Published: 2022-04-25

Federation is still the Worst of All Worlds

In short: The threat model and economics of federated systems devolve to concentrating trust in the hands of a few, while missing out on the scale advantages of purely centralized solutions.

derived from my older post:

Federation results in the data of people being subject to the whims of the owner of the federated instance. Administrators can see correspondence and derive social graphs trivially. They are also in a position to selectively censor inter-instance communication. All of this while gaining none of the benefits of scale and discovery that centralized systems provide.

All the privacy and control issues, none of the scale advantages.

Are those problems inherent to federated systems? I would argue yes, at least in the context of how we think about federation today.

To achieve some level of usability, to present the user with a known interface, we require trust in the federated server.

Without building consent and resistance into the protocol and infrastructure, we’re just forcing most users to pick a new dictator for their data without any real basis for that choice.

This last bit is very important.

I need to emphasize here that the choice is that arbitrary - you may trust a community server more than a random billionaire or corporate board, you may even desire it - but all power, especially the most trivial power, corrupts.

If people can do harm with a system they will do harm with a system.

The goal of system designers should be to design systems that minimize harm, restrict power, and reduce trust.

We must develop better models than “the most popular federated instances gain full control over the users interactions” - either directly on the server, or indirectly through peer pressure.

I believe this requires building two layers of decentralized communal infrastructure:

(first person to say blockchain loses.)

You need that first persistence layer to be communal and privacy preserving to prevent any entity being in a position do something like “all the DMs on this instance are readable by whoever admins it”.

There are a number of open problems with approaches like this, the main two being Reliability & Discoverability. However, I don’t think that either problem is fundamentally intractable.

I’ve been saying this for a long time though…

Even if the ultimate solutions to these problems involve introducing a layer of federated trust (e.g. nameservers), that trust must be more restricted, agile and controllable than is currently achieved with modern federated systems.

Hope, maybe?

I wrote the original version of this note 5 years ago, since then a few projects have put out preliminary visions and designs towards a better decentralized social network (e.g. bluesky and manyverse).

I hope that these initiatives can blend together and with the work done on privacy in recent years by briar and my own cwtch and the many other decentralized projects that have developed in recent years to make progress on the very real and difficult problems in this space.

All have different strengths and weaknesses, different goals and aspirations - but we all fundamentally want the same thing - a free and open internet that supports people in finding community and a voice.

About This Site

This is a site where I dump essays, ideas, thoughts, math and anything else that doesn’t fit into another format, or isn’t yet ready for a longer paper. Beware: Ideas may be half thought through and/or full of errors. Hic sunt dracones.

Recent Articles

2023-03-30Retrospective: Winter of Pipelines
2022-12-31Change, Control, Habits, and Productivity
2022-10-05Exploit Disclosure: Turning Thunderbird into a Decryption Oracle
2022-06-03An Extended Reply Regarding Auditing Anonymity Networks
2022-05-14Ideas for a better IDE
2022-04-25Federation is still the Worst of All Worlds
2022-03-21A brief introduction to insecurity buttons
2022-02-28A Queer Kind of Hope
2022-01-16Private and Decentralized Human Readable Names with Fuzzy Message Detection and Delay Towers
2021-11-27Writing a Fuzzer for Nes Games
2021-11-08Defining (De)Centralization in a Useful Way (The thing you are supposed to be decentralizing is power)
2021-11-02Extending Fuzzy Message Detection to Groups
2021-09-09Rough Cut: Oblivious Transfer
2021-08-30Building a Home-made Hydrogen Line Telescope
2021-08-19NeuralHash, Semantics, Collisions and You (or When is a Cat a Dog?)
2021-08-16Revisiting First Impressions: Apple, Parameters and Fuzzy Threshold PSI
2021-08-12A Closer Look at Fuzzy Threshold PSI (ftPSI-AD)
2021-08-10Obfuscated Apples