Re: Distributed architecture and social justice / at risk individuals from Evan Prodromou on 2015-01-14 (public-socialweb@w3.org from January 2015)

From: Evan Prodromou <evan@e14n.com>
Date: Wed, 14 Jan 2015 10:25:59 -0500
To: public-socialweb@w3.org
Message-ID: <54B68A87.9010503@e14n.com>
I'm going to try to answer these one by one. I think they're pretty 
important issues.

On 2015-01-08 06:11 PM, Christopher Allan Webber wrote:
>   1. lack of redundancy - while communication is distributed, one's
>      online presance is not.  If your server gets DDOSed and you don't
>      know how to mitigate the damaged, you are silenced.
I'm going to postulate at least four different hosting models:

 1. /Self-managed/. The user sets up a server for herself, either on
    cloud IaaS or on hardware they control. This gives her maximum
    control over her data, with maximum headache.
 2. /Non-profit/. Compare Wikipedia or freenode. A non-profit, with a
    mix of volunteer and paid sysadmins, manages a social network for
    their users, probably for free or with donations giving some special
    advantage.
 3. /Software as a service. /Compare Yammer or Dropbox. Users pay some
    dollars per month; a company manages the servers.
 4. /Indirect business model./ For example, ad-supported or reselling
    marketing information. Users pay nothing but see ads (sometimes a
    lot) and have their personal data sifted through.

The good thing about a federated network is that people on all of these 
hosting options can communicate. So if you don't want to set up a server 
on your own, you don't have to. You can choose the situation that meets 
your personal balance of data security, account control (e.g. "real 
names" policies), customization, and dollars spent.

That said, yes, if you're on a self-hosted server and you get DDOSed, 
there's not much you can do. You may be able to get help from a company 
like CloudFlare or one of the others that specializes in DDOS. But it's 
not an easy thing to handle.

>   2. not all of us are sysadmins - I can set up a VPS, but being able to
>      set one up securely is a profession all on its own.
Users can have hosting options; it doesn't have to be one or the other. 
There are trade-offs.
>   3. lack of filtering tools - no ability to reduce line noise from
>      people spamming.  The service may as well actually be offline if
>      you have to sift through large volumes of putrid hate speech before
>      you can read anything from your friends and loved ones
There's no reason that the social service the user uses can't 
incorporate filtering tools. For self-hosting people, they can use a 
third-party spam filter. Akismet is one that works for blog comments in 
this same topology; E14N runs one called spamicity.info for pump.io and 
GNU Social users.

That said, fine-grained tools don't exist now for pump.io or GNU social. 
I think that having the option to use them is pretty important!
>   3. a. curated block lists are effective tools - "block bot" is a
>      popular one that people use on twitter.  Tools like this let a
>      group of people who trust eachother to curate and add to the list
>      based on their interactions with people.
Great idea, and totally possible with a federated architecture.
>   3. b. sockpuppet accounts are common ways to circumvent block lists,
>      but if someone is receiving a high volume of messages (or just
>      wants to), there should be an option to prevent accounts with 0
>      customization, too low amount of follows, and/or too new from
>      communicating with you.  Afaik, twitter lacks this.
That's interesting. Obviously, in a federated system the programmers of 
individual systems can decide which messages to receive and how they're 
ordered.
>   4. If you are following the rules and want to have full control over
>      your domain name, you basically have to dox yourself to have an
>      online presence, or have to invest a bunch of money to keep
>      yourself (eg, buy a PO box to use instead of your home address, or
>      register an L3C or something to use instead of your name).  Can we
>      please move away from this horrible approach?
Using your own domain is great; I don't think it's a strict necessity.

Private registration of domains is a service that's provided by 
registrars and some third parties. GoDaddy offers it for US$8.99/year, 
as a rough pricing guideline.

http://en.wikipedia.org/wiki/Domain_privacy

I think for a lot of people $5/month server hosting x 12 months + 
$10/year domain registration + $9/year domain privacy is a lot of money. 
So I think it's important to have options.

-Evan
Received on Wednesday, 14 January 2015 15:26:52 UTC