FRESH
Hacker News
Hacker News Hacker NewsIt’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out.
(And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
Would a `/.well-known/` be helpful here?
Personally, I think a possible angle of attack for a new practical social network protocol is data management, as the amount of data people generate, consume, store, and share is enormous these days. More like, manage data conveniently, and share them easily as a side-effect.
We need something like Discord, except each server is an actual self-hosted server like a Minecraft server. DMs between two users should be handled by a mutual server. Account credentials should be handled by a Nostr-like protocol, which also gives you global tweeting capabilities as a bonus.
Run the whole thing on Yggdrasil Network or something similar so that it's not tied down to IPv4v6 and DNS and all existing hardware infra, but can still take advantage of them. And add reciprocal inter-server onion routing to make it difficult to geolocate servers. Also take a page from SoftEther VPN's book and wrap all traffic in HTTPS and perform automatic NAT traversal, so that people can host servers from behind ISP firewalls.
Anything short of that and we lose to big tech and govs in the long run. But once we've achieved the above, the decentralized web can truly take off: we will get WiFi routers running open-source firmware to make a mesh network to act as alternative physical layer infra for the new web. We can still take advantage of the existing Internet's bandwidth as long as there's an unblockable path to send a little bit of data to discover and coordinate nodes.
> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
Forking, paths, JSON, decentralized, encryption, key rotation, etc and I still have no idea why I would bother and who else could use it (a decentralized social network is only so much fun if you are the only one on it).
https://satellite.earth/ (Satellite nostr client)
https://nsite.run/ (literally static sites on nostr)
Anyway, I really like this idea, it's cool. When I think about this one though, I feel there's too much friction in the follow/unfollow process. Having unfollowing requiring reenecrypting and rebuilding the entire website for everyone seems cumbersome. It's not a killer in itself, but combined with this:
> If the original post is inaccessible (e.g. the viewer doesn’t follow the author), the reply is hidden entirely. A user only sees replies from people they follow — this is the spam prevention mechanism.
I think this is going to prevent it from scaling in any desirable way. I know it's not intended to scale, and is targetted at smaller freinds networks, not influencers, but again, even small friendship networks grow complex, and I can see the experience on S@t turning into the worst parts of activitypub where you can only read half of the interesting replies because not being friends, and it being a pain to then become mutual friends.
But, I really, really do like that s@t feels like a combination of RSS, activity pub and static sites, having a browser heavy client is interesting to.
It does feel a bit like s@t wants stuff to be easily locked down between a dynamic list of friends though, and it feels a bit weird to have the foundational tech of such a protocol be static sites, which by definition make it hard to lock stuff down to a dynamic list of friends. Hmmmm, I really do love/hate static site architecture
This is nice though, thanks for sharing.
This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue.
When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle:
https://en.wikipedia.org/wiki/Zooko%27s_triangle
human-meaningful, decentralized, secure -- pick two
This is not true of indieweb's web mention: https://indieweb.org/Webmention
It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between.
Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html
Why not use git for social networking ;)
As the source is available, other clients can easily parse the data so that content can be made available beyond the browser, such as text-only clients, indexing and discovery networks and custom readers. I've built a prototype terminal client to test this out.
Now that the editor is working, my plans are to add public follow/block/like lists to sites to add a lightweight social layer and to build an open indexer framework for content discovery.
It's not trying to be another social network protocol. It's first and foremost a publishing platform, designed to be as easy to use as something like Medium while still being simple, open and portable.
I'd really appreciate any feedback: https://www.sparktype.org.
Question about this:
“Threads are positioned in the timeline by the original post’s created_at; replies within a thread are sorted by their own created_at ascending.”
Does this mean, I, as the person replying to the post can manipulate my reply time to say, 3 minutes before person X’s reply?
If so, I can imagine a few adversarial ways of (ab)using this.
I understand this is more for friend groups, just curious if my understanding is correct.
I think it needs to not have a dependence on github. This is a microsoft thing, and at best it means this will become another way for a corporation to make money from people.
Speaking of money, it needs to be paid for. (The github part is free from Microsloth and so is NOT free). So how do you pay for this? Micropayments.
So we need a system of micropayments. Then we need it to provide a way to help people economically. These are not barriers, because this is hacker news, instead this is an accurate understanding of more of the problem.
People keep talking about a collaborative internet without using the term. But to be clear we are talking about a fundamentally different kind of internet. That we can build.
I'd imagine that similarly to TWTXT, this suffers from the same accessibility and barrier of entry issues. It's one thing when all you have to do is type text in a textbox and click "Submit", but it's a whole thing entirely when you have to screw around with updating your website to do anything.
I'd be keen to revisit those ideas and see if they can take shape in another form.
MIT licensed if anyone's interested: https://github.com/yakkomajuri/recess
That's dead on arrival. The domain name system is one of the core reasons why everything has become so centralized in the first place. If one wants to fix anything wrong with the Internet, finding a better way to naming things should be the first step.
If authors want this to take off they need to work on user experience, particularly for non-technical users. Otherwise it might at best become some tech niche that will eventually die.
then allow people to blog/post in a standardized format using rss. any other site can then subscribe to that site.
A lot of decentralized/local-first social projects improve the protocol story, but the UX is still "please think about keys, storage, sync, exports, and trust boundaries yourself." That's fine for hackers, not for most users.
Something Claude Code-like, but local-first and protocol-aware, could make this much more approachable. The user says "post this to close friends" and the local agent handles signing, encryption, storage, syncing, and recovery.
That doesn't solve discovery, spam, or network effects, but it might solve a lot of the usability problem.
Let's crash the fediverse! https://wire.wise-relations.com/