- Nov 2020
-
latacora.micro.blog latacora.micro.blog
-
There are, as you’re about to see, lots of problems with PGP. Fortunately, if you’re not morbidly curious, there’s a simple meta-problem with it: it was designed in the 1990s, before serious modern cryptography. No competent crypto engineer would design a system that looked like PGP today, nor tolerate most of its defects in any other design. Serious cryptographers have largely given up on PGP and don’t spend much time publishing on it anymore (with a notable exception). Well-understood problems in PGP have gone unaddressed for over a decade because of this.
The meta-problem with PGP is that it was designed by crypto-engineers in the 90s and it is horribly outdated, yet due to its federated architecture, difficult to update.
-
-
signal.org signal.org
-
So while it’s nice that I’m able to host my own email, that’s also the reason why my email isn’t end-to-end encrypted, and probably never will be. By contrast, WhatsApp was able to introduce end-to-end encryption to over a billion users with a single software update.
Although the option to host your own email offers you freedom, it's precisely this freedom that makes change more difficult and the reason why email isn't yet end-to-end encrypted.
Centralized architectures, like whatsapp, allow you to roll out end-to-end encryption to the entire network with 1 software update.
-
That has taken us pretty far, but it’s undeniable that once you federate your protocol, it becomes very difficult to make changes. And right now, at the application level, things that stand still don’t fare very well in a world where the ecosystem is moving.
Because the ecosystem around software application is quickly evolving, you need to be able to adapt in order to be competitive.
Once you federate your technology, however, you lose this ability to adapt quickly, as is evidenced by the relative stagnation of federated standards such as IP, SMTP, IRC, DNS etc.
-
This reduced user friction has begun to extend the implicit threat that used to come with federated services into centralized services as well. Where as before you could switch hosts, or even decide to run your own server, now users are simply switching entire networks.
The implicit threat of federated architectures is also emerging in centralized services. It emerges there because the core of the social network, the address book, is saved locally (i.e. federated). This makes it easy for users to switch networks, and this ease keeps the providers honest.
-
Given that federated services always seem to coalesce around a provider that the bulk of people use, federation becomes a sort of implicit threat. Nobody really wants to run their own servers, but they know that it might be possible if their current host does something egregious enough to make it worth the effort.
The implicit threat of federation
In a federated architecture, most users tend to coalesce around one provider. Few actually want to run their own server, but the fact that that option exists, acts as an implicit threat which keeps the current host honest.
-
In a way, the notification center on a mobile device has become the federation point for all communication apps, similar to how older desktop IM clients unified communication across multiple IM networks.
Mobile device's notification centers are federation points for communication apps
The notification center in our phones acts as a hub where messages show up from WhatsApp, Telegram, SMS etc. analogous to how older desktop IM clients unified communication across multiple networks.
-
Federation gives us more collective control over what changes we accept, but that comes with an unacceptable inability to adapt.
A federated model requires some type of consensus to form to accept changes. This is great to promote consensus, but reaching consensus takes time and results in an inability to adapt quickly.
-