This suffers from the same problem that so so so many alternative social, federated, self-hosted ideas suffer from. Matrix, keybase, pgp, etc.
It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
jonahx5 hours ago
I could see myself making similar comments. On a practical level, they're valid. But maybe...
If we are ever going to free ourselves of rent-seeking middle men, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
jasode2 hours ago
>, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
The above includes us highly technical people on HN. We really can't expect (or lecture) the normal mainstream population to make a cultural change to adopt decentralized tech when most of us don't do it ourselves.
E.g. Most of us don't want to self-host our public git repo. Instead, we just use centralized Github. We have the technical knowledge to self-host git but we have valid reasons for not wanting to do it and willingly outsource it to Github. (Notice this thread's Show HN about decentralized social networking has hosted its public repo on centralized Github.)
And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.
The reason can't be reduced to just "people being lazy". It's about tradeoffs. This is why it's incorrect to think that futuristic scenarios of a hypothetical easy-to-use "internet appliance" (possibly provided by ISP) to self-host email/git/USENET/videos/etc and a worldwide rollout out IPv6 to avoid NAT will remove barriers to decentralization.
The popular essay "Protocols Not Platforms" about the benefits of decentralization often gets reposted here but that doesn't help because "free protocols" don't really solve the underlying reasons centralization keeps happening: money, time, and motivation to follow the decentralized ethos.
"But you become a prisoner of centralized services!" -- True, but a self-hosted tech stack for some folks can also be a prison too. It's just a different type. To get "freedom" and escape the self-hosted hassles, they flee to centralized services!
DeusExMachina2 hours ago
One thing you learn from game theory is that you need to understand the rules of the game everyone is playing. You cannot change them, you can only play by them.
"Making a cultural change" is not something you or any group of people can do. The superstructure of the game decides those, not the players. You can try, but nobody will play your new game.
rapnie2 hours ago
It is not about playing new games though, but about affecting subtle changes over prolonged periods of time. You can't know the outcome, but you can help steer the right overall direction.
eru4 hours ago
What's wrong with middle men? They provide a service, too.
Eg your bank genuinely helps with finance and transfers compared to transacting directly on a blockchain or snail mailing cash around.
> I think people just want someone else to take care of their shit.
Yes, division of labour!
neya3 hours ago
> What's wrong with middle men?
Purely on a philosophical point of view and depending on where you live, they do nothing but increase the costs without adding value.
For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
The most common argument is - "when things go wrong, the agent will take on the liability for the listing", but that is rarely the case in real life (again, may vary greatly depending on where you live). In most of Asia, this is not the case at all. They take their nice fat commission and wash their hands off later, not even picking up your calls most of the time when there is an issue.
So what do agents do now? They hoard information instead. They advertise good listings, but to talk to the owner you will need to engage (and pay them) first.
Real estate agents are just one. Car dealerships rank right on the second in my list.
We don't need more agents. We need democratized access to information.
pibaker49 minutes ago
I find it amusing that the person who brought up the word "middleman" is implicitly pointing at big internet companies, and here you are telling me Facebook or WhatsApp are not middleman.
aembleton1 hour ago
> An owner can list their apartment/house directly online.
How will anyone find the house? If I use an online estate agent, then that's still a middle man. If I publish adverts on Facebook or Google, that's a middle man. If I'm hoping that I can generate enough SEO for my house to appear at the top of searches, that's also relying upon a middle man - the search engine. I guess I could just put a board outside the house with a URL on it and hope someone stops to take a photo.
Estate agents provide that marketing service as well as others around arranging viewings and interaction with solicitors, although that might be UK specific. But they do provide a service that would take a crazy amount of time for you to replicate by yourself for a one-off house sale.
eru1 hour ago
> For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
Is anyone forcing you realtors where you live?
FB Marketplace is just another middle man. (And that supports my thesis from another follow up comment: you want lots of competing middle man!)
Btw, real estate agents in eg the UK take about half the cut in a typical home sale compared to the US.
> Car dealerships rank right on the second in my list.
Yes, and as far as I know they are only a problem in the US, and that's because the US has crazy regulations that pretty much mandate car dealerships. In eg Germany you can buy your car direct from Volkswagen or from any dealership you want.
> We don't need more agents. We need democratized access to information.
Let a thousand flowers bloom. We need more agents, more competition. (But also make direct access legal, where possible.)
Juliate2 hours ago
I disagree. I do not care about the details of a ton of stuff. I do not even understand them.
On the other hand, I do care about people that are knowledgeable of these details, specialized, and trust to handle them for me for a fee.
That’s true of banking, realting, health, security, building, manufacturing of everything I use (or almost). That doesn’t prevent me from vaguely understanding the principles and some bits. And that saved me a ton of time and worry. But for the few times one agent does not work up to his promises.
I am 49, I have dealt enough with try to do all by myself, and I do appreciate and rely onto middlemen way earlier now.
eru33 minutes ago
Yes. The crucial bit is that there are plenty of competing middle men you can choose from (and are also allowed to do it yourself, where possible).
jonathanstrange2 hours ago
We made very good experiences with a realtor when we bought our apartment. Where I live, there is a lot of bureaucracy at play and the process is not easy to understand even when you have experts to ask. There have also been very sophisticated frauds on both sides - sellers and buyers - that a realtor from a well-known franchise blocks.
Generally, I see no problem with competent middle men. They offer a service like any other service. If you want the service, you buy it, and if you don't want it you don't.
ragebol4 hours ago
Nothing wrong with middle men per se, but problems do arise when we all rely on the same middleman: those become way too powerful and can do nasty things.
By that time, no one can do without the nasty middle man as we have forgotten or never learned the skills to fend for ourselves and are thus beholden to the nasty middle man.
Network effect compounds this
eru3 hours ago
As long as you have plenty of competing middle men, like we do for eg social networks in the real world, it seems all fine.
Remember: Facebook is for grandparents, not where the cool kids hang out.
voidUpdate3 hours ago
Where do the cool kids hang out?
eru1 hour ago
A while ago it was Instagram or perhaps tiktok?
However, take the fact that I have heard of these places as strong evidence that they are no longer cool.
jpease2 hours ago
In a cool club on the other side of town, where the real cool kids go to sit around and talk bad about the other kids.
Yeah, it's a real cool club and you're not part of it.
voidUpdate2 hours ago
That's ok, I dont really like clubs. Too many people
Gagarin19174 hours ago
[flagged]
adrianN4 hours ago
Most people don't really care about rent seeking middle men though, so why should they put in effort into doing things themselves?
simianparrot4 hours ago
Maybe it's ok to create something that isn't for most people. That's how the internet started out. It's only gotten worse the more accessible it became to most people. Maybe it's a good thing to create a split based on capabilities and technical know-how.
adrianN3 hours ago
But we already have a bunch of social networks that are not for everybody. The problem is that social networks are pretty much a winner-takes-all market due to network effects.
simianparrot1 hour ago
We do and many of us prefer it that way. I’m not on any major social media because I personally consider it asocial — you can’t have that many actual friends or acquaintances. My «social media» is a handful of smaller discord servers and an irc channel, and an extensive webring of personal websites.
frobisher2 hours ago
Maybe with ai assistants, everybody is effectively technical?
aembleton1 hour ago
Then the AI assistants will be the middle men.
rrr_oh_man5 hours ago
> we simply have to make a cultural change
Yeah...
jonahx4 hours ago
I mean, they're impossible, and yet they happen. I've seen cigarettes and seat belts change in my lifetime. As a former smoker and denizen of the world of ubiquitous airplane and restaurant smoking sections, I would have bet anything against the rapidity of change in norms and laws that occurred.
altmanaltman4 hours ago
I mean cigarettes give you cancer and seatbelts can save your life. Both of them were supported by massive government initiatives and tax incentives. How is that even comparable to software middle men? The problem is not even on the same scale.
tim-projects3 hours ago
Governments have started banning social media country-wide.
cluckindan1 hour ago
Or is that just another level of rent-seeking?
MrBuddyCasino4 hours ago
"one does not simply make a cultural change"
cluckindan1 hour ago
Convenience is king. We always pay for convenience in one way or another.
zahirbmirza40 minutes ago
I tried to make a way of sharing posts with friends without having to be on a social network... I came up with NoteSub:
I like it. And mass adaption is not required to use it.
I would have loved to have made this a true social network in some regards, however, there are issues of moderation and storage that become very expensive at scale.
Moreover, adoption of a new social network is super hard to promote. So many Twitter, Insta, etc clones have failed because they are just 'clones'. Not offering any thing new.
It should be considered although Thiel talks of 0 to 1... A great deal of dramatic software/hardware progression comes from a highly evolved successor to an average pre-existing product.
The iPhone was not a zero to one, nor was Apples GUI, they were just highly evolved versions of average or below average products that already existed. Social media apps are already highly evolved for their function. We need something better for edge cases, but the current state of social media platforms means that something supremely better is required before any adoption drive becomes meaningful. When such a product comes, mass adoption is inevitable; we crave and succumb to better ways of communication and contact.
KomoD10 minutes ago
I don't understand what it has to do with sharing, it just seems to be a note-taking app? It even talks about being local, offline and can't even sync with your own devices unless you pay.
But nothing obvious about your friends being able to see them.
remywang6 hours ago
1. Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
2. You don't need to know unless you want to implement the protocol! To use (the very barebones) implementation all you need to do is fork the repo & give access, which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
pibaker6 hours ago
> Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
Having seen enough story in the vein of "if only I still have my bitcoin wallet from 2014" and "our storage server failed and when we tried to restore from backup we found out our last working backup was from two years ago," I have to say I have a rather dim view of how competent people actually are when it comes to keeping backups working.
I am not saying cryptography isn't useful for safeguarding your data, I just think for perhaps 90% of the users out here the risk of being locked out of your data permanently is more realistic than your data being accessed by a bad actor.
> which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
From reading the website, I was under the impression this is a techie oriented project still looking for technically inclined early adopters instead of something you can readily tell grandma to hop on. I sincerely doubt the average friend and family member who needs other's help to set up a personal website knows what the protocol does or why should he or she use it instead of Instagram or Facebook, or Signal, if the point is just to keep in touch with people you already know.
prox2 hours ago
This is a usual pattern, a tech savvy hacker creates this great tool, but if you don’t put in the interface work to make it easy, frictionless, it might as well not exist for the general public to consume. Grandma will never use this. Or not even a slightly technical person will. (And it’s fine if that isn’t your audience ofc)
My call to any devs reading this: get an interface designer, put in the usability effort before adding new features.
bigiain5 hours ago
I think a lot of even not very technical people have gotten used to TOTP QRCodes, and being able to store screenshots of them in password managers. (And having experience in losing 2FA keys that they'll go to some lengths to not repeat.)
I wonder if there's a decent way to encode these private keys in QRCodes? You can jam about 4kB in a high density one from memory? (I know that'd be possible from a developer/technical point of view, but if this were my project I'd want a talented UX designer to have complete authority over how this is presented and explained to users.)
One other idea - maybe implement a Shamir's Secret Sharing mechanism where your private keys get sharded and encrypted to a sufficient number of selected friends, so of you lose your s@ private key it can be re assembled by convincing - say - 8 out of 12 selected friends to give you their part?
Or alternatively - automate a "recovery mechanism" where you set up a new key pair and publish it on a temporary domain/site, and can then ask a friend/follower who can authenticate your identity out-of-band - to export all you posts decryptable with your new key, then put you new key and all your old posts back into your main site.
ivanjermakov3 minutes ago
Unpopular opinion: names like PKCS12, X.509, X25519, ECDSA, etc. hurt adoption making the world less private, secure and decentralized.
Some years ago I was involved with a society (club), and we wanted a webforum. But as we were geeks as well, we created a combination of a web-based solution, mail-lists and NNTP. These three solutions were syncronized, so it didn't matter which one you used. This worked well for several years.
nunobrito3 hours ago
That is a very good concept, enjoyed reading it.
On the original concept is restricted to share outside the participating people but could be relevant that people add more people that are interested in a topic.
Email is a good transport layer. Nowadays people just imagine it as messages between large providers, but I'm in strong favour that small providers or self-hosting email can still be used.
dare9441 hour ago
> ... in a way that can unseat big tech.
Where is it stated that this is a goal for this project? You and I both may want a way to break the influence of the dominant social media companies. But this doesn't have to be that in order to be successful. It just needs small groups of people to use it in a way that benefits their communities.
xg152 hours ago
> Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Isn't that basically Mastodon?
peter_retief5 hours ago
Cloudflare tunnels are an interesting alternative, self hosted but with external security
dwedge4 hours ago
Self hosted but with big tech having a backdoor into your local network, having your ssl private key, and dictating the terms and conditions of what you self host.
I've never understood selfhosters fascination with cloudflare. They have some cool products but I have a feel 2026/27 is the time they start to show their evolving colours
icase2 hours ago
cloudflare should never be trusted after what they did to kiwifarms.
peter_retief2 hours ago
What did they do to them?
KomoD7 minutes ago
They were defending Kiwifarms for awhile but then the pressure became too much and then they blocked them.
Who's gonna sniff your traffic from home? NSA, your ISP?
They already do.
Same as in corporate networks: your data is MITM anyway.
Fun should be unencrypted. It's not shopping or ssh into server.
bberkgaut2 hours ago
> Fun should be unencrypted.
Five years ago I would totally agree. Now, when you do not want to share your fun thoughts with a border guard; a police person; an AI scavenger; a random jerk -- I would say, having a safe-ish space becomes almost a necessity
theamk7 hours ago
> The private key is stored in the browser’s localStorage.
Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out.
(And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
parasti3 hours ago
Not in disagreement, but based on how casually the frontpage throws around terms like "X25519 keypair", it is obvious that mass adoption and ease of use aren't among the goals of this project. Looks more like an exploration of a concept - can a social network viably exist without any middlemen in between.
neilv7 hours ago
> By convention, the client looks under /satellite/ by default. If that path is already taken, place a satproto_root.json file at the domain root containing { "sat_root": "my-custom-repo" } — the client checks this first.
Ah, just like AT Proto when it was released, introducing compatibility hazards and security vulnerabilities by putting stuff in the root rather than in .well-known. Sigh.
esjeon4 hours ago
A bit of an off-topic, but the social networking protocol should never be designed for the sake of the protocol itself, or it’ll not enjoy the networking effect. A protocol must offer direct benefits to users, so that they keep participating in the network. This participation is what eventually forms the network of people, a.k.a, society. I always pick BitTorrent as the most successful example of such networking protocol - people just wanted to download stuffs (e.g. movies and pxxxs) but ends up participating in the sharing network.
Personally, I think a possible angle of attack for a new practical social network protocol is data management, as the amount of data people generate, consume, store, and share is enormous these days. More like, manage data conveniently, and share them easily as a side-effect.
vividfrier3 hours ago
> A protocol must offer direct benefits to users, so that they keep participating in the network
As someone who tried to give all of the decentralized social networks a shot... something I realised along the way is that they are never going to fly because they are not giving you dopamine kicks like the big tech giants are. I ended up forgetting to visit Lemmy or Pixelfed or <whatever> because I had 2-3 times when I opened up the app and saw the exact same content, giving me a feeling of "nothing is happening here" and thus, I didn't need to check in.
I mean, even Signal has that Instagram story function but I have never seen a contact use it because no one goes to Signal "just to scroll" or whatever. They go there to send or read a message.
Any social media needs content for people to visit. They need to make people feel like they are missing out if they are not visiting. Otherwise, they're just going to end up as an app on the phone which is never opened.
Aloha4 hours ago
I think a good protocol however is key for adoption. Many a good idea has died an early death because the implementation of it was, too complex, insufficiently robust, or poorly thought out for the future.
(The IndieWeb wiki is probably the best resource for exploring the personal website-based social networking tech nowadays. I recommend the author check it out and maybe iterate on that instead :)
Glad to see more of these efforts. But here's what it will really take to decentralize social media and E2EE messengers:
We need something like Discord, except each server is an actual self-hosted server like a Minecraft server. DMs between two users should be handled by a mutual server. Account credentials should be handled by a Nostr-like protocol, which also gives you global tweeting capabilities as a bonus.
Run the whole thing on Yggdrasil Network or something similar so that it's not tied down to IPv4v6 and DNS and all existing hardware infra, but can still take advantage of them. And add reciprocal inter-server onion routing to make it difficult to geolocate servers. Also take a page from SoftEther VPN's book and wrap all traffic in HTTPS and perform automatic NAT traversal, so that people can host servers from behind ISP firewalls.
Anything short of that and we lose to big tech and govs in the long run. But once we've achieved the above, the decentralized web can truly take off: we will get WiFi routers running open-source firmware to make a mesh network to act as alternative physical layer infra for the new web. We can still take advantage of the existing Internet's bandwidth as long as there's an unblockable path to send a little bit of data to discover and coordinate nodes.
root_axis6 hours ago
> Anything short of that and we lose to big tech and govs in the long run.
This is not a software issue, it doesn't matter how good the tech is, the masses will always aggregate to big tech networks because decentralized networks will never have billion dollar marketing budgets.
txrx00006 hours ago
I don't think that's true. If there really was a good enough open-source Discord alternative, many would already switched. A big part of the problem is there isn't one. Matrix, Stoat, Telegram, etc are all missing something. That's why new ones are being built.
Non big tech solutions don't need billion dollar's worth of marketing. In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree, know what is a private key and how to safely back it up (other comments brought up this exact issue) or even knows what a "static website" means. Non big tech solutions need to give non technical users (read: the overwhelming majority of humanity) a good onboarding experience that does not involve learning ten new jargons and acronyms. Non big tech solutions need to know they have a limited strangeness budget [1] and should only spend it on places it matters. Non big tech solutions need to start actually cater to the unwashed masses before being befuddled by them choosing to stay on mark zuckerberg's platforms instead.
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous
Then maybe you're not the target audience, or you're just not noticing the ads, because TikTok is particularly notable for their aggressive marketing efforts during their growth phase.
> Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree
Non big tech platforms don't need anything. They can never compete with billion dollar budgets and they shouldn't set that as a goal. Everyone enjoys a well designed UX, but billion dollar marketing budgets will always eclipse the alternatives.
h4kor4 hours ago
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
For the first years of its existence I only new tiktok because they were advertising everywhere.
basch6 hours ago
I guess I’d rather have something approaching bittorrent, edonkey/kad, ipfs, blockchain, webarchives.
You have named networks that are federated together, and people can publish to the networks they are invited to or sign up for. The networks survive even with individual servers go down. Data is cached all over at the edges.
Your version is just way too susceptible to rot, unless you see that as a feature. I see it as most of the good content falling into the ether sooner rather than later.
If we decentralize messenging and social media, all of those protocols you mentioned will survive.
basch6 hours ago
I’m not specifically saying to use those protocols as much as the philosophy of hashes pointing to blocks that are redundantly spread far and wide.
Minecraft servers are a poor metaphor for what ideal decentralized social media should look like. They are the opposite of robust.
txrx00005 hours ago
The problem with distributed storage is they place too high of a requirement on edge nodes, which people have to host, and they synchronize too slowly for real time messenging. If I upload a 1GB video to my server's chat, that storage load should not be replicated on many other nodes. Who pays for that disk space? The federated model is a lot more robust in this regard.
As far as archiving is concerned, many archiving orgs will pop up if their discussion servers and public facing websites can't be traced or easily shutdown. The protocol itself can't archive things, but it protects the people doing the archiving work and gives a place for websites like Annas Archive to live without relying on IP and DNS. The idea is to amass enough uncensorable social power so that such efforts can't be banned or shutdown, then you can use existing protocols like BitTorrent all you want.
Each device (cellphone/laptop) is a server. They connect to preferred server stations that are used for discovering other peers. There are things like common chat rooms on the station servers but personal messages are completely p2p using webrtc.
There are other apps there, for example to host own websites or blogs and other things you'd expect from modern usage. Mesh is done today using cheap ESP32 devices (3 euros each).
It is a work in progress, the main point is that it can exchange data even outside the internet and use radio connections.
CactusBlue4 hours ago
Building exactly this; in Mikoto Platforms, "Spaces" can be located on any physical node, and DMs are E2EE routed through multiple nodes
1dom1 hour ago
I really like solutions in this space, and this is quite nice. Seeing people try create solutions like this really tickles my brain a lot. Even if I think more into it and conclude it has catastrophic issues, I still really get a weird kick learning about novel decentralised networks. I really can't explain it. Fancy combinations of encryption and decentralisation just really do it for me, to an abnormal and uncomfortable extent. Hopefully someone else relates to this.
Anyway, I really like this idea, it's cool. When I think about this one though, I feel there's too much friction in the follow/unfollow process. Having unfollowing requiring reenecrypting and rebuilding the entire website for everyone seems cumbersome. It's not a killer in itself, but combined with this:
> If the original post is inaccessible (e.g. the viewer doesn’t follow the author), the reply is hidden entirely. A user only sees replies from people they follow — this is the spam prevention mechanism.
I think this is going to prevent it from scaling in any desirable way. I know it's not intended to scale, and is targetted at smaller freinds networks, not influencers, but again, even small friendship networks grow complex, and I can see the experience on S@t turning into the worst parts of activitypub where you can only read half of the interesting replies because not being friends, and it being a pain to then become mutual friends.
But, I really, really do like that s@t feels like a combination of RSS, activity pub and static sites, having a browser heavy client is interesting to.
It does feel a bit like s@t wants stuff to be easily locked down between a dynamic list of friends though, and it feels a bit weird to have the foundational tech of such a protocol be static sites, which by definition make it hard to lock stuff down to a dynamic list of friends. Hmmmm, I really do love/hate static site architecture
This is nice though, thanks for sharing.
Retr0id8 hours ago
I wish I could share a graph of my eyebrow height over time as I read through this part:
> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
Retr0id8 hours ago
But in all fairness it seems like a reasonable system, given the narrow scope of its goals. It does not scale, but that's on purpose. Although I could still see "Feed Aggregation" becoming impractical even with a small number of friends with a modest number of posts.
Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen.
bigiain5 hours ago
> if you believe quantum computing will ever happen.
... and you don't believe that everything will be totally fucked when it does happen.
If there is a global passive observer, and they get quantum computing, a huge amount of supposedly encrypted private information just got popped. Whether or not I care about my dinky little private social network posts when every ssl/tls connection I've ever made is being cracked and data mined is an interesting question.
nine_k7 hours ago
Your app picks up a bunch of feeds and composes them into a nice page for you, much like an RSS feed reader. The twist is that each feed is encrypted in a way that only you can decrypt, so the cryptography also gives strong identity guarantees, and allows for private messaging.
It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven.
As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity.
Retr0id7 hours ago
> The twist is that each feed is encrypted in a way that only you can decrypt
Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...)
nine_k7 hours ago
The content key is common, like the PGP session key is common. But to obtain the content key, you need to first decrypt it by your private key. The content key is encrypted by the public keys of every intended reader, so each can have a secure copy of the content key. Again, exactly like PGP works.
Retr0id7 hours ago
A PGP session key does not span multiple messages, however
RobRivera8 hours ago
So a database, that you can send a network response or request with that data, that when received by a client, builds a static website.
I see.
I see...
behehebd7 hours ago
> Key Rotation (Unfollow)
_ /
. .
serial_dev5 hours ago
It would be nice to start with what this actually is from the user’s point of view.
Forking, paths, JSON, decentralized, encryption, key rotation, etc and I still have no idea why I would bother and who else could use it (a decentralized social network is only so much fun if you are the only one on it).
bigiain5 hours ago
I can think of at least a couple of dozen fairly technical friends who'd be capable enough to set this up themselves, and who're at least adjacently interested in recreational paranoia. And probably another dozen or two who're definitely into recreational (or possibly delusional and/or fully deserved paranoia) who'd be willing to learn or get help setting this up.
Right now, those circles of friends are _reasonable_ well served with some combination of Mastodon (effectively zero security but with decent findability) and Signal (much more limited mostly to only people you'd be OK with having your phone number).
I will definitely take this for a spin, and start having discussions with particular groups of friends to see it I get any traction.
talkingtab2 hours ago
The concept is good. It is in the right direction.
I think it needs to not have a dependence on github. This is a microsoft thing, and at best it means this will become another way for a corporation to make money from people.
Speaking of money, it needs to be paid for. (The github part is free from Microsloth and so is NOT free). So how do you pay for this? Micropayments.
So we need a system of micropayments. Then we need it to provide a way to help people economically. These are not barriers, because this is hacker news, instead this is an accurate understanding of more of the problem.
People keep talking about a collaborative internet without using the term. But to be clear we are talking about a fundamentally different kind of internet. That we can build.
krapp1 hour ago
It doesn't really seem to have a dependence on github, so much as a dependence on git. You can push to a git repo anywhere, even publish a site with it. For example the method I've used is no longer documented on the open web but an archive is here: https://web.archive.org/web/20220817005415/https://neurobin....
Also I think you're confusing "free as in beer" and "free as in free" here. The last thing any alternative social network needs is to bake capitalist incentives into the model, as that would just lead to everything optimizing for the same dark patterns and influencer garbage people want to avoid. There already exist plenty of ways to help people economically.
I'd imagine that similarly to TWTXT, this suffers from the same accessibility and barrier of entry issues. It's one thing when all you have to do is type text in a textbox and click "Submit", but it's a whole thing entirely when you have to screw around with updating your website to do anything.
This obviously needs some iteration on the protocol design as other commenters have mentioned, but I'd still be up for partnering up over here at https://anproto.com/
Retr0id7 hours ago
This seems like a thin wrapper around libsodium, maybe I lack imagination but it's hard to see it as a protocol. On wiredove I see people posting with handles and profile pictures, where is that defined?
evbogue7 hours ago
and thx for being the first person to notice the thin wrapper
evbogue7 hours ago
userspace
vaylian4 hours ago
This is intriguing. But I wish there was a rationale/philosophy document on that site, that explains what the intentions and use-cases behind this project are. Given that cryptography is such a fundamental part of the design, I wonder if public posts are not desired.
Goofy_Coyote7 hours ago
Very interesting idea, love the simplicity.
Question about this:
“Threads are positioned in the timeline by the original post’s created_at; replies within a thread are sorted by their own created_at ascending.”
Does this mean, I, as the person replying to the post can manipulate my reply time to say, 3 minutes before person X’s reply?
If so, I can imagine a few adversarial ways of (ab)using this.
I understand this is more for friend groups, just curious if my understanding is correct.
remywang6 hours ago
Yes that's correct.
edit: I guess an easy fix is to append a cryptographic hash to the post ID, but yeah currently I'm assuming you trust your friends.
Git-based systems sound clever until you hit the delights of merge conflicts and history rewrites from trolling or spam. Propagating edits or deletes in a decentralized social network via git is a full-time job for bots unless you limit activity to a few dozen people who never disagree. Static sites dodge a lot of cross-user sync pain at the cost of making anything dynamic feel like pulling teeth with chopsticks.
koolala8 hours ago
Signed JSON reminds me of Nostr. I wish Nostr was somehow more mainstream.
lovvtide7 hours ago
I laughed when I saw this because two years ago I built a nostr client called Satellite! https://satellite.earth/
dwedge3 hours ago
Unless this is just a PoC, you could benefit from a discovery mechanism. As much as that sounds like a webring for github, I'm probably not going to deploy a social network without knowing if anyone else is using it.
komako1 hour ago
I wonder if the missing piece here is an agent layer.
A lot of decentralized/local-first social projects improve the protocol story, but the UX is still "please think about keys, storage, sync, exports, and trust boundaries yourself." That's fine for hackers, not for most users.
Something Claude Code-like, but local-first and protocol-aware, could make this much more approachable. The user says "post this to close friends" and the local agent handles signing, encryption, storage, syncing, and recovery.
That doesn't solve discovery, spam, or network effects, but it might solve a lot of the usability problem.
Real question for people who know what they’re talking about:
is perfect forward secrecy no longer considered valuable?
cassonmars6 hours ago
PFS is valuable largely in stable, small groups that rarely change shape or association.
PFS in an open, freely-associable environment is far more complicated when you move beyond even the smallest of group sizes. Realistically, once the group size is beyond Dunbar's number you can reasonably assume that PFS is moot, because you no longer can depend on maybe four or five people's personal security, but 150+. Statistically, someone's opsec failure will be guaranteed.
Thanks for this, nice concept. This would be good on a Tor onion service.
wordglyph7 hours ago
have you considered Replace X25519 with a post quantum cryptography key encapsulation mechanism like kyber or saber?
James_K6 hours ago
Just use RSS at that point. I don't see the value of encrypting everything, like people are gonna be spying on your random static blog entries.
givemeethekeys7 hours ago
This needs a YouTube demo video.
Uptrenda6 hours ago
The client fetches the pub key off the server which is decentralized? There's no part in the protocol that authenticates whether or not a pub key is legit. If its replaced by an attacker and someone subsequently goes to fetch a key they can read those messages. I mean, pub key infrastructure is meant to solve that. With SSL and such... that's why you its a federated chain of certificates with providers vouching that names = pub keys.
This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue.
When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle:
human-meaningful, decentralized, secure -- pick two
superkuh9 hours ago
satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon.
It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between.
Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html
isodev8 hours ago
Webmention is cool indeed. Also one of few techniques that’s currently free of some corp’s greedy roadmap
nunobrito2 hours ago
Is spam a thing on webmention? Have the impression it is easy for spammers to generate webmentions to get attention.
koolala8 hours ago
I wonder what the signing is for if you already have a domain name to verify your authorship.
Retr0id7 hours ago
It doesn't use signing, aside from the signing that exists within TLS
notpushkin7 hours ago
I think they mean in s@.
...which doesn’t do signing, but does do E2E encryption? So it’s more like DMs-over-HTTPS.
vexnull8 hours ago
[dead]
iamnothere8 hours ago
Does the polling need to be fast? I think back to mailing lists and the huge delays involved in those conversations. Yet they were/are often very productive. Somewhere between Twitter/X speed and mailing list speed might be acceptable.
Maybe this would be better with a LiveJournal style interface. Medium length posts with threaded comments/replies are an underrated format.
8organicbits7 hours ago
That should scale pretty well. The HTTP fetch of posts/index.json could use conditional get requests to avoid downloading the body when there are no changes. Static files are dirt cheap to serve.
This suffers from the same problem that so so so many alternative social, federated, self-hosted ideas suffer from. Matrix, keybase, pgp, etc.
It’s too dependant on encryption. Yes, it’s a cool technical feat that stuff can be in the open but also private - but:
1. I want to be able to follow my freinds if my phone dies and i have to get a new one.
2. I am very technical, and idk exactly what a X25519 keypair is.
I would like for people to come up with more stuff like this that is designed for small communities but not for very secure communication. Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Idk I’m just making up specifics but this is the kind of ethos i think is needed to make things that can be successful with non-technical people in a way that can unseat big tech.
In case i sound too critical - this is cool. It just isn’t something i can use with family and friends to replace facebook or even email.
I could see myself making similar comments. On a practical level, they're valid. But maybe...
If we are ever going to free ourselves of rent-seeking middle men, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
>, we simply have to make a cultural change where non-technical people do more for themselves. I don't even think it's about technical difficulty (most of the time). I think people just want someone else to take care of their shit.
The above includes us highly technical people on HN. We really can't expect (or lecture) the normal mainstream population to make a cultural change to adopt decentralized tech when most of us don't do it ourselves.
E.g. Most of us don't want to self-host our public git repo. Instead, we just use centralized Github. We have the technical knowledge to self-host git but we have valid reasons for not wanting to do it and willingly outsource it to Github. (Notice this thread's Show HN about decentralized social networking has hosted its public repo on centralized Github.)
And consider we're not on decentralized USENET nodes discussing this. Instead, we're here on centralized HN. It's more convenient. Same reason technical folks shut down their self-hosted PHP forum software and migrate to centralised Discord.
The reason can't be reduced to just "people being lazy". It's about tradeoffs. This is why it's incorrect to think that futuristic scenarios of a hypothetical easy-to-use "internet appliance" (possibly provided by ISP) to self-host email/git/USENET/videos/etc and a worldwide rollout out IPv6 to avoid NAT will remove barriers to decentralization.
The popular essay "Protocols Not Platforms" about the benefits of decentralization often gets reposted here but that doesn't help because "free protocols" don't really solve the underlying reasons centralization keeps happening: money, time, and motivation to follow the decentralized ethos.
"But you become a prisoner of centralized services!" -- True, but a self-hosted tech stack for some folks can also be a prison too. It's just a different type. To get "freedom" and escape the self-hosted hassles, they flee to centralized services!
One thing you learn from game theory is that you need to understand the rules of the game everyone is playing. You cannot change them, you can only play by them.
"Making a cultural change" is not something you or any group of people can do. The superstructure of the game decides those, not the players. You can try, but nobody will play your new game.
It is not about playing new games though, but about affecting subtle changes over prolonged periods of time. You can't know the outcome, but you can help steer the right overall direction.
What's wrong with middle men? They provide a service, too.
Eg your bank genuinely helps with finance and transfers compared to transacting directly on a blockchain or snail mailing cash around.
> I think people just want someone else to take care of their shit.
Yes, division of labour!
> What's wrong with middle men?
Purely on a philosophical point of view and depending on where you live, they do nothing but increase the costs without adding value.
For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
The most common argument is - "when things go wrong, the agent will take on the liability for the listing", but that is rarely the case in real life (again, may vary greatly depending on where you live). In most of Asia, this is not the case at all. They take their nice fat commission and wash their hands off later, not even picking up your calls most of the time when there is an issue.
So what do agents do now? They hoard information instead. They advertise good listings, but to talk to the owner you will need to engage (and pay them) first.
Real estate agents are just one. Car dealerships rank right on the second in my list.
We don't need more agents. We need democratized access to information.
I find it amusing that the person who brought up the word "middleman" is implicitly pointing at big internet companies, and here you are telling me Facebook or WhatsApp are not middleman.
> An owner can list their apartment/house directly online.
How will anyone find the house? If I use an online estate agent, then that's still a middle man. If I publish adverts on Facebook or Google, that's a middle man. If I'm hoping that I can generate enough SEO for my house to appear at the top of searches, that's also relying upon a middle man - the search engine. I guess I could just put a board outside the house with a URL on it and hope someone stops to take a photo.
Estate agents provide that marketing service as well as others around arranging viewings and interaction with solicitors, although that might be UK specific. But they do provide a service that would take a crazy amount of time for you to replicate by yourself for a one-off house sale.
> For example, realtors made sense back in the day when there was no internet. But, what value does a real estate agent add in 2026? An owner can list their apartment/house directly online. The buyer and search, find and contact the owner directly, a lot of times even for free (FB Marketplace, WhatsApp groups, etc.).
Is anyone forcing you realtors where you live?
FB Marketplace is just another middle man. (And that supports my thesis from another follow up comment: you want lots of competing middle man!)
Btw, real estate agents in eg the UK take about half the cut in a typical home sale compared to the US.
> Car dealerships rank right on the second in my list.
Yes, and as far as I know they are only a problem in the US, and that's because the US has crazy regulations that pretty much mandate car dealerships. In eg Germany you can buy your car direct from Volkswagen or from any dealership you want.
> We don't need more agents. We need democratized access to information.
Let a thousand flowers bloom. We need more agents, more competition. (But also make direct access legal, where possible.)
I disagree. I do not care about the details of a ton of stuff. I do not even understand them.
On the other hand, I do care about people that are knowledgeable of these details, specialized, and trust to handle them for me for a fee.
That’s true of banking, realting, health, security, building, manufacturing of everything I use (or almost). That doesn’t prevent me from vaguely understanding the principles and some bits. And that saved me a ton of time and worry. But for the few times one agent does not work up to his promises.
I am 49, I have dealt enough with try to do all by myself, and I do appreciate and rely onto middlemen way earlier now.
Yes. The crucial bit is that there are plenty of competing middle men you can choose from (and are also allowed to do it yourself, where possible).
We made very good experiences with a realtor when we bought our apartment. Where I live, there is a lot of bureaucracy at play and the process is not easy to understand even when you have experts to ask. There have also been very sophisticated frauds on both sides - sellers and buyers - that a realtor from a well-known franchise blocks.
Generally, I see no problem with competent middle men. They offer a service like any other service. If you want the service, you buy it, and if you don't want it you don't.
Nothing wrong with middle men per se, but problems do arise when we all rely on the same middleman: those become way too powerful and can do nasty things.
By that time, no one can do without the nasty middle man as we have forgotten or never learned the skills to fend for ourselves and are thus beholden to the nasty middle man.
Network effect compounds this
As long as you have plenty of competing middle men, like we do for eg social networks in the real world, it seems all fine.
Remember: Facebook is for grandparents, not where the cool kids hang out.
Where do the cool kids hang out?
A while ago it was Instagram or perhaps tiktok?
However, take the fact that I have heard of these places as strong evidence that they are no longer cool.
In a cool club on the other side of town, where the real cool kids go to sit around and talk bad about the other kids.
Yeah, it's a real cool club and you're not part of it.
That's ok, I dont really like clubs. Too many people
[flagged]
Most people don't really care about rent seeking middle men though, so why should they put in effort into doing things themselves?
Maybe it's ok to create something that isn't for most people. That's how the internet started out. It's only gotten worse the more accessible it became to most people. Maybe it's a good thing to create a split based on capabilities and technical know-how.
But we already have a bunch of social networks that are not for everybody. The problem is that social networks are pretty much a winner-takes-all market due to network effects.
We do and many of us prefer it that way. I’m not on any major social media because I personally consider it asocial — you can’t have that many actual friends or acquaintances. My «social media» is a handful of smaller discord servers and an irc channel, and an extensive webring of personal websites.
Maybe with ai assistants, everybody is effectively technical?
Then the AI assistants will be the middle men.
> we simply have to make a cultural change
Yeah...
I mean, they're impossible, and yet they happen. I've seen cigarettes and seat belts change in my lifetime. As a former smoker and denizen of the world of ubiquitous airplane and restaurant smoking sections, I would have bet anything against the rapidity of change in norms and laws that occurred.
I mean cigarettes give you cancer and seatbelts can save your life. Both of them were supported by massive government initiatives and tax incentives. How is that even comparable to software middle men? The problem is not even on the same scale.
Governments have started banning social media country-wide.
Or is that just another level of rent-seeking?
"one does not simply make a cultural change"
Convenience is king. We always pay for convenience in one way or another.
I tried to make a way of sharing posts with friends without having to be on a social network... I came up with NoteSub:
https://apps.apple.com/gb/app/notesub/id6742334239
I like it. And mass adaption is not required to use it.
I would have loved to have made this a true social network in some regards, however, there are issues of moderation and storage that become very expensive at scale.
Moreover, adoption of a new social network is super hard to promote. So many Twitter, Insta, etc clones have failed because they are just 'clones'. Not offering any thing new.
It should be considered although Thiel talks of 0 to 1... A great deal of dramatic software/hardware progression comes from a highly evolved successor to an average pre-existing product.
The iPhone was not a zero to one, nor was Apples GUI, they were just highly evolved versions of average or below average products that already existed. Social media apps are already highly evolved for their function. We need something better for edge cases, but the current state of social media platforms means that something supremely better is required before any adoption drive becomes meaningful. When such a product comes, mass adoption is inevitable; we crave and succumb to better ways of communication and contact.
I don't understand what it has to do with sharing, it just seems to be a note-taking app? It even talks about being local, offline and can't even sync with your own devices unless you pay.
But nothing obvious about your friends being able to see them.
1. Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
2. You don't need to know unless you want to implement the protocol! To use (the very barebones) implementation all you need to do is fork the repo & give access, which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
> Right after initialization you'll be prompted to export the private key and store it somewhere safe, e.g. your password manager
Having seen enough story in the vein of "if only I still have my bitcoin wallet from 2014" and "our storage server failed and when we tried to restore from backup we found out our last working backup was from two years ago," I have to say I have a rather dim view of how competent people actually are when it comes to keeping backups working.
I am not saying cryptography isn't useful for safeguarding your data, I just think for perhaps 90% of the users out here the risk of being locked out of your data permanently is more realistic than your data being accessed by a bad actor.
> which I admit can be too much for family/friends so you might have to set it up for them (and I bet they'd be stoked to have a website of their own!)
From reading the website, I was under the impression this is a techie oriented project still looking for technically inclined early adopters instead of something you can readily tell grandma to hop on. I sincerely doubt the average friend and family member who needs other's help to set up a personal website knows what the protocol does or why should he or she use it instead of Instagram or Facebook, or Signal, if the point is just to keep in touch with people you already know.
This is a usual pattern, a tech savvy hacker creates this great tool, but if you don’t put in the interface work to make it easy, frictionless, it might as well not exist for the general public to consume. Grandma will never use this. Or not even a slightly technical person will. (And it’s fine if that isn’t your audience ofc)
My call to any devs reading this: get an interface designer, put in the usability effort before adding new features.
I think a lot of even not very technical people have gotten used to TOTP QRCodes, and being able to store screenshots of them in password managers. (And having experience in losing 2FA keys that they'll go to some lengths to not repeat.)
I wonder if there's a decent way to encode these private keys in QRCodes? You can jam about 4kB in a high density one from memory? (I know that'd be possible from a developer/technical point of view, but if this were my project I'd want a talented UX designer to have complete authority over how this is presented and explained to users.)
One other idea - maybe implement a Shamir's Secret Sharing mechanism where your private keys get sharded and encrypted to a sufficient number of selected friends, so of you lose your s@ private key it can be re assembled by convincing - say - 8 out of 12 selected friends to give you their part?
Or alternatively - automate a "recovery mechanism" where you set up a new key pair and publish it on a temporary domain/site, and can then ask a friend/follower who can authenticate your identity out-of-band - to export all you posts decryptable with your new key, then put you new key and all your old posts back into your main site.
Unpopular opinion: names like PKCS12, X.509, X25519, ECDSA, etc. hurt adoption making the world less private, secure and decentralized.
Many years ago, I had an idea to use specially formatted emails as a transport layer for a social network. Predictably, it too, went nowhere: https://medium.com/@hliyan/email-re-skinned-as-a-social-netw...
Some years ago I was involved with a society (club), and we wanted a webforum. But as we were geeks as well, we created a combination of a web-based solution, mail-lists and NNTP. These three solutions were syncronized, so it didn't matter which one you used. This worked well for several years.
That is a very good concept, enjoyed reading it.
On the original concept is restricted to share outside the participating people but could be relevant that people add more people that are interested in a topic.
Email is a good transport layer. Nowadays people just imagine it as messages between large providers, but I'm in strong favour that small providers or self-hosting email can still be used.
> ... in a way that can unseat big tech.
Where is it stated that this is a goal for this project? You and I both may want a way to break the influence of the dominant social media companies. But this doesn't have to be that in order to be successful. It just needs small groups of people to use it in a way that benefits their communities.
> Like I want something where it’s secured by a username and password, that i give to a server i am registered with - and that server handles the encryption business. If the server rotates keys, that’s for the admin to figure out and exchange keys with sibling servers.
Isn't that basically Mastodon?
Cloudflare tunnels are an interesting alternative, self hosted but with external security
Self hosted but with big tech having a backdoor into your local network, having your ssl private key, and dictating the terms and conditions of what you self host.
I've never understood selfhosters fascination with cloudflare. They have some cool products but I have a feel 2026/27 is the time they start to show their evolving colours
cloudflare should never be trusted after what they did to kiwifarms.
What did they do to them?
They were defending Kiwifarms for awhile but then the pressure became too much and then they blocked them.
https://blog.cloudflare.com/kiwifarms-blocked/
Fully agree.
Who's gonna sniff your traffic from home? NSA, your ISP?
They already do.
Same as in corporate networks: your data is MITM anyway.
Fun should be unencrypted. It's not shopping or ssh into server.
> Fun should be unencrypted.
Five years ago I would totally agree. Now, when you do not want to share your fun thoughts with a border guard; a police person; an AI scavenger; a random jerk -- I would say, having a safe-ish space becomes almost a necessity
> The private key is stored in the browser’s localStorage.
Woah.. when will those people learn? _Any_ browser storage is unreliable. Anything goes wrong with your web experience? Clear browser settings. Make new profile. Re-install browser. The browser's localStorage is not a replacement for filesystem. It cannot be backed up, it is super volatile, and it should _never_ be used for anything important. It's one of those "worst of both world" cases, where malware can access it with no problem, while legitimate backup programs are locked out.
(And yes, the post mentions "new device" flow, but how many people would (1) remember to export their private key and (2) won't lose it with their device? I bet in practice people will use the network until the first time localStorage is lost, and then they will get annoyed that their feeds are lost forever, and will likely leave the network for good)
Not in disagreement, but based on how casually the frontpage throws around terms like "X25519 keypair", it is obvious that mass adoption and ease of use aren't among the goals of this project. Looks more like an exploration of a concept - can a social network viably exist without any middlemen in between.
> By convention, the client looks under /satellite/ by default. If that path is already taken, place a satproto_root.json file at the domain root containing { "sat_root": "my-custom-repo" } — the client checks this first.
Would a `/.well-known/` be helpful here?
https://en.wikipedia.org/wiki/Well-known_URI
.poorly-known
Ah, just like AT Proto when it was released, introducing compatibility hazards and security vulnerabilities by putting stuff in the root rather than in .well-known. Sigh.
A bit of an off-topic, but the social networking protocol should never be designed for the sake of the protocol itself, or it’ll not enjoy the networking effect. A protocol must offer direct benefits to users, so that they keep participating in the network. This participation is what eventually forms the network of people, a.k.a, society. I always pick BitTorrent as the most successful example of such networking protocol - people just wanted to download stuffs (e.g. movies and pxxxs) but ends up participating in the sharing network.
Personally, I think a possible angle of attack for a new practical social network protocol is data management, as the amount of data people generate, consume, store, and share is enormous these days. More like, manage data conveniently, and share them easily as a side-effect.
> A protocol must offer direct benefits to users, so that they keep participating in the network
As someone who tried to give all of the decentralized social networks a shot... something I realised along the way is that they are never going to fly because they are not giving you dopamine kicks like the big tech giants are. I ended up forgetting to visit Lemmy or Pixelfed or <whatever> because I had 2-3 times when I opened up the app and saw the exact same content, giving me a feeling of "nothing is happening here" and thus, I didn't need to check in.
I mean, even Signal has that Instagram story function but I have never seen a contact use it because no one goes to Signal "just to scroll" or whatever. They go there to send or read a message.
Any social media needs content for people to visit. They need to make people feel like they are missing out if they are not visiting. Otherwise, they're just going to end up as an app on the phone which is never opened.
I think a good protocol however is key for adoption. Many a good idea has died an early death because the implementation of it was, too complex, insufficiently robust, or poorly thought out for the future.
Long ago there was this thing called foaf https://en.wikipedia.org/wiki/FOAF and also https://en.wikipedia.org/wiki/Pingback ... it was the closest I've seen to completely decentralised social media.
Webmention is the modern counterpart: https://indieweb.org/Webmention
(The IndieWeb wiki is probably the best resource for exploring the personal website-based social networking tech nowadays. I recommend the author check it out and maybe iterate on that instead :)
Don't forget XFN!
https://en.wikipedia.org/wiki/XHTML_Friends_Network
Glad to see more of these efforts. But here's what it will really take to decentralize social media and E2EE messengers:
We need something like Discord, except each server is an actual self-hosted server like a Minecraft server. DMs between two users should be handled by a mutual server. Account credentials should be handled by a Nostr-like protocol, which also gives you global tweeting capabilities as a bonus.
Run the whole thing on Yggdrasil Network or something similar so that it's not tied down to IPv4v6 and DNS and all existing hardware infra, but can still take advantage of them. And add reciprocal inter-server onion routing to make it difficult to geolocate servers. Also take a page from SoftEther VPN's book and wrap all traffic in HTTPS and perform automatic NAT traversal, so that people can host servers from behind ISP firewalls.
Anything short of that and we lose to big tech and govs in the long run. But once we've achieved the above, the decentralized web can truly take off: we will get WiFi routers running open-source firmware to make a mesh network to act as alternative physical layer infra for the new web. We can still take advantage of the existing Internet's bandwidth as long as there's an unblockable path to send a little bit of data to discover and coordinate nodes.
> Anything short of that and we lose to big tech and govs in the long run.
This is not a software issue, it doesn't matter how good the tech is, the masses will always aggregate to big tech networks because decentralized networks will never have billion dollar marketing budgets.
I don't think that's true. If there really was a good enough open-source Discord alternative, many would already switched. A big part of the problem is there isn't one. Matrix, Stoat, Telegram, etc are all missing something. That's why new ones are being built.
https://news.ycombinator.com/item?id=46949564
Non big tech solutions don't need billion dollar's worth of marketing. In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree, know what is a private key and how to safely back it up (other comments brought up this exact issue) or even knows what a "static website" means. Non big tech solutions need to give non technical users (read: the overwhelming majority of humanity) a good onboarding experience that does not involve learning ten new jargons and acronyms. Non big tech solutions need to know they have a limited strangeness budget [1] and should only spend it on places it matters. Non big tech solutions need to start actually cater to the unwashed masses before being befuddled by them choosing to stay on mark zuckerberg's platforms instead.
[1] https://steveklabnik.com/writing/the-language-strangeness-bu...
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous
Then maybe you're not the target audience, or you're just not noticing the ads, because TikTok is particularly notable for their aggressive marketing efforts during their growth phase.
> Non big tech solutions need solid UI and UX that does not assume your average user can balance a binary tree
Non big tech platforms don't need anything. They can never compete with billion dollar budgets and they shouldn't set that as a goal. Everyone enjoys a well designed UX, but billion dollar marketing budgets will always eclipse the alternatives.
> In fact I don't recall ever seeing an ad for tiktok and yet it is humongous.
For the first years of its existence I only new tiktok because they were advertising everywhere.
I guess I’d rather have something approaching bittorrent, edonkey/kad, ipfs, blockchain, webarchives.
You have named networks that are federated together, and people can publish to the networks they are invited to or sign up for. The networks survive even with individual servers go down. Data is cached all over at the edges.
Your version is just way too susceptible to rot, unless you see that as a feature. I see it as most of the good content falling into the ether sooner rather than later.
Also can use people viewing the pages as hosts https://gabe.durazo.us/tech/ephemeral-p2p-project/
If we decentralize messenging and social media, all of those protocols you mentioned will survive.
I’m not specifically saying to use those protocols as much as the philosophy of hashes pointing to blocks that are redundantly spread far and wide.
Minecraft servers are a poor metaphor for what ideal decentralized social media should look like. They are the opposite of robust.
The problem with distributed storage is they place too high of a requirement on edge nodes, which people have to host, and they synchronize too slowly for real time messenging. If I upload a 1GB video to my server's chat, that storage load should not be replicated on many other nodes. Who pays for that disk space? The federated model is a lot more robust in this regard.
As far as archiving is concerned, many archiving orgs will pop up if their discussion servers and public facing websites can't be traced or easily shutdown. The protocol itself can't archive things, but it protects the people doing the archiving work and gives a place for websites like Annas Archive to live without relying on IP and DNS. The idea is to amass enough uncensorable social power so that such efforts can't be banned or shutdown, then you can use existing protocols like BitTorrent all you want.
That is being done today at https://geogram.radio
Each device (cellphone/laptop) is a server. They connect to preferred server stations that are used for discovering other peers. There are things like common chat rooms on the station servers but personal messages are completely p2p using webrtc.
There are other apps there, for example to host own websites or blogs and other things you'd expect from modern usage. Mesh is done today using cheap ESP32 devices (3 euros each).
It is a work in progress, the main point is that it can exchange data even outside the internet and use radio connections.
Building exactly this; in Mikoto Platforms, "Spaces" can be located on any physical node, and DMs are E2EE routed through multiple nodes
I really like solutions in this space, and this is quite nice. Seeing people try create solutions like this really tickles my brain a lot. Even if I think more into it and conclude it has catastrophic issues, I still really get a weird kick learning about novel decentralised networks. I really can't explain it. Fancy combinations of encryption and decentralisation just really do it for me, to an abnormal and uncomfortable extent. Hopefully someone else relates to this.
Anyway, I really like this idea, it's cool. When I think about this one though, I feel there's too much friction in the follow/unfollow process. Having unfollowing requiring reenecrypting and rebuilding the entire website for everyone seems cumbersome. It's not a killer in itself, but combined with this:
> If the original post is inaccessible (e.g. the viewer doesn’t follow the author), the reply is hidden entirely. A user only sees replies from people they follow — this is the spam prevention mechanism.
I think this is going to prevent it from scaling in any desirable way. I know it's not intended to scale, and is targetted at smaller freinds networks, not influencers, but again, even small friendship networks grow complex, and I can see the experience on S@t turning into the worst parts of activitypub where you can only read half of the interesting replies because not being friends, and it being a pain to then become mutual friends.
But, I really, really do like that s@t feels like a combination of RSS, activity pub and static sites, having a browser heavy client is interesting to.
It does feel a bit like s@t wants stuff to be easily locked down between a dynamic list of friends though, and it feels a bit weird to have the foundational tech of such a protocol be static sites, which by definition make it hard to lock stuff down to a dynamic list of friends. Hmmmm, I really do love/hate static site architecture
This is nice though, thanks for sharing.
I wish I could share a graph of my eyebrow height over time as I read through this part:
> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.
But in all fairness it seems like a reasonable system, given the narrow scope of its goals. It does not scale, but that's on purpose. Although I could still see "Feed Aggregation" becoming impractical even with a small number of friends with a modest number of posts.
Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen.
> if you believe quantum computing will ever happen.
... and you don't believe that everything will be totally fucked when it does happen.
If there is a global passive observer, and they get quantum computing, a huge amount of supposedly encrypted private information just got popped. Whether or not I care about my dinky little private social network posts when every ssl/tls connection I've ever made is being cracked and data mined is an interesting question.
Your app picks up a bunch of feeds and composes them into a nice page for you, much like an RSS feed reader. The twist is that each feed is encrypted in a way that only you can decrypt, so the cryptography also gives strong identity guarantees, and allows for private messaging.
It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven.
As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity.
> The twist is that each feed is encrypted in a way that only you can decrypt
Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...)
The content key is common, like the PGP session key is common. But to obtain the content key, you need to first decrypt it by your private key. The content key is encrypted by the public keys of every intended reader, so each can have a secure copy of the content key. Again, exactly like PGP works.
A PGP session key does not span multiple messages, however
So a database, that you can send a network response or request with that data, that when received by a client, builds a static website.
I see.
I see...
> Key Rotation (Unfollow)
It would be nice to start with what this actually is from the user’s point of view.
Forking, paths, JSON, decentralized, encryption, key rotation, etc and I still have no idea why I would bother and who else could use it (a decentralized social network is only so much fun if you are the only one on it).
I can think of at least a couple of dozen fairly technical friends who'd be capable enough to set this up themselves, and who're at least adjacently interested in recreational paranoia. And probably another dozen or two who're definitely into recreational (or possibly delusional and/or fully deserved paranoia) who'd be willing to learn or get help setting this up.
Right now, those circles of friends are _reasonable_ well served with some combination of Mastodon (effectively zero security but with decent findability) and Signal (much more limited mostly to only people you'd be OK with having your phone number).
I will definitely take this for a spin, and start having discussions with particular groups of friends to see it I get any traction.
The concept is good. It is in the right direction.
I think it needs to not have a dependence on github. This is a microsoft thing, and at best it means this will become another way for a corporation to make money from people.
Speaking of money, it needs to be paid for. (The github part is free from Microsloth and so is NOT free). So how do you pay for this? Micropayments.
So we need a system of micropayments. Then we need it to provide a way to help people economically. These are not barriers, because this is hacker news, instead this is an accurate understanding of more of the problem.
People keep talking about a collaborative internet without using the term. But to be clear we are talking about a fundamentally different kind of internet. That we can build.
It doesn't really seem to have a dependence on github, so much as a dependence on git. You can push to a git repo anywhere, even publish a site with it. For example the method I've used is no longer documented on the open web but an archive is here: https://web.archive.org/web/20220817005415/https://neurobin....
Also I think you're confusing "free as in beer" and "free as in free" here. The last thing any alternative social network needs is to bake capitalist incentives into the model, as that would just lead to everything optimizing for the same dark patterns and influencer garbage people want to avoid. There already exist plenty of ways to help people economically.
So, in essence this is very, very similar to TWTXT (https://github.com/buckket/twtxt).
I'd imagine that similarly to TWTXT, this suffers from the same accessibility and barrier of entry issues. It's one thing when all you have to do is type text in a textbox and click "Submit", but it's a whole thing entirely when you have to screw around with updating your website to do anything.
Funny to see people mention nostr
https://satellite.earth/ (Satellite nostr client)
https://nsite.run/ (literally static sites on nostr)
This obviously needs some iteration on the protocol design as other commenters have mentioned, but I'd still be up for partnering up over here at https://anproto.com/
This seems like a thin wrapper around libsodium, maybe I lack imagination but it's hard to see it as a protocol. On wiredove I see people posting with handles and profile pictures, where is that defined?
and thx for being the first person to notice the thin wrapper
userspace
This is intriguing. But I wish there was a rationale/philosophy document on that site, that explains what the intentions and use-cases behind this project are. Given that cryptography is such a fundamental part of the design, I wonder if public posts are not desired.
Very interesting idea, love the simplicity.
Question about this:
“Threads are positioned in the timeline by the original post’s created_at; replies within a thread are sorted by their own created_at ascending.”
Does this mean, I, as the person replying to the post can manipulate my reply time to say, 3 minutes before person X’s reply?
If so, I can imagine a few adversarial ways of (ab)using this.
I understand this is more for friend groups, just curious if my understanding is correct.
Yes that's correct.
edit: I guess an easy fix is to append a cryptographic hash to the post ID, but yeah currently I'm assuming you trust your friends.
Seems a bit complicated.
Why not use git for social networking ;)
https://github.com/est/gitweets
Git-based systems sound clever until you hit the delights of merge conflicts and history rewrites from trolling or spam. Propagating edits or deletes in a decentralized social network via git is a full-time job for bots unless you limit activity to a few dozen people who never disagree. Static sites dodge a lot of cross-user sync pain at the cost of making anything dynamic feel like pulling teeth with chopsticks.
Signed JSON reminds me of Nostr. I wish Nostr was somehow more mainstream.
I laughed when I saw this because two years ago I built a nostr client called Satellite! https://satellite.earth/
Unless this is just a PoC, you could benefit from a discovery mechanism. As much as that sounds like a webring for github, I'm probably not going to deploy a social network without knowing if anyone else is using it.
I wonder if the missing piece here is an agent layer.
A lot of decentralized/local-first social projects improve the protocol story, but the UX is still "please think about keys, storage, sync, exports, and trust boundaries yourself." That's fine for hackers, not for most users.
Something Claude Code-like, but local-first and protocol-aware, could make this much more approachable. The user says "post this to close friends" and the local agent handles signing, encryption, storage, syncing, and recovery.
That doesn't solve discovery, spam, or network effects, but it might solve a lot of the usability problem.
Nostr https://nostr.com/
Real question for people who know what they’re talking about:
is perfect forward secrecy no longer considered valuable?
PFS is valuable largely in stable, small groups that rarely change shape or association.
PFS in an open, freely-associable environment is far more complicated when you move beyond even the smallest of group sizes. Realistically, once the group size is beyond Dunbar's number you can reasonably assume that PFS is moot, because you no longer can depend on maybe four or five people's personal security, but 150+. Statistically, someone's opsec failure will be guaranteed.
It reminds me a lot of Org Social
OctoTown: https://octotown.github.io/
Amazing. I'm building almost the exact same thing. I'll share mine when it's mature enough. :D
I think: A new way of old school forum would bring real UGC rel="ugc" that brings value to human and agentic readers.
Let's crash the fediverse! https://wire.wise-relations.com/
Seems like a missed opportunity to not put a /satellite/satproto.json file on that site.
I'm curious why not use Nostr?
nice, RSS is a cool under used technology
See also org social:
https://github.com/tanrax/org-social
Thanks for this, nice concept. This would be good on a Tor onion service.
have you considered Replace X25519 with a post quantum cryptography key encapsulation mechanism like kyber or saber?
Just use RSS at that point. I don't see the value of encrypting everything, like people are gonna be spying on your random static blog entries.
This needs a YouTube demo video.
The client fetches the pub key off the server which is decentralized? There's no part in the protocol that authenticates whether or not a pub key is legit. If its replaced by an attacker and someone subsequently goes to fetch a key they can read those messages. I mean, pub key infrastructure is meant to solve that. With SSL and such... that's why you its a federated chain of certificates with providers vouching that names = pub keys.
This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue.
When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle:
https://en.wikipedia.org/wiki/Zooko%27s_triangle
human-meaningful, decentralized, secure -- pick two
satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon.
This is not true of indieweb's web mention: https://indieweb.org/Webmention
It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between.
Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html
Webmention is cool indeed. Also one of few techniques that’s currently free of some corp’s greedy roadmap
Is spam a thing on webmention? Have the impression it is easy for spammers to generate webmentions to get attention.
I wonder what the signing is for if you already have a domain name to verify your authorship.
It doesn't use signing, aside from the signing that exists within TLS
I think they mean in s@.
...which doesn’t do signing, but does do E2E encryption? So it’s more like DMs-over-HTTPS.
[dead]
Does the polling need to be fast? I think back to mailing lists and the huge delays involved in those conversations. Yet they were/are often very productive. Somewhere between Twitter/X speed and mailing list speed might be acceptable.
Maybe this would be better with a LiveJournal style interface. Medium length posts with threaded comments/replies are an underrated format.
That should scale pretty well. The HTTP fetch of posts/index.json could use conditional get requests to avoid downloading the body when there are no changes. Static files are dirt cheap to serve.
Maybe that's a feature rather than a bug
[dead]
[dead]