Posted by remywang 14 hours ago
It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
If we are ever going to free ourselves of rent-seeking middle men, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
The above includes us highly technical people on HN. We really can't expect (or lecture) the normal mainstream population to make a cultural change to adopt decentralized tech when most of us don't do it ourselves.
E.g. Most of us don't want to self-host our public git repo. Instead, we just use centralized Github. We have the technical knowledge to self-host git but we have valid reasons for not wanting to do it and willingly outsource it to Github. (Notice this thread's Show HN about decentralized social networking has hosted its public repo on centralized Github.)
And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.
The reason can't be reduced to just "people being lazy". It's about tradeoffs. This is why it's incorrect to think that futuristic scenarios of a hypothetical easy-to-use "internet appliance" (possibly provided by ISP) to self-host email/git/USENET/videos/etc and a worldwide rollout out IPv6 to avoid NAT will remove barriers to decentralization.
The popular essay "Protocols Not Platforms" about the benefits of decentralization often gets reposted here but that doesn't help because "free protocols" don't really solve the underlying reasons centralization keeps happening: money, time, and motivation to follow the decentralized ethos.
"But you become a prisoner of centralized services!" -- True, but a self-hosted tech stack for some folks can also be a prison too. It's just a different type. To get "freedom" and escape the self-hosted hassles, they flee to centralized services!
* trust giant unaccountable organisations
* do things yourself, because you're the only one you can trust
we won't solve the issue, because there are too many things that every individual would have to understand, execute correctly , and do so with perfect OpSec.
We need to work out the social bit, as well as the technical. How do we make it practical for individuals to delegate trust to smaller organisations, so that they can switch between them if they show signs of abusing that trust? This needs social innovation as much as technical - how do we bootstrap trustworthiness for small organisations? How do we do it fast enough that the next move is to an ecology of small organisations, not just to the next Facebook/Play Store?
"Making a cultural change" is not something you or any group of people can do. The superstructure of the game decides those, not the players. You can try, but nobody will play your new game.
And wrong I must add, ignoring people who have made an actuall change in the world (although its true that most people end up making very little difference either way).
This only works with a TINY part of the population. Most people, even if they actually do care, just don’t want to expend the immense mental capacity to learn all the technical specifics. This stuff is HARD for people. Imagine having to learn metallurgy in order to drive a car.
> I don't even think it's about technical difficulty (most of the time)
I do. We simply don’t appreciate enough how HARD things are for non-technical people that we take for granted.
> I think people just want someone else to take care of their shit
Of course, that’s what software is supposed to do. And we can build software that does this, even with good primitives. We just have to laser-focus on UX and can not hand-wave away glaring issues that will instantly lose 95% of users like most of us keep doing.
Eg your bank genuinely helps with finance and transfers compared to transacting directly on a blockchain or snail mailing cash around.
> I think people just want someone else to take care of their shit.
Yes, division of labour!
Purely on a philosophical point of view and depending on where you live, they do nothing but increase the costs without adding value.
For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
The most common argument is - "when things go wrong, the agent will take on the liability for the listing", but that is rarely the case in real life (again, may vary greatly depending on where you live). In most of Asia, this is not the case at all. They take their nice fat commission and wash their hands off later, not even picking up your calls most of the time when there is an issue.
So what do agents do now? They hoard information instead. They advertise good listings, but to talk to the owner you will need to engage (and pay them) first.
Real estate agents are just one. Car dealerships rank right on the second in my list.
We don't need more agents. We need democratized access to information.
How will anyone find the house? If I use an online estate agent, then that's still a middle man. If I publish adverts on Facebook or Google, that's a middle man. If I'm hoping that I can generate enough SEO for my house to appear at the top of searches, that's also relying upon a middle man - the search engine. I guess I could just put a board outside the house with a URL on it and hope someone stops to take a photo.
Estate agents provide that marketing service as well as others around arranging viewings and interaction with solicitors, although that might be UK specific. But they do provide a service that would take a crazy amount of time for you to replicate by yourself for a one-off house sale.
On the other hand, I do care about people that are knowledgeable of these details, specialized, and trust to handle them for me for a fee.
That’s true of banking, realting, health, security, building, manufacturing of everything I use (or almost). That doesn’t prevent me from vaguely understanding the principles and some bits. And that saved me a ton of time and worry. But for the few times one agent does not work up to his promises.
I am 49, I have dealt enough with try to do all by myself, and I do appreciate and rely onto middlemen way earlier now.
Is anyone forcing you realtors where you live?
FB Marketplace is just another middle man. (And that supports my thesis from another follow up comment: you want lots of competing middle man!)
Btw, real estate agents in eg the UK take about half the cut in a typical home sale compared to the US.
> Car dealerships rank right on the second in my list.
Yes, and as far as I know they are only a problem in the US, and that's because the US has crazy regulations that pretty much mandate car dealerships. In eg Germany you can buy your car direct from Volkswagen or from any dealership you want.
> We don't need more agents. We need democratized access to information.
Let a thousand flowers bloom. We need more agents, more competition. (But also make direct access legal, where possible.)
Generally, I see no problem with competent middle men. They offer a service like any other service. If you want the service, you buy it, and if you don't want it you don't.
By that time, no one can do without the nasty middle man as we have forgotten or never learned the skills to fend for ourselves and are thus beholden to the nasty middle man.
Network effect compounds this
Remember: Facebook is for grandparents, not where the cool kids hang out.
Yeah, it's a real cool club and you're not part of it.
However, take the fact that I have heard of these places as strong evidence that they are no longer cool.
Yeah...
2. You don't need to know unless you want to implement the protocol! To use (the very barebones) implementation all you need to do is fork the repo & give access, which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
Having seen enough story in the vein of "if only I still have my bitcoin wallet from 2014" and "our storage server failed and when we tried to restore from backup we found out our last working backup was from two years ago," I have to say I have a rather dim view of how competent people actually are when it comes to keeping backups working.
I am not saying cryptography isn't useful for safeguarding your data, I just think for perhaps 90% of the users out here the risk of being locked out of your data permanently is more realistic than your data being accessed by a bad actor.
> which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
From reading the website, I was under the impression this is a techie oriented project still looking for technically inclined early adopters instead of something you can readily tell grandma to hop on. I sincerely doubt the average friend and family member who needs other's help to set up a personal website knows what the protocol does or why should he or she use it instead of Instagram or Facebook, or Signal, if the point is just to keep in touch with people you already know.
My call to any devs reading this: get an interface designer, put in the usability effort before adding new features.
I wonder if there's a decent way to encode these private keys in QRCodes? You can jam about 4kB in a high density one from memory? (I know that'd be possible from a developer/technical point of view, but if this were my project I'd want a talented UX designer to have complete authority over how this is presented and explained to users.)
One other idea - maybe implement a Shamir's Secret Sharing mechanism where your private keys get sharded and encrypted to a sufficient number of selected friends, so of you lose your s@ private key it can be re assembled by convincing - say - 8 out of 12 selected friends to give you their part?
Or alternatively - automate a "recovery mechanism" where you set up a new key pair and publish it on a temporary domain/site, and can then ask a friend/follower who can authenticate your identity out-of-band - to export all you posts decryptable with your new key, then put you new key and all your old posts back into your main site.
On the original concept is restricted to share outside the participating people but could be relevant that people add more people that are interested in a topic.
Email is a good transport layer. Nowadays people just imagine it as messages between large providers, but I'm in strong favour that small providers or self-hosting email can still be used.
Where is it stated that this is a goal for this project? You and I both may want a way to break the influence of the dominant social media companies. But this doesn't have to be that in order to be successful. It just needs small groups of people to use it in a way that benefits their communities.
To be honest if we’re talking truly accessible, even usernames and passwords aren’t great. Users forget them. That’s why a lot of sites these days offer to email you “magic links” to log you in. And if you want to do that you need to make sure you’re running a server sending emails that won’t immediately go to spam.
At a certain point if you want a truly scalable, decentralized platform you’re going to have to cut back on backend responsibilities. This is a logical answer to the problem.
https://apps.apple.com/gb/app/notesub/id6742334239
I like it. And mass adaption is not required to use it.
I would have loved to have made this a true social network in some regards, however, there are issues of moderation and storage that become very expensive at scale.
Moreover, adoption of a new social network is super hard to promote. So many Twitter, Insta, etc clones have failed because they are just 'clones'. Not offering any thing new.
It should be considered although Thiel talks of 0 to 1... A great deal of dramatic software/hardware progression comes from a highly evolved successor to an average pre-existing product.
The iPhone was not a zero to one, nor was Apples GUI, they were just highly evolved versions of average or below average products that already existed. Social media apps are already highly evolved for their function. We need something better for edge cases, but the current state of social media platforms means that something supremely better is required before any adoption drive becomes meaningful. When such a product comes, mass adoption is inevitable; we crave and succumb to better ways of communication and contact.
But nothing obvious about your friends being able to see them.
You can share the note with whomever you wish, using what ever messaging system you you like, and the note will look as good as a social media post, ie how you designed the note. I am sorry, it does take a bit of imagination. I never wanted to pitch it as a social media app, but, its as close to personally controlled social sharing that I could conceive.
You dont have to pay to use it. Very few people need to use cross device sync and those who do seem happy to pay for it.
Ie, it is free, so if any ones wants to try it, I would love to hear.
Isn't that basically Mastodon?
As in, you cannot describe it exactly, or you have never run into it?
Additionally, you could just look it up if you care about the technical details.
I've never understood selfhosters fascination with cloudflare. They have some cool products but I have a feel 2026/27 is the time they start to show their evolving colours
Who's gonna sniff your traffic from home? NSA, your ISP?
They already do.
Same as in corporate networks: your data is MITM anyway.
Fun should be unencrypted. It's not shopping or ssh into server.
Five years ago I would totally agree. Now, when you do not want to share your fun thoughts with a border guard; a police person; an AI scavenger; a random jerk -- I would say, having a safe-ish space becomes almost a necessity
And maybe I want 2 of those directories.
SSL, file-based verifications, sure. Not for this.
Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out.
(And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
> Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong ...
Can't that be solved by a 1-liner button like "Export key in safe location" then URL.createObjectURL( localStorage.getItem("myTopSecretKey") ) and let the user save that on their filesystem?
It's also one of those cases where "perfect is the enemy of good enough", and also very easy to solve, offer a download/upload button that offers you to save the key, or upload a arbitrary one. Now every issue you mention disappears, and it's maybe ~50 lines of code...
And yes, loosing keys can mean you lose access. People who used 2FA are well aware of this problem, and yes it requires diligence. Also people who maintain their own cryptocurrency wallets seems to be able to handle this too, so not like it's completely impossible, just infeasible for the average Joe.
Would a `/.well-known/` be helpful here?
I might want several directories in the future, and even if I don't, I might want it separate from my .well-known robots.txt. Many, many reasons I can think of not to blend these.
Bad idea.
Go away, you have caused more damage than anyone in recent history to the decentralization movement.
On top of that nobody likes you.
Personally, I think a possible angle of attack for a new practical social network protocol is data management, as the amount of data people generate, consume, store, and share is enormous these days. More like, manage data conveniently, and share them easily as a side-effect.
As someone who tried to give all of the decentralized social networks a shot... something I realised along the way is that they are never going to fly because they are not giving you dopamine kicks like the big tech giants are. I ended up forgetting to visit Lemmy or Pixelfed or <whatever> because I had 2-3 times when I opened up the app and saw the exact same content, giving me a feeling of "nothing is happening here" and thus, I didn't need to check in.
I mean, even Signal has that Instagram story function but I have never seen a contact use it because no one goes to Signal "just to scroll" or whatever. They go there to send or read a message.
Any social media needs content for people to visit. They need to make people feel like they are missing out if they are not visiting. Otherwise, they're just going to end up as an app on the phone which is never opened.
I think this is the point the OP is making though, there's little to no actual benefit if the content doesn't change often. You probably never forget to check HN for example.
An RSS reader linked to this via a browser extension might be a more useful interface for feeds that aren't updated as frequently.
We need something like Discord, except each server is an actual self-hosted server like a Minecraft server. DMs between two users should be handled by a mutual server. Account credentials should be handled by a Nostr-like protocol, which also gives you global tweeting capabilities as a bonus.
Run the whole thing on Yggdrasil Network or something similar so that it's not tied down to IPv4v6 and DNS and all existing hardware infra, but can still take advantage of them. And add reciprocal inter-server onion routing to make it difficult to geolocate servers. Also take a page from SoftEther VPN's book and wrap all traffic in HTTPS and perform automatic NAT traversal, so that people can host servers from behind ISP firewalls.
Anything short of that and we lose to big tech and govs in the long run. But once we've achieved the above, the decentralized web can truly take off: we will get WiFi routers running open-source firmware to make a mesh network to act as alternative physical layer infra for the new web. We can still take advantage of the existing Internet's bandwidth as long as there's an unblockable path to send a little bit of data to discover and coordinate nodes.
This is not a software issue, it doesn't matter how good the tech is, the masses will always aggregate to big tech networks because decentralized networks will never have billion dollar marketing budgets.
Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree, know what is a private key and how to safely back it up (other comments brought up this exact issue) or even knows what a "static website" means. Non big tech solutions need to give non technical users (read: the overwhelming majority of humanity) a good onboarding experience that does not involve learning ten new jargons and acronyms. Non big tech solutions need to know they have a limited strangeness budget [1] and should only spend it on places it matters. Non big tech solutions need to start actually cater to the unwashed masses before being befuddled by them choosing to stay on mark zuckerberg's platforms instead.
[1] https://steveklabnik.com/writing/the-language-strangeness-bu...
Then maybe you're not the target audience, or you're just not noticing the ads, because TikTok is particularly notable for their aggressive marketing efforts during their growth phase.
> Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree
Non big tech platforms don't need anything. They can never compete with billion dollar budgets and they shouldn't set that as a goal. Everyone enjoys a well designed UX, but billion dollar marketing budgets will always eclipse the alternatives.
For the first years of its existence I only new tiktok because they were advertising everywhere.
You have named networks that are federated together, and people can publish to the networks they are invited to or sign up for. The networks survive even with individual servers go down. Data is cached all over at the edges.
Your version is just way too susceptible to rot, unless you see that as a feature. I see it as most of the good content falling into the ether sooner rather than later.
Also can use people viewing the pages as hosts https://gabe.durazo.us/tech/ephemeral-p2p-project/
Minecraft servers are a poor metaphor for what ideal decentralized social media should look like. They are the opposite of robust.
As far as archiving is concerned, many archiving orgs will pop up if their discussion servers and public facing websites can't be traced or easily shutdown. The protocol itself can't archive things, but it protects the people doing the archiving work and gives a place for websites like Annas Archive to live without relying on IP and DNS. The idea is to amass enough uncensorable social power so that such efforts can't be banned or shutdown, then you can use existing protocols like BitTorrent all you want.
Each device (cellphone/laptop) is a server. They connect to preferred server stations that are used for discovering other peers. There are things like common chat rooms on the station servers but personal messages are completely p2p using webrtc.
There are other apps there, for example to host own websites or blogs and other things you'd expect from modern usage. Mesh is done today using cheap ESP32 devices (3 euros each).
It is a work in progress, the main point is that it can exchange data even outside the internet and use radio connections.
(The IndieWeb wiki is probably the best resource for exploring the personal website-based social networking tech nowadays. I recommend the author check it out and maybe iterate on that instead :)
> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen.
... and you don't believe that everything will be totally fucked when it does happen.
If there is a global passive observer, and they get quantum computing, a huge amount of supposedly encrypted private information just got popped. Whether or not I care about my dinky little private social network posts when every ssl/tls connection I've ever made is being cracked and data mined is an interesting question.
It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven.
As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity.
Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...)
I see.
I see...
_ /
. .Forking, paths, JSON, decentralized, encryption, key rotation, etc and I still have no idea why I would bother and who else could use it (a decentralized social network is only so much fun if you are the only one on it).
Right now, those circles of friends are _reasonable_ well served with some combination of Mastodon (effectively zero security but with decent findability) and Signal (much more limited mostly to only people you'd be OK with having your phone number).
I will definitely take this for a spin, and start having discussions with particular groups of friends to see it I get any traction.