Redecentralize Digest — October 2020

Self-sovereign identity and frictionless dystopia

In recent years, self-sovereign identity (or SSI) has become a popular topic. Dozens of projects are inventing protocols that enable people to identify themselves online or to prove they possess specific credentials. Most approaches creatively use cryptographic signatures and perhaps distributed ledgers to achieve the ‘self-sovereign’ aspect, i.e. to ensure that people need not rely on a trusted authority for using their identity — unlike, for example, with those ubiquitous Log in with Google/Facebook/… buttons.

If you are new to SSI, this introduction by Christopher Allen explains it well. And to stay in the loop about everything related, check out the new weekly newsletter by Kaliya Young (aka ‘Identity Woman’) and Infominer.

Given all the positivity surrounding SSI, and its laudable promise to give people control, it may be surprising to find an essay called “The dystopia of self-sovereign identity (SSI)”. Its author Philip Sheldrake warns the SSI community that their projects may achieve the opposite of what is intended, partly by viewing the problem too much from a technical perspective:

“SSI cannot provide an ‘identity layer’ of the Internet any more than the Internet might be said to be missing a ‘truth layer’.”

He advocates for a more sociopolitical analysis. Between arguments about identity being more verb-like than noun-like, the essay brings up this interesting point:

“Historically, invoking legal identity is tiresome. It involves systemic friction and consequently it’s called upon only when really needed and ignored in all other contexts.”

While smooth and seamless technology may sound generally desirable, it has been said before that “the internet needs more friction”; e.g. this is from Stratechery:

“With the loss of friction, there is necessarily the loss of everything built on friction, including value, privacy, and livelihoods. And that’s only three examples! The Internet is pulling out the foundations of nearly every institution and social more that our society is built upon.”

In the context of SSI, frictionlessness could mean that, once people have identities they can effortlessly show to anybody, they may end up having to show it to everybody. The inability to easily identify people could be helping to prevent various forms of discrimination and injustice. Might we then be better off if it is effortful, illegal or even impossible to reveal one’s identity in most scenarios? Could this friction be built into the system?

Also at the 2018 DWeb Summit, one of the questions after the panel about decentralised identity was: “do we want to do it?”. I suppose we may still do, but not without taking this question more seriously. Identity and anonymity are opposites that both have their merits, and the simultaneous pursuit of both requires nuance and trade-offs; which Philip Sheldrake now aims to discuss in a less technological, more sociological way by building a community around what he calls generative identity.

OTI’s event

New America’s Open Technology Institute hosted an event on Decentralized Alternatives to Big Tech. It provided a good introduction to anyone new to the topic of decentralised (social) networks, giving both a high-level introduction and displaying concrete examples.

After the introduction by host Ross Schulman, Karissa McKelvey & Eileen Wagner talked about the concept of decentralisation and the importance of standardisation. Paul Frazee demonstrated how Beaker Browser puts users in control of their social networking, and Amandine Le Pape presented Matrix & Element, the decentralised messaging protocol and software.

GDPR vs RTB

Although the GDPR should be giving people in the European Union substantial rights over their data, the lack of enforcement has made it hard to exercise these (see May’s digest), and the online tracking business still goes on as usual (except now with extra annoying ‘consent’ banners). Information about a website visitor tends to be shared with dozens of advertisers, before the web page has even finished loading, in a process called Real Time Bidding (RTB).

Instead of filing complaints at the understaffed Data Protection Authorities (DPAs), various people figured it may be more effective to take the infringing companies directly to court. Recently a group called The Privacy Collective formed to launch a mass damages claim on behalf of Dutch internet users against Oracle and Salesforce, for their roles in the Real Time Bidding practice (if you have 5 seconds to spare, they’d be glad if you visit their site and click their “support” button). (update 3 Nov: they filed a parallel case in England & Wales)

Relatedly, IAB Europe, the industry association that coordinates the RTB ad market, is under scrutiny too. After complaints made by browser-maker Brave and other companies starting two years ago, the Belgian DPA now has found that the IAB’s supposedly GDPR-compliant “Transparency & Consent Framework” is not compliant at all. The IAB was surprised to be held even partly responsible for processing that the industry performs using its framework.

Finally, besides the current practices likely being illegal, the effectiveness of targeted advertising has also been put into question. The new book Subprime Attention Crisis by Tim Hwang argues that online advertising is a financial bubble that will eventually pop. Let’s hope he is right.

Open Tech Will (not?) Save Us

October’s Open Tech Will Save Us meetup was a particularly interesting one. It covered Delta Chat and how its development is driven by user needs; Meet.coop’s conference call infrastructure, run both by cooperatives and for cooperatives; and the new Matrix server software Dendrite. A highlight, between the presentations and Q&As, was a pleasantly casual conversation among the participants, comparing Delta Chat and Matrix, their funding models, and ways to possibly make them interoperate.

Miscellaneous

• Mobilizon, a federated tool built to free event organisers from centralised platforms like Facebook and Meetup (see last year’s digest), just released its first version.

• APC shared highlights of its last three years of work; also it recently started a new forum, communitynetworks.group, to exchange experiences among community networks projects around the world.

• Peer-to-peer communication tool Jami’s new version shifts focus to video conferencing, as its developers “decided to transform Jami from a simple peer‑to‑peer communication system, into group communication software that would enable large groups to collaborate”.

• GitHub (⊂ Microsoft) somewhat reluctantly took down the widely used youtube-dl video downloader tool, due to a DMCA request from the RIAA rightsholders association (which technically was not a DMCA request, explains this article, as it is not itself infringing copyright but rather providing a tool to do so).

• Exit to Community; a booklet promoting an underappreciated project evolution: a founder-driven startup turning into a mature project governed by its community.

Events

All are online, unless noted otherwise.

• Nov 2–17: Internet Governance Forum; a global multistakeholder conference organised by the United Nations.
• Nov 4: Interoperability and the EU Digital Markets Act; debate about interoperability requirements in the context of competition regulation
• Nov 11: Open Tech Will Save Us; monthly presentations hosted by the Matrix project
• Nov 14–15: IndieWebCamp East; unconference about self-hosted & home-made personal websites (aligned with US East Coast hours — see also the previous West event, and the many other IndieWeb events)
• Nov 14–15: BattleMesh v13; event about routing protocols for ad-hoc wireless networks
• Dec 7–11: 1st International Workshop on Distributed Infrastructure for Common Good, Delft, Netherlands (or online)
• Dec 27–30: rC3 – remote Chaos Experience; the Chaos Computer Club’s yearly Congress, but online and in your local hackerspace
• Feb 6–7: FOSDEM; conference of free & open source software developers
• Mar 8–?: Mozilla Festival; (call for proposals closes 24 Nov)

About this digest

The Redecentralize Digest is a monthly publication about internet (re)decentralisation. It covers progress and thoughts relating technology and politics, without ties to a particular project nor to one definition of decentralisation — figuring out its meanings and relations is part of the mission.

This edition was written by Gerben, with thanks to all who contributed.

The digest’s format and content are not set in stone. Feedback, corrections and suggestions for next editions are welcome at hello@redecentralize.org. We don’t spy on our readers, so please do tell us what you think!