This dossier gives an overview of the technological bricks available today and missing links to decentralise the internet again, and to get rid of GAFAM’s [Google, Apple, Facebook, Amazon and Microsoft – ed] hand on our data and our lives.
- State of play
- Social networks are a misuse of the Web
- WebRTC: the worm is in the apple
- Federations: a first step towards decentralisation
- ActivityPub: A protocol to connect them all
- Indie Web: control your digital identity
- IPFS & Blockchain: Internet without a server and without censorship
- Impose interoperability at GAFAM
- Incentives to migrate
- Summary and conclusion
State of play
The Internet is broken.
In 40 years, the network of networks, initially thought of as an open, resilient, and decentralised system, has been locked by a handful of private monopolies capturing all our personal data in opaque silos and selling them to the highest bidder.
The Internet was originally based on open communication protocols. Protocols are standard languages that allow computer terminals to communicate with each other:
Gradually, GAFAM captured users, imposed proprietary solutions on them, and shut down these communication protocols to lock users into technological silos:
- XMPP and IRC for Google Talk, Messenger, and WhatsApp (owned by Facebook);
- RSS and emails for their “social” platforms;
- Websites benefiting from “Facebook pages”;
This situation is grave and unsustainable in many ways:
GAFAM enriches itself on our backs and gives our personal data to:
- Banks, to assess the solvency of our contacts;
- Insurance companies, so that they can learn from a costly chronic disease, or a questionable lifestyle;
- Public services, in order to track health insurance fraud;
- The US government, via the mass surveillance unveiled by Edward Snowden.
The possibilities that these multinationals have to influence and censor our democracies are delusional. A concentration of powers never equaled in the history of humanity. Facebook boasts about determining (and selling) your nominative policy orientation, for à la carte campaigns, or even to influence millions of votes in elections.
- The concentration of sensitive data makes it a prime target for large-scale piracy.
- Users are fist-bound to their services, and cannot compete, as these services merged with their digital, non-transferable identity:
It is very difficult, if not impossible, to migrate to other services (other emails, other social networks) without losing contact with his/her contacts.
- The business model of these companies is advertising. Facebook and Google are essentially advertising agencies: their products are designed to capture our attention (or available brain time, as Patrick Le Lay would say), and make us addicted to notifications, to the point of robbing us of our presence in the world.
Social networks are a misuse of the Web
The monopolistic concentration of Web giants is essentially based on an error in the design of these tools.
Let’s first distinguish two often confused terms. Internet and the Web:
- Internet refers to the global physical network of computer terminals, communicating through the TCP/IP protocol: This layer is fundamentally symmetrical and decentralised. At this level, nothing distinguishes your smartphone from a Google server: both are identified by their IP address, and exchange the digital data packets in both directions.
- The World Wide Web refers to one of the Internet applications, born at CERN in 1990: the publication of enriched texts (HTML), embellished with “hypertext” links. All are served by the HTTP protocol (itself based on TCP/IP). Unlike the internet, the web is asymmetric and centralised:
- Web sites are hosted by servers: terminals identified by domain names, which remain lit night and day to serve web pages.
- Users connect to these servers through clients: browsers, which graphically render these pages.
- Web sites are hosted by servers: terminals identified by domain names, which remain lit night and day to serve web pages.
The Web is only one of the many Internet applications: mail, chat, telephony, …
It is important to note that the Web (sites) is designed as an asymmetric system of data consumption: many users consume static and common information, on the model of television or newspapers.
Social networks are therefore not built on the right level: they constitute a decentralised and symmetrical application, built over a centralised and asymmetrical layer (the Web).
It is mainly this wobbly design that allowed GAFAM to fagot the market and impose unnecessary centralisation on social networks.
The good news is that technology is evolving and today allows us to decentralise these usages.
WebRTC: the worm is in the apple
Web standards are constantly evolving, driven by W3C (World Wide Wide Consortium)
Recently, the WebRTC standard, integrated into HTML 5, decentralises the Web again: it allows two browsers to communicate directly between them, without going through a central server (once they are connected).
WebRTC is now supported by most modern browsers (Chrome, Firefox, Opera, etc.), on PC or mobile. This technology is the basis of several open source projects, already available, that offer solid alternatives to GAFAM:
- Jitsi Meet is a free and open source alternative to Skype: it allows you to conduct peer-to-peer conferencing conferences, without going through a server (and thus ensuring the confidentiality of the conversation) and without installing anything: directly in the browser. The French association Framasoft graciously maintains an instance of this software at framatalk.org.
- Peer-tube is an alternative to Youtube, free and without ads. The use of WebRTC allows peer-to-peer video streaming (such as BitTorrent), allowing you to offload server traffic and support an influx of simultaneous views without large infrastructure. Enough to allow minor actors to host videos without exorbitant cost. Peer-tube is also a federated social network, as we will see later. Framasoft maintains an instance of Peer-tube at https://framatube.org/.
WebRTC is definitely a master brick in the decentralisation of the internet. We see here that its adoption can come to titillate the two giants of the Web (Skype and YouTube).
The Web has an exceptional deployment: all terminals are now equipped with a web browser. Developing a web application (based on HTTP/HTML) allows much wider deployment and adoption than developing a specific program or application.
Federations: a first step towards decentralisation
Alternatives to the GAFAM social networks exist: Diaspora (a clone of Facebook), Mastodon (a clone of Twitter), Hubzilla, …
These social networks are open source software and are organised into federations: each social network is made up of several portals (hubs): these are bodies maintained by individuals or independent organisations, and connected together.
In order to join one of these networks, you choose one of these portals, and can directly communicate with all the members of this network, whatever their portal.
The architecture is similar to that of emails: each portal corresponds to a different provider. Users are identified (and mentioned/tagged) by their login and the portal domain, like for email addresses:
With these alternatives, we partially solve the following problems:
- Protection of personal data: the providers who maintain these portals are mostly non-profit organisations, funded by donations and very committed to the defence of privacy on the Internet. It should be noted here that this characteristic is based on trust and not the technology used. Our data is always hosted, in clear, on the servers of the portals.
- Censorship: Censorship is still possible, legally putting pressure on portal providers, but more complicated: it is necessary to independently contact each provider in order to remove a publication across the network.
Alas, these different federations are not necessarily interoperable: impossible to comment on a Diaspora publication with a Mastodon account.
ActivityPub: A protocol to connect them all
The problem of the interoperability of these networks is about to be solved:
Mastodon is at the origin of ActivityPub: a new protocol describing a standard language for social networks: publications, comments, likes, reposts, …
In the same way that RSS feeds allow us to track a multitude of blogs in an aggregator, ActivityPub allows us to track and interact with the news feeds of contacts we follow.
In January 2018, ActivityPub became a W3C recommendation. This recognition gives it an official foundation, which will certainly accelerate its adoption.
The social networks implementing this protocol are therefore interoperable:
Since the launch of Mastodon, it is possible to subscribe to a video channel on PeerTube, and to comment on it and repost it. Something that can not be done with GAFAM: YouTube & Facebook do not “talk” to each other.
Unfortunately, so far, Diaspora does not support ActivityPub yet. A paid development request (bounty) has been made to the community. It now stands at only €500 euros. You can add a few euros to this bounty in order to motivate the developers to implement it.
Indie Web: control your digital identity
So we now have social networks that respect privacy, and are (almost) interoperable. But what about our digital identity? It is always linked to a provider @[email protected]
This is a problem that already exists for emails: changing email address is tedious and complicated: to warn his/her contacts, to make a redirection, to change his/her accounts online, etc …
The solution is to buy a personal domain name (€10 a year), once and for all. That’s what I did for my digital transition.
It is then possible to point this domain name to the provider of his/her choice, in white label. Most mail providers support specific white label domains: Gmail, ProtonMail, …
In case of a change of provider, the migration will be invisible for his/her contacts.
It is the spirit of the Indie Web movement that sets out a set of best practices and standards for the management of its personal data:
- Get your own domain name;
- Manage your public digital identity on its main page (http://my-domain.com);
- Manage your data, preferably by hosting it yourself (with NextCloud or Cozy);
- POSSE principle: Publish on your own site, for syndication (transmission) elsewhere, including a permanent link to the original publication. POSSE can be done manually, or can automated with online tools such as IFTTT.
Let’s mention here the Known micro-blogging software to host on its server, which allows you to push your messages on Twitter automatically.
The principles of Indie Web require for the most part the installation and management of a personal server, in addition to the administration of the domain name. It’s totally out of reach for ordinary people.
To open these principles to as many people as possible Indie Host offers an integrated solution for managing personal data:
- Private domain name;
- Emails / webmail;
- Static profile page;
- Private Cloud (like Dropbox);
- Account on an instance of Mastodon.
This service is unfortunately a victim of its success and no longer allows new registrations at the moment.
Another shortcoming: social network federations do not yet support the use of specific domains: it is therefore not possible to point a single address of the type @[email protected] to a shared instance of his/her choice, and transparently.
This need is discussed here for Mastodon.
A social network should therefore offer, when opening an account, to use an existing private domain name, or to buy and configure this domain name for us. Ideally, a digital identity service could even be a state service, providing each citizen with a unique domain name (firstname-name.citizens.com) and a secure email.
IPFS & Blockchain: Internet without a server and without censorship
We have revealed solutions to the major problem of digital identity.
There are at least two major technical flaws to these alternatives:
- Censorship: At a time when democracies are stiffening, it becomes crucial to be able to freely communicate on the Internet, without fear of censorship. Thus, the European Parliament is in the process of adopting a directive to allow automatic censorship of content, delegated to private actors (Facebook & Google);
- Scaling up: Virtuous community service providers make and manage servers to run these alternative social networks. If they became really popular, from a few hundred thousand users to tens of millions, scaling up costs would be exponential. The scaling up of web services is a very complex task: it is not even certain that the underlying software (Mastodon, Diaspora) was designed for such loads.
To remedy this, it is possible to go further in decentralisation, and move to a distributed system.
BitTorrent is a good example of a distributed system. It is a peer-to-peer file sharing network. Every user who downloads a file on BitTorrent instantly becomes a “server”, and shares pieces of files with the rest of the network.
A file remains available as long as at least one member of the network has a copy. To censor a file, you must legally take action each user and force them to delete it, hoping that no one else has downloaded it in the meantime.
This system works without a centralised server. There is no need to invest in expensive infrastructure to distribute a popular file. In order to guarantee the availability of a file, only one terminal has to be permanently hosted. The bandwidth used (and therefore the cost of hosting) will hardly depend on the number of downloads: it will be the same whether you simultaneously distribute a file to a thousand consumers or a million.
It is this principle that is used by PeerTube to serve streaming videos at a lower cost.
Another network of this type, IPFS, adds the concept of imprint addressing.
In computer science, an imprint is a hash function that transforms arbitrary-sized content into a unique, deterministic (only content-dependent) identifier of fixed size. Two different files will necessarily have two very different footprints, even if their content is very similar.
On the Web, we usually identify resources by URLs (links), attached to the domain name of the host:
The availability and validity of the content therefore depends on this host: he/she has all power to delete or falsify/modify this resource.
With identification by imprint, the host becomes a neutral actor of the network. A user asks the network:
“Who has the file with the imprint def12-450ac-dfxc45? “…
… and each network node is allowed to return the requested file. The user verifies that the sent file is correct, by comparing the requested imprint with the imprint of the returned file: falsification becomes impossible.
Like with the Web, resources can be linked together, including the imprint of a file in another file. We then obtain what we call a blockchain. A blockchain is a structure of linked and tamper-proof data: a sort of big slate on which everyone can write but never erase anything.
It is possible to build applications on these blockchains.
These applications are then accessible either by:
- a specific program (mobile app or PC program)
Many distributed applications are emerging on this model, including social networks.
Here is a short list, extracted from this impressive list.
- Steemit, Minds – social networks for publishing content (articles, videos), integrating cryptocurrencies to reward authors;
These distributed social networks unfortunately work in silos and are not yet interoperable.
The implementation of ActivityPub would necessarily be via portals, bridging blockchains and the Web. These portals would again suffer from vulnerability to censorship and scalability limitations.
Authentication is the act of proving one’s identity to a computer system. In a decentralised system, even distributed, this step is complicated.
For most sites, authentication comes down to either:
- a login (which is often our email) and a password;
- a delegated connection to a GAFAM (Google, Twitter, Facebook, …). This delegation of authentication is done via the OpenID protocol.
In both cases, the verification of our identity is strongly linked to our email provider, or a GAFAM social network.
Indie Web proposes to adapt the OpenID protocol for personal domain names: this is IndieAuth.
The idea is to propose, in addition to the classic “Connect with Google / Facebook / …” buttons, a field in which one enters one’s domain name firstname-name.name. We are then redirected to the page of our own domain, where any login method (password, private key, etc) is configured.
This is done using an asymmetric encryption method. Each user has two keys (two very large numbers). One of these keys is public: it is published on its public profile, so that it is accessible and known to all. The other key remains private (we do not disclose it to anyone).
We use this pair of keys to:
- Encrypt a message. The sender uses the recipient’s public key to encrypt the message. Only the recipient’s private key can decrypt it;
- Sign a message: the author signs the message with his private key. Anyone can check with the public key of the author that he/she has signed this message with his/her private key.
The difficulty lies in hiding this complexity from the user while ensuring strong security. Encryption keys are files of dozens of cabalistic characters: far more complicated to manage (and store securely) than short passwords.
With a distributed system, it is also impossible to recover a lost key: no centralised trusted third party holds a copy of this key. If the user loses it, he/she definitely loses control and access to their data.
Concerning this point, alternative social networks are very heterogeneous:
- Diaspora, which was very austere at the beginning, is clearly improving with its latest versions. The version deployed on Framasphere is quite usable and pleasant;
- Hubzilla is particularly austere and complex to use (wiki editor, unintuitive interface). It’s a shame because it is also very rich in features (groups, transfer of account, etc);
- Mastodon clearly presents the most pleasant and intuitive interface, quite close to the ergonomics of Twitter.
The community of developers of these projects also often sins by pride and ideology, refusing in principle to develop integration or migration tools from GAFAM that would allow a broader adoption.
Many of these networks also lack central features, such as the notion of a group. You can follow the evolution of the request tickets for this feature for Mastodon and Diaspora (with the associated “bounty”).
Impose interoperability at GAFAM
Whatever the virtues, the ergonomics, or the freedom offered by these alternatives, they will never worry the giants of the Web as long as we will be blocked by the rupture of our social links.
It is essential to recognise the nature of the natural monopoly of social networks and to extend the legal obligations to manage our data (recently introduced at the European level by the GDPR), to the management of social links. We could thus require the interoperability of networks, by the recommendations of W3C (ActivityPub in this case)
This is the proposal made by the lawyer Lionel Maurel, and supported by the Quadrature du Net, in this article of Libération:
“We must be able to leave Facebook without losing the links we created there”
Incentives to migrate
Once gained interoperability, what would be the arguments that could push users to a migration out of GAFAM:
- Protection of personal data: the general public is unfortunately very insensitive to this question and seems to be gradually putting an end to the very concept of privacy. Popular education and the broadcast of documentaries such as “Nothing To Hide“ can help raise awareness on this topic;
- Monetisation: Some distributed platforms (like Steemit or Minds) offer a reward for authors of popular content via a cryptocurrency;
- Political action: The Yellow Vests movement, organised almost exclusively on Facebook, has paradoxically brought out a distrust for social networks and the censorship that is practiced there. The organisation is also quickly coming up against Facebook’s technical limitations:
- Few formal decision-making tools or democratic governance of groups;
- Difficulties in crystallising and organising/documenting decisions on a network designed to be a continuous stream of ephemeral information.
- Few formal decision-making tools or democratic governance of groups;
Framasoft launched an action in this direction, with the development of MobiliZon, a social network dedicated to citizen mobilisation.
Summary and conclusion
Here we have the draft specifications of an ideal social network:
- Open source (OSS);
- Interoperable (ActivityPub);
- Group support;
- Specific Domain Name (SDN).
Let’s go through them:
None of these networks meet all the criteria, but many are close to it. Rather than reinvent the wheel, we propose to encourage the improvement of these tools, by using them, by reporting the bugs to the developers, by financing them via donations and by voting for/commenting on tickets for the missing features referenced in links in the table.
Beyond the technical aspects, it is also necessary to initiate and support actions in the following areas:
- Ergonomics, by calling on ergonomists to work on these projects and to support developers;
- Legislation, by helping collectives working in this direction, in particular by financially supporting La Quadrature du Net, which produces quality work for the defence of our digital rights;
- Awareness of the issue of personal data and the power of GAFAM. In particular by the projection of documentaries and conference.
This dossier is the result of three days of research and writing. If you find it useful, I invite you to note your participation by Paypal (single payment) or Tipeee (recurrent payment).
Thanks in advance!
Copyright © 2022. All Rights Reserved.