[messaging] Matrix.. is Federation at odds with Privacy?

[carlo von lynX]

Since you both address the same point, I'll answer in a single
mail.

On Fri, Apr 17, 2015 at 01:02:46AM +0100, Matthew Hodgson wrote:
> Fair point: if you package up secureshare/gnunet or whatever into a
> sufficiently user-friendly glossy package with some nice
> differentiating features, seed and market it effectively, then you
> might get a migration like {AOL,MSN,ICQ} -> Skype, or Skype->FB,
> etc.

Exactly. Distributed software *can* be easier to use than silo/fed
services (no accounts, no passwords... just install and you are
on it!), but to make THAT work we need to advance the meter on the
quality of what was precedently called P2P software:

- We need the sort of scalability features we worked into PSYC and
  Matrix.. the multicasting (hello bittorrent), the state merging...
- We need the sort of sybil-attack-resistant DHT the way GNUnet
  figured it out. Previous P2P software always sucked at this.
- And we want to provide the metadata protection as one of the new
  grand features which so far only Tor has tentatively tried to achieve.
- And, cherry on top, we still need a strong motivation for a new
  generation of users to install our software. Actual privacy during
  sexting could be one such motivation. It boosted SnapChat even if
  there is no guarantee the sexting is safe on it. And what about 
  FireChat? Haven't we been talking for years about mesh networking 
  mobile phones so that people can talk to each other without depending
  on the Internet? Now once again it's a company deploying the first
  noteworthy communications tool in this field? And it's a dirty hack?

Federation will always throw us back to silos and clouds. WebRTC
being the API capable of throwing even P2P telephony into the
control by the silos and clouds. We are little away from starting a
culture of next generation distributed applications that are actually
reliable and safe.... but 99% of developers are busy fixing horse
carriages rather than looking into this new invention called "car."

> My point was more that expecting *all* users to jump into a *single*
> new total-privacy-secure ecosystem is impractical.  Which means
> federation may still be useful as a way to defragment the overall
> picture (at the expense of compromising privacy when you federate
> with a legacy network).

As I said people happily use several systems and they do NOT want
their parents to show up on SnapChat. Parents belong to Facebook.
Professors belong into e-mail. Your ideal of defragmentation is 
not what power users want. They pick up new communication platforms
*because* nobody knows they are on it - and that is the only socially
accepted way of being by themselves. The moment your mum asks you to
befriend her on SnapChat, you are socially obliged to comply. That
basically means you want to stop using it. Depends on the details of
the degree of invasion/integration/interoperability/federation but
the general line is that if users think there may be a loophole
where their perceived privacy escapes and becomes visible from other
systems it will reduce the trust they have for $newSystem.

If people want to reach *any* other user, they pick Facebook or e-mail.
An additional federated system stands no chance of getting established
here since Facebook is already reducing the importance of e-mail. So
the great integrating platforms are already there.

> I agree that users have been migrating between systems based on
> whatever has the most shiny features/marketing/friends for some use
> cases. However, you can't just bundle all communication patterns
> into a single category.  If you think about scenarios where human A
> wants to talk to human B (ignoring group chat), you have examples
> like:
> 
> * Friends socialising together
> * Family staying in touch
> * Lovers sharing private moments
> * Folks exchanging information within an organisation
> * Folks collaborating on some kind of task within an org
> * Folks exchanging information between organisations (e.g. this)
> * Folks collaborating on some kind of task between orgs
> etc.
> 
> Each of these has a different bias towards or against federation or
> interoperability.

They first meet on Facebook, then they move on to a suitable platform.
If they are politically motivated, they might start out with e-mail
instead of Facebook.

> For friends staying in touch, I genuinely believe that many users
> get frustrated between having to juggle 5 or more different
> messaging apps of differing quality.  It's not such a pain point
> that there's rioting in the streets, but it's more of a "slowly
> boiled frog" problem - it's just an ambient inconvenience that keeps
> slowly rising so you don't realise just how inconvenient it is.  If
> you could only mail Gmail users from Gmail and Hotmail users from
> Hotmail, users would squeal with pain.  So why accept it for
> IM/VoIP?

Well, ironically the people that seek out strange islands of
communication where they can be by themselves, distant from peers
they would not want to socialize with - are exactly the cool influencers
that make such strange platforms a hip place to be, so more and more
people follow, but the isolation from the regular platforms such as
Facebook was essential in this becoming a reality in the first place.
It is therefore pointless to later complain that the market is fragmented
if the users seeked out for such a fragmentation in the first place.

If you have to juggle 5 different messaging apps, that is because
you are not one of the cool kids. You are one of those that knows
cool folks on 5 different apps and is trying to keep up!

And among all the huge problems we have with the Internet.. the
threats it is posing to democracy (see Assange/Appelbaum/Maguhn/Zimmermann
2012), crying about the cool kids having forced you into installing
5 different chat apps is quite a distraction in the area of irrelevance.

> Say that there's a lovely app for secure chat - be it TextSecure,
> SecureShare, Telegram or whatever.  You love using it as a user: it
> has a really snappy UI; it has nice features like a PIN lock and
> secret chats; you trust its crypto, it works on all your platforms;
> etc.  You happen to have used it for sexting.  But WHY should you
> not also be able to use it to converse with other people too (short
> of forcing them to install it as well)?!

No problem. I am a cool kid. I know how to get my peers to do as I
say and all get excited to install this new snappy software.

> If you don't want your sexting antics to overlap with conversations
> with your parents, then simply create multiple accounts/personas.

That implies full understanding by the users of what interop can
or cannot do. One false move and they will not trust you any longer.
Also, do people really like having to organize even more than one
damn account/password combination? They are used to fill out once
and forget about them (unless they don't always use the same device).

> The rationale is that end-users /are/ starting to suffer
> inconvenience from their communication being fragmented - and users

Which they however self-inflicted by choice of some few, and it
is those few that could lead everybody out of defragmentation
again.. but do they care?

> should be able to choose what client they use to communicate via,
> and what services they trust with their data, without being locked
> into specific vendors and having their communication fragmented all

I don't know of any case where this old federation legend actually
proved true. Did federation ever help people getting out of the
stranglehold of a specific service provider? Migrating your email 
address is a pain in most cases, even if you pay for .forward services -
you still have large parts of your social surroundings using that old 
address rather than your current one. XMPP has never had a functioning
and generally implemented protocol for migrating accounts. PSYC at least
has the necessary _redirect_permanent message code, but even we left
the implementation of that in the TODO file.

People have a motivation to use company services since they don't
trust school/company/friend admins and companies have no interest in
letting you take out your data and bring it to a competitor. Some
will do and advertize it real hard as a feature, but people never
think of how easily they will be able to *leave* when they first
sign *on* - so they will choose by other criteria, like the number
of "free" storage gigabytes.

> over the shop.  Whilst the average guy might not realise this is a
> problem, we believe that once the problem is solved they'll never
> want to go back.

He'll enjoy if, randomly, once in a lifetime, migrating an
account doesn't turn out to be an odyssey. But he probably
will not even appreciate, expecting this to be normal. And
then next time around it will be completely different - and
he will just deal with it, not having understood how it
happened or not having cared when it was the moment to care.

> Meanwhile there are use cases like workplace communication where
> users *definitely* want all their comms in a single tool of your own
> choice, rather than fragmented all over the place.

So they'll start using a new one.

> >So what exactly is Matrix doing? Giving the entire WebRTC
> >community a sense of togetherness until the next Faceboogle
> >takes over WebRTC and turns it into a de-facto closed system
> >because all my friends are on it, so I won't be using your
> >little webserver to call them...?
> 
> Well, Hangouts & FB Messenger are both WebRTC-based these days, so I
> don't have to wait for a new Faceboogle :)

Why on Earth should they care to interop? One of them is the stronger
and has an interest in draining the other. And they both have no
interest in letting small businesses have a piece of the cake.

> Matrix simply defines an easy HTTP API for storing & synchronising
> communication history in a tamper-resistent decentralised manner.
> And we obviously are trying to bridge in as many conversations as we
> can.

Yes, but they could have come up with that themselves if it
served them a purpose. Hell, I even coded a WebRTC signaling
protocol myself... a year ago with fippo. It didn't need any
of the advanced features of PSYC or Matrix, so we did it with XMPP.

> Honestly, if it means only that my workplace IRC server can
> collaborate easily with the corporate Lync and Jabber servers, I'd
> consider it a win.  If it means that random WebRTC sites get easy

psyced has been integrating IRC, XMPP and native PSYC for about
fifteen years now, bridging among worlds - giving IRCers a
culturally acceptable way to talk to Jabber folks. So what?
Only some thousand nerds ever cared to have that. The rest
has installed something like pidgin and let the worlds co-exist
without gatewaying or federation.

We even implemented a way that psyced can be docked to an existing 
IRC network and provide gateway services into XMPP for any random 
IRC user.. they just need to type /msg xmpp:foo at bar and magically 
the message is gatewayed into XMPP. Well... Brasnet was the only
IRC network to ever offer that service... a few nerds used it..
then Brasnet was shut down and nobody ever seriously bothered to
integrate IRC with XMPP again.

I've been riding the interop horse long enough to know that
nobody cares. It's not like emitting regulation that forces all
mobile phone vendors to use standard power plugs. Especially
because us nerds on the Internet do not have regulatory power.

If we want open standards on the Internet, we need to influence
our governments to impose such standards by law. Anything else
does not work neither with the customers nor with the companies,
unless in very very rare constellations when companies indeed
agree to make an open standard to attack the market leader.
But then the political condition is relevant, not the standard.
And the standard they will choose will always suck. And it will
always lose its relevance once the market leader got defeated.

> access to calling in & out of the PSTN, that'd be nice too.  If it
> means that Google adopt it and I can easily conference between users
> in Hangouts, Lync, and a nice FOSS WebRTC app, then that's even
> better.  If it means my wife can use Hangouts on Android, but I can
> video-call her from FaceTime on my iPhone without both being forced
> unwillingly into using Skype, then even better.
> 
> These are the sort of use-cases we're aiming for.

And who is the market leader that would motivate Google and Apple to
team up with a common standard? Who is the regulatory body that
would enforce such a standard on them?

> >Yet another federation
> >project that leads people into the arms of a soon to become
> >silo?
> 
> No, we're just trying to link as many silos together such that they
> don't become silos any more: bridging as many smaller and emerging
> comms solutions as we can such that the resulting glob has some hope
> of being an more open alternative to The Big Guys.

It's always the small guys joining the open standard, then taking
it over. Think Microsoft when the chat market was split among ICQ,
AOL and IRC. They ran all around IETF recruiting people to join
them in making the largest IRC-compatible open standard new
messaging system. Once Messenger took off, all the "open" and "IRC"
rhethoric disappeared since they managed to get a large chunk of
the cake without all the political correctness, instead they added
compatibility in the clients by hacking the AIM protocol - against
the will of AOL.

So if you want to play this game, you first need to find a way to
HACK both Hangouts and FaceTime without Google and Apple liking it!

> My point was more that *any* constructed language is never going to
> conquer the world, no matter how easy to learn and elegant it is,

You can't compare any language that takes learning to a piece
of software that just needs a click on the install button.

> So hoping that the whole world will switch to GNUnet is equally
> unlikely, short of a genuine miracle of social engineering (I guess

That logic is fallacious, the "so" alluding that GNUnet is like
Esperanto is just plain wrong since Skype has already once proved
the opposite. Same for Facebook. It wasn't so hard to either install
or make an account on either of the two, and for a while they rocketed
up to get very large chunks of the market. There is no reason why
a distributed communications tool that happens to ship with GNUnet
as its framework wouldn't become commonplace in the same way.

> the equivalent would be a virus which went through replacing
> everyone's Skype/FB/etc with SecureShare ;D)  Therefore we will

And I never said that it has to replace Skype/FB/etc because that
is again a false thinking of orderliness. Humans will not stop
using the legacy platforms on the same day. They will slowly bring
so many people to the new platform until they stop feeling the need
to use the old one. I once wrote on how Myspace lost their users -
it describes such a migration, from Myspace to Facebook.
http://my.pages.de/myspace

> still end up with a whole fleet of different silos of communication,
> and as time goes on, those silos are only multiplying in number
> (especially with intrinsically fragmented technologies like WebRTC
> complicating everything).  So, my argument is we need to fix both
> problems: providing options for folks to use which are resilient to
> pervasive surveillance... as well as provide a modern way to link
> the islands together for those users & islands who care about this.

Get friends with regulatory bodies. I don't think anything else can
force companies into playing this game.

> And even if Matrix doesn't end up being used for federation, it's
> still a pretty useful decentralised persistent messaging bus :)

If it weren't yet another threat to democracy for its
lack of metadata protection.