Redecentralize Digest — March 2020

It seems hard to judge what is still relevant to digest, as the corona crisis changes daily life as we knew it and fills newspapers front to back; perhaps hindsight will show obvious omissions. Coincidentally, but with a great sense of timing, Ira joined the UK’s National Health Service this month — to work on data interoperability.

Epidemic surveillance

Much is being written (e.g. by EFF, NYTimes, Politico) about the restrictions of people’s liberties in response to the COVID-19 pandemic, with telling examples such as China’s ‘colour codes’ for citizens. Although special times have special needs, some authors question the proportionality and effectiveness of measures, and discuss the risk of newly deployed surveillance persisting beyond the crisis; one article straightly argues that “we need a massive surveillance program”, but explicitly for this emergency case, exactly in order to prevent permanent surveillance from being put in place.

With some of the debated measures, there is still the question how useful the data collection actually is. As noyb rightly notes: “Suggestions, such as calculating the risk of infection between two people using mobile network data, are more wishful thinking than a possible technical reality”.

On the more inspiring side, various projects are working on apps that leverage more precise location data for contact tracing, and without resorting to centralised mass surveillance. An app like Private Kit: Safe Paths logs your exact location on your device, so you can share it if diagnosed, allowing the system to warn other users whose paths you have crossed.

Somewhat more private still, apps like PEPP-PT in Europe, TraceTogether from Singapore, Stopp Corona by the Austrian Red Cross, and this hackathon project, exchange random identifiers with people in one’s direct vicinity through ultrasound or bluetooth. This enables them to match those identifiers with self-reported cases (which are still exchanged through a central service), without even needing any location data; however, such an approach will thus fail to detect any ‘off-by-a-minute’ near-encounters.

In any case, a big issue is getting sufficient numbers of people to use such an app (and the same app); integration in popular apps/OSes has been suggested. See also this article on Wired and this list of apps on the noyb wiki.

Microsoft buys GitHub buys npm

After Microsoft bought GitHub last year, GitHub now bought npm, the predominant software module repository in the Javascript ecosystem. Although both GitHub and npm have arguably been of great value in facilitating open source software collaboration, both have been unnecessarily centralising, and putting them under Microsoft’s ownership is unlikely to help change that.

While git is a distributed version control system, GitHub created a centralised collaboration platform around it, with such popularity that for many people they have become synonymous. People manage their software projects on GitHub, no longer just because it is a helpful platform, or because it is gratis, but also because they effectively have to be there for the rest of the developer world to discover and contribute to their project — a network lock-in, like with other social networks. (indeed, even Redecentralize shamefully still relies on GitHub…)

Self-hostable alternatives to GitHub exist, like GitLab and Gitea, but self-hosting forms a barrier for new contributors, as the platforms still lack support for cross-instance collaboration — e.g. support for discussing issues without first needing to register, and cross-instance pull/merge requests (it is being discussed however!). A more bottom-up decentralised approach can be found in git-ssb (see this introduction), based on Secure Scuttlebutt.

As for npm, its centralisation is mainly due to its package registry & namespace, but this appears somewhat more easily overcomeable. In fact, the packaging system is also usable without the central registry; instead of only specifying the name of a package, one can give the full URL of its git repository. Perhaps npm’s acquisition motivates others to improve registry-free workflows by reviving projects like publish-to-git and peer-npm that help self-publish javascript modules or exchange them peer-to-peer.

Diaspora progress

Diaspora, one of the earlier (~2010) large federated social networks, now finished its developer API that will enable developing alternative apps for it. See We Distribute’s article.

For those who wonder too: Diaspora support for ActivityPub is not in the cards for now. I discovered that Diaspora team member Dennis Schubert wrote up two thoughtful blog posts in 2018 & 2019, expounding how ActivityPub by itself is not specific enough to be a protocol, and highlighting how further consortium-like coordination will be required to prevent ending up with fediverse instances all speaking incompatible dialects — which could lead to unappealing user experiences:

“Yes, you can communicate with Bob, but since he is using ExampleNet, please be aware that Bob will not receive your photo albums and will be unable to interact with those. Carol will see your photos, though, but unfortunately, she will not be able to see your geo-location updates. Moreover, because of technical limitations, Dan can comment on your posts, but we cannot make sure that Carol and Bob see those, because we cannot redistribute Dan’s comments.”

Decentralised, diverse, interoperable social media, delivering better experiences than centralised ones: it’s hard indeed; but worthwhile. Also on this topic is Dennis’s recent reflection of the past decade of alternative social media.

Funding interoperability solutions

If you’re working on interoperable solutions that enable data portability, you may want to apply for the Data Portability and Services Incubator (DAPSI). DAPSI will distribute a total amount of €5.6M. Deadline for the first call is 22 April.

DAPSI is part of the European Union’s Next Generation Internet (NGI) initiative; also check out their other open calls.

While at it: the United States Department of State currently funds censorship-defeating peer-to-peer communications technologies (deadline 10 April!).

PS if it is valuable to our readers (is it? let hear!), we could try to include a regular section with open funding options and application deadlines. Also let know if you tend to be up to date about these and want to help list them!

Miscellaneous

Reset is an advocacy group newly spun off from philanthropic organisation Luminate: “We want to change the way the internet enables the spread of news and information so it serves the public good over corporate and political interests”. See Luminate’s blog post or Politico’s article.

The Opera browser for Android now supports ipfs://… URLs out of the box. Under the hood it uses an HTTP gateway though ( dweb.link by default), so it is still relying on a single server instead of connecting peer-to-peer. But still; if browsers can at least resolve the URLs somehow, this allows the standard to take off.

Covered by We Distribute: “Pleroma, the lightweight Elixir-powered microblogging platform, made waves earlier this month by pushing out the 2.0 release”

“We need to serve the Internet offline”: makes the case for offline (not just offline-first) web apps, in order to enable digital tools in disconnected regions. Meanwhile, Apple has upset creators of offline-first web apps, as Safari starts expiring offline storage after 7 days to avoid it being used for user tracking.

Delta Chat’s Needfinding report seems useful user research for app developers that target audiences with a high security risk (e.g. journalists, activists).

Cory Doctorow on African WhatsApp-compatible apps and interoperability through reverse engineering.

Henry Story philosophises about co-immunology and the web.

Upcoming events

As physical-presence events suddenly seem a thing of the past (and the future, hopefully), here a few online events that popped up instead.

Open Tech Will Save Us is a new monthly video broadcast+chatroom, on the second Wednesday of every month. Speakers from different organisations discuss issues relating to technology, especially the importance of open, interoperable standards, and how they can enable decentralised tech to keep our data private while still enabling communication. Next occurrence is Wednesday 8th April, 17:00 UTC.

Solid World, about Solid, runs an event the first Thursday of every month. Next occurrence Thursday 2 April 16:00 CET (= 14:00 UTC now, summertime started!).

About this digest

The Redecentralize Digest is a monthly publication about internet (re)decentralisation. It covers progress and thoughts relating technology and politics, without ties to a particular project nor to one definition of decentralisation — figuring out its meanings and relations is part of the mission.

This edition was written by Gerben. Thanks to Michiel and benpa for contributing.

The digest’s format and content are not set in stone. Feedback and suggestions for next editions are welcome at hello@redecentralize.org. We don’t spy on our readers, so please do tell us what you think!