Chris Dzombak

The hard problem in decentralized social networks

It’s possible to make an argument that we keep reinventing centralized systems, that solve more-or-less the same problems, with more-or-less the same security, privacy, and availability problems, as the centralized systems they aim to replace. The argument is that to solve those problems, we need to rethink this approach: why not put more effort into developing decentralized communication systems and social networks? The important thing is the distribution of cryptographically signed data — not much else matters.

The problem I see with that statement — and the reason I believe that a lot of this stuff tends toward centralized services — is that distributed identity, discovery, and key management is hard.1

If you want decentralized cryptographically signed data, you need a way to verify those signatures. You want to be able to find your friends (verify their keys) on this decentralized network, without meeting in person to make the connection. You still need to be able to give a way to contact you on a business card.

This is what Facebook et al. provide: identity. “All that matters is signed data” means that your keys become your identity, and that you manage your social network by curating your collection of public keys. Nobody has come up with a really approachable, usable way of doing that. (Certainly not in a decentralized fashion. Keybase makes things a bit easier. How? Not just by being centralized, but by taking advantage of your social graph on a bunch of other centralized services.)

First, solve that.

1: I’m speaking here about the most common use cases for email and Facebook, for most people: non-anonymous communication. The problem is approximately the same for real names and pseudonyms.