Tuesday, August 7, 2018

Decentralized Web Summit 2018: Quick Takes

Last week I attended the main two days of the 2018 Decentralized Web Summit put on by the Internet Archive at the San Francisco Mint. I had many good conversations with interesting people, but it didn't change the overall view I've written about in the past. There were a lot of parallel sessions, so I only got a partial view, and the acoustics of the Mint are TERRIBLE for someone my age, so I may have missed parts even of the sessions I was in. Below the fold, some initial reactions.

Brewster Kahle's theme for the meeting was "A Game With Many Winners". He elaborated on the theme in his talk on the second morning, which included a live demo of accessing the Internet Archive's collections via the decentralized Web. Brewster stressed the importance of finding a business model for publishing on the decentralized Web that isn't surveillance-based advertising. This is something I agree with, but I believe insufficient attention has been paid to DuckDuckGo's successful advertising model, which isn't based on surveillance.

Brewster, who admitted that he'd made a lot of money from Bitcoin, lauded the ability of cryptocurrency micro-payments to enable a pay-per-view model. Alas, Bitcoin is about making a lot of money, whereas micro-payments are about making a little money, so Brewster's experience may have misled him.

The pay-per-view idea ran into opposition from many in the audience who were concerned with opening the Web's resources to under-served populations. The idea of differential pricing, as exemplified by initiatives such as Hinari for the biomedical literature, was raised only to have Cory Doctorow point out that charging different prices depending on how poor you were implied very intrusive surveillance, which was what Brewster was trying to get away from!

I was skeptical in another dimension since, as I wrote earlier:
Clay Shirky had pointed out the reason there wasn't a functional Internet micro-payment system back in 2000:
The Short Answer for Why Micropayments Fail

Users hate them.

The Long Answer for Why Micropayments Fail

Why does it matter that users hate micropayments? Because users are the ones with the money, and micropayments do not take user preferences into account.
To illustrate the state of the art in cryptocurrency micro-payments, I e-mailed Brewster the link to Shitcoin and the Lightning Network.

Brewster ended his talk by using the example of the "Internet Archive, but decentralized" to exhort the audience to go forth and multiply "XXX but decentralized" systems, such as "Slack but decentralized". And, indeed, many of the demos of working software shown at the summit were of "XXX but decentralized".

Alas, in most cases the demos may have been decentralized but they weren't yet as good as XXX. This pointed up a theme common to many sessions, which was that developers needed to focus on the User Experience (UX in the jargon); the mass of users already use XXX and won't shift to something that does the same job no better just because it is decentralized. In this context I'd point out that there is a long-established decentralized network that gets far less use than it should, which is Tor. How Do Tor Users Interact With Onion Services? by Philipp Winter et al from Princeton looks in detail at Tor's UX barriers to adoption, some of which are shared with the decentralized web (such as names that are impossible to type correctly).

Adoption of the decentralized Web outside the geek-o-sphere requires either:
  • applications that are compelling to ordinary people but can only be implemented in a decentralized system, which I haven't seen identified,
  • or a UX enough better than centralized systems to overcome network effects and incumbency, which I haven't seen implemented.
A panel with Kendra Albert, Cindy Cohn, Chris Riley and Caroline Sinders, and a talk by Jennifer Granick were both informative but depressing on the legal aspects, stressing for example the increasing legal requirements to take down content upon request. There are many reasons why this is inherently difficult in a decentralized system, among them being the necessary lack of a central point to which takedown requests can be sent! Although censorship resistance is one of the advantages touted for the decentralized Web, nodes running a Web in which content could be posted anonymously and could not thereafter be made inaccessible would be at intolerable legal risk in virtually any jurisdiction. See, for example, the Bitcoin blockchain, storing which is arguably illegal in almost all countries due to child porn and other non-transaction content which has been injected.

Indeed, one thing I found irritating about much of the discussion at the summit was the casual assumption that the theoretical advantages claimed for the decentralized Web, including security, privacy, persistence, and censorship-resistance, would automatically be delivered by practical implementations of a decentralized Web. As we see with Nakamoto's magnum opus, this is rather unlikely.

A decentralized Web needs ride above a decentralized storage layer. Nodes participating in the storage layer need to either:
  • Accept liability for the content which they store, which implies that some human has looked at it and decided whether, for example, it is child porn. Or at least that they operate under the DMCA safe harbor and delete content on request.
  • Or claim ignorance of the content which they store, which implies that it is encrypted and the node does not know the key, so cannot decrypt the content. In the context of a decentralized storage system this is technically manageable, if possibly legally fraught. In the context of the decentralized Web, where the whole point is to make the content accessible to anyone, it is difficult. Anyone includes the node itself.
In the second case it would in theory be possible to mix multiple streams of content together cryptographically so that any one could only be re-assembled from M out of N nodes. Then only the requester would see the individual content stream. But this would have significant performance problems, for example using M times the bandwidth, and would mean that the decrypted copy at the requester would have to be evanescent.

For me the most interesting thing was talking with a Swiss professor who is heavily involved in the Named Data Networking effort that I wrote about in Moving vs. Copying. Basically, the decentralized Web is replicating all the work that the Named Data Networking people have been doing, just at a much higher level in the stack. The properties of the underlying IP layers are likely to vitiate many of the properties that the decentralized Web proponents want. I made the detailed argument about this in Brewster Kahle's Distributed Web Proposal. Somehow we need to get these two groups talking.

In Decentralising the web: Why is it so hard to achieve? John Leonard interviewed a number of attendees in the run-up to the summit. Here are some extracts showing that realism is starting to sink in:
Matt Zumwalt, program manager at Protocol Labs, creator of Inter-Plantetary File System (IPFS), argued that proponents of decentralised web need to think about how it might be gamed.

"We should be thinking, really proactively, about what are the ways in which these systems can be co-opted, or distorted, or gamed or hijacked, because people are going to try all of those things," he said.

The decentralised web is still an early stage project, and many involved in its creation are motivated by idealism, he went on, drawing parallels with the early days of the World Wide Web. Lessons should be learned from that experience about how reality is likely to encroach on the early vision, he said.

"I think we need to be really careful, and really proactive about trying to understand, what are these ideals? What are the things we dream about seeing happen well here, and how can we protect those dreams?"
Another caution I agree with the first part of is this:
Mitra Ardron, technical lead for decentralisation at the Internet Archive, believes that one likely crunch point will be when large firms try to take control.

"I think that we may see tensions in the future, as companies try and own those APIs and what's behind them," he said. "Single, unified companies will try and own it."

However, he does not think this will succeed because he believes people will not accept a monolith. Code can be forked and "other people will come up with their own approaches."
The investors in decentralized technology companies are not investing with the idea of being one among many, they're hoping that the one they chose will end up dominant and thus able to extract monopoly rent.

Patrick Stanley of Blockstack raised the governance issues that most cryptocurrencies have failed miserably at:
That's lots of positives so far from a user point of view, and also for developers who have a simpler architecture and fewer security vulnerabilities to worry about, but of course, there's a catch. It's the difference between shooting from the hip and running everything by a committee.

"Decentralisation increases coordination costs. High coordination costs make it hard to get some kinds of things done, but with the upside that the things that do get done are done with the consensus of all stakeholders."
David Irvine of MaidSafe was also concerned with governance:
Within any movement dedicated to upending the status quo, there lurks the danger of a People's Front of Judea-type scenario with infighting destroying the possibilities of cooperation. Amplifying the risk, many projects in this space are funded through cryptocurrency tokens, which adds profiteering to the mix. It's easy to see how the whole thing could implode, but Irvine says he's now starting to see real collaborations happen and hopes the summit will bring more opportunities.
Patrick Stanley also raised the elephant in the room:
There are already privacy-centric social networks and messaging apps available on Blockstack, but asked about what remains on the to-do list, Stanley mentioned "the development of a killer app". Simply replicating what's gone before with a few tweaks won't be enough.

A viable business model that doesn't depend on tracking-based advertising is another crucial requirement - what would Facebook be without the data it controls? - as is interoperability with other systems, he said.
OmiseGO's team
The viable business model is urgent, and it won't be micro-payments. It is worrying that there are so many relatively large teams working in an area without, as yet, a sustainable business model. In the picture of OmiseGO's team I count 36 people. At say $150K/yr/person that's a $5.4M/yr burn rate without a sustainable business model, which is asking for trouble. The notional amounts of ICO's such as FileCoin's may provide attention-grabbing headlines but, as I showed for FileCoin, they aren't a substitute for a sustainable business model in the medium term.

Althea Allen of OmiseGO stressed the importance of UX and the added difficulty of implementing a good UX in a decentralized system:
However, if the alternatives are awkward and clunky, they will never take off.

"It is difficult, though not impossible, to create a decentralised system that provides the kind of user experience that the average internet user has come to expect. Mass adoption is unlikely until we can provide decentralised platforms that are powerful, intuitive and require little or no change in users' habits."
It is good that Mozilla recognizes IPFS, DAT and so on as legitimate protocols, but none of the popular browsers support these protocols directly. Extensions and downloadable JavaScript are ways around this, but they aren't the best way to address Allen's requirements.

Cory Doctorow's barn-burner of a closing talk, Big Tech's problem is Big, not Tech, was on anti-trust. I wrote about anti-trust in It Isn't About The Technology, citing Lina M. Kahn's Amazon's Antitrust Paradox. It is a must-read, as will Cory's talk be if he posts it (Update: the video is here). I agree with him that this has become the key issue for the future of the Web; it is a topic that's had a collection of notes in my blog's draft posts queue for some time. Until I get to it, one hopeful sign is that even the University of Chicago's Booth School is re-thinking the anti-trust ideology that has driven the centralization of the Web, among many other things. The evidence for this is Policy Failure: The Role of “Economics” in AT&T-Time Warner and American Express by Marshall Steinbaum and James Biese, which is worth a read.

I plan to write a follow-up to this post looking at several areas, such as the demos of the Beaker Browser and MIT's Solid system, where I feel the need to follow Andreas Brekken's example, and try before I write.


Mitra said...

Thanks for the thoughtful critique, I think its important to be having these kinds of conversations at this early stage of technical design.

UX: Agreed - unless/until the UX is as good, it won't be used by enough people to be meaningful, for example in the dweb.archive.org site we started moving down that road by falling back to HTTP when the Dweb isn't responsive, but we aren't there yet, and that site is still an experiment.

Payments - I think that's orthogonal to Centralized/Decentralized, and that both advertising driven and micropayment models will emerge. There is leeway there if we figure out how e.g. I'm sure I'm not the only one who would happily pay 10x the amount FB sells my eyeballs to advertisers to get rid of the ads, and that suggests an opportunity (on the Cweb as well).

The tension between Good guys taking Bad stuff down, and Bad guys taking Good stuff down, and who gets to decide the Good v Bad is one of the key social questions that needs addressing as we move to content address-ability, both from a social and a technical perspective. Hopefully this won't be just a US based conversation, where the assumptions tend to be very different from the assumptions in Europe (e.g. "right to be forgotten")

Thanks again

- Mitra (developer of the dweb.archive.org site, and quoted above)

David. said...

Thanks Mitra, but I'm less optimistic than you.

As regards payments, anyone who thinks the d-web can run on micro-payments needs to look at (a) the long history of failed micro-payment efforts, and (b) the current state of the Lightning Network and ask themselves why, if they haven't ever worked in the past and don't work now, they're going to work so well in the future that they can displace ads. And anyone who thinks the d-web can run on ads needs to explain how to evolve the current Web ad ecosystem to run without tracking.

Yes, DuckDuckGo style works but not many advertisers believe that it does. If an ad-supported d-web would have to be tracked like today's Web what's the point? Just as what's need is a killer app that isn't just "[current app] but decentralized", what's needed is a business model that isn't just "[current business model] but decentralized".

As regards take-downs, I agree that this needs to be the subject of an inclusive policy conversation. But I'm asking the mechanism question. Whether by Good or Bad guys, how exactly are take-downs to be implemented in a Web of autonomous nodes freely copying content? If they are implemented in some way, the d-web won't be censorship resistant. If they aren't implemented, and the content isn't encrypted, d-web nodes will be at serious legal risk. If they aren't implemented and the content is encrypted but is freely accessible, how is it that the d-web node isn't able to decrypt the content? I suggested one possible way to implement encrypted content above, but doing it that way would make take-downs close to impossible.

As I see it, take-downs imply that the system has governance, something that decentralized systems totally suck at. They are, after all, libertarian ideological constructs.

Unknown said...

Hi David,
As always, a thoughtful critique based on reading, thinking deeply and decades of experience. Much appreciated.

There are many people I would like to connect you with.
Greg McMullen, a lawyer based in Berlin, was leading many of the governance tracks at the Summit. He was the executive director of the IPDB foundation--the non-profit arm of BigChainData, a decentralized tech company now behind the Ocean protocol and coin. Greg's foundation folded recently because, as you note, their board felt it too risky to ask storage nodes to hold data for which they might be liable. IA was one of those nodes. The blockchain developers in Berlin have been successful in lobbying their government to carve out some sandbox space, arguing that without it, no German decentralized tech can experiment if they have to worry about being sued for holding illicit material unknowingly.

Sorry about the sound at the Mint and the audio issues on the Live Stream videos. Fortunately, the record videos are all fine and we are posting them here: https://archive.org/details/decentralizedwebsummitmedia-2018

Here is Cory Doctorow's keynote: "Big Tech's Problem is Big, not Tech." https://archive.org/details/decentralizedwebsummitmedia-2018-courtyard-2?start=475

Looking forward to continuing the dialogue with you.
Wendy Hanamura
Director of Partnerships,
Internet Archive
(Decentralized Web Summit Director)

David. said...

"the group of anonymous developers behind the infamous gambling dapp FOMO 3D, who warned last week that what looked to be a near identical copy of its game was eating up one-third of the network's total computational power, raising over $7 million in ETH within the span of seven days."

From Unstoppable Scams? Ethereum's Gambling Problem Is Only Getting Worse by Christine Kim at Coindesk.

Yet again we see that the killer decentralized app that can't be better implemented in a centralized system is a Ponzi scheme.

David. said...

I should also have linked not just to Clay Shirky, but also to Andrew Odlyzko's The Case Against Micropayments, a must-read from 2003.

David. said...

Matt Zumwalt's prophetic quote above has come true, as Jeff Burt reports in Decentralized IPFS networks forming the 'hotbed of phishing':

"Threat groups are increasingly turning to InterPlanetary File System (IPFS) peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide.

Threat analysts with cybersecurity vendor Trustwave this week said the InterPlanetary File System (IPFS) is becoming the "new hotbed of phishing" after seeing an increase in the number of phishing emails that contain IPFS URLs.

At the same time, Atif Mushtaq, founder and chief product officer at anti-phishing company SlashNext, told The Register that his company is detecting phishing hosted on ipfs.io, cloudflare-ipfs.com and other vendor systems."