This suffers from the same problem that so so so many alternative social, federated, self-hosted ideas suffer from. Matrix, keybase, pgp, etc.
It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
I could see myself making similar comments. On a practical level, they're valid. But maybe...
If we are ever going to free ourselves of rent-seeking middle men, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
>, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
The above includes us highly technical people on HN. We really can't expect (or lecture) the normal mainstream population to make a cultural change to adopt decentralized tech when most of us don't do it ourselves.
E.g. Most of us don't want to self-host our public git repo. Instead, we just use centralized Github. We have the technical knowledge to self-host git but we have valid reasons for not wanting to do it and willingly outsource it to Github. (Notice this thread's Show HN about decentralized social networking has hosted its public repo on centralized Github.)
And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.
The reason can't be reduced to just "people being lazy". It's about tradeoffs. This is why it's incorrect to think that futuristic scenarios of a hypothetical easy-to-use "internet appliance" (possibly provided by ISP) to self-host email/git/USENET/videos/etc and a worldwide rollout out IPv6 to avoid NAT will remove barriers to decentralization.
The popular essay "Protocols Not Platforms" about the benefits of decentralization often gets reposted here but that doesn't help because "free protocols" don't really solve the underlying reasons centralization keeps happening: money, time, and motivation to follow the decentralized ethos.
"But you become a prisoner of centralized services!" -- True, but a self-hosted tech stack for some folks can also be a prison too. It's just a different type. To get "freedom" and escape the self-hosted hassles, they flee to centralized services!
I agree with you that it's about tradeoffs.
The cost ($$$, opportunity cost, and mental toll) of maintenance is very real. It can be hugely advantageous to outsource that effort to a professional, PROVIDED the professional is trustworthy and competent. To ensure that most professionals are trustworthy and competent two things need to be present:
1. A very high degree of transparency, so that it's very difficult for a service provider to act contrary to their user's interests without the user knowing about it.
2. Very low switching costs, so that if the service provider ever does act against their users' interests, they will be likely to lose their users.
As long as our laws encourage providers to operate in black-box fashion, and to engineer artificially high switching costs into their products, I believe there will continue to be a case for self-hosting among a minority of the population. And because they are a minority, they will be forced to also make use of centralized services in order to connect to the people who are held hostage by those high switching costs.
Somewhere in the multiverse, there's a world in which interoperability and accountability have been enshrined as bedrock principles and enforced since the beginning of the internet. It would be very interesting to compare that world with the one we inhabit.
I do wonder if self-host or centralised are the only options.
Something like IPFS, but that works remains my dream - decentralised, but in the cloud nonetheless.
It depends a lot on how accessible those services are. I tried to host some git repos 5 years ago and it was a hassle (needed mostly private git and reviews nothing fancy). I tried again this year and using forgejo was extremely easy. I don't remember exactly what problems I had before, so maybe I got better at finding things, but this time felt more polished. Containers, reasonable defaults, good tutorial on how to start, took in total less than one hour. I did in the meantime an upgrade and that was really 5 minutes (check change-log, apply it and go)
Of course, lots of work was done in the background to reach this point, but I think it is possible. Will I make the effort to make that happen for a social network? No, because I am not using them that much.
Technically things become simpler (in the sense that you can do it "at home" and if you add LLM-s to answer you when you don't know some obscure option it is even easier), but identifying well the use-case, deciding defaults, writing documentation, juggling trade-offs will remain as hard as before.
Note/edit: something being possible does not mean one should do it, so I think it will depend on everybody's priorities and skills. I wish though good luck to anybody trying...
Out of curiosity, how do you handle backups?
(To my great disappointment, a lot of "how to self-host" guides just omit that step, and quietly assume that disks don't go bad...)
Not the poster, but: use ZFS or LVM + XFS on your machine, do a snapshot, use restic or kopia to back it up to cheap object storage in the cloud, such as R2. If it's too technical, run syncthing and mirror it to a USB-connected external disk, preferably a couple of meters away from your machine.
A poor haphazard backup is better than no backup.
> A poor haphazard backup is better than no backup.
but is it better than cloud provider?
Cloud provider can lock you out without recourse and you'll lose your data.
Local backups can fail, be destroyed (for example a failed PSU kills both your PC and any attached devices), or be deleted by malware
How complex do you need to have your local backup to achieve cloud providers' reliability?
The best backup is a proper 3-2-1, with regular testing of integrity, and regular restoration from a backup as an exercise. But most people cannot be bothered to care quite so much.
So, keeping a half-assed backup copy on a spouse's machine in a different room is still better than not keeping any copy at all. It will not protect from every disaster, but it will protect against some.
My own backups progressed from manual rsync to syncthing to syncthing for every machine in the house + restic backups (which saved my bacon more than once).
>And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.
You're contradicting yourself. Why is HN centralized, while a phpBB forum is decentralized? Are you conflating decentralization and being open source?
>Why is HN centralized, while a phpBB forum is decentralized?
There's a spectrum of decentralized <--> centralized for different audiences.
For this tech demographic here where installing some type of p2p or federated discussion tech (Mastodon? Matrix?) is not rocket science, it's more convenient for us to avoid that and just be on a "centralized" HN. I used to be very active on USENET and HN is relatively more centralized than a hypothetical "comp.programming.hackernews" newsgroup. This is not a complaint. It's an observation of our natural preferences and how it aggregates. (Btw, it's interesting that Paul Graham started this HN website but doesn't post here anymore. Instead, he's more active on Twitter. He's stated his reasons and it's very understandable why.)
For the phpBB forums where a lots of non-tech people discuss hobbies such as woodworking, guitar gear, etc., the decentralization perspective is the php forums and the centralization is towards big platforms such as reddit / Discord / Facebook Groups.
I see similar decentralized --> centralized trends in blogs. John Carmack abandoned his personal website and now posts on centralized Twitter.
My overall point is that a lot of us techies wish the general public would get enlightened about decentralization but that's unrealistic when we don't follow that ideal ourselves. We have valid reasons for that. But it does a create a cognitive dissonance and/or confusion as to why the world doesn't do what we think they should do.
EDIT add reply: >Wouldn't comp.programming.hackernews concentrate discussion under a single heading and also be hosted from a single specific computer?
Usenet is more decentralized/federated: https://en.wikipedia.org/wiki/Usenet#:~:text=Usenet%20is%20t...
> I used to be very active on USENET and HN is relatively more centralized than a hypothetical "comp.programming.hackernews" newsgroup.
How so? Wouldn't comp.programming.hackernews concentrate discussion under a single heading and also be hosted from a single specific computer? This confuses me even further; I don't understand what you mean by centralization.
>For the phpBB forums where a lots of non-tech people discuss hobbies such as woodworking, guitar gear, etc., the decentralization perspective is the php forums and the centralization is towards big platforms such as reddit / Discord / Facebook Groups.
Surely by this interpretation HN is decentralized. It's a special interest (if relatively broad) forum just like those phpBB forums were. I ask again: is HN "centralized" just because you can't spin up your own copy of the software to use it to talk about gardening?
> we simply have to make a cultural change where non-technical people do more for themselves
This only works with a TINY part of the population. Most people, even if they actually do care, just don’t want to expend the immense mental capacity to learn all the technical specifics. This stuff is HARD for people. Imagine having to learn metallurgy in order to drive a car.
> I don't even think it's about technical difficulty (most of the time)
I do. We simply don’t appreciate enough how HARD things are for non-technical people that we take for granted.
> I think people just want someone else to take care of their shit
Of course, that’s what software is supposed to do. And we can build software that does this, even with good primitives. We just have to laser-focus on UX and can not hand-wave away glaring issues that will instantly lose 95% of users like most of us keep doing.
One thing you learn from game theory is that you need to understand the rules of the game everyone is playing. You cannot change them, you can only play by them.
"Making a cultural change" is not something you or any group of people can do. The superstructure of the game decides those, not the players. You can try, but nobody will play your new game.
There’s room for both pragmatic and idealistic solutions in most cases. Sometimes the rules of the game change on short notice, and being in the right place at the right time makes all the difference.
It is not about playing new games though, but about affecting subtle changes over prolonged periods of time. You can't know the outcome, but you can help steer the right overall direction.
This isn’t true, or is true but much more limited in scope than you’re presenting it.
The ultra-rich spend big money chasing influence and power in order to change cultural norms. And it works.
Covid, and its backlash. changed cultural norms, while the rules of the “game” remained largely untouched.
Thats not at all a leason I learned during my years with game theory. It sounds like a life-lesson completely orthogonal to game-theory.
And wrong I must add, ignoring people who have made an actuall change in the world (although its true that most people end up making very little difference either way).
What's wrong with middle men? They provide a service, too.
Eg your bank genuinely helps with finance and transfers compared to transacting directly on a blockchain or snail mailing cash around.
> I think people just want someone else to take care of their shit.
Yes, division of labour!
> What's wrong with middle men?
Purely on a philosophical point of view and depending on where you live, they do nothing but increase the costs without adding value.
For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
The most common argument is - "when things go wrong, the agent will take on the liability for the listing", but that is rarely the case in real life (again, may vary greatly depending on where you live). In most of Asia, this is not the case at all. They take their nice fat commission and wash their hands off later, not even picking up your calls most of the time when there is an issue.
So what do agents do now? They hoard information instead. They advertise good listings, but to talk to the owner you will need to engage (and pay them) first.
Real estate agents are just one. Car dealerships rank right on the second in my list.
We don't need more agents. We need democratized access to information.
I disagree. I do not care about the details of a ton of stuff. I do not even understand them.
On the other hand, I do care about people that are knowledgeable of these details, specialized, and trust to handle them for me for a fee.
That’s true of banking, realting, health, security, building, manufacturing of everything I use (or almost). That doesn’t prevent me from vaguely understanding the principles and some bits. And that saved me a ton of time and worry. But for the few times one agent does not work up to his promises.
I am 49, I have dealt enough with try to do all by myself, and I do appreciate and rely onto middlemen way earlier now.
This is fine and works for small ticket items. But in some cases, you will end up paying upto 50% of the ticket value. Eg. Realtors in some countries charge 50% of the transaction value - while the value they provide doesn't scale with transaction amount. Usually, a $200,000 house and a $2,000,000 house require the same amount of paper work (of course, depends on where you live, etc).
Yes. The crucial bit is that there are plenty of competing middle men you can choose from (and are also allowed to do it yourself, where possible).
> An owner can list their apartment/house directly online.
How will anyone find the house? If I use an online estate agent, then that's still a middle man. If I publish adverts on Facebook or Google, that's a middle man. If I'm hoping that I can generate enough SEO for my house to appear at the top of searches, that's also relying upon a middle man - the search engine. I guess I could just put a board outside the house with a URL on it and hope someone stops to take a photo.
Estate agents provide that marketing service as well as others around arranging viewings and interaction with solicitors, although that might be UK specific. But they do provide a service that would take a crazy amount of time for you to replicate by yourself for a one-off house sale.
> How will anyone find the house? If I use an online estate agent, then that's still a middle man.
Right now your realtor is paying your listing fees, paying a photographer (maybe) and paying to stage the home (again, maybe). Those are all fixed fees. Then the realtor takes a percentage of the transaction. If the realtor goes away, those fixed-fee services can all still exist and be easy to use. You could even replace the realtor with a general contractor sort of person who manages them and also charges a fixed fee and it’d still be a win.
Thanks, this is the best logical explanation to this argument, hands-down.
I find it amusing that the person who brought up the word "middleman" is implicitly pointing at big internet companies, and here you are telling me Facebook or WhatsApp are not middleman.
It is a very broad categorization to call anyone in-between a middleman. By that logic, these are all middleman because I use their service to sell a house:
1) My ISP because I use internet through them
2) My phone service provider, because I make calls via their network
3) My car manufacturer / leasing because I pay a monthly fee to go visit the listing
But, by my perhaps opinionated definition, none of the above should be classified as active middlemen because they don't interfere with my transaction w.r.t the listing. Facebook and WhatsApp are not active middlemen. They are simply just a listing service. I could replace them with say, Craigslist or even a Google sites web page and I would still be fine. The worst that could happen is I might be asked to pay a small fixed fee like $20 for a listing/webpage. The service provider (generally) doesn't care what the listing is about. That's why it's passive.
Real estate agents are active middlemen. They in most cases prevent the transaction altogether if you don't use them. They are not asking a fixed fee, they are asking for a percentage of the transaction - when the value they add doesn't compound with the transaction amount. That's why.
I think the point is to reduce the amount of middleman.
But why? More competing middle men is better than fewer.
The idea is fewer LAYERS of middle men - not less middle men competing for your business.
I.e. get rid of the realtors - don’t get rid of the house photographers, listings sites, and staging companies. Remove a layer between you and a sale, don’t reduce the number of photographers competing to take photos of your home for sale.
Well, you should be free to bypass layers, when you want to. But sometimes they can be useful, and people should be allowed to add layers.
Eg a concierge is purely a middle man between you and various restaurants and venues. Many people find them useful.
If the concierge is outsourcing some of the calls and research she has to make to some assistant in the Philippines, that should be fair game.
I do not disagree. You are free to use a realtor, and/or Facebook, and/or whatever.
We made very good experiences with a realtor when we bought our apartment. Where I live, there is a lot of bureaucracy at play and the process is not easy to understand even when you have experts to ask. There have also been very sophisticated frauds on both sides - sellers and buyers - that a realtor from a well-known franchise blocks.
Generally, I see no problem with competent middle men. They offer a service like any other service. If you want the service, you buy it, and if you don't want it you don't.
> there is a lot of bureaucracy at play and the process is not easy to understand even when you have experts to ask
I’d be willing to bet the reason there is a lot of bureaucracy at play is At least in part because realtors wanted job security. Just like taxes staying complex because of lobbying from tax prep companies.
I'm a bit confused about the tax prep. There's tax prep companies and software in other countries, too, and the incentives seem pretty much the same?
Germany has pretty complicated taxes, but I think they don't seem to have the same tax prep lobbying?
(In Germany, the complicated taxes are partially there because whenever you change anything or remove a complication, some people who currently benefit from that weirdness come out and complain.)
Here in Singapore taxes are mercifully simple.
> For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
Is anyone forcing you realtors where you live?
FB Marketplace is just another middle man. (And that supports my thesis from another follow up comment: you want lots of competing middle man!)
Btw, real estate agents in eg the UK take about half the cut in a typical home sale compared to the US.
> Car dealerships rank right on the second in my list.
Yes, and as far as I know they are only a problem in the US, and that's because the US has crazy regulations that pretty much mandate car dealerships. In eg Germany you can buy your car direct from Volkswagen or from any dealership you want.
> We don't need more agents. We need democratized access to information.
Let a thousand flowers bloom. We need more agents, more competition. (But also make direct access legal, where possible.)
> Is anyone forcing you realtors where you live?
Yes. You can self-list on fb marketplace, but you can’t list a home in the MLS listing service they all use without using a realtor - and the buyer’s agents won’t show your home or suggest it to their clients.
So yes, they are using their dominant position in the market to protect their dominant position in the market.
Nothing wrong with middle men per se, but problems do arise when we all rely on the same middleman: those become way too powerful and can do nasty things.
By that time, no one can do without the nasty middle man as we have forgotten or never learned the skills to fend for ourselves and are thus beholden to the nasty middle man.
Network effect compounds this
As long as you have plenty of competing middle men, like we do for eg social networks in the real world, it seems all fine.
Remember: Facebook is for grandparents, not where the cool kids hang out.
Where do the cool kids hang out?
In a cool club on the other side of town, where the real cool kids go to sit around and talk bad about the other kids.
Yeah, it's a real cool club and you're not part of it.
That's ok, I dont really like clubs. Too many people
A while ago it was Instagram or perhaps tiktok?
However, take the fact that I have heard of these places as strong evidence that they are no longer cool.
There is in fact nothing wrong with a middle man who provides a service, as long as their power over you is limited to the provision of the service. The "tech platforms" are not middle men in this sense. They don't just provide a service, they also own aspects of your personal life.
[flagged]
> I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
I get where you're coming from, and as much as I'd love to see everyone become more technical, we live in a specialized society. You could use the exact same phrase to talk about fixing cars, making clothes, or producing your own produce & livestock.
A while back I, who has very little mechanical experience, decided to swap out my snow tires myself and fix a broken valve stem. After buying tools and parts (nearly the cost of having a mechanic do it) I probably spent nearly 12 hours on those two things combined. It was a slog, and didn't make logical sense for me to do it (working a bit extra to cover the cost of a mechanic's labor would have been more efficient), I just did it because I want to learn how to do basic mechanical stuff.
For a mechanic, that probably would have taken like 10 minutes - they might say "Hey, people should work on their cars more. It's not hard, people just want other people to fix their problems." But it's a lot harder for somebody who doesn't have a career in fixing cars, and I think a lot of IT guys have a bit of a blind spot when it comes to how easy tech is. Not that it's harder to learn than anything else, but that we already took the time to learn it, and it makes a lot more sense for people specialized in other things to outsource it.
The solution, IMO, is to create more user friendly alternatives to the user friendly centralized services. Open source &/or decentralization don't need to be much more complicated than something like Facebook would be.
Yes, I didn't mean to imply non-technical people need to suck it up and get comfortable with Unix man pages, say. I don't think that's possible on a large scale. But what might be possible is people learning to understand the invisible servitude they live under, and their lack of power over their own digital lives, and to start caring. That is a social and educational problem. If that happened, I believe the UX problems with self-owned software would mostly take care of themselves (and in many instances that is already the case, or nearly so).
I see where you're coming from, but I disagree. If we see it as a dilemma between:
* trust giant unaccountable organisations
* do things yourself, because you're the only one you can trust
we won't solve the issue, because there are too many things that every individual would have to understand, execute correctly , and do so with perfect OpSec.
We need to work out the social bit, as well as the technical. How do we make it practical for individuals to delegate trust to smaller organisations, so that they can switch between them if they show signs of abusing that trust? This needs social innovation as much as technical - how do we bootstrap trustworthiness for small organisations? How do we do it fast enough that the next move is to an ecology of small organisations, not just to the next Facebook/Play Store?
Agree completely. A solution would probably need to involve:
1. The alternatives being relatively easy to setup and use. This has already happened with some FOSS software.
2. Social norms changing around them (ie, it's "cool" / "normal" / "expected" to use privacy and ownership preserving alternatives). Basically has not happened at all.
3. Laws prohibiting, or limiting to a significant degree, the extent of the abuse that can be inflicted, changing the incentives. GDPR, whatever you think of its execution or effectiveness, is at least proof this kind of thing can be done.
The latter two are both very difficult problems, but I don't see any other way out.
Most people don't really care about rent seeking middle men though, so why should they put in effort into doing things themselves?
Maybe it's ok to create something that isn't for most people. That's how the internet started out. It's only gotten worse the more accessible it became to most people. Maybe it's a good thing to create a split based on capabilities and technical know-how.
But we already have a bunch of social networks that are not for everybody. The problem is that social networks are pretty much a winner-takes-all market due to network effects.
We do and many of us prefer it that way. I’m not on any major social media because I personally consider it asocial — you can’t have that many actual friends or acquaintances. My «social media» is a handful of smaller discord servers and an irc channel, and an extensive webring of personal websites.
> we simply have to make a cultural change
Yeah...
I mean, they're impossible, and yet they happen. I've seen cigarettes and seat belts change in my lifetime. As a former smoker and denizen of the world of ubiquitous airplane and restaurant smoking sections, I would have bet anything against the rapidity of change in norms and laws that occurred.
I mean cigarettes give you cancer and seatbelts can save your life. Both of them were supported by massive government initiatives and tax incentives. How is that even comparable to software middle men? The problem is not even on the same scale.
Governments have started banning social media country-wide.
How is social media a middle man service?
Or is that just another level of rent-seeking?
"one does not simply make a cultural change"
Maybe with ai assistants, everybody is effectively technical?
Then the AI assistants will be the middle men.
So anything external we depend on is a middleman at this point. We need to do better than this. :P
Convenience is king. We always pay for convenience in one way or another.
It's not rent seeking if they're providing a service
easy way will always win
1. Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
2. You don't need to know unless you want to implement the protocol! To use (the very barebones) implementation all you need to do is fork the repo & give access, which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
> Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
Having seen enough story in the vein of "if only I still have my bitcoin wallet from 2014" and "our storage server failed and when we tried to restore from backup we found out our last working backup was from two years ago," I have to say I have a rather dim view of how competent people actually are when it comes to keeping backups working.
I am not saying cryptography isn't useful for safeguarding your data, I just think for perhaps 90% of the users out here the risk of being locked out of your data permanently is more realistic than your data being accessed by a bad actor.
> which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
From reading the website, I was under the impression this is a techie oriented project still looking for technically inclined early adopters instead of something you can readily tell grandma to hop on. I sincerely doubt the average friend and family member who needs other's help to set up a personal website knows what the protocol does or why should he or she use it instead of Instagram or Facebook, or Signal, if the point is just to keep in touch with people you already know.
This is a usual pattern, a tech savvy hacker creates this great tool, but if you don’t put in the interface work to make it easy, frictionless, it might as well not exist for the general public to consume. Grandma will never use this. Or not even a slightly technical person will. (And it’s fine if that isn’t your audience ofc)
My call to any devs reading this: get an interface designer, put in the usability effort before adding new features.
The majority of users are not complete morons. If they understand the need to backup their private key (or wallet password, or whatever), they can do it. If they still don't do it, maybe they don't value their data. In 2026 even the proverbial grandma should know what a backup is, even if they don't understand exactly how a given private key or protocol works.
We shouldn't cater to such users and make our communication less secure because people put off making backups.
> In 2026 even the proverbial grandma should know what a backup is
https://xkcd.com/2501/
Authentication has gotten really annoying on the web. I don't even care if my data gets stolen for most sites. Like HN is just username and pass and I love that. I don't care if someone hacks my HN account. What are they going to do? Get all my public comments? I prefer that ease of use versus having had to 2FA every time for years.
I think a lot of even not very technical people have gotten used to TOTP QRCodes, and being able to store screenshots of them in password managers. (And having experience in losing 2FA keys that they'll go to some lengths to not repeat.)
I wonder if there's a decent way to encode these private keys in QRCodes? You can jam about 4kB in a high density one from memory? (I know that'd be possible from a developer/technical point of view, but if this were my project I'd want a talented UX designer to have complete authority over how this is presented and explained to users.)
One other idea - maybe implement a Shamir's Secret Sharing mechanism where your private keys get sharded and encrypted to a sufficient number of selected friends, so of you lose your s@ private key it can be re assembled by convincing - say - 8 out of 12 selected friends to give you their part?
Or alternatively - automate a "recovery mechanism" where you set up a new key pair and publish it on a temporary domain/site, and can then ask a friend/follower who can authenticate your identity out-of-band - to export all you posts decryptable with your new key, then put you new key and all your old posts back into your main site.
Many years ago, I had an idea to use specially formatted emails as a transport layer for a social network. Predictably, it too, went nowhere: https://medium.com/@hliyan/email-re-skinned-as-a-social-netw...
I had a similar idea, but it didn’t go very far beyond research. There are some special app interfaces that people have developed that remake email to look more modern like chat apps or social networks, by removing all the boilerplate.
Some of the issues I was thinking about:
Email clients by default block many types of messages and the allowed mime types are limited as is the support of html. So you really need your own email client to bring in the types of features we’d like to see, or, as you say, an intermediate format that is reinterpreted.
There’s also the fact that gmail or outlook mail servers may simply block and blacklist the content. Email was designed to be decentralized but it has moved to a system where a few companies control the major mail servers. If you wanted to re-decentralize email and add some anonymity then everyone would become their own mail server but this would raise the problems of email viruses and spam - and it’s not as convenient as just using your existing email and app.
That is a very good concept, enjoyed reading it.
On the original concept is restricted to share outside the participating people but could be relevant that people add more people that are interested in a topic.
Email is a good transport layer. Nowadays people just imagine it as messages between large providers, but I'm in strong favour that small providers or self-hosting email can still be used.
I love this idea, and I’m implementing it! If I ever have a working MVP I’ll send you a link.
Please feel free to do so. Years ago, another HN user and I tried to make some headway, but our day jobs intervened. Now that we have LLMs at our disposal, you might have better luck!
Some years ago I was involved with a society (club), and we wanted a webforum. But as we were geeks as well, we created a combination of a web-based solution, mail-lists and NNTP. These three solutions were syncronized, so it didn't matter which one you used. This worked well for several years.
In the FAQ at the bottom of the post, the author mentions that this proposal is just the AT protocol (BlueSky) without the active, "firehose" component.
I don't think this is a real proposal, but more a thought experiment about how a static site could integrate into BlueSky. I saw a few similar efforts to integrate the "passive" components of ActivityPub into static site generators so that you could make your static blog consumable via the Fediverse.
In reality, if you really wanted to publish your static site blog posts on BlueSky, this is probably a good place to start! As you mention, there are some serious usability issues with doing everything by hand, but you may find that acceptable or invest in workarounds. Maybe it's possible to use your BlueSky identity so that you aren't in the business of managing keys. Or maybe you could use a script or static site generator plugin to pull credentials from somewhere.
> ... in a way that can unseat big tech.
Where is it stated that this is a goal for this project? You and I both may want a way to break the influence of the dominant social media companies. But this doesn't have to be that in order to be successful. It just needs small groups of people to use it in a way that benefits their communities.
I tried to make a way of sharing posts with friends without having to be on a social network... I came up with NoteSub:
https://apps.apple.com/gb/app/notesub/id6742334239
I like it. And mass adaption is not required to use it.
I would have loved to have made this a true social network in some regards, however, there are issues of moderation and storage that become very expensive at scale.
Moreover, adoption of a new social network is super hard to promote. So many Twitter, Insta, etc clones have failed because they are just 'clones'. Not offering any thing new.
It should be considered although Thiel talks of 0 to 1... A great deal of dramatic software/hardware progression comes from a highly evolved successor to an average pre-existing product.
The iPhone was not a zero to one, nor was Apples GUI, they were just highly evolved versions of average or below average products that already existed. Social media apps are already highly evolved for their function. We need something better for edge cases, but the current state of social media platforms means that something supremely better is required before any adoption drive becomes meaningful. When such a product comes, mass adoption is inevitable; we crave and succumb to better ways of communication and contact.
I don't understand what it has to do with sharing, it just seems to be a note-taking app? It even talks about being local, offline and can't even sync with your own devices unless you pay.
But nothing obvious about your friends being able to see them.
You make a note, they are designed to look as good as any social media posts.
You can share the note with whomever you wish, using what ever messaging system you you like, and the note will look as good as a social media post, ie how you designed the note. I am sorry, it does take a bit of imagination. I never wanted to pitch it as a social media app, but, its as close to personally controlled social sharing that I could conceive.
You dont have to pay to use it. Very few people need to use cross device sync and those who do seem happy to pay for it.
Ie, it is free, so if any ones wants to try it, I would love to hear.
This is what I built Jonline for. Haven’t maintained it for a while, but it’s quite functional as-is. Basically a very vanilla Twitter/Reddit-with-first-class-calendar-events, standard Rust web+gRPC server on Postgres DB, React web UI, and no encryption other than HTTPS/TLS. No server-to-server communication, just username/password auth. Super easy to understand APIs (https://jonline.io/docs). (I do need to build better cross-server auth, but this can be done in the FE only with the existing APIs.) Can boot it in a Docker container in seconds. A few “demo” instances I run are linked from the Readme: https://github.com/JonLatane/jonline
> Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Isn't that basically Mastodon?
Sure. Yes. One of the most successful alternative/distrubuted/federated social networks out there? Yes exactly. More like that please!
"1. I am very technical"
What does this mean
https://ianix.com/pub/x25519-deployment.html
For example, does "technical" mean curious, enjoys learning, motivated to take things apart to understand them, ...
Does it mean likes to create accounts, signs up for websites, apps, etc., heavy social media user, terminally online,...
What does it mean
An encryption key could be stored in a QR code and the user could be sheltered from any technical issues.
To be honest if we’re talking truly accessible, even usernames and passwords aren’t great. Users forget them. That’s why a lot of sites these days offer to email you “magic links” to log you in. And if you want to do that you need to make sure you’re running a server sending emails that won’t immediately go to spam.
At a certain point if you want a truly scalable, decentralized platform you’re going to have to cut back on backend responsibilities. This is a logical answer to the problem.
Cloudflare tunnels are an interesting alternative, self hosted but with external security
Self hosted but with big tech having a backdoor into your local network, having your ssl private key, and dictating the terms and conditions of what you self host.
I've never understood selfhosters fascination with cloudflare. They have some cool products but I have a feel 2026/27 is the time they start to show their evolving colours
cloudflare should never be trusted after what they did to kiwifarms.
So you were ok with what they did to 8chan and the daily stormer but kiwifarms is where you draw the line??
What did they do to them?
They were defending Kiwifarms for awhile but then the pressure became too much and then they blocked them.
https://blog.cloudflare.com/kiwifarms-blocked/
So are they bad because they didn't block them for a long time or are they bad because they did block them eventually?
> 2. I am very technical, and idk exactly what a X25519 keypair is.
As in, you cannot describe it exactly, or you have never run into it?
Additionally, you could just look it up if you care about the technical details.
Fully agree.
Who's gonna sniff your traffic from home? NSA, your ISP?
They already do.
Same as in corporate networks: your data is MITM anyway.
Fun should be unencrypted. It's not shopping or ssh into server.
> Fun should be unencrypted.
Five years ago I would totally agree. Now, when you do not want to share your fun thoughts with a border guard; a police person; an AI scavenger; a random jerk -- I would say, having a safe-ish space becomes almost a necessity
I’m not actually suggested anything be un-encrypted. I’m just saying we manage keys on the server not the client. Tls secures the password transaction, then the server issues the client a key and everything works as s@ suggests. If the keys expire or the client loses them, you repeat the login process.
Unpopular opinion: names like PKCS12, X.509, X25519, ECDSA, etc. hurt adoption making the world less private, secure and decentralized.
I agree 100%. E.g. 802.11a/b/c/etc wasn’t selling. Wifi however…
Names matter. We can keep the technical stuff under the hood, while presenting a clean interface for those un-interested in the details. But we can only do that when the thing built right. Notice how you don’t have to share encryption keys when your friends want access to your home wifi?
Even the password part is harder than it should be. Idk why routers don’t just have a button you press when someone wants on the wifi. They knock on the network, a light flashes - press button, they are let in. Would work for most home use.
WPS is a thing that's exactly what you describe. People suggest disabling it these days because tools like reaver can use it to access a network in a few minutes.
QR codes with wifi details kind of obsoleted it in the past few years. (last three routers I've gotten even came with stickers with the default password as a qr code)
What I'm disappointed by is the lack of adoption of wifi standards that are encrypted, but don't require authentication to join. It's always a choice between no encryption, or password+encryption on hardware I've encountered.