Twitter, let's talk about decentralization and federation and trust and why movements towards federated systems like Mastadon are maybe not where we want to be throwing effort and adoption drives behind if the end goal is privacy-preserving infrastructure.

I've ranted about Masatadon before, don't get me wrong, it's cool, but the threat model and economics of federated systems like it devolve to concentrating trust in the hands of a few, while missing out on the scale advantages of a purely centralized solution.

Case in point, during the initial Mastadon drive nearly everyone signed up to a single instance, and that instance had arguably worse privacy protections than regular twitter.

There are more instances now, but the problems persist

(Another grand example is email, where a ridiculous amount of power is now concentrated in the hands of google despite the decentralized nature of the protocol)

If our goal is privacy preservation, and thus, control distribution, we must develop better models such that "the best federated server gets all the users" doesn't happen.

That requires building 2 layers of decentralized communal infrastructure. A privacy preserving persistence layer removed from any application. And an application layer which can interact with it, and provide features for it.

(first person to say blockchain loses)

You need that first persistence layer to be communal and decentralized to prevent any entity or app being in a position do something like "all the DMs on this instance are readable by whoever admins it"

An additional advantage is we would stop reinventing base protocols.

(I've said this before, it should be trivial to e.g. build a dating app on top of something like signal, there is no reason developers should have to reinvent secure communication to build higher level apps)

And so, now with facebook sentiment being on the low side, we see users being pushed towards federated system, which, while open source, have been forced to reinvented features from scratch and all have different trust models depending on who is running an instance an how.

That's bad. It's arguably somewhat worse than them staying on facebook, which has already done what it is going to do with their data and at least has(had?) a pretty good infosec team.

My end goal is metatdata resistant protocols & systems. I am working on a piece of this puzzle that I'll be releasing a prototype of soon, we are nowhere near where I think we need to be to offer users actual privacy and alternatives that truly provide a realistic consent model.

Federation is useful, likely necessary for such a future. But without building consent and resistance into the protocol and infrastructure, we're just forcing most users to pick a new dictator for their data without any real basis for that choice.

Also please feel free to play "how many times did sarah misspell Mastodon in this thread"