Secure Scuttlebutt – The “Localized” but Distributed Social Network
We’re joined by Dominic Tarr, a sailor, and the Founder of Secure Scuttlebutt. This curiously named project has a fascinating approach to creating a truly distributed social network. One might even say that Secure Scuttlebutt is “localized” as it gracefully degrades to Sneakernet, something few blockchain projects can claim. In actuality, the SSB protocol isn’t a blockchain in the traditional sense – each user’s feed acts as a sort of localized chain of posts, signed by their public key, and possibly encrypted for a friend’s key to decrypt. When users meet, the system syncs their local databases using a gossip protocol and replicates the data. Encrypted data is transported from peer, to peer, to peer (or friends of friends) until it reaches its intended recipient. User may also optionally rely on public servers to sync data over the internet.
Topics discussed in the episode
- Daniels background and life living on a boat off the coast of New Zealand
- How being at sea gave him the idea for Secure Scuttlebutt
- What is Secure Scuttlebutt and what are the goals of the project
- The issues with centralization and redefining decentralization as a positive statement
- The notion that the technological singularity only serves the goals of centralized power
- How SSB stores information and how posts get propagates from between friends, and friends of friends
- How the network leverages “Pub” servers to sync data over the internet
- Usage of the platform and the communities which thrive there
- The cost of spam and how users protect against DDoS attacks
- The project’s funding and roadmap
Sebastien Couture: Hi, so we’re here with Dominic Tarr, Dominic started Secure Scuttlebutt, which is a very unique type of social network. I don’t know if you even want to call it a social network, but it’s a way to talk to people who matter to you and others and Dominic is usually based in New Zealand or at least on the coast of New Zealand as he lives on a sailboat, we’ll get a bit into that in the episode but for the moment, he’s in Berlin. Hi Dominic.
Dominic Tarr: Hey
Sebastien: Thanks for joining us. So why don’t you tell us a bit about your background and how you got to live on a sailboat. Actually just for context, you were introduced to us by another New Zealander and friend of the podcast and lover of boats and things that float, and so yeah, tell us a bit about your background and how you how you got this far.
Dominic: Right, well I ended up on a boat because I just decided I didn’t want to pay rent it just started to seem like paying rent was like a massive scam and I realized one day I could live on a boat and instead of paying rent I could buy a boat and then after a few years I paid for the boat and then turns out I like sailing as well. When I first decided to live on a boat I hadn’t even seen a sailboat up close. So I kind of got lucky there. I’m sure that this sort of was essential in like leading me down the path where I created Scuttlebutt so things like living on a sailboat you have a lot of autonomy and you also find yourself in a lot of like near death experiences, so you have to be like, you know, you have to understand, it’s very much like a hacker mindset. You have to understand how everything works, what the risks are, take actions and decisions and stuff and be confident about what decisions you make.
Sebastien: So are you sort of in New Zealand territory or New Zealand waters? Or are you out internationally?
Dominic: Yeah I’m not even really sailing that far. just like a coastal area around New Zealand, but this was the sort of boat I could afford when I was 21. It was like even a small distance was a big adventure and the weather in New Zealand has been described as quite moody so you can still have terrifying adventures, you know, it’s sort of relative to the scale of the boat and stuff like this, the new boat is a bit better and I’m in a part of the country that has much more milder weather and it’s like all that other things have changed since then. So now there’s pretty widespread 3G internet and solar panels are much cheaper. So one solar panel that’s enough to run it most of the time and I’m like doing remote work. So it’s quite an excellent environment.
Sebastien: It’s quite literally remote work. So how long you been doing this? And what did you do before you were living on a sailboat? I believe you were working a regular job.
Dominic: I haven’t worked a regular job for a long time. So the current boat I’ve had like four years now, previous to that I spent a couple years just traveling constantly. I had gotten into node.js very early on and then I managed to get invited to speak at a conference. And then I gave this talk wearing a wizard hat, it was made from a Doritos bag. And after that I just became quite famous as a distributed systems expert although all I had really done is read the Amazon Dynamo paper but I knew just enough more than everyone else that I could like pass off as an expert. And at this point I didn’t realize it yet but I was well on the way to Scuttlebutt. So in this process, I learned basically everything I needed to think of Secure Scuttlebutt. And yeah, so then at that period I was traveling like at least nine months of the year. I think one year I didn’t spend longer that six weeks in any one country, but this got to be quite exhausting and I was wanting to be settled down and so I bought a boat and now I only travel three months a year which is still a lot by ordinary people standards, but is quite settled and civilized compared to what I was doing previously.
Friederike Ernst: Good. And that hat story is hilarious. So, can you describe a little bit your path towards building Secure Scuttlebutt and basically what motivated you to build the protocol as is
Dominic: Yeah, so there was a period where I wanted to build some kind of decentralized application platform and I didn’t really know how it was going to work and my motivation was I started exploring this before Edward Snowden and things like that, privacy wasn’t actually my main item. It was more about autonomy and I remember being frustrated that Facebook would just change how the interface works from an interface I was used to to an interface that like I hated and I just had no recourse at all. Like it was really frustrating and there’s no way to fix the problem or even express that there is a problem, whereas if you live in a democratic country then at least you can vote for the other party every couple of years or something like that. And with software it’s just like there was nothing like this. And before the boat stuff, I had what I call my first and last professional grown-up job. And before that there was another boat trip and I ended up at this like hippy commune and I stayed there for a month or so and I was like, this is great, but just becoming hippy would be too easy. You know, I needed to go to the city and get a job and give society a fair chance. And so I did that and after 18 months I decided that society had failed me, basically I had this job where I realized that some of the software we were providing customers was really crap, but the technical problems weren’t really that hard, the hard part was the social structures surrounding it. So basically my boss would go talk to their boss over a golf game or something like this. Them he could be oh, you’re a good guy. We’ll use the software and then the people who actually had to use the software which would generally be the accounting department, they didn’t actually have any say in the software and when they found it quite frustrating they talked to me but I wasn’t allowed to fix their problems because we had to generate billable hours, and I would have loved to have fixed it problems. But I was only able to really do things like that when my boss was on holiday, so that sort of got me thinking that you know, the person who is on the front lines has very good perception of what the problems actually are, but they’re often not in a situation where they can actually do anything to fix those problems. So there’s so much software that’s like really frustrating. But unless you’re inside the organization that created that software it’s unlikely you can do anything about it, even complain about it in a satisfying way, except for open source. Open source, you can actually attain a feeling of agency or you can sometimes you know point out a problem and it gets fixed immediately or even if I don’t make the pull request or something like this often you can talk to developers and like persuade them or negotiate some kind of solution and I find that that is hugely satisfying. You generally need to be a developer to be able to have access to that kind of thing, but I was sort of interested in how you would make more egalitarian software basically, and this sort of led me towards decentralization because then digitalised software, so in Scuttlebutt there’s protocol and then application and just because I designed the protocol doesn’t mean I can control what application you use to access it. So even if you build a commercial application for using Scuttlebutt, but you can’t really stop other people from using different software and I don’t have the solution to how do you create truly egalitarian software. But my intuition was that decentralization capable protocol would be a big potential part of that.
Friederike: So Secure Scuttlebutt is open source and decentralized in a form that we are not that used to which we will go into in a little bit. So maybe let’s talk about what it is first. So basically, I think earlier we refer to it both as a social network and a messaging protocol so what in your eyes is the function of Secure Scuttlebutt.
Dominic: Well, generally I start by explaining the name. So Scuttlebutt is a nautical term for gossip. So scuttle means open or opened and but is a barrel, so it’s the opened barrel of, like it’s the drinking water on an old sailing ship. Yes, like a water cooler and that becomes synonym for gossip inevitably and then the thing with human gossip as gossip isn’t considered very reliable because I can say something to you and then you can say something different to someone else but say that that’s what I said. Or you just misheard it, you know, it could be malicious or something like that. But interestingly gossip is actually a type of computer protocol and some computer systems one computer talks to another computer directly and it’s the only way that those two computers communicate, but you can also have a gossip protocol, a message you can get from one computer to another computer by jumping around other computers first. So in a gossip protocol when you send a message, you don’t really even say it’s going to this protocol you just like broadcast it and it drifts out to all of the computers eventually gets the one that you need and these kinds of protocols are extremely resilient because if some computers are missing, it doesn’t matter. It just goes to other computers instead. Basically I read about this subsystem of dynamodb. So dynamodb is part of Amazon. So they use that to implement your shopping carts and stuff like that and it had a gossip protocol inside of it that just keep track of the computers that were like in the cluster so they had a peer-to-peer system that was inside of the data center and took that basic idea and then added enough security so that you didn’t need the data center anymore. So it makes a secure gossip protocol. So in a secure gossip protocol, it doesn’t have the unreliable problem. So you can pass on the message as I say but you can’t change them. So my friend can verify that that’s what I said. Yeah, so I tried a bunch of other things. So I was originally thinking of the design it was a bit more like IPFS than Scuttlebutt originally, but eventually I realized that by building a social network you sort of solve a lot of the security problems, by basically passing them on to the humans. So for example, how do you deal with span. Computers aren’t very good at filtering out what is spam and what isn’t spam but humans are really good at that. Humans spend all their time basically deciding who they can trust and who they can’t trust. So instead of making the computer decide that just put a button which humans can say, this is my friend or this isn’t my friend and so that sort of stuff that the trust decisions you just push up to the human layer and then the computer just sort of replicates the message perfectly which is what computers are really good at.
Sebastien: So could you walk us through this typical experience for someone who’s joining Secure Scuttlebutt. So if I’ve just heard of Secure Scuttlebutt, and I know that I have some friends on it how does that work and also it would be interesting to describe the way that messages actually get transmitted and how actual human conversations and human gossip than the social network structures that were used to.
Dominic: Yeah. So to join the Scuttlebutt Network, basically someone else already in the network has to follow you. So it has to start requesting your messages and then there’s a couple ways of doing that, the best way is if they are in the same room as you on the same Wi-Fi, so you would install Scuttlebutt and then there’s like a local broadcast so you can see each other over the local network and then they click follow and so follow makes their computer start replicating your messages and it also posts a message to their feed saying that they followed you and that means that they’re friends now know about you and they can start replicating your messages as well. And at the same time you click follow for them and then you start replicating their messages and then you’re basically in the network.
Sebastien: So every time that these two people meet on a local area network, on the same Wi-Fi or even I guess also exchanging USB keys it can get down to that level then they will replicate each other’s messages. So basically replicating the data on each other’s system. So the friend request here kind of works like a real-life relationship. I meet someone and all of a sudden I want to know about what’s going on in their life, you know, like I become friends with them and then I engage in conversation with them and so we sort of replicate experiences, stories, you know things that we tell each other.
Sebastien: But it happens in a physical location.
Dominic: Yes. So that works really well, of course, sometimes people like to use their computers to talk to each other over the Internet when they’re not face-to-face but that has this problem that was meant to be solved by IPv6 but hasn’t yet been rolled out yet, it’s only been 20 years and now we have this problem where basically, imagine we ran out of telephone numbers and now there are two sorts of phones, there’s one that only businesses can afford which can answer messages and then ones the ordinary people have which can only dial numbers but can’t receive calls and it’s IP addresses. So it means that you can call someone who has a website, but you can’t just call your friend. So making a full peer-to-peer application work properly is quite tricky, hacks get around it. But what we’ve found is good enough for Secure Scuttlebutt is just some people run servers with a static IP address. We call this a pub server, it’s named pub because both sounds like public and like a pub as in a bar, which is like a place you can meet your friends to exchange gossip. And these pubs are quite different to like, you know email servers because in email you have email servers, but the server actually owns your identity. So your identity is name@server and in Scuttlebutt the pub is just a robot that happens to act like your friend so your identity isn’t actually tied to any one pub. It’s just a place. It’s just a fantasy that probably has your messages that you can reliably connect to
Friederike: And if I understand correctly, there are two types of messages. So there are messages that you just broadcast to the world that are readable to anyone but I could also send you a private message, correct?
Dominic: Yeah. So a private message is just a public message that the body is encrypted, so basically it’s a broadcast model. So everyone receives all of your messages, but if it’s encrypted they can’t read that message. So I encrypt a message so that only you and Bob can decrypt it and everyone else gets it and passes it on but they can’t decrypt it. And this actually has very good privacy properties because it doesn’t hide that I sent a message, everyone knows I sent a message, but everyone tries to decrypt it and therefore no one except the people that it’s for actually know who it’s for because it could have potentially been anyone that follows me.
Friederike: I see that this makes perfect sense. So basically seeing that you don’t have people like servers or you know, like people who actually are your point of access it’s asynchronous by design, right? So basically if I send you data or some kind of message if you’re not online, you’re not getting it at that moment. And so can you describe the process by which this method kind of permeates the network and arrives at your device?
Dominic: Yeah, so basically we any two peers connect to each other they start by doing a handshake so they start by just sending a list of who they have talked to since the last time they talked to you and they check if you have the same news so it’s like I bumped into you in the street and I’m like oh hey have you heard from Bob recently and you’re like, oh no I haven’t and then I tell you the news about Bob and then sometimes you already had heard the gossip about Bob from a different channel in which case we see that and don’t send you anything.
Sebastien: So let’s maybe just use your life as an example. So you live on a boat right and let’s say that I live in New Zealand and you know Friederike lives in Germany. So you’re on your boat and you write public posts and oh by the way, we’re all friends so you write public posts like today I caught this huge fish and today there was a big gust of wind and I went far. Okay, like I don’t know much about boats. That’s like the two things that happen on a boat right. Then you come to shore, I meet you we sit in a cafe and then I get all those updates. So like maybe like a month of updates basically just you life blogging kind of your diary of what’s happening in your boat. I get all that stuff. And I’m like great and then maybe also you sent a private message to Friederike and then at some point she comes to New Zealand for like some conference and you’re still on your boat and we meet up, she’ll presumably get all of those public updates because I’m friends with her and then she’ll also get the private messages you sent her because I’m gossiping those to her.
Dominic: So the messages are all just in one log, so it’ll be public. So they just all sort of come and get copied cross and they always get copied across from oldest to newest and that means that if it breaks partway through next time, it just replicates from there.
Sebastien: So I’m only receiving that private message to Friederike because the client knows that we’re both friends.
Dominic: No, you don’t know that it’s for Friederike. You just take all of my messages in order.
Sebastien: All of your messages regardless of whether or not I know those people, whether or not we’re friends or whatever. I just replicate everything that you’ve posted. Yes. Okay, so there might be some garbage in there for people that I’ll never encounter and for whom those messages will never get sent from me.
Dominic: Yeah, but replicating these extra messages isn’t a huge burden. Basically it’s designed so that it all fits within the realm of just the small favor that you wouldn’t really think about doing for a friend. Like it’s not really a problem, even after several years of using scuttlebutt a lot because talking on scuttlebutt every day. My entire list of messages is only like 10 megabytes or something like that.
Sebastien: Okay, so it’s quite efficient then.
Dominic: Yeah, it could be more efficient as well It’s not really a big deal to have a few extra messages. The thing that is a bigger deal is attachments that are images and files and that sort of stuff but that is sort of handled separately. So you won’t take those unless you want to view them. So that’s handled by different protocol. So if I took a picture of that fish if you didn’t look at the picture of the fish, you might not have it to pass on to Friederike.
Friederike: Okay, I see so basically it’s a lot like having your own personal blockchain that you share with people and where you basically cryptographically encode parts of your updates so they’re only readable for some people. So can you talk a little bit about the role that public servers play. So basically the pub servers that when you log into the network and you connect to it you can get an invite from a pub server? So can you talk a little bit about that?
Dominic: The pub servers really only exist to make it possible to connect to the network. It’s kind of wrong to say log in because, so the terms we’re used to using on the internet like account and login and like logging in is like, you know, you check into a hotel and they write your name in a book and account is like you join a club and they write your name down in a book and that kind of concept doesn’t really apply in the Scuttlebutt world. It’s more like you just create an identity and once you’ve created an identity other people can have relationships with you. So in an ideal world we wouldn’t even need pubs. It’s just because of this shortage of IP addresses and so I have friends here. I’m in Europe right now. My friends in New Zealand tend to be asleep now while I’m awake and then awake when I’m asleep. So there’s only a small gap when we might both be online. But if there’s a server that gets my messages and then give them to my friends later.
Friederike: So if the network was dense enough you wouldn’t need those servers right.
Dominic: Correct. And if all the servers went away, if you know some kind of like, you know, zombie apocalypse took out all the data and all the national level infrastructure scuttlebutt would still work as long as we have solar panels and light local to run our laptops and local Wi-Fi and we just like, you know, we could like put SD cards onto migrating birds or something like that, that would actually work.
Sebastien: Couldn’t Scuttlebutt utilize sort of similar architecture to BitTorrent to reduce dependency on these servers.
Dominic: Yes, so BitTorrent has this sir, but aren’t has this DHT thing but the problem with a DHT is to make a proper peer-to-peer connection you basically need to do this trick where it’s called hole punching. Without getting stuck in the weeds it’s more like being set up on a date by just making a phone call. So you need to have an introducer that is a third party that connects you and then once you’ve connected then you can talk directly.
Sebastien: Right. So this is what the torrent trackers fulfill as a role I suppose. Do you still need to have some sort of an essential point of trust which introduces at least at first initial peers for discovery.
Dominic: Yeah, so you’d still need to have something like pub service for that anyway and basically I use the pub server design because there’s just enough reason for people who were good at computers to be able to run a pub server. It’s not really that much effort, you know, lots of people have developers and computer people and stuff like this, they already have a server that they pay for and they run a website off it or something like this and you could put the pub server on that and that’s enough to like act as an introducer to your friends. So this is the plan we haven’t actually got around to implementing this fully peer-to-peer thing, but the idea was that it’s enough that people will want to run the pubs and then they can act as introducers and then you’ve got a full peer-to-peer thing and as long as one of your friends has a server then you’ll be fine, but it doesn’t really matter if, so more than one is great, but it doesn’t really matter and this means that the requirement of the server being up all the time is actually very low so contrast that with the email, if your email server goes down and someone tried to send you an email then they’ll just get a message back saying it didn’t work and if the pub that we were going to communicate through is down at the time you just post a message on your log it when the server comes back up it will receive the message that end so you don’t need to worry about it. Just everything works smoothly. One fun anecdote is one time my friend was on an aeroplane and he was browsing Scuttlebutt completely offline. It was just like he’s local database, and the person sitting next to him is like how come you have the internet when no one else has and he’s like, oh, well, I’m actually not on the internet let me explain. So he explained Scuttlebutt and it turns out this guy was some electrical engineer from the South African Antarctic base. So they had like, not very much or very little, I think they probably have some kind of satellite thing. But basically Scuttlebutt would work great.
Friederike: So how many users are there, how many connections do they have on average, and have you done any any percolation theory on the on the graph to see how long messages would actually take to percolate the network to outlier say the South African Antarctic base, have you done any data science on this at all?
Dominic: Not really. I mean there’s so much things to do just like using the thing, like there have certainly been cases we’re having a conversation with someone and messages just get through pretty quick, like fast enough, sometimes if you’re offline, I mean a message could if you’re writing them offline messages could be delayed for an arbitrary amount of time depending how long it takes to get online once you’re sort of connected in the community group it’s pretty fast. So the protocol is kind of designed so it can’t know too much like about who’s using it. We can see 10,000 ish. I haven’t really looked but Andre looked recently, he’s building the Android app, like 10,000 ish identities in the network. There could be more people who installed it who haven’t connected to the network and then there’s a small but very vibrant community of people that’s maybe a few hundred that are still regularly using it. So we didn’t we didn’t put any notification or anything to put pull people back. So people that are still in the community are there because they’ve made friends and are coming back actively to check and participate in discussions.
Friederike: So yeah I look into this a little bit yesterday when I did my research for this episode and it seems to be a super friendly community, very unexpected when you’re usually on Twitter. So I have one last question for the protocol, so there’s no cost to broadcasting, right? So basically as my friend I can give you an arbitrarily long list of messages that I would like to see passed out into the world. Do you see any kind of attack that would use this property that basically as my friend you’re kind of obliged to take on my gossip no matter whether it’s relevant or whether it would align abuse or whether it’s abuse.
Dominic: You’re not really obliged because you’re free to change your mind. That’s one of the sort of philosophical design ideas behind Scuttlebutt is that everything is voluntary. So if you don’t want to do something if you don’t want to connect to a particular peer or relay a particular message, you can always get out of that. Other things like a DHT only really work if you sort of interact with it everyone uniformly, there’s no way to choose which peers you want to interact with, you can’t make any value judgments in a blockchain and Scuttlebutt you could always make value judgments. So if you did make an unreasonably long log, I would just block you.
Friederike: Okay, so if I were to doss the network, I’d just be blocked by all my friends and I’d have no friends left. Okay. Well that makes sense.
Sebastien: With regards to interests and topics and things that people are using Scuttlebutt for, when you download and install it and you get to a pub server, there’s all these topics sort of like hashtags which are quite diverse and there’s all kinds of different topics. So could you talk about how those work and this community of people that are there, what are some of the dominant communities and themes that are being discussed on Scuttlebutt in those open forums.
Dominic: There’s a variety of things, there’s definitely people that have privacy and decentralization interests, but I think there’s an unreasonable amount of people that are living in cabins in the woods or in boats or something like that. There’s a lot of people talking about stuff like that. There’s this whole solarpunk idea. Are you familiar with this?
Sebastien: A little bit. Yeah. I think someone mentioned it on the podcast before.
Friederike: Can you give a brief explanation for me though?
Dominic: Yeah so solarpunk is the hopeful genre of science fiction that we have been waiting for. So basically we have cyberpunk which is this dystopian with computers and VR, and steampunk which is like this historical fantasy where like Victorian stuff just continues, but solarpunk is an optimistic future, maybe in a hundred years or something like this, where humans now live and that’s still high tech but now they live in harmony with nature. Zack came on Scuttlebutt and was like oh has anyone heard of this genre of science fiction I really like it and we suddenly all got really excited and we’re just like we are solarpunks, like this is what we’re trying to do and interestingly it can be traced back to a particular post where someone just sort of describes an aesthetic. So there’s lots of people who are concerned about climate change and the environment and things like that but solarpunk is this vision of what the world would be like if we solved all these problems and I think that’s really important because just thinking about the problem of the impending climate collapse that we’re causing is way too depressing.
Sebastien: Yeah, I would invite our listeners to google solarpunk, it never rains in solarpunk land.
Dominic: Well, I think it definitely rains.
Sebastien: But there’s a lot of rainbows.
Sebastien: Moving on to another topic that I really wanted to talk to you about is this idea of centralization versus decentralization. You gave a talk I think it was earlier this year or maybe last year at the Decentralized Web Summit where you sort of redefine the idea of decentralization. I thought it was interesting from the point of view that decentralization is sort of the opposite of centralization and everybody in the blockchain space I think is like striving or trying to reach the goal of like building more decentralized systems when it’s just so the opposite of something else and you made the argument that it would be much better for the communities working on this stuff to try to actually define sort of in a positive way what they’re trying to achieve so rather than like the opposite of decentralization what’s the positive version of that? So describe in your words what it is that projects like Secure Scuttlebutt and maybe some other blockchain projects with similar goals are trying to achieve and how we should maybe use that when educating people about the benefits of this.
Dominic: Yeah. Well, I think the thing about centralization is it describes a structure like a pyramid or a star with this one thing in the center that’s in control and a bunch of things outside of that and decentralization presumably is anything but that and that includes a lot of different things, so you could all of the nodes in a circle and everyone is connected to everyone, that’s kind of like how a DHT works and that has a uniform structure where all the nodes are strictly equal and then you can have like a grid or like a lattice structure. So there’s actually networks that do have that shape. So cell phone towers are actually arranged in a hexagonal lattice and you can imagine this mesh laid out, and some kind of more haphazard version of that kind of structure. Scuttlebutt, because it is based on the idea of a social network, it’s actually not quite a uniform mesh because some people have a lot of friends and other people have fewer friends. There’s like a range of things. So this is called a small world or a scale-free network and this has some interesting properties and yeah, there’s actually a lot of things that behave like this. But of particular interest is human relationships. So you probably heard of this Six Degrees of Kevin Bacon. So the idea is that Kevin Bacon has been in so many movies that you have either been in a film with Kevin Bacon or you’ve been in a film with someone who’s been in film with Kevin Bacon or someone who has been in a film or someone who’s been in film with Kevin Bacon and so on and it’s actually quite surprisingly short path from any particular person to Kevin Bacon. There’s nothing really special about Kevin Bacon it’s just that he has been in a lot of movies. There’s a path from anyone to everyone quite often through Kevin Bacon because of all the movies he’s been in and you get this kind of thing through like celebrities basically, so celebrities know a lot of people and are known by a lot of people and this makes celebrities like a little bit centralized, but I think it’s okay, because first of all they can’t force anyone to like them. People only like them because they do good stuff, like they are funny or they make great music or something or make music that people enjoy etc as they start doing stuff that you don’t like then you can stop liking them and then they start to lose their power. So it’s kind of a bottom-up thing. There are some points that have more power but they don’t have absolute power.
Sebastien: Maybe Kevin Bacon should have a Scuttlebutt pub server.
Dominic: Yeah sure.
Sebastien: So in your view what are the problems with centralized systems? I think maybe to preface this we could talk about it in the context of this trilemma between scalability security and user experience. And you know, where do the problems start to emerge when all of those properties kind of erode and where does Scuttlebutt sit on that triangle.
Dominic: Well, Scuttlebutt is scalable and secure and as good a user experience as it can handle, I think these kinds of trilemmas are not necessarily, like there are some designs that are just better than other designs. So if you have a really good design you can have more than your share of all three, a really bad design will be stuck out on a corner. So we’re sort of somewhere in the middle, you know some things that would make it perhaps a better user experience, if it did all those things but didn’t use any data on your phone at all or didn’t use any storage and of course that’s not realistic. For me I think the most important thing is who is like in control of the system. Like if you have a problem are able to make some deliberate choice? Is there something to improve your situation. So like if there’s something that you don’t like can you make a decision about it? So for example, the email app on my phone from Google has these suggestions of like someone sends a message and be like you can say one of these canned things and I really wish this would go away because I feel that it would be like the height of insincerity for just push a button and send someone a canned message rather than type out what I actually think. It’s like it’s convenient but I don’t actually want convenience, when I write a message to my friend I actually want to write it.
Friederike: But often the messages that Google kind of gives you, they are sound bytes of things you regularly write? So things like ‘sure let’s do that’. Or ‘that works for me’ or you know, something that is you know improving in some way. I never get one that says ‘this doesn’t work for me’ or ‘let’s let’s do it another way’ presumably because I don’t write that as often and why would you see it as insincere to press the auto complete and just send it off like that because I mean in a way you could also just do a thumbs up, right?
Dominic: Yeah, but if someone actually typed a thumbs up I know how much effort they put in, if they push the button it looks like they put in more effort than they really did. So if they push the button and it said autocomplete message from Google then I would know that they just pushed one button. So there’s this case where you know it used to say sent from my iPhone that actually helps because if someone puts like a really short awkward message that’s like badly typed it’s like okay they sent it on their phone so that’s acceptable, if they push a thing that just says like that’s the canned message, it’s like oh you didn’t really, you know, it’s about estimating how much effort someone put in and I feel that is like the essence to show someone respect when you’re talking to them over, if I text it’s like you need to tell how much effort they put in to writing it message to you and just pushing a button very little very little effort. And so I’m kind of terrified every time I see that that I use one inappropriately, especially if it’s something like the things are the opposite of what I actually want to say and I’m terrified of hitting one by accident but the place where this is relevant to Scuttlebutt is like these things are like, Google has spent all of this effort analyzing what people are doing, things like testing when people push the buttons and keeping track of things like that, but they didn’t actually ask me what I wanted. They are just studying me. So if they actually asked me and respond to that then I would feel like I had some influence.
Friederike: Okay, so you just don’t just want to be A/B tested.
Dominic: Yeah. I don’t want to be tested. I want to choose A or B. That would be a better user experience. That would give me a feeling of autonomy, instead I feel like an animal that’s being heard.
Friederike: They could do an A/B test where some of the group of the people are just asked instead of being randomly assigned and see. So basically the matter A/B test whether people actually like A/B testing that would be interesting. Let’s go back to the topic of centralization versus decentralisation. I think it’s a hallmark of human nature that you think the time that you live in is special in some way, right. It feels like over the past say 50 years or maybe 30 years things have become enormously centralized. So if you look at the amount of data that for instance Google or Facebook or Twitter actually amass, its enormous, right? So do you actually think that this is some sort of a special point in history where we have to choose the right path or do you think that this just seems like it right now, or maybe it doesn’t seem like that to you at all.
Dominic: Yes, well, I think yeah, I think I do. In particular, so like modern cryptography is very new, computers have only existed since the 50s but Computer Sciences a little bit longer than that, like the 30s or something like this, but modern cryptography, both hashes and signatures have only existed since the 70s and we’re only just beginning to figure out how you can build things using cryptography, without cryptography without like so for along the first like massively deployed photography was TLS. So this lets you connect to a server and then do a secure connection so this means that no one else can see your credit card number and that you can log into websites with a password without anyone seeing that. Without this it would be basically possible to do copyists over the Internet. It would just be too insecure to really buy or sell things or own it and traction control things and that’s really just the simplest possible thing, basically taking like an insecure network and securing it and there’s so many more things that you can build, by so basically all the other all the recent things I call it a cypherspace. So cyberspace is the space created by signals. So that’s like the ordinary internet. Cypherspace is the space created by algorithms, cypher means like algorithmal code and cypherspace, the security isn’t in the network the security is in the data. So the database is secured in the information inside is secure and we’re just totally beginning to experiment with how you can build things like this. There’s a few examples, like blockchain, SSB, IPFS, debt. Basically we’re just experimenting. It’s a totally different approach with lots of different approaches. I think as well potentially there’s this like cyber war thing and computers as they are so terribly insecure that which need something. There’s so many problems to fix, so currently you have all these you know, governments having hackers like hack each other and collect all these vulnerabilities and just sort of hoarding them. And the funny thing is that they don’t really use them very often because if you use them, so zero day is only useful if no one else knows about it. So if you have a vulnerability and you use it, you will reveal that you know that and then if someone else does know that vulnerability now they’ll know that you knew it and so they will be able to estimate how many other things you must know about if were willing to burn that one. So they’re just like hoarding these vulnerabilities so it’s kind of like an arms race, but you could have a defensive arms race where this all just goes away if you actually had a secure system, So, you know the fairy tale of The Three Little Pigs, so there’s three pigs and one builds a straw house and one builds a stick house and one builds a brick house and the wolf just comes along and he just blows the straw house over and blows the stick house over and that’s kind of like how most computer systems we have today are operating systems and stuff like this, like when you attack it, attacking sounds actually misleadingly violent because you don’t actually attack it, like you don’t attack it like you might attack a person with a blunt object, you attack a computer by just asking it to attack itself and you just have to find exactly the right way to trick it to like falling apart and the third little pig has a brick house and this is like a sturdy house that can’t be blown over. We could build this brick house using like cryptography and into in decryption and secure sandboxing and stuff. Like I definitely think the brick house software is possible. It just needs more people working on it. We just need to rewrite everything we’re doing and start again from scratch, but I think it can be done and I think it would be better that we do that than be hoarding these that continue to have insecure computer systems. We just need to sort of approach this in a way where you find a niche that really needs this and then get it working well enough and then expand out to other things.
Sebastien: So to follow up on that question, you know revolutions have been around since the dawn of time and people have been fighting against concentration of power and centralization of power since forever and there are also these waves right so the French Revolution was one. I wonder if at our particular point in existence and at the dawn of what my some people might call the technological singularity, if we as a society might cross a point where it is no longer possible to revolt against centralized systems because once state powers concentrate enough power and a lot enough technology for mass surveillance. Just look at China for example, like it’s very hard for people there to revolt. We kind of see it there a little bit. It’s very hard for people there to revolt because of the fact that these technologies exist and they’re they’re so powerful in serving the interests of the state itself. So I wonder if you think that if this is true that at some point we arrived as a society at a point where going back is no longer an option like we get to a point of no return with regards to our personal sovereignty means of like protection of our privacy and data etc.
Dominic: Well, I think the thing, it’s the force that’s on the side of decentralization is that innovation is always anti-authoritarian. Like to have good ideas and like try different things people don’t like that. Because you find a different better way of doing something. So if you want to be more innovative, you have to allow our people freedom. So I think it’s no mistake that the Silicon Valley grew out of San Francisco, which was also the like center of the hippie movement and that you can read a book about the 70s and 80s even like government-funded research from Stanford AI leverage or laboratory and all those people totally taking LSD with the hippies and that was like where a lot of their stuff came from and I think, we talk about like China being authoritarian, but I think that if China was going to grow in power and if China is going to start designing new stuff rather than just having the designer California building China, China is actually going to become more relaxed and they have already, they’ve got Hong Kong which is like a special area which has different roles. So I think basically the freedom is essential to innovation, that’s why you get your best work done when the boss is on holiday and to build things, you know, like the skunk works like that spy plane, that big Batman spy plane thing. To build that they had to get all the engineers and put them in a the skunk works, which is like a secret unit that is free from managerial interference. So working on new ideas in secret where people can’t interfere can actually be like essential to having good ideas.
Friederike: I see so freedom is essential for innovation. That kind of leads me to my almost last question. How are you guys funded because basically you need to have some sort of funding in order to have the freedom to innovate, right?
Dominic: Yeah, so this like a bunch of things. So it started out with just I was just like working on it in my own time. By living on a boat and I didn’t have to pay rent. So my living costs were greatly reduced. Right now I have a side job where I do security audits. This is like the perfect side job because I also keep current and how everything else works so auditing lots of blockchain things and stuff like that. So I get to see what everyone else is doing. There’s companies that are emerging and building things on Scuttlebutt with this verse thing. They actually raised venture capital and are building an IOS app. They are funding some developers. We received a grant from Dfinity who are another interesting blockchain thing that I’m sure you have done a podcast about, and they just gave us to $200K for no reason basically, well because they wanted to support us but they didn’t ask for anything and we just broke this up into little grants and shared it with the community. I generally try to encourage anyone who wants to build something on Scuttlebutt and this is sort of more of an ecosystem approach. I think it’s more interesting because I don’t want there to be a single company that owns scuttlebutt. I would much rather a network of companies because I don’t really trust any one company even if they say they have good intentions then, you know people change especially when money is involved but if there’s a whole bunch of companies that’ll keep each other honest. Like for example the web itself as protocol and web browsers, if you want to change web browser, you have to get Microsoft Google Mozilla and Apple on board and because they are mutually suspicious of each other, have competing competing agendas then one of them doesn’t have the power to mess it up and take over the whole thing. And even if they have a larger significant share like Google or something like this, they can’t really control what happens and it doesn’t mean that the web is the savior of everything but I think that’s basically it gives us a model for how things can work. So at the moment it’s kind of a problem that with this just one company with a lot of money, but I think they are still just getting started so there’s totally room for more things like that to appear and I think the most interesting thing we’re doing though is, you know open source doesn’t really work that well with money like it’s just open source is such a different thing like money doesn’t really, for example we’ve received some money from just small regular people’s donations and quite a lot compared to, we’ve raised a few thousand dollars from just people donating like five dollars a month and that’s actually pretty good as things go but those same people who are donating small amount of money are actually donating multiple hours of their times like answering people’s questions and things like that and that time is worth way more I think then the money they’ve been donating, so I’m interested in the thing where we basically have some kind of system to coordinate just people’s volunteer labor. So imagine something like Kickstarter or Open Collective which does recurring donations, but instead of donating money you’re donating time. The thing that I really like about the Insignia is how everything’s free and Wikipedia was all entirely created by just volunteers and if we can build a thing where you don’t even need the infrastructure then I think you could build big impressive things without actually using money at all. So, you know to write software I already have a laptop and it only cost a few hundred dollars. Then I just need coffee and somewhere to sleep, like the actual means of production, I already control that. So it’s just about organizing the labor.
Sebastien: So where can people learn more about Secure Scuttlebutt and start using it and where would you recommend people go to.
Dominic: The best place to learn about scuttlebutt is on scuttlebutt? We also have a website which might be a more accessible place. So scuttlebutt.nz. There’s also a bunch of the repos on GitHub under the SSBC it stands for Secure scuttlebutt Consortium. The Consortium part is a joke.
Sebastien: And so from there then they can download Patchwork or this Android client that we mentioned a bit earlier.
Dominic: Yeap the Android client you can install from the App Store. I don’t actually personally maintain either of those. There’s also another client worth checking out called Patch Bay and that’s currently the most actively maintained and has interesting features such as you can play decentralized Chess.
Friederike: Cool. That sounds wonderful.
Sebastien: Dominic thank you for coming on the show today, it was fascinating learning about scuttlebutt and I’ll definitely keep using in fact, there’s one friend of mine who refuses to use any social media or even you secure messaging and I think the only way to reach him is probably through scuttlebutt.
Dominic: That’s great.
Sebastien: Alright. Thanks again for coming on and have a good time in Berlin.
Dominic: Thanks very much.
Microsoft AzureDeploy enterprise-ready consortium blockchain networks that scale in just a few clicks. More at aka.ms/epicenter.
Trail of BitsTrust the team at the forefront of blockchain security research. Learn more at TrailofBits.com.
- Secure Scuttlebutt website
- Scuttlebutt Protocol Guide
- Manyverse mobile client
- Designing a Secret Handshake: AuthenticatedKey Exchange as a Capability System
- EfficientReconciliationandFlow ControlforAnti-Entropy Protocols
- Scuttlebutt: an off-grid P2P social network that runs without servers and can fall back to sneakernet
- The Nomad Who’s Exploding the Internet Into Pieces
- “The Third Web” interview with Dominic Tarr
- Dominic Tarr on Twitter