Are we ready for the threats to the Fediverse and decentralization movement?

Yesterday for quite some time an excellent article featured on Hacker News written by Cade Diehm. It didn’t get much attention, maybe due to its title, but it contained a very urgent message to anyone involved in evolving The Decentralized Web. So I am posting here for you to read.

Some quotes from the article:

The resilience of centralised networks and the political organisation of their owners remains significantly underestimated by protocol activists. At the same time, the decentralised networks and the communities they serve have never been more vulnerable. The peer-to-peer community is dangerously unprepared for a crisis-fuelled future that has very suddenly arrived at their door.

The article details about the demise of early P2P applications such as Napster which seemed at one time poised to win the Copyright War, and mentions BitTorrent that exposed its users to litigators.

Then it goes into the optimism we now feel for new decentralized protocols, and which attract a large user base of people with often outspoken, non-mainstream, rather activist opinions that embrace new platforms as safe havens to express themselves. But…

As we can see from history, blind faith in technically resilient network protocols is naïve and misplaced.

And further on the article goes specifically into detail on DAT, SSB - which I leave to the reader - and ActivityPub:

The Fediverse – a network comprised of Mastodon, Pleroma and other adjacent projects – suffers from the same glaring contradiction. Similar to email nodes, servers (known as Instances within this network) are branded around common interests, political beliefs or sexualities. […]

This collection of networks offers no end to end encryption. Anyone with administrator access to an Instance can read anything that travels through that Instance’s infrastructure – including direct messages. The level of risk correlates with the number of cross-Instance interactions between users.

Of course that is a known issue. One HN commenter points out, e2ee is being worked on in Mastodon. Article also mentions:

The Fediverse has also grappled with its own limitations in threat modelling, such as failing to collectively anticipate the establishment of far right and fascist political Instances – deplatformed refugees from dominant social media platforms.

So what is needed?

[The current] global instability demands platform reform. Peer-to-peer networks theoretically offer a level of resilience, safety and community determination that may no longer be possible with these incumbent powers. The moment demands not another protocol, not another manifesto, not another social network, but a savvy understanding of the political dynamics of protocols and the nakedness of today’s networks. By embracing a reverse Shock Doctrine as a Service , developing clear, historically-grounded narratives, and building sensitivity to the user’s abilities and safety, these new decentralisation reformists can succeed where others have failed.


There is a rich but incomplete field of emergent work to draw from: New frameworks such as Socio-technical Security , and Decentralization off the shelf , exist to assist protocol designers understand and model interfaces and threats more completely and realistically. We must draw from groups that resist the Californian Ideology’s definition of identity, from the 1970s civil-rights aligned student activists who fought against digitised student records, to today’s Decolonise Design movement. Reformists must cede space for decision-making and expertise to under-represented or assailed communities.

The article concludes (emphasis mine):

We can no longer marvel at the novel interactions afforded by peer-to-peer technologies, nor perform political theatrics within these networks. We need to lay aside our delusions that decentralisation grants us immunity – any ground ceded to the commons will be met with amplified resistance from those who already own these spaces. […]

Without cohesive organisation, mobilisation to harden security and privacy and without a sincere commitment from protocol designers to revise their collective assumptions, the push back from incumbent power will leverage each and every socio-technical flaw in each and every network.


No reason why web systems and p2p cant play nicely together. I built an app this week using peerjs but delivered over the web. So you can chat from one browser to another without a central server. But also just use wget and install it anywhere. Two systems with different features complimenting each other

Simple experimental idea

  • Run peerjs on some fediverse servers ( a one liner – npx peer [options] )
  • Add a privacy-first way to identify users or browsers to each other on the fediverse
  • Build a simple direct message (chat) tool that is e2e encrypted, private, and modular can be added on to existing fediverse software

I think this would could get to proof of concept in a weekend for a single developer, and show how p2p and federated systems can cooperate

This is a really useful article, and provides some interesting links that I look forward to following more deeply.

One thought from that strikes me is this: “One of the missing aspects are tools that developers and designers can use to understand how to build applications.”

As an AP developer I find myself doing a lot of work understanding protocols and writing code to interface with them, which I know has been done by others but not shared. And open source in general has almost no desire to do UX/design work, and when it does it’s generally not done in a way that is useful to developers of other projects.