Is it a protocol? - I think... it just might be

Webster’s Dictionary, defines “protocol” as : an original draft, minu… wait, there’s a few here.

A preliminary memoran.. nope, not that.

Records or min… not that.

A code prescribing strict adherence to correct etiq.. aw, lost me on the etiquette.

A set of conventions governing the treatment and especially the formatting of data in an electronic communications system!! That’s the one.

What the fuck is a protocol?

Okay, so I’ve always been confused by the term “protocol.” It always felt like this higher level thing, where someone must achieve higher level computer science-ness than all others and know what the 1s and 0s mean without blinking. But nah, a “protocol” is just any shit in your system you make rules about. So when Signal has a “protocol” or Bluesky is a “protocol”, that just means “we like rules.” And that’s fine, and rules are great, but that’s all it means. Some “platforms” (just fancy word for group of jackasses who think they’re important enough to help make decisions for all of us) make better rules than others. I like Signal’s protocol a lot. I think their rules are sick and while I don’t feel smart enough to go learn how the double ratchet algorithm works, the openness with which they share it and remain open to scrutiny, calms many of my fears, even, probably, to a fault. I don’t know much about Bluesky, but from what I can tell it’s some kind of “take your data anywhere and it’s always shaped like a glob of Bluesky. We’ll be the backbone to start (really for always) and we’ll bullshit you into believing that your data is free and not just that we’ve made it infinitely easier to impersonate everything about you, steal your information and model you into a beautiful little AI freak child.”

Talking to you like you’re in first grade

Anyway, that’s kinda a weird tangent… but, let’s get down to the protocol shit.

Rules are cool. In certain contexts, at low enough levels, rules can keep us all on the same page, or at least speaking a translatable language.

These rules are called protocols. Some protocols are shit, flakey, clunky, lazy. Some protocols are social, and some are physical, and some are the stupid math that we make our computers do to help us feel safe and warm at night. And those ones, the lies we tell ourselves about how safe math can really keep us, those are the ones I’m the most interested in.

I overshare

So, I spent the last couple days, (and a little bit earlier this morning) being terrible about the OpSec on one of my goofy little side learnings, and I shared a bunch of the source code for the encryption algorithms that are supposed to allow me to create a pretty strong sense of security, and verification, across the system, while also fairly safely protecting the anonymity of those participating in the network - candidly I’m happy that I finally felt ready to just toss stuff out there. Even if nobody’s watching I can at least start to just see what my own ideas feel like in the wild (i.e, my revision this morning on the AES256 vs. ChaCha20 for private key encryption). Anyway, really, if this ever goes anywhere, don’t lay into me personally (I’m very sensitive), but do sit with me in the idea, and talk to me about where we can take it to improve it, because I think at the end of the day what we all really want, is just to make the world better, and leave our mark, and I’m not in competition with anybody.

I think I’m good at stuff

Okay, so anyway we’ve got the building blocks of what I think can allow us to set up some pretty dope, protective, secur-itive, exchange and storage mechanisms, that won’t burden our users too much (god, I really hope people can just get fine with the idea of key exports and keeping track of one private signature key, and OTP, and using a password manager… it’s really the only safe way to exist on the internet). Anyway, my unreasonable expectations of users aside (and this is actually where I’m not too worried because we can improve this stuff and Gen-Z is so much smarter than the rest of you bitches. I get this around college campuses where these ripe young brains are ready to learn everything, they’ll make security fucking awesome). Anyway, unreasonable expectations of my generation aside: here’s the protocol:

I get ideological

We break everything down into 3 parts (as I said yesterday or a couple days ago it’s actually 2 parts but it’s helpful to have 3), Users, Pods and Messages. And really, this breaks down once more, to “entities” and “events.” Users and Pods are entities, messages are events, and the system uses Pods to link “events” (Messages) to Users. All Messages are sent into Pods, all Pods contain a registry of their Users which is distributed along with each of those Users’ public x25519 “batch” key, where all members of the Pod are encrypting messages with only the keys of the other Users in their pod, and sending those messages onto the “Pod queue.” Every user anonymously, reads from their Pod queues, and the system federates the content to them based on whether or not their public keys are included in the encryption set. In this way, the sender of every message knows and can block any given user for their message without anyone being able to register that they’ve been blocked within the Pod. You can also de-register yourself from someone else’s list in the Pod so that you stop receiving their messages, and then you can re-insert yourself as long as they have not put you on their blocked list.

Pods are thought of as a “unit” within the system but I strongly believe these User, Pod, Message, primitives can be used to create any modern application.

I get super stoked about solved problems

Forums, f/asdf maps to a Pod and you can tread the Pod message queue, within the application client, like it’s a forum.

You can do the same thing with Feed apps (but because privacy is the point, every account is private), every user has their own Pod, which other Users request to join, and every single message in the Pod is represented like their personal timeline on their home page, and your personal timeline blends all of the messages from every Users’ Pod that you are in.

You can create a large-group Message exchange platform like are used for Gaming, Development and Work Network communities. Every “workspace” or “server” can be a pod, every “channel” can be facilitated by Users’ dropping public keys to create exclusivity of content sharing within that Pod (as with other large-group chat apps, this is not intentionally exclusive but is intended for efficiency and narrowing the recipient group for the respect of the larger group).

Mailing lists can be replaced the same way that Feed apps can be replaced. When you join someone’s personal Pod, you’re able to consume their content.

And all of the content is ad. free, it’s not even possible for it to be monitored and we’ve enabled people the ability to protect themselves from harmful actors via blocking and all of your data being fully protected and private by default.

It is also important that all data be forgettable as soon as you’re ready to have it be forgotten. All of your data should disappear as soon as you want it to, so we give you the ability to “cache sweep” as frequently as you want and be forgotten as soon as you feel the need to opt out for any period of time.

Anyway, the point is, the protocol is secure, it can be used to create all kinds of apps and that’s really the biggest goal.

Prove it

The thing that I’m doing right now, (and as I did with the other set, follow up with the code sometime soon), is create the perfect, client/server interaction via gRPC-web - I’m also writing everything in Rust and WebAssembly, and am fully okay with the challenges that come with that - and then create a distributable, WebAssembly module, which can be easily consumed via browser based JavaScript, and allow developers to work on this without anything other than JavaScript, HTML, and CSS.

I am designing my “first app client” as a PWA and intend for everyone to be able to do the same in the future. The browser is secure enough if we leverage the cryptography skills that are not hard to develop. It will improve over time and there is nowhere where more eyes spend time than on the web browsers.

I don’t want to go through app stores. I want to be able to run in just a WebView. Any operating system, for every application client.

Anyway, I’m most of the way there, it’s just gonna take some time so I’ll try to follow up soon. I really hate putting thoughts our there and not backing them up, so the whole point of this is to freak myself out into working faster.

Caveats

How the fuck do we pay for it tho? Like part of me thinks a good idea would be to only charge for compute and storage, just like the cloud providers do. And then like over time we would distribute out the resources away from cloud providers and self-host (only if we reach a scale where that actually saves meaningful dollars), but I think my coolest idea is if we could build a super flexible system, run our own infrastructure that can handle just the right percentage, but is get regular people to buy boxes from us that they plug in, and pay them rent (probably less than we pay our cloud providers and we probably don’t sell the boxes without making a profit in the first place), we can start paying people for what we pay corporations for right now.

I know there are huge limitations and issues because what happens if the ISPs get mad and what happens if the electric company gets mad, but I think at the end of the day, in a perfect world, this is more directionally correct for the maximally robust network that because of socialism and a socialist mindset, we all keep alive because we all respect it.

Anyway, that’s super idealistic and probably irrational but I hope people also have that much hope for the world. Really we’re all in this together until the sun explodes, and I really hope that we like turn earth into a spaceship (bc it’s like actually a super cool system and I think we should work with it, not against it), and then we could fly from sun to sun, extracting and storing their energy in our super energy dense silicon (which like friends, there’s got to be a reason our planet has so much of that shit). And then humanity can live forever and learn everything.

Sean thinks we should turn earth into a spaceship

Anyway, gotta figure out how to pay for it, and I don’t know if a baseline subscription makes sense? With maybe some payments for additional storage, kinda like iCloud. But I honestly don’t know if people would hate that.

I was thinking that the system owner (person who runs all the backend systems) could just charge for storage and compute, and then like the client application developers (which I would give them such the most amazing DevEx of all time. I would spend just literally forever trying to make templates for people for fun because that sounds awesome to work on every app imaginable). Anyway, I’ll do everything in my power to make it perfectly turn-key. But the application client developers could make money off of their client apps via a separate peer-to-peer licensing fee. So the infrastructure is paid for by the user themselves and the application developers just get paid license and service fees for their creations as long as the user wants to keep using their app.

Idk, that just feels super generative and like we’d see some really cool shit and in the world where we all focused on how we could achieve an ideal, is one where I think we’re more likely to get close. There will be bumps, and I will fuck stuff up, but the intentions are to create a safe, sustainable ecosystem for people to share and confidently express themselves for exactly who they are and who they want to be.