Stéphane Bortzmeyer

Je suis un homme du siècle dernier, j’essaie de m’adapter, mais je n’en ai pas vraiment envie.

  • A very interesting paper (I said “interesting”, I didn’t say I agree!) on open networks where independant nodes with independently developed programs interoperate thanks to standards. The author claims closed and centralized systemes are better, because they allow faster evolution (he uses security and privacy as an example).

    #Internet #privacy #federated_systems #centralized #decentralized

    • Like any federated protocol, extensions don’t mean much unless everyone applies them, and that’s an almost impossible task in a truly federated landscape. What we have instead is a complicated morass of XEPs that aren’t consistently applied anywhere. The implications of that are severe, because someone’s choice to use an XMPP client or server that doesn’t support video or some other arbitrary feature doesn’t only effect them, it effects everyone who tries to communicate with them. It creates a climate of uncertainty, never knowing whether things will work or not. In the consumer space, fractured client support is often worse than no client support at all, because consistency is incredibly important for creating a compelling user experience.


    • “I no longer believe that it is possible to build a competitive federated messenger at all” - Moxie’s conclusion makes me sad: his lack of utopia is disappointing.... But it is a lucid analysis of the contemporary landscape, though one may take into account his service provider bias considering his interest in Open Whisper Systems. The notification panel as federation locus - yuck... But it is the current reality and it works.

    • Troll put aside (« it’s undeniable that XMPP still largely resembles a synchronous protocol with limited support for rich media, which can’t realistically be deployed on mobile devices. If XMPP is so extensible, why haven’t those extensions quickly brought it up to speed with the modern world? » is pure ignorance or, worst, deliberate misleading), this is not a technical problem, but a pretty old political one.

      It’s not new that some people think or declare that a monarchy or dictatorship (with a « enlightened leader ») is more efficient than a system involving cooperation and discussion. History has proven it wrong many times.

      I really don’t understand why free software (talking about free software, not open source) community is even paying attention and sometime giving credit to this kind of text, this is in total oposition of what free software are made for.

    • @Goffi : I’m paying attention because acquisition of users is critical where network-effect is the main usage driver. Centralization has a huge advantage in contact discovery - currently big enough to make decentralized systems seem incapable in comparison. Everything else is moot if a new user can’t instantly fill his contacts list. Decentralized will still work best for closed groups or in privacy-critical environments, but the mass market is now centralized - I have recently decided that this battle is lost... But I’m still wondering about the holy grail of privacy-preserving contact discovery in decentralized systems - maybe some cryptographic wizardry will make that possible one day and change the whole game. Until them I’ll go where my girlfriends are.

      PS: I still run an ejabberd but the number of people I reach through it can now be counted on the fingers of one hand - on a good day. The girlfriends used to be there... That era is gone.

    • Also, this made me think about a short discussion I had with Dean Bubley a couple of weeks ago : - he argues that the comparative benefit of freedom of service provider choice inherent to decentralized networks is made irrelevant when users can setup and populate a new centralized network in 30 seconds. Still proprietary, still a trust SPOF - but those are minor factors in mass market user choice.

    • @liotier : centralisation allows contact discovery *in the network*, you wont find my contact on Twitter for instance because I’m not there. In addition, the biggest network to date in term of user (before FB) is a decentralised one: email.

      Anyway the network effect is a bad usage driver, I wish that this notion doesn’t exist anymore in the future. Network effect exists because people are not able to talk to each other between networks. If interoperability exists, you can have a network with 10 or even 1 person, if you can talk to all the others there is no more notion of network effect. Again email is a good exemple, I’m the only one on my server and I’m not isolated because of network effect.

      @stephane : thank for the ping, I’ve already seen this text on XSF muc room. I’m really not fond of the certification thing by the way.

    • Network effect exists because people are not able to talk to each other between networks. If interoperability exists, you can have a network with 10 or even 1 person, if you can talk to all the others there is no more notion of network effect.

      Other example of this kind: the phone networks. There is a large number of companies, that manage different networks, but all interoperate. And in many countries, there are also regulatory norms that mandate “portability” to allow users to switch from one network to another without cost.

      Maybe part of the solution is regulatory, no technological.

    • > Maybe part of the solution is regulatory, no technological

      Hampering interoperability might be interpreted as abuse of dominance as defined by Article 102 of the Treaty on the Functioning of the European Union ( But you’ll have a hard time building a convincing case when the “product market” (as defined by same article) arguably encompasses all equivalent services between which users switch easily (see Signal’s signup spike when Whatsapp became temporarily banned in Brazil). POTS was heavily regulated because no such market diversity existed, so the dominance and abuse thereof were obvious.

      Email is driven by standards-based interoperability because it grew up at a time where no one was seeing value in owning users... That era is past, even though we enjoy its legacy.

      Service/standard adoption are investment driven:
      – Investment in development
      – Investment in usage (yes, for a user, setting up a system and learning its use is an investment)

      Now, think about why the developer (in the business sense, not the technical one) and the user would invest ?

      For the user, it is all about innovation: given acceptable levels of service, the user will switch to where the exciting new functionality is (see Simon Wardley’s works for this line of argumentation). Decentralized loses because innovation requires consensus - working with standards body is a long tedious slog... So time to market will be unacceptable or at least it will be to late for any competitive advantage. So it follows that businesses will only standardize if they have no choice but delivering an interoperable solution because they don’t have a strong market position - otherwise, fuck standards: either the customers will eat whatever the dominant provider feeds them or the provider better deliver exciting functionality before anyone else if they want to keep growing.

      Even merely opening an API to third-party clients is a threat to that model: it freezes the service in its current form, thus slowing functional change... Businesses don’t want that - except when the customers put interoperability before other functionality, which seldom happens.

      As for some hope for the free world ? As I said - and as David Cridland explains, it lies in a revolution in contact discovery. Who knows if a cryptographic protocol could let users expose chosen bits to chosen interlocutors in a distributed way (did anyone say “blockchain” ?)... I have no idea and it is a hard problem - seen Moxie’s take on this (notably the mention of encrypted bloom filters): - posted by @stephane a couple of years ago. David Cridland offers the less utopian idea of a centralized directory for the open world... It could surely work and it might even be sufficiently cheap to be fundable - but what a SPOF in every dimension !