttered of course.
everything properly defined in a protocol as simple as possible so there can be as many implementations of clients and servers as there are RSS readers.
Yea this is the essence of the idea. Strip down the interop requirements as much as possible, relying on existing tech as much as possible, and allow software and norms to solve all the other problems, where, TBF, it seems that software is doing all the heavy lifting in the fediverse anyway, but also has to handle federation and the protocol.
Is the Google thing a joke?
Yeah, RIP Reader
Sorry but I fail to understand the relation between your question and the additional text.
Are the bulletpoints requirements for a less over-engineered attempt ?
Or are they examples of the current situation?
And just software without protocol seems. … oversimplification.