decentralisation - let's start with messaging

2017 Dec 05

in lieu of the recent net neutrality talk, a mesh networking project started out of 4chan /g/ in hopes of building a better, open internet. I have always been interested in decentralisation, distribution, and peer-to-peer mesh, so I set up a wiki to aid in collaborationm, to showcase helpful documentation for new users, and to connect ourselves with other meshnet projects around the globe such as sudomesh and /r/darknetplan. best of luck to /g/ and to the other groups in achieving this goal for an improved internet.

I currently cannot contribute to the physical network itself, as I do not have the appropriate hardware, nor am I in any close proximity to anyone who would be interested in forming a local mesh with me. but I can still think about what could be the best software and protocols to use as replacements for current proprietary, trust-based systems. one of those things is messaging.

currently we have instant messaging such as Facebook Messenger, XMPP, and SMS; group messaging such as IRC, Slack, and Discord; voice chat such as telephony, Mumble, TeamSpeak, Skype; forums, Reddit, imageboards, NNTP; and E-mail. and of those, I personally want people to contact me over XMPP, E-mail, IRC, or SMS. that means I have four addresses I can offer someone and I have to rely on the assumption that the other person uses at least one of those protocols. already, this is a hassle, right? all these protocols and products offer certain solutions to issues in other protocols, so we're spread thin, and either we have to use them all or we have to cut ties with the people we want to contact. on top of that, we have several contact lists to keep up with, and overall it's just one big complication.

comparison

first off, why do we have so many protocols? what do they perform differently? why do people stick with them? I'll try to explain what sets each platform apart from the rest so we can gather an idea of what people want.

for messaging: SMS, XMPP, social networks (Facebook/Hangouts/AIM/Yahoo!), Discord, matrix.org, IRC, and other services such as WhatsApp are prevalent. SMS has origins from the phone network as a result of the rise of mobile phones, and now that many people have a phone number, it's no surprise why SMS is also in common use: everyone has it and it's practically free. social network and proprietary IM services have been around for ages, and people might stick with them because they've had accounts since the initial craze and because with some of them they can maintain a relative level of anonymity, since they don't have to use their phone number unlike SMS. or, they might stick with them because almost everyone today has a Facebook or Google account for social networking or mail, so as with SMS, everyone has it and it's practically free.

with IRC we see the introduction of easy-to-join group chats, as well as the idea of ephemeral identities. IRC is a simple yet robust protocol that allowed anyone to join with very little barrier to entry, choose whatever nick they want, and either join channels or talk in private queries with friends. because of its simplicity, it has achieved widespread adoption by the FOSS community, by governments and businesses, and by hobby groups. it has also been used as the backbone for several popular services such as Twitch and Pesterchum.

XMPP, Discord, and matrix.org all come about at different times, but they all have a common theme: they allow easier use on multiple devices. XMPP and Matrix also have protocols for end-to-end encryption, and Discord has the added benefit of voice (and now video) chat. they are essentially the next level up of IRC, although they all cause as many issues as they try to fix. XMPP is poorly implemented, and because it uses (nonconformant) XML for its stream protocol, we see few people willing to actually create their own clients (as opposed to something like IRC where I can make a rudimentary client in my sleep if I wanted). there are so many XMPP extensions (see the XEP) and because of this, each client is more than likely only going to support their own portion of the available XEPs, creating a gradual divide between clients and essentially devolving the entire protocol to its bare basics, removing any perceived benefit it has over other simpler protocols such as IRC. Discord is proprietary, there are no plans to allow for privately-hosted infrastructure, there are no plans to open the Discord protocol, and apparently there are no plans even to fix most of the bugs regarding usability as well (at least, they haven't replied to my E-mails with anything hopeful yet). and then there's the new player, Matrix, which aims to become a federated (like XMPP) protocol with group chat (like IRC), message history (like Slack), and encryption (with double-ratcheting). too bad Matrix's implementations are slow and buggy, the specification relies on HTTPS and JSON (arguably not the best choice if you're signing and encrypting messages, or if you're sending any binary data because it all gets base64-encoded), and the whole air of it has a hint of unprofessionalism to me. they seem to value UX features such as in their official client, Riot, over security and performance fixes.

for voice, the contenders are thinner: telephony, Skype, TeamSpeak, Mumble, Google Voice, and Discord. like SMS, telephony should be obvious -- it was the first real thing to come out that let people communicate verbally over long distances. Skype is the most famous to offer voice and video chat, albeit as a proprietary service, but since it pretty much popularised this, it is still in wide use today. while Skype used to be peer-to-peer, Microsoft bought it out and now the infrastructure is centralised, which brings us to TeamSpeak: a client/server VoIP application targeted to gamers. however, TeamSpeak is proprietary just as Skype is, so up next is Mumble which is a libre, open standard for VoIP that sadly has less exposure in the gaming community than the alternatives. Google Voice is in use because, again, people have Google accounts and it's essentially one-click to get a VoIP phone number through them. I mentioned Discord's popularity for voice earlier; it claims to be a direct competitor to Skype and TeamSpeak so its goal is to keep on the competitive edge against those two.

for forums: NNTP/USENET, BBSes, software such as phpBB, imageboards, and Reddit. this is pretty much laid out in chronological order, and for the most part it's a natural progression (USENET was out first, before the Internet, and everyone used it for communication and filesharing; BBSes were an answer to dial-up modems since they were text-only with limited graphics and filesharing capabilities; conventional forums from the rise of the WWW, where everyone wanted their home on the Internet). imageboards are set apart by their anonymity and ephemerality, while Reddit pretty much replaces the need for forum communities by allowing everyone to have a subreddit regarding their own topic or interest, with the added bonus (or misfeature, you decide) of being able to vote on submissions and comments.

and then of course, we have a need for electronic mail. so far E-mail is the de-facto answer for this; most online services require one to have a working address in order to register or perform any sort of transaction. Bitmessage and I2P-Bote (among others) exist as well, but at this point they're only used by enthusiasts, and they each have their own issues.

culture

all of these platforms have their own communities, and with these, cultures were born. everyone has their own memes and inside jokes, related either to members of the community or to the platforms themselves. this creates a form of attachment and nostalgia around the platforms, which is another reason people will stick with any given medium even well after it has died out, decreased in popularity, been obsoleted by another objectively better platform.

if we want progression, we're going to have to set the belief aside that our community will die out with the medium. the two are realistically disjointed and we should treat it as such.

so, what's the issue?

as I have mentioned, we have so many communication platforms, resulting in so many addresses to manage, and each with their fair share of issues (IRC and XMPP are growing less standard between clients as features are added; Discord, Skype, Google, Facebook, et cetera are proprietary and when they die, the whole platform dies -- they aren't sustainable; phone and SMS are not secure at all and have severe limitations due to the dependence on the phoneline (and increasingly cellular radio) networks. most of these don't have decent standards for message signing, encryption, and secure transport. some of these have spam issues, or compatibility issues, or UX issues, or scalability issues, or moderation issues; the list goes on, really.

what's the fix?

I've been thinking for a while that we would probably best benefit from a protocol which is conceptually sound: required baseline of security, required open standard, required decentralisation so there is no single point of failure, forward compatibility with future advancements in crypto and transport, et cetera. right now I think I've written enough about this, but I will surely update when I solidify some of my ideas toward an ideal communication platform that will aim to fix the issues I see with existing platforms. right now I believe in a registration-but-not-registration system where anyone can join, automatically have a keypair generated for them that will be used as their handle, so they can chat without worrying too much about coming up with passwords or verifying E-mail addresses or whatever. I want to keep mobile devices in mind; I personally want something I can bring up once on all my devices and have the same message history, same chatrooms and queries, same state overall. I don't want to tell people that I'm unavailable on one platform because I'm on my phone or whatever; this shouldn't be something I need to worry about. I shouldn't need to tack a PGP or OTR key or a TLS certificate on top of everything else; the chat should be secured and verifiable out of the box.

for a forum platform, I'm not entirely sure yet; I have been focused on IM, conference, voice, and mail for now. I want those four things together, all using one address, all using similar high-grade open encryption schematics, all using reliable redundant decentralised infrastructure. I want a mix of all the good from the other platforms, and I want it to be easy to use and adopt.