Open in app

Sign in

Write

Sign in

Decentralization — why can’t we have good things?

Andrei Sambra
8 min readAug 21, 2018

--

I’m going to start by telling you a bit about myself, just so you know where I’m coming from.

I’ve been working in this space since early 2011, as a PhD candidate at that time. That was the year we have started noticing some movement in the decentralized Web space, starting with Diaspora*, the social network alternative to Facebook who had just launched their consumer alpha version on 23 November 2010. It was in 2011 that I met Ilya Zhitomirskiy (one of Diaspora’s founders) in Berlin for W3C’s Federated Social Web event. Coincidently, it was at the same event that I also met with the ownCloud team as well as people involved in the FreedomBox project. As far as I remember, those were the most prominent (and fresh) projects at the time, and you have to remember this was two years before Edward Snowden’s revelations.

Later in 2014 I joined Tim Berners-Lee’s team at MIT, to lead the development of his decentralization project that soon became known as Solid.

Next came the blockchain revolution! In fact, the technology itself dates back to 2007, but in 2015 Ethereum was the first project that offered a blockchain-based distributed computing platform, on which decentralized applications could be built. It was game-changing mainly due to its smart contract (scripting) functionality, which offers a financial incentive for application nodes to participate in the network.

Fast-forward to today, I’ve lost count of how many projects there are in this space. I’m sure there must be a comprehensive list somewhere, but this is the best I can do — https://github.com/redecentralize/alternative-internet.

In my opinion, Mastodon is the only decentralized platform that can be considered successful if you look at the number of users it has. But here’s the kick! Like Diaspora back in the day, Mastodon is not really decentralized. It is federated. The key difference between these two terms lies in the ability to interoperate with other platforms/apps. Sure, in theory you can spin off a new Mastodon instance anywhere on Earth, but in practice each instance runs the same software, made by the same team of developers who decide what features get in or out. It means I can’t build my own implementation to which I can add my own features, as that would break interoperability with the existing implementation.

So why, after almost 8 years, we still do not have a truly decentralized replacement for Facebook or Twitter? I believe there are several major issues that keep plaguing 99% of current decentralization projects.

Education.

My impression is that decentralization is a topic that 99,999% of the world’s population does not care about. The rest of 0,001% are mostly technologists who are often too disconnected from what users really want. Unfortunately, until not too long ago I used to be part of the latter category, thinking that “if you build it, they will come”. Oh boy was I wrong! Not only did they not come, but most people I talked to didn’t even care about the problem I was trying to fix. Sure, they started caring slightly more after Ed Snowden’s revelations, but not enough…so maybe we can take a decimal off that percentage, still leaving 99,99% unaware of the problem.

Responsibility.

I think we can all unanimously agree that nobody likes responsibility. One thing the “cloud” has to offer above anything else, is taking away responsibility from us. And oh boy do we love that! The only thing we still have left to do is to be able to remember the password, and maybe not even that if you use a password manager, which you really should! Recently though, even that is slowly becoming obsolete, as most apps offer a way to login with a “magic” link sent to our email address. So I guess the only password we have to be careful about is for our email accounts. Also, security is getting better and better. Recent standards like Web Authentication are created in order to “define an API that enables the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users”.

If everyone is fine with this, why are there projects in the decentralized Web space that are going against the grain? When was the last time you saw the following big disclaimer on the webpage of such a project? “We empower our users by giving them absolute control over their own data. However you become fully responsible of what happens to it!” I bet you don’t see that very often. Sure, I’d love to be able to have control over my own data, but it’s starting to become a game of shifting responsibility from the cloud back to the user.

Here is how a conversation on this topic plays out between a developer (D) and a potential user (U):

D: You “control your own data” by storing it on your device.

U: Oops, what happens if I lose it?

D: You can run your own server in your basement.

U: Really? This is 2018, nobody runs a server in their basement anymore. [Even us, tech-savvy people do not want the extra overhead.]

D: We’ll give you a way to save a backup on our servers!

U: How do I trust that you won’t use it behind my back?

D: We allow you to encrypt the data with a key that you can store on your personal device!

U: Hello? I’ve just lost my device…on which I had my keys.

D: You can export your key and store it somewhere else!

U: And how do I secure that key? Should I put it in a file that I encrypt with a different key? Where do I store that one?

I suppose in the end it pretty much becomes a chicken and egg problem of key management, which still falls under the responsibility of the user. Mark my words, whoever is going to figure out a consumer-friendly solution to key management will become rich!

Bad UX.

This is probably the most underrated issue in my list, and I believe it stems from a simple truth — people do not like bad visual experiences. Users may accept change if the perceived value they get from the new thing is superior to the amount of effort and loss they incur by abandoning the old thing. This is especially true for Millennials, who apparently are whiny, selfish, and will never be able to afford a house because of their relentless appetite for avocados. Yet, these “digital natives” are the number one audience that advertisers are the most desperate to reach, as they love trying new apps every day as long as they’re sleek and visually rewarding.

But the truth is millennials are about efficiency and on-demand. The way this translates for developers is that applications need to be fast, but also optimized for mobile. As a millennial myself, I know I almost exclusively listen to music and podcasts, use social apps, read articles, and surf the Web on my phone. Developers need to come to terms with the fact that millennials don’t go to homepages. Sleek user-focused mobile app designs are en vogue for a reason — that’s what people want (especially millennials).

Insufficient collaboration.

It feels more and more like people working on decentralizing the Web have lost sight of the end goal — decentralization. While competition is always healthy for the tech scene as well as the market, we have to start setting our differences aside and agree that we all share a common goal. There is no way one project alone will ever be able to directly compete with Google or Facebook. To reach this goal, we need to learn to collaborate better, and in my opinion, that means we need to standardize a common set of APIs and protocols. If we do not think in terms of standards, we risk ending up with more silos than we have right now. There is some ground work being laid down at W3C as we speak, in the form of decentralized identifiers (DIDs). If you work on a decentralization project, please take some time to look at the spec and join the conversation at public-credentials@w3.org (subscribe, archives).

Decentralizing the governance.

Here is a question I recently keep asking myself more and more — is a technical solution enough to help decentralize the Web? I’m starting to believe that we will never succeed without the right legislation to help speed up the process.

Let me give you an example. It would be perfectly fine for us to keep using Google if it offered some extra functionalities to increase transparency. It is the lack of control over my own data and how it is used that is really pissing me off. I understand how the tech and the business model work, and yet people have no way to opt out of having their data sold to advertisers even if they may afford a paid subscription model. Also, there is no process by which users can vote on features or other business models. We’re basically fine accepting an online dictatorship. (would we do this in real life?)

On the other hand, as bad as they are, ad-driven business models allow low-revenue people to connect to the rest of the world and to communicate and share documents with friends and family. To be honest, the issue here is not the ads, it’s the lack of choice. To that regard, EU’s General Data Protection Regulation (GDPR) was created to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy and control. Among the articles listed in the regulation, Article 20 (data portability) stands out to me. It basically gives the right to a user to receive the personal data concerning them in a “commonly use and machine readable format”, and then to transmit that data to another controller. In theory this is great because it means that we can export our data from Google and import it into…hmm wait a second! The problem is that there’s nowhere else to import it into, since the data model exported by Google is not standardized.

I would love to see the day when I can go to my Google account and vote to see new features, or to remove existing ones. If that won’t happen, I would at least like to be able to point Google to where I want to move my data, and just let the magic happen without having to do anything.

To sum up my thoughts, I believe that to achieve true decentralization will require coming to terms with the issues described above, but also to draft more regulation. If data ownership, control and privacy are at the core of decentralization, then I’d like to end with an analogy that involves regulation and seat belts. Although invented in 1885, it took more than half a century (1950–1955) for them to start being offered as options by car manufacturers, and almost a century (1970) for the world’s first seat belt law to be put in place thus forcing all manufacturers to provide seat belts by default. Today, it would be inconceivable to buy a car without seat belts. In other words, it is a lengthly process to introduce new regulations and laws, but in the end we should be aiming for the same goal — to make it inconceivable to not have data ownership and privacy by default in every app we use.

Enjoyed this article? Please take a moment to “clap” it one or more times (up to 50). Comments? Tweet them @andreisambra.

Blockchain
Decentralization
Privacy
Regulation
Governance

--

--

Andrei Sambra

Written by Andrei Sambra

129 Followers

Entrepreneur working on decentralization, blockchain and privacy focused projects. Formerly @QwantCom, @MIT, @SolidMIT and @W3C.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams