Redecentralize Digest — September 2019

It has been a busy month. Several conferences, publications, project updates; it’s a challenge to keep up. We love linking to recordings and summaries of events, so please let us know of anything interesting or that you’ve enjoyed!

As hinted earlier, we will be running a Redecentralize unconference in London on Friday 25 October! Tickets and details will be announced on this list very soon :-)

And now, for the redigest…

Updates and reviews

RWoT and ActivityPub Conf happened

Rebooting the Web-of-Trust took place in Prague, leaving us elaborate event documentation. It was followed by the first edition of ActivityPub Conf. Talk recordings are published here.

Framasoft’s spring cleaning

Framasoft has been hosting dozens of free software-based services, from EtherCalc to a Diaspora pod. But now it reports (in English, French) that it will phase out many of them. Their key points:

• “We refuse to become the « default » solution and to monopolize your uses and attention (that’s how we empowered GAFAM & Co)
• 38 services, it’s way too complex for you to adopt and for us to host
• We wish to stay an organization of a human scale, and retain our human warmth… a sort of digital CSA ;
• We propose to take the next step towards data decentralization :
  • By gradually closing-down some frama-services so their landing-pages can become gateways to other hosters
  • By taking the time to offer a new simpler range of services for users (through a single sign-on account for example)

For some other hosting services, perhaps have a look at the librehosters directory.

DNS over HTTPS

After HTTP has been largely replaced by HTTPS, work is going on to also secure DNS lookups, which is done by enveloping the DNS request and response with HTTPS. However, the particular approach taken by major web browsers also comes with an increase of centralisation. An article by the EFF explains:

“Members of civil society have also expressed concerns over plans for browsers to automatically use specific DNS resolvers, overriding the resolver configured by the operating system (which today is most often the one suggested by the ISP). This would contribute to the centralization of Internet infrastructure, as thousands of DNS resolvers used for web requests would be replaced by a small handful.”

The issue is elaborated in an IETF memo. See also Carsten Strotman’s CCCamp talk “DoH or Don’t”, which also reviews other attempts at encrypting DNS.

One solution proposed by several parties: instead of replacing the DNS servers currently provided by ISPs, upgrade them:

“to avoid having this technology deployment produce such a powerful centralizing effect, EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves.”

Note that encrypted DNS protects your queries only from the eyes that can observe the traffic between you and the name server, but not from the eyes of the name server itself. For protecting against those eyes, we would need additional changes, such as oblivious DNS (which uses two parties: one gets to know only the query, the other only who made it). Because your ISP will see anyhow which IP addresses you connect to, with centralised DNS over HTTPS you end up revealing information about your communications to yet another entity. For this and other reasons, PowerDNS argues argues it is a “net-negative for privacy for everyone”.

Finally, encrypted DNS is still DNS; which is hierarchical by design, with ICANN as the root authority. If we want to get rid of that central point, we would have to consider alternatives like distributed ledgers (e.g. Namecoin) or petname systems (e.g. GNS). But as DNS will not disappear anytime soon, we better make the best of it.

Mozilla’s paper on tech competition policy

In this working paper (+ blog post), Mozilla describes how competition policy should focus on the use of standards and interoperability. Regulators (like the FTC in the USA) should look out for untraditional forms of anti-competitive behaviour, such as lacking or limiting APIs and undermining standards bodies.

“But to preserve the benefits of the internet ecosystem we have today, we must start by protecting the internet’s unique style of decentralization, of technologies that constantly build on and with other technologies. The future of competition and antitrust law in tech must include at its heart the protection and promotion of those elements that enable that structure.”

Shortly put:

“The future of tech competition must be built on interoperability.”

Indeed!

Facebook’s ponderings about data portability & privacy

In its new whitepaper (+ press release), Facebook discusses various unresolved questions it has about data portability, a right defined in the EU by the GDPR, and likely soon also in other places. Some of the topics:

• It categorises data transfers in three buckets:

  1. Open transfers, between any entities of the user’s choice
  2. Conditioned transfers, where the transferring entity has imposed some conditions on the recipient entity.
  3. Partnership transfers, between entities whose ongoing relationship goes beyond just enabling portability.

  Of these categories, they acknowledge that open transfers are closest to what the GDPR describes, while the Data Transfer Project (which they say they participate in) is working mainly towards conditioned transfers. They rightly ask themselves: “Are such limitations consistent with the right to portability?”

• It discusses questions of what data is required to be portable. For example:

  “Would it be useful, for example, to be able to export a list of all the links you’ve clicked on Facebook within a certain period? Or an archive of every ad you’ve seen while scrolling through News Feed?”

  This sounds like the wrong question to ask, especially since (as they confirm in the subsequent line) a goal of portability is the emergence of new services. Let people choose what they find useful, instead of choosing that for them.

• It discusses the issue that lots of personal data, for example your contact list, is simultaneously personal data of other people, and wonders how they should protect their privacy too.

The document is surprisingly thoughtful and full of good references, but nevertheless it reasons from a backward, paternalistic perspective. It starts from the premise that Facebook (or a similar entity) will remain the guardian of your data, that will have to transfer data for you, and that should therefore decide what’s best for you. It does not consider the possibility of a model where data would be created in standard formats and under people’s own control from the start — like with Unhosted, Solid, and other more decentralised solutions.

Of course, it is to be expected that an incumbent monopolist would frame the discussion in a way that suits them. We’ll have to keep reminding its audience that other solutions are possible; and that the best thing for people’s privacy would be the ability to get away from a company that systematically disrespects, spies on, and betrays its users.

Nitter improves Twitter

Nitter is an alternative web-interface for viewing Twitter. It connects to Twitter for you to extract feed content, then displays it in a cleaner style, using less data, and without using javascript. See for example https://nitter.net/redecentralize.

By itself, creating a different user interface to interact with a centralised silo is not doing much to decentralise it. But it is a step forward, and these two subsequent steps made me think:

1. People made browser extensions to automatically redirect every Twitter visit to its Nitter equivalent. Similar extensions exist for redirecting between search engines, between video players, etcetera. There seems to be a pattern here, that reminds me of how operating systems keep a list of associated applications for each file format (so you can e.g. let MS Word files open in LibreOffice). Should we port that concept into the browser, creating a customisable ‘web-app remapping’?

2. Nitter now also supports RSS. Twitter dropped RSS support in 2013, so after that you needed a Twitter account yourself to follow Twitter users. Adding such features is great, as they indirectly make the silo support standard protocols that it fails or refuses to support itself, thereby enabling people to interact with the silo using many existing applications (any feed reader, in this case).

   Of course, the silo itself does not support the protocol, so you may sometimes have to rewrite twitter.com URLs with nitter.net URLs to make use of it. But if we extend the above idea of web-app remappings, perhaps the adapter could be made fully transparent to the user. Then I could simply enter https://twitter.com/redecentralize into my feed reader, and it would work as if Twitter supported RSS again!

Of course, Twitter and other incumbents may start trying to block such third-party innovation around its platform, with both technical obstructions and legal action. Hopefully, chances of legal success are improving with factors like the growing anti-monopoly sentiment, the new right to data portability in the EU, and the recent court opinion in the USA that ordered LinkedIn to stop blocking a scraper of public profiles.

Open source benefits terrorists

This article is ridiculous. Not sure it is worth giving attention here, but it may be a warning of how shameless corporate lobbying can hide behind ostensibly well-meaning organisations (the Tech Against Terrorism initiative).

Their analysis mainly (and misleadingly) covers Mastodon’s use by Gab (see July’s digest). Responses (e.g.) rightly point out various other things also used by terrorists: books, hammers, oxygen, and of course, centralised social media platforms.

Their related previous analysis had slightly more substance, talking about ISIS’ use of smaller online platforms and its possible “transition from Telegram to DWeb”.

Upcoming

Conferences with related themes

• Oct 5–6: IndieWebCamp NYC
• Oct 18–20: Radical Networks, NYC
• Oct 19–20: IndieWebCamp, Brighton
• Oct 25: Redecentralize unconference, London!
• Oct 26–27: Mozilla Festival, London (+ pre-events Oct 21–25)
• Nov 8–11: Freedom not Fear, Brussels
• Nov 25–29: Internet Governance Forum, Berlin

About this digest

The Redecentralize Digest is a monthly publication about internet (re)decentralisation. It covers progress and thoughts relating technology and politics, without ties to a particular project nor to one definition of decentralisation — figuring out its meanings and relations is part of the mission.

This edition was written and edited by Gerben and Irina.

The digest’s format and content are not set in stone. Feedback and suggestions for next editions are welcome at hello@redecentralize.org.