W3C

- DRAFT -

Re-decentralizing the Web breakout (#tpac2015)

28 Oct 2015

See also: IRC log

Attendees

Present
Appelquist, Benjamin_Young, Bert, Bos, Dan, dbaron, npdoty, rhiaro
Regrets
Chair
shevski, deiu
Scribe
npdoty_

Contents


<scribe> scribenick: npdoty_

[show of hands for fans and skeptics of decentralization]

Irina: get input on what is happening in this space, what you're interested in, what are the opportunities or concerns
... is there something we can be doing in standards / w3c?
... context is that we're ever more dependent on the digital, personally, socially, professionally
... increasingly, interactions with vast monopolies in tech companies
... based on, for example, freemium/advertising-based business models
... but we want to be able to message people beyond a walled garden or signing up for a particular service
... a lack of real choice, with terms of service and privacy policies that are incomprehensible or not user-supportive
... missing out on potential innovation. for example, email in a world where you could only reach people at the same provider would be impoverished
... but we appear to lack the same situation in other social media communication tools
... lack of healthy ecosystem, but also privacy and resiliency concerns of centralized databases
... approaches include self-hosting, different protocol layers (IPFS, blockchain, distributed web),
... problem of adoption and business models
... not great alternatives. difficult to switch everything away

Irina, W3C Team, redecentralize.org bringing together communities and developing common strategies

Andrei, W3C Team, researcher at MIT with decentralized technologies on the Web

scribe: Solid

deiu: a lot of technologies for re-decentralization are not on the Web, for example, blockchain
... redecentralize.org has a very long list of projects

https://github.com/redecentralize/alternative-internet

<shevski> https://redecentralize.github.io/alternative-internet/

deiu: that's a good start if you want to get involved. but a key aspect is: Standards
... difficult to come up with solution not based on standards

timbl: could be architecturally centralized, even if it's physically distributed

deiu: unless you keep up to date with all the new versions of that product, you'll be out of date
... we should be looking into how we can build standards that will let us build decentralized solutions
... not just messaging, but a platform for lots of decentralized use cases

shevski: what are the incentive mechanisms? different business models?
... what would be necessary for a viable set of alternatives?

dka: in a previous Social Web workshop, we had a speaker from the Tahrir Square protests
... use case was using tools to organize, distribute information to people involve in a protest, even after the upstream source was removed

<tantek> dka that may have been the 2011 Federated Social Web Summit / Workshop that was organized by the Federated Social Web Interest Group

dka: was discussed by the TAG (Technical Architecture Group), but not clear what we could do in the Web Platform that would help
... distributed cache of pulling content from people around you also creates privacy problems (about who has visited certain pages)

mnot: Mark Nottingham, Person
... security properties of a decentralized protocol are very different from what we've gotten used to on the Web in HTTPS
... anything that is decentralized is "mixed content", different scheme, not the same lock icon, etc.
... don't want others on my network to know what I'm browsing
... security community is very worried about anything that makes the security model more nuanced, when users are already having trouble keeping up

deiu: use case of being cut off isn't just government control, but, for example, emergency disaster scenarios

mnot: decentralized protocols that are more application-specific could be fruitful

<mnot> The blog entry that I mentioned: https://www.mnot.net/blog/2015/08/18/distributed_http

tantek: Tantek, IndieWebCamp, Social Web Working Group
... IndieWebCamp community was formed to fix those problems:
... 1) smart people solving decentralization problems with a centralized project
... ... principles over a single project
... ... specifically avoiding the anti-pattern of "monoculture", which we see in Diaspora, tent.io, and more every year
... 2) incentives: admit that everyone has their own incentives, including self-dogfooding and scratching your own itch, implementing your own solutions rather than selling others on it
... ... a good thing to solve problems in parallel

<tantek> https://indiewebcamp.com/#Beyond_Blogging_and_Decentralization

tantek: 3) design first, with protocols and formats to follow
... earlier movement stalled at Pingback, where social networks innovated on design, user interface, features, etc.
... because users care about features more than they do about low-level technology

<tantek> https://indiewebcamp.com/#Beyond_Blogging_and_Decentralization

tantek: make a decent UI / user experience

Irina: push for adoption of protocols and execution on UX/design, so as to provide something that larger silos have an incentive to interoperate
... governments should care about these standards, because of the ability of thriving ecosystems in this space

<tantek> npdoty - no insults were levied - just a recognition of difference dominant focus

<deiu> ack

Irina: tax companies that don't use open standards

<tantek> kazue: personal data store as important

kazue: share the situation in Japan. my first time in seeing the phrase decentralized Web. seeing large companies taking hold of our data. seeing a personal datastore as an alternative, where we have control over our own data

<tantek> ++ on ownyourdata

[+1's]

<Zakim> timbl, you wanted to challenge Mnot’s assumptins aout incremental change from http Same Origin etc

timbl: distinction between the Internet and the Web, Vint Cerf in the 1960s
... the Web is the abstract space of data and information, HTML, HTTP, URLs, invented in 1989, building on top of the Internet, without having to ask Vint for permission
... just chose a different port number, based on my parents' telephone number
... could put a web server up on my NeXT box with a network connection on my desk, everyone could run their own webserver
... if you had improved on something I had written, you could edit it and save it back (a read-write web)
... finding things by following links, no Google in those days
... looking back over 25 years, we don't have the decentralized ability to author, or to control your own data
... web model was that you'd have lots of different servers, controlled by different people
... held together by these common standards
... same-origin security policy assumes that your data is all inside this website
... which can be disempowering for the person, and the amount of data that the site has is a barrier to entry
... we should be able to move data from one to another, move identity, etc.
... when you run an app, there's no reason that the data has to be stored on a server run by the company that wrote the app
... personal datastores, PDs or PODs

<dka> Amr Gharbeia was the speaker at the Berlin social web workshop from years ago that I mentioned in my question (https://twitter.com/gharbeia - yes I recognize the irony of sharing a twitter url in a meeting about redecentralizing the web but there you go)

<tantek> that was tried with "LockerProject" - didn't have a compelling UX so didn't get adoption

<dka> Still feel I would like to explore this use case some more.

shepazu: tantek had advocated dogfooding; Irina had called for scaled solutions -- I think those are absolutely complementary
... making prototypes and getting people to use those prototypes is a way to convince larger players or build a community
... a way to get from here to there: making really compelling applications

<bigbluehat> +1 to new motivators!

shepazu: more than just re-inventing, but building a new way to connect

<dka> +1 to doug’s comment

<mnot> +1 to doug

<mnot> … especially applications that traditional / centralised / big business can't do.

Irina: Serval Project project lets you make calls when the mobile networks are down

bigbluehat: the original Web was part UI and part spec, both things at the same time
... the Web is greater than the public Web, like offline/disaster recovery

<timbl> Person Data Integration

<tantek> bigbluehat: I need a name when that's all gone (domain names)

bigbluehat: I need a name without renting it, need a name even when those resources are gone

<shevski> http://www.servalproject.org/: earlier and open source version of fire chat which you may have heard of

<Zakim> dbaron, you wanted to ask timbl how the system can guarantee that the app doesn't move data out of the personal data store

dbaron: scared by Tim's diagram [not pictured] -- what do you do to guarantee the properties that you want
... how do you ensure that the site/app is putting the data in your personal store
... or alternatively, how do you ensure that the data doesn't leave the store when you don't want it to

timbl: when we pay for software applications, we historically trusted them

<bigbluehat> incentive model discussion is *huge* for these concerns

timbl: it's a side effect of the advertising business model is what decreases trust in the app
... if the user can't trust the app, then it can't empower the user

<rigo> bigbluehat: the only incentive there is, is to harvest a maximum of data to monetize

dbaron: people using traditional desktop OS'es downloaded lots of viruses
... which is why mobile and Web have succeeded with a very different security model

<bigbluehat> rigo: you mean currently. I'm talking toward new incentives

deiu: why should we trust the browser?

dbaron: that's a fair question... although one reason to trust Firefox is that it's open source

deiu: indeed, we generally like apps that we install to be open source, or to develop reputation based on experience with them

dbaron: there is a permissions model for apps that is not "install an app and get permission to everything"

<tantek> +1 to that

dbaron: I don't want to build a world that just works for highly-technical people

[+1s to that]

<tantek> +1 build a world that works for not so technical people

<dka> +1 to how does this work for non-technical people?

timbl: [@@ scribe didn't catch all that@@]

<bigbluehat> the only thing needed is effort on the UX for these new pieces--re: rigo's project that's working to do just that

rigo: important project @@@ between Firefox OS and DT, on a guest mode for sharing your phone with your friend

<dka> Question: has anyone has tried Project Maelstrom (bittorrent browser)?

tantek: important to come back to UI, like using OAuth to give a clear and specific way to give certain permissions
... has scaled to large solutions. our work on micropub is also based on OAuth

<Zakim> tantek, you wanted to amplify doug's message about more compelling apps

<rigo> except that bearer tokens are the road to hell from a security point of view :)

<tantek> micropub uses OAuth, deliberately

mnot: distributed naming, for example for a DNS replacement, could be tangibly achievable

<tantek> https://indiewebcamp.com/micropub

mnot: possible for the blockchain to scale to DNS-size in the next couple of years

timbl: naming can be done in ways that aren't just blockchain-based

<tantek> agreed, blockchain is unnecessary

mnot: just got .onion registered in a not too painful fashion, could consider alternatives
... who doesn't love ICANN?

Karen: what is the timeline for this kind of initiative? how will we overcome the public misunderstanding of what constitutes the Web?

Irina: redecentralize.org is a way to coordinate that kind of planning. but I think we may need some concrete organization with funding to promote
... or a consultancy that helps projects with their UI and explaining
... and high profile cases of things that go wrong, so that ideas are likely to spread

<shepazu> (prototypes and adoption help convince browsers and big players that an idea is worth investing in)

Irina: a highly-successful Netflix series about decentralization (markw smiles)

shepazu: everyone wins when the biggest player has lots of competition

bigbluehat: "ego-centric architecture" as an alternative phrase
... that is, with you (the user) in the middle of things

[plug for a later session]

bigbluehat: don't want browsers to conclude that fascism as a solution to security problems

bhill2: Facebook security. I gave up on running my own email server because of spam, which I had trouble overcoming in a decentralized way
... having a centralized view of spam/abuse/attacks at Facebook gives us a chance to see patterns of those attacks / broader view
... the systems that knock out spam/abuse give the best user experience

<dbaron> My small email provider deals decently with incoming spam, but it's getting more common for *my* email to get rejected because it's email not from gmail/yahoo/ms, so it must be spam.

bhill2: which is a big advantage for Facebook over Myspace, for example

<bigbluehat> bhill2: is the Mozilla spam control information openly available and reusable elsewhere by others?

<Zakim> tantek, you wanted to amplify doug's message about more compelling apps

bhill2: which are key things to the user experience (+1 to tantek)

tantek: +1 on compelling apps, curious what people really want
... like a push-up app, which counts based on how often his nose touches his phone, and then uploads to his website

<Zakim> timbl, you wanted to mention geek community as an early adopter community “we are outnumberd” - smaller communities

<tantek> see Vouch for an attempt at distributed spam solving http://indiewebcamp.com/Vouch

tantek: and encourage people to look at the projects that matter just to them

timbl: scratching your own itch -- can be difficult to show off the prototypes because the data is so personal
... having a domain name with no public web pages, for example

<tantek> yet there's plenty we can learn from people scratching their own itch!

<tantek> the point is not that there aren't private use-cases - of course there are! the point is that there are SO MANY public use-cases we can learn from that we should!

timbl: re: designing for geeks, and the people who are managing the technology are outnumbered, but indeed you need a small number of early adopters so that it's possible to convince a significant fraction so that it can virally take off
... starting with developers as a target might make sense

[have to start somewhere]

dka: anarchists!1!
... that's the community you want to start with :)

Irina: thank you all for coming
... follow up on redecentralize.org
... but also, find friends with lots and lots of money to invest
... for a beautiful future of whistleblowers and happy children

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/10/28 05:32:32 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/@@@/Serval Project/
Succeeded: s/one reason to trust Firefox/that's a fair question... although one reason to trust Firefox/
Found ScribeNick: npdoty_
Inferring Scribes: npdoty_

WARNING: No "Topic:" lines found.

Present: Appelquist Benjamin_Young Bert Bos Dan dbaron npdoty rhiaro
Got date from IRC log name: 28 Oct 2015
Guessing minutes URL: http://www.w3.org/2015/10/28-redecentralize-minutes.html
People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


[End of scribe.perl diagnostic output]