I didn't really delve into the details of distributed and federated. And we have already seen the cracks of existing implementations, but also the successes. For example, email. One email service can be compromised (some of them, perhaps easily) and its users data exposed or censored, but it is intractable to compromise EVERY email service on the internet. I agree that data remaining private even to the service provider is still mostly unsolved by email currently.
The article is actually quite interesting in that it proposes an approach which separates the data from the service. Users own their data and provide permission to services to use limited data for the service functionality. If the user decides to change services, they can withdrawn consent from the old one. It would even be possible to design a service that can't see the data itself but can still perform its services based on the data ("function shipping" architectural pattern as opposed to "data shipping"). I've been looking for this approach (user-owned data) to gain traction for a while. The most prominent effort I have seen is Tim Berners-Lee's Solid project. Seems still a ways off from being end-user viable.
There is less than zero incentive for existing services to adopt this and push it forward. It would be a breaking change to their entire business model. I think it is going to take a new generation of services designed for user-owned data in order for the internet to transition.
Personal observation: this service paradigm highly parallels functional programming where data and functions are separate and independently composable.
Also user-owned data still has potential privacy pitfalls in who is storing it. Solid for example has public services available or you can store it on your own machine (albeit with a process that is currently out of reach to average users). You still have to have trust in who is storing it, which could be misplaced. Public services can change ownership/leadership and therefore policies over time. If user-owned data became a really popular thing, even trusting your local machine could be a challenge. For example, how much do you really trust Windows 10 with your privacy now? Don't you think if user-owned data became popular, they would write code to look for it to add to their metrics?
the holy grail of security, computing over encrypted data, or more aptly defined in the literature as secure computation
an approach which separates the data from the service
this service paradigm highly parallels functional programming where data and functions are separate and independently composable
What I am afraid is that this may never be "end-user viable". Data and functions may be independently composable, but use cases are not. For example, Apple has weakened the file system abstraction in iOS in favor of each application for a use case, and people love it (I love it too). Another example is machine learning, where data is deeply participating in defining the function, with each still distinct for different use cases.
For functions to be independent, the data it operates on needs to be an abstraction. But we cannot understand abstractions by intuition. For example, Haskell has discovered Monad to an abstraction over iteration, side effect, non-determinism, and asynchronicity. But these use cases are so distinct, we still have to understand them separately on our way to understanding the abstraction.
I believe this perspective of use case is more useful, as in reality what's challenging Facebook is not Wordpress, Mastodon, or Micro.blog, but WhatsApp, Instagram, Snapchat, Podcasts, subscribed newsletters like Substack, game communities like Discord, and professional communities like LinkedIn, StackExchange, GitHub, and dev.to. I don't think normal people care much about the abstractions which can arise behind all these, such as the WebSub standard.
The solution, in my opinion, has to be laws. GDPR. It's how we have regulated banks for centuries, and how we can transfer money and contracts across systems of different agencies even countries. But that's also exactly what's forcing Facebook to censor in this case. Because that's what law is: law is politics. This is a political battle. We have to recognize that until the whole world is politically liberated, the Internet cannot be truly free with mere technological tricks.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I agree mostly, but FYI, privacy wise, naive federation is the worst of all worlds.
Great article and I agree with it.
I didn't really delve into the details of distributed and federated. And we have already seen the cracks of existing implementations, but also the successes. For example, email. One email service can be compromised (some of them, perhaps easily) and its users data exposed or censored, but it is intractable to compromise EVERY email service on the internet. I agree that data remaining private even to the service provider is still mostly unsolved by email currently.
The article is actually quite interesting in that it proposes an approach which separates the data from the service. Users own their data and provide permission to services to use limited data for the service functionality. If the user decides to change services, they can withdrawn consent from the old one. It would even be possible to design a service that can't see the data itself but can still perform its services based on the data ("function shipping" architectural pattern as opposed to "data shipping"). I've been looking for this approach (user-owned data) to gain traction for a while. The most prominent effort I have seen is Tim Berners-Lee's Solid project. Seems still a ways off from being end-user viable.
There is less than zero incentive for existing services to adopt this and push it forward. It would be a breaking change to their entire business model. I think it is going to take a new generation of services designed for user-owned data in order for the internet to transition.
Personal observation: this service paradigm highly parallels functional programming where data and functions are separate and independently composable.
Also user-owned data still has potential privacy pitfalls in who is storing it. Solid for example has public services available or you can store it on your own machine (albeit with a process that is currently out of reach to average users). You still have to have trust in who is storing it, which could be misplaced. Public services can change ownership/leadership and therefore policies over time. If user-owned data became a really popular thing, even trusting your local machine could be a challenge. For example, how much do you really trust Windows 10 with your privacy now? Don't you think if user-owned data became popular, they would write code to look for it to add to their metrics?
Some level of trust will still be a factor.
FYI, and to quote Computing Over Encrypted Data
What I am afraid is that this may never be "end-user viable". Data and functions may be independently composable, but use cases are not. For example, Apple has weakened the file system abstraction in iOS in favor of each application for a use case, and people love it (I love it too). Another example is machine learning, where data is deeply participating in defining the function, with each still distinct for different use cases.
For functions to be independent, the data it operates on needs to be an abstraction. But we cannot understand abstractions by intuition. For example, Haskell has discovered Monad to an abstraction over iteration, side effect, non-determinism, and asynchronicity. But these use cases are so distinct, we still have to understand them separately on our way to understanding the abstraction.
I believe this perspective of use case is more useful, as in reality what's challenging Facebook is not Wordpress, Mastodon, or Micro.blog, but WhatsApp, Instagram, Snapchat, Podcasts, subscribed newsletters like Substack, game communities like Discord, and professional communities like LinkedIn, StackExchange, GitHub, and dev.to. I don't think normal people care much about the abstractions which can arise behind all these, such as the WebSub standard.
The solution, in my opinion, has to be laws. GDPR. It's how we have regulated banks for centuries, and how we can transfer money and contracts across systems of different agencies even countries. But that's also exactly what's forcing Facebook to censor in this case. Because that's what law is: law is politics. This is a political battle. We have to recognize that until the whole world is politically liberated, the Internet cannot be truly free with mere technological tricks.