In my opinion decentralization and protocols is really the final frontier in software. Sure, we've got AI, but from what I've seen so far it does not alter the scales of power towards individuals. Protocols do. Everything else feels like noise or thinly veiled monopolization.
Edit: actually thinking about it - at the bottom of much of it is identity. We need new identity solutions for the protocols.
I always thought SMTP would make a good webhook delivery protocol.
why?
Nostr provides both identity and protocol.
It provides a very fragile identity system and a very unreliable and inefficient message delivery protocol.
Care to explain what you mean by “fragile”? It is cryptographically sound.
I agree that the delivery protocol could be more efficient, but use of JSON is a tradeoff that provides good extensibility and easier parsing (many well seasoned libraries exist in almost every language).
Not a cryptography / data format thing. Although CBOR is just as widely supported as JSON and that would have been a better choice there, but that's not really the issue, but the whole approach to identity.
Identities are global and shared across devices. Naturally, if your keys are lost/compromised your identity is lost/compromised.
So the solution they have to this is that your real root identity delegates signing to other identities (generated local to a device) by publishing a note indicating a list of keys allowed to sign on its behalf, and presumably you keep your root identity on a trusted device (like maybe a crypto hardware wallet or a threshold multisig).
But this just reduces the problem and worsens the UX. Your identity still gets lost/compromised if the root is.
There's also an issue with how identity updates themselves work. Since these delegates are really signing for the single root, they need to be synchronized to work properly. There was a common bug (which might still happen) where if you set up your identity on a new device, the app might broadcast an identity update with an incomplete view of your identity and it resets your follows and post history. Since your identity data might be influenced based on every note you've ever sent, and message delivery is unreliable, it's hard to properly sync and reconstruct sent note history. This comes out of a fundamental design issue, where you have multiple "writers" writing to the same state. CRDTs could have helped with this, but it's too late to do that.
This sucks! It forces users to think about key management and has catastrophic failure modes. It's really hard to re-establishment trust after key compromise because there's no notion of identity that lives longer than any one key.
Matrix is not a comparable kind of protocol, but its identity management story is a lot better. Each device has a local key that never leaves the device, and when you add a new device you cross-sign it from another device you have. Homeservers maintain a list of identities tied to a user, and other people can decide to trust the device cross-signing or manually verify each of them. This can be built in a fully decentralized context (which Nostr is not, for what it's worth).
Isn’t this just an implementation/UX issue? Ideally the root key should live somewhere secure (offline) and delegate keys live on connected devices. As the ecosystem matures I would expect this to become easier. A hardware wallet means the risk of key loss would become negligible.
I think CRDTs are great, but Nostr has always presented itself as a potentially lossy medium, purposefully. Unlike SSB and Matrix where state synchronization became a complex bottleneck, Nostr is more IRC-like. Relay owners may have to delete individual posts due to legal reasons, or identities may selectively publish different posts to different relays. The devs didn’t see this as a problem since full state synchronization is heavy and requires long term retention of data. I agree that it’s not perfect, the tradeoffs make it harder to reconstruct a full history for a given identity if you’re trying to reach way back in time. But for new content it works really well, and I think this is why they chose this approach. If you publish to a lot of relays, your message will get through to the people who want to see it, although the process is messy.
> Isn’t this just an implementation/UX issue?
Yes, but it's a fundamentally unsolvable one due to how the ecosystem has chosen to settle on it. Even blockchain wallets are experimenting with social recovery and hijacking SSO systems because traditional key management is too hard for the average user to do correctly. Users barely want to do key management for that! Much less to look at cat pictures.
> I agree that it’s not perfect, the tradeoffs make it harder to reconstruct a full history for a given identity if you’re trying to reach way back in time.
This is just not how users expect systems like this to operate. If it was purely a low-level async messaging protocol (where retention matters less) that'd be more okay, but it's trying to be used as a general purpose social platform.
And this is why I've concluded that the Nostr ecosystem is just deeply unserious about its philosophy of design and it's fundamental architectural flaws. It's super common to see responses that have the form of "here's why it's actually good that this sucks". I thought it was clever when I first discovered it, but it seems like they're very happy to be stuck with half-broken functionality because it feels fun and janky like IRC and they're all used to the bitcoin ecosystem where they can just blame the user for messing up.
It may be that Nostr just isn’t for you. The tradeoffs involved come with costs and benefits, and that mix tends to appeal to two primary groups right now, crypto people and free speech maximalists. (And also quite a few Japanese people, for some reason.) Similarly, the Fediverse has its own limitations and tradeoffs, which appeal to a different set of groups. Both have a healthy number of users and seem to be developing well.
I think that this kind of fragmentation is becoming more common. Not everyone wants to be on a platform with the rest of humanity anymore. And not everyone shares the same design goals for protocols to replace those platforms.
> in a fully decentralized context (which Nostr is not, for what it's worth).
May I ask you to elaborate on this point?
The relay architecture is too limited so it encourages centralization through sticky defaults in user clients. UX noticeably improves when users have to query and publish to a smaller overall set of trackers. There's no structure to the protocol to encourage naturally spreading the load around.
This also means that it gets increasingly more expensive to run a relay as time goes on, making those parties have more sway over the network and giving the ability to selectively remove content.
So that's why I argue it's not fully decentralized, like BitTorrent. BitTorrent does have trackers, but they're only an accelerator over DHT/PEX. Peers can't manipulate content since you independently verify it. There would have to be some kind of in-protocol message exchange directly between participants, bypassing relays, when they were able to reach each other.
What prevents 100 Billion ChatGPTs from using any protocol?
Nothing, and that's fine.
If you are trying to stop monopolization, then having a large organization/government swarm the protocol gives them an effective monopoly. Being able to put a drop of clean water into an ocean of corruption is not really a working system.
If it doesn't have an attention-seeking-for-profit game built into it, there's no motive to flood it. If no one directly follows the bots, or anyone echoing the bots messages, and there's no algorithmically generated feed, there's no problem.
IRC is pretty good, and it survived the Freenode takeover by simply letting everyone know things are moving over to Libera.
Bluesky is awesome if you just ignore the "Discover" tab, I wish they'd just get rid of it. Librem One did something similar with Mastodon, it was peaceful.
After the initial excitement of finding decentralized platforms like that, I personally realized I don't care much for that type of interaction with people, so I don't use any of them very often. Same way I don't use my phone much, but it's there when I want it. Like a utility should be.
The motivation to advertise, track, remarket, and exploit is always there. If I started getting all my news via Bluesky, I would have to allow various businesses to reach out to me. Sure, I can have a separate account for that, but that just segments my comms.
Mind you, we are talking about using these protocols for the general public, not savvy hacker news readers.
cost, and we can create policy (shocker)
also what specifically are you worried about these 100 billion chatgpts doing?
The comment I was responding to said that protocols would solve the problems with AI. I immediately imagined telling my $10/month unlimited AI to hook itself up to whatever protocol is being discussed here.
They mentioned identity being important here. I'm not sure what that means in this context (some kind of cryptographic verification, maybe?), but the part that seems relevant to me has to do with trust. Either a person is trusted by people I trust, or at least an organization I trust makes some claim about this person (e.g. they're actually human, this is actually their real name etc.)
I think we'll be seeing something like that in the mainstream in the not too distant future, for obvious reasons.
Cost is irrelevant if they get more out of doing it than the processing costs.
Do they get more out of it than it costs, or are they still in the "people are just giving us money in the hopes that one day it turns a profit even though we're not charging nearly enough to make a profit" phase?
You're describing the AI companies and their business model.
I'm answering to that cost being a problem regarding "what prevents 100 Billion ChatGPTs from using any protocol?" - the context I have in mind for the above being scammers, political manipulators, spam, and people like that using ChatGPT/LLMs to take advantage of various protocols for profit (and the 100 billion figure being a figure of speech meaning "very many").