2019-12-28 | Net

Federation Is The Worst

...except for all the other alternatives. Here is an article arguing that Federation is the Worst of all Worlds. It's not. One might argue that the article is really an advertisement for an at-best tangentially related product and that drumming up support for it necessitated changing the subject of the conversation - but I'm going to take its claims at face value and argue against them as they were argued.

Federation results in the data of users being subject to the whims of the owner of the federated instance

In the largely unfederated world we have right now, that boils down to one single owner per platform. The promise of a federated system is that you can always set up shop on another system of the same platform, without losing access to your relationships. And that other system could in theory even be run by yourself.

Administrators can see correspondence and derive social graphs trivially. They are also in a position to selectively censor inter-instance communication.

Again, right now we're putting that trust into a single entity for the whole network instead. An entity whose interests we know for sure are not aligned with their users, but with their customers. Giving participants in a network the choice which administrator they want to work with is not strictly worse than that.

All the privacy issues, none of the scale advantages.

Social networks are not a place for privacy. Not in a federated world, and certainly not in the unfederated model we have right now. Once more the case can be made that the current system is worse, because not only is your communication and metadata not private, but the unfederated systems we have often demand, or at least can correlate from context, your real-world identity. A federated system can at least do away with that issue to some degree.

If you require privacy, and there should absolutely be a place for that in a civilized society, you need to use an end-to-end encryption scheme for point-to-point data exchange. There are fundamentally opposed design goals that apply for such systems.

Considering that one of the main goals of decentralized systems is privacy preservation, and thus, control distribution, we must develop better models than “the most popular federated instances gain full control over the users interactions”.

Control distribution is absolutely achievable within a federated context, while privacy preservation will always depend on (in this case: unwarranted) trust. Just because you can't reasonably achieve one, it doesn't follow that the other is a fool's errant. I would also argue that the quoted sentence at the end here is a bit of a straw man, because taking away that power from the individual instance is - or at least should be - the actual design goal of a federated system.

Don't get me wrong, a network design should do what it reasonably can to prevent and mitigate abuse, but I believe advertising inflated privacy expectations to end users is fundamentally dishonest. What they get is not privacy. What they get is some degree of control and independence. Which incidentally is one of the reasons why no federated system has really taken off yet in the mainstream: those are not big enough selling points on their own, and they're certainly not enough to motivate people into taking the huge social hit from moving onto an empty new platform. So far, only fringe groups have taken up these decentralized offers - groups who frankly almost nobody wants to have associations with.

Reliability & Discoverability being the main two.

I agree very much with the problem being discoverability. None of the open networks really tackle that aspect, but it's not a problem coming from the fact that these are federated.

As far as reliability is concerned, we'll need to define what that means. Right now, when Facebook goes down, it may be a regional outage or even world-wide. Everyone using it in the region is affected. On the other hand, the monetary resources the platform gets from its customers (the advertisers) enable it to become quite resilient and quick to resolve technical issues.

Compare that to an individual instance which may be run by a smaller organization or even a private individual, we'll expect there to be more and longer outages, and an increased chance of total data loss. However, in a reasonably designed federated system, instance outages should not take the whole network down, nor should that influence the safety of data on a global level.

Which brings us to another angle related to reliability: data loss and control over storage. Whatever you post on an unfederated system can be taken away at any time, in fact if your whole account is lost, your friends won't even have a copy of it. Federated systems can at least in principle be designed to work differently. The promise here is to potentially store any data you receive indefinitely, as long as you may want to.

Whether you want that data to persist is another issue. There is an increasing number of jurisdictions where publicly available information must sometimes legally be destroyed and removed from the public record. Federated systems, and in fact any kind of private data store, may in principle be in violation of these laws. I suspect there is a potential future where private or locally-controlled data is illegal, since we already started on that path.

Personal Conclusions

So are federated systems worth it, given all those facts and the dim view we hold of them through the lenses of business, legislation, technology, and social mores as a whole? I'm not sure anymore. In the 200Xs, I unsuccessfully tried to get a federated social network off the ground. I was never able to get any funding for the project, or indeed any form of public support - while at the same time the (now defunct) Diaspora project received enormous public attention.

While I am a little bitter about my failure to convince anyone of the benefits, I am now almost glad my project never took off. Political fringe groups and international extremism is not something I would have wanted to be my core audience. I had wrongly assumed that ordinary people would enjoy the benefits of the freedoms this concept promises, but I now realize there is very little in it for normal people - on the contrary, by dropping out of the main consumerist pipelines they would probably be worse off in everyday life on account of being disconnected from the myriad companies who mine their data relentlessly in order to provide them goods and services.

I would not, at this point, want to convince a soccer mom, or even a tech influencer, to move to a federated system. For them, there is literally no upside in doing this. Now that conclusion may very well change as our political, economical, and technical landscape shifts. A prospect I both dread and hope for at the same time...