Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Dominic Tarr: Secure Scuttlebutt – The “Localized” but Distributed Social Network
Episode Date: June 4, 2019We’re joined by Dominic Tarr, a sailor, and the Founder of Secure Scuttlebutt. This curiously named project has a fascinating approach to creating a truly distributed social network. One might even ...say that Secure Scuttlebutt is “localized” as it gracefully degrades to Sneakernet, something few blockchain projects can claim. In actuality, the SSB protocol isn’t a blockchain in the traditional sense – each user’s feed acts as a sort of localized chain of posts, signed by their public key, and possibly encrypted for a friend's key to decrypt. When users meet, the system syncs their local databases using a gossip protocol and replicates the data. Encrypted data is transported from peer, to peer, to peer (or friends of friends) until it reaches its intended recipient. User may also optionally rely on public servers to sync data over the internet. Topics covered in this episode: Daniels background and life living on a boat off the coast of New Zealand How being at sea gave him the idea for Secure Scuttlebutt What is Secure Scuttlebutt and what are the goals of the project The issues with centralization and redefining decentralization as a positive statement The notion that the technological singularity only serves the goals of centralized power How SSB stores information and how posts get propagates from between friends, and friends of friends How the network leverages “Pub” servers to sync data over the internet Usage of the platform and the communities which thrive there The cost of spam and how users protect against DDoS attacks The project’s funding and roadmap Episode links: Secure Scuttlebutt website Scuttlebutt Protocol Guide Manyverse mobile client Designing a Secret Handshake: AuthenticatedKey Exchange as a Capability System EfficientReconciliationandFlow ControlforAnti-Entropy Protocols Scuttlebutt: an off-grid P2P social network that runs without servers and can fall back to sneakernet The Nomad Who’s Exploding the Internet Into Pieces Counter-Anti-Disintermediation “The Third Web” interview with Dominic Tarr Dominic Tarr on Twitter Sponsors: Trail of Bits: Trust the team at the forefront of blockchain security research - https://trailofbits.com Azure: Deploy enterprise-ready consortium blockchain networks that scale in just a few clicks - http://aka.ms/epicenter This episode is hosted by Sebastien Couture & Friederike Ernst. Show notes and listening options: epicenter.tv/290
Transcript
Discussion (0)
This is Epicenter, episode 290 with guest, Dominic Tar.
This episode of Epicenter is brought to you by Trail of Bits.
Don't leave your project's security audit to just any firm.
Trust a team with decades of experience at the forefront of blockchain security research.
Go to trailofbits.com to learn more.
And by Microsoft Azure.
Do you have an idea for a blockchain app but are worried about the time and costs it will take to develop?
The new Azure blockchain dev kit is a free download that brings together the tools you need to get your first app running in less than 30 minutes.
Learn more at aka.m.m.m.S.combe.
Hi, welcome to Epicenter. My name is Sebassiakut.
And my name is Fridharicanz.
So today we have on the show Dominic Tarr.
Dominic is one of the creators of a protocol called Secure Scuttlebutt.
And Secure Scuttlebutt is a new type.
of social network.
And it's kind of different from, from anything that, you know, most people are used to,
especially in the way that information propagates.
And what's interesting about it is it looks a lot more like real human conversations
and the way information propagates between, you know, humans in the form of gossip,
than a sort of centralized social network where you post something and then it automatically
gets distributed to everybody in your network.
So it's really interesting in that sense.
And in a lot of ways, when you're on Secure Skull, but it kind of resembles, you know, the early days of the internet.
It's kind of like early day internet, culture and, you know, very cool and cordial conversations, but with kind of modern technology.
Yeah, so it's an open source project.
So there's no money at stake, no business interests, which is why I think.
think it's flown a little bit under the radar.
But it's super interesting.
So listen in.
Right.
So we have another announcement.
We mentioned last week that we would be in Berlin for the Interchain Conversations
event and the Hack Adams Hackathon.
So once again, I want to mention that and give you links to register if you're interested.
So for the Interchain Conversations event, it'll be happening at full node in Berlin.
on Thursday, June 13th and 14th, and we actually have a discount code.
If you want to register, tickets are $165.
And with the code epicenter, you can get those tickets for $100,
and that's available for the first 10 people who register,
first 10 epicenter listeners who register.
So to register, I've got a short link for you.
It's an event-bright page, so it's a bit of a long URL.
but if you go to epicenter.orgs slash interchain Berlin, it's epicenter.com.
slash interchained Berlin and use the code epicenter.
You'll get a discount on registration.
And again, that's on June 13th and 14th link will be in the show notes.
And then right after that event, there's a hackathon that is also taking place at full note.
And you can register for the hackathon.
Again, the short link for that is epicenter.
dot rocks slash cosmos hackathon Berlin.
Episcenter.
dot rocks slash cosmos hackathon Berlin.
And you can register for the hackathon that's happening on the weekend on June 15th and 16th.
So if you're in the area or if you're in Europe and just a short flight away,
do come to full note and see us.
Most of us will be there.
I think maybe even if we're lucky,
you might even get all epicenter hosts in one place for the first time.
ever. So that would be really interesting and very, very exciting if that happens. So yeah,
looking forward to see you there. So without further delay, here is our interview with Dominic Tar.
Hi, so we're here with Dominic Tar. Dominic started Secure Skettlebutt, which is a very unique type
of social network. I don't know if we even want to call a social network, but it's a way to
talk to people who matter to you and others. And Dominic is usually
based in New Zealand, or at least on the coast of New Zealand as he lives on a sailboat.
We'll get a bit into that in the episode.
But for the moment, he's in Berlin.
Hi, Dominic.
Hi.
Thanks for joining us.
So why don't you tell us a bit about your background and how you got to live on a sailboat?
Actually, just for context, you were introduced to us by another New Zealander in front of the podcast and a lover of boats and things.
it floats, Arthur Falls.
And so, yeah, tell us a bit about your background and how you got this far.
Right.
Well, I ended up on a boat because I just decided I didn't want to pay rent.
Just started to seem like paying rent was like a massive scam.
And I realized one day I could look in a boat.
And instead of paying rent, I could buy a boat.
and then after a few years I've paid for the boat.
And then it turns out I liked sailing as well.
When I first decided to live on a boat, I didn't.
I hadn't even seen a sailboat up close.
So I kind of got lucky there.
I think I'm sure that this sort of was essential
in like leading me down the path where I created Skiddlebert.
So things like living on a sailboat,
you have a lot of autonomy.
and you also find yourself in a lot of like near-death experiences.
So you get, you have to be like, you know, you have to understand how, it's very much like a hacker mindset.
You have to understand how everything works, what the risks are, take actions and decisions and stuff,
and be confident about what decisions you make.
So are you sort of in New Zealand?
territory or New Zealand waters?
Are you out in international?
I'm not even, I mean, I'm not even really sailing that, that,
just, just like a coast to lay around New Zealand.
But in the sort of boat I could, the sort of boat I could afford when I was 21,
it was like even a small distance was a big adventure.
And the weather in New Zealand has been described as quite moody.
So you can have, you can still have terrifying.
at benches, you know, it's sort of relative to like the scale of the boat and stuff like this.
And the new boat is much more, is a bit better.
And I'm in a much part of the country that has much milder weather.
And it's like all the other things have changed since then.
So now I have like, now there's like pretty widespread 3G internet.
And solar panels are much cheaper.
So I have a solar panel, like one solar panel, that's enough to run a laptop and there's
internet, like most of the time.
And I'm like doing remote work.
So it's quite an excellent environment.
It's quite literally remote work.
So how long have you been doing this?
And what did you do before you were living on a sailboat?
I believe you were working a regular job.
Oh, I haven't worked a regular job for a long time.
So the current boat I had, I've had like four years now.
Previous to that, I spent a couple of years just traveling constantly.
I had gotten into Node.js very early on.
And then I managed to get invited to speak at a conference.
And then I gave this talk wearing a wizard hat that was made from a Doritos bag.
and after that I just became like quite famous as a distributed systems expert,
although I had really just, all I had really done is read the Amazon Dynamo paper,
but I knew just enough more than everyone else that I could like pass off as an expert.
And this was like, at this point I didn't realize it yet,
but I was well on the way to Scuttlebutt.
So in this process, I learned basically.
everything I needed to know, think of Sekeel Scuddleput.
And yeah, so then it was just like kind of exhort.
So at that period I was like traveling like at least nine months of the year.
I think one year I didn't spend longer than six weeks in any one country.
This was like, but this got to be quite exhausting.
And I was like, I need to be settled down.
So I bought a boat.
And now I only travel like three months of the year, which is still a lot.
ordinary people's standards, but it's like quite, quite settled and civilized compared to
what I was doing previously.
Cool.
That, that hat story is hilarious.
So can you describe a little bit your path towards building secure Scuttlebutt
and basically what motivated you to build the protocol as is?
Yeah, so there was a period where, there was a period where,
I knew I wanted to build
some kind of
decentralized application platform
and I didn't
really know, but I didn't really know how it was going to work
and my motivation
was actually more about
so I started exploring this before
like
before Edward Snowden and things like that
like it was like
privacy wasn't actually my main
item. It was more
about, it was more about
autonomy in a sense that like, you know, you look at, um, so I remember being like frustrated,
um, that Facebook would just change how the interface works from an interface I was used to,
to an interface that like I hated and I just had no recourse at all. Like it was really frustrating
and there's like nothing. Um, there's no kind of, there's no like way to like vent that frustration.
like you there's no way to like fix the problem um or even like express that there is a problem
whereas like you know if you live in a democratic country then at least you can vote for the
other party every couple of years or something like this or you can write a letter to the editor
and like threatened that you're going to vote for the other guy and with software it's just like
there's nothing there was nothing like this and like my previous so before the vote stuff
I had what I call my first and last professional growing up job.
So before that, there was another boat trip.
And I ended up at this like hippie commune.
And I stayed there for a few, a month or so.
And I was like, this is great.
But just becoming happy would be too easy.
You know, I need to go to the city and get a job and give polite society a fair chance.
And so I did that.
And after 18 months, I decided that polite society had failed me.
it didn't like so basically I had this job where I realized that so the software we were providing
customers was really crap but it wasn't the technical problems weren't really that hard the hard part
was the social structures around surrounding it so that basically my boss would go talk to their
boss of a golf game or something like this he could be like oh you're a good guy let's
we use the software, software.
And then the people who actually had to use the software, which would generally, like the accounting department, they had no, they didn't actually have any say in the software.
And they find it, when they found it quite frustrating, they talked to me.
But I wasn't allowed to fix their problems because we had to generate billable hours.
And I would have loved to have fixed their problems.
but, you know, I was only able to really do things like that when my boss was on holiday
because otherwise I had to like just, you know, fight fires and stuff like this.
So that got me, like that sort of made me real.
That sort of got me thinking that, you know, the person who is like, you know, on the front
lines has a very good perception of what the problems actually are.
But there's, they're often not in a situation.
where they can actually do anything to affect those problems.
So there's so much software that's like really frustrating.
But unless you're inside the organization that created that software,
it's unlikely you can do anything about it,
even complain about it in a satisfying way,
except for open source.
Open source has a lot more, you know,
you can actually attain a feeling of agency
or you can sometimes, you know, point out a problem and it gets,
like sometimes where I've pointed out a problem, it's been fixed immediately.
Or even if I don't make the pull request or something like this,
often you can talk to developers and like persuade them or negotiate some kind of solution.
And I find that that is like hugely satisfying.
You generally need to be a developer to be able to have access to that kind of thing.
but I was sort of thinking,
I was sort of interested in how you would make more egalitarian software,
basically.
And this sort of led me towards decentralization,
because in decentralized software.
So in Scuttleby, there's protocol and then application.
And just because I designed the protocol,
it doesn't mean I can control what application you use to access it.
So even if you build,
a commercial application for using SettleBard, you can't really stop other people from using
different software. And I don't have the solution to like, how do you create truly egalitarian
software? But my intuition was that decentralization capable protocol would be a big
part, a big potential part of that. Let's talk about security. You know, DAPs are pretty
unique because unlike other types of software, they can hold astronomical amounts of value.
That's why getting systems audited, creating robust security processes, and fostering a culture
of security in your organization is so important. And to do this, you should only trust
experts with real security expertise. There are a lot of security firms in the blockchain space,
but few have the experience and track record of Trail of Bits. And they've been in business since 2012,
long before things like the Dow Hack were even imaginable. Trail of Bits works with your team.
team to audit every aspect of your project. And smart contract code is just the beginning.
They'll help you implement best practices around things like DevOps, key storage, and user-facing
applications. And once your software has been rigorously tested and reviewed by Trail of Bits,
they'll provide the tools you need to make sure that your code remains safe over every new
commit. They can even put a software security expert at your team's disposal who'll give you
advice and answer your questions when you need them. It's like having your own security engineer
on staff, but don't take my word for it. Go to their publications
repo on GitHub to read their papers, presentations, and security reviews. It's no wonder teams like
parody, status, NewCyfer, and organizations like Facebook and DARPA trust Trilobits for their security
audits. To learn more, go to trailfbits.com, and if you decide to reach out, make sure you let them
know you heard about them on Epicenter. We'd like to thank TrilofBits for their support.
So SecureSkratelBad is open source and decentralized in a form that.
we're not that used to, which we'll go into in a little bit.
But maybe let's talk about what it is first.
So basically, I think earlier we referred to it both as a social network and a messaging protocol.
So what in your eyes is the function of secure Scuttlebot?
Well, generally I start by explaining the name.
So Scuddlebart is like an agnautical term for gossip.
so scuttle means open or opened and butt is a barrel so it's the opened barrel of it's like it's the
drinking water on an old sailing ship yeah like a water cooler and that has a that becomes synonym for
gossip inevitably and then the thing with human gossip is gossip doesn't consider very reliable
because I can say something to you and then you can say something to you and then you can
something different to someone else, but say that that's what I said.
So, or you just misheard it, or, you know, it could be malicious or it could be,
you misheard it or something like that.
But interestingly, gossip is actually a type of computer protocol in some computer systems.
One computer talks to another computer directly, and that's the only way that those two computers
communicate.
But you can also have, so in a gossip protocol, a message can get from one computer to another
computer by jumping around other computers first.
So in a gossip protocol, when you send a message, you don't really even say, oh, it's
going to this protocol.
You just like broadcast it and it drifts out to like all of the computers.
Eventually it gets the one that you need.
And these kinds of protocols are extremely resilient because if some computers are missing,
it doesn't matter.
It just goes to other computers instead.
basically I read about this sub-system of dynamoDB so dynamoDB is part of Amazon so they used it to implement
your shopping carts and stuff like that and it had a part it had a gossip protocol inside of it
that just kept track of the computers that were like in their cluster so they had a pair-to-per-per system
that was inside of their data center and I sort of took some of the I sort of took that basic
idea and then added enough security so that you didn't need the data center anymore.
So it makes a secure gossip protocol.
So in a secure gossip protocol, it doesn't have the unreliable problem.
So you can pass on the messages I say, but you can't change them.
So my friend can verify that that's what I said.
Yeah, so I tried a bunch of other things.
So I was originally thinking of the design that was a bit more like,
a little bit more like IPFS than Skaddlebutt originally.
But eventually I realized that by building a social network,
you sort of solve a lot of the security problems,
but by basically passing them onto the humans.
So for example, how do you deal with spam?
Computers aren't very good at filtering out,
what is spam and what isn't spam.
But humans are really good at that.
Humans have, you know, been, you know,
they spend all their time, basically,
deciding who they can trust and who they can't trust.
So instead of making the computer decide that,
just put a button that says,
with humans can say,
this is my friend and this isn't my friend.
And then so that sort of stuff,
the trust decisions,
you just push up to the human layer,
and then the computers just sort of replicate
in the messages perfectly,
which is what computers are really good at.
So could you walk us through the sort of typical experience for someone who's joining Secura
Skullbutt?
So if I've just heard of Secure a Scuttlebutt and I know that I have some friends on it,
how does that work?
And then maybe also it would be interesting to describe the way that messages actually get
transmitted and how one, and so how they function more like actual human conversations
and human gossip than the social network structures that we're used to.
Yeah.
So to join the Scuddlebutt network, basically someone else who's ready in the network has to follow you.
So it has to start requesting your messages.
And then, so there's a couple ways of doing that.
The best way is if they are in the same room as you on the same Wi-Fi,
then they install, so you install ScuttleBart,
and then there's like a local broadcast,
so you can see each other over the local network,
and then they click Follow,
and so follow makes their computer start replicating your messages,
and it also posts a message to their feed
saying that they followed you,
and that means that their friends now know about you,
and they can start replicating your messages as well.
And the same time, you click Follow for them,
and then you start replicating their messages,
and then you're basically, and then it work.
So every time that these two people meet on a local area network, on the same Wi-Fi,
or even, I guess, also exchanging sort of USB keys that they want,
like it can degrade it down to that level,
then they will replicate each other's messages,
so basically replicating the data on each other's system.
So this kind of works, like the friend request here kind of works like a real,
life, a relationship, I meet someone, and all of a sudden I want to know about what's going
on in their life, you know, like I become friends with them, and then I engage in conversation
with them, and so we sort of replicate experiences, stories, you know, things that we tell
each other. Yeah. But it happens in a physical location. Yes, yes. So that works really well.
Of course, sometimes people like to use their computers to talk to each other over the internet,
when they're not face-to-face.
But that has this problem that was meant to be solved by IPV6,
but hasn't yet been rolled out yet.
It's only been 20 years.
And now we have this problem where basically imagine,
so the internet is like,
imagine we ran out of telephone numbers,
and now there are two sorts of phones.
There's one that only businesses can afford,
which can answer messages.
and then once the ordinary people have, which can only dial numbers but can't receive calls.
And this makes it very difficult, but it's IP addresses.
So it means that you can call someone who has a website, but you can't just call your friend.
So making a full peer-to-peer application work properly is quite tricky.
There's sort of hacks to get around it.
but what we've found is good enough for Secure Skullbutt is just some people run servers
with an IP address, with a static IP address.
We call this a pub server.
It's named pub because it both sounds like public and like a pub as in like an English pub
as in like a bar, public house, which is like a place you can meet your friends to exchange gossip.
and these pubs are like quite different to like you know
mastered in or email servers because the pub isn't so in email
you have server email servers but the server actually owns your identity
so your identity is name at server and in scuttlebut
the pub is at best just like a robot that happens to be your friend
that happens to act like your friend.
So your identity isn't actually tied to anyone part.
It's just a place.
It's just an entity that probably has your messages
that you can reliably connect to.
And if I understand correctly,
there are two types of messages.
So there are messages that you just broadcast through the world
that are readable to anyone.
But I could also send you a private message, correct?
Yeah.
So a private message is just a public message
that the body is encrypted.
So basically it's a broadcast model, so everyone receives all of your messages, but if it's encrypted, they can't read that message.
So I encrypted a message so that only like you and that only you and Bob can decrypt it.
And everyone else gets it and passes it on, but they can't decrypt it.
And this actually has very good privacy properties because, so it doesn't hide that I sent a message.
everyone knows I sent a message.
But no one actually knows.
Everyone tries to decrypt it, and therefore no one except the people that it's for actually
know who it's for.
Because anyone, they could have potentially been for anyone that follows me.
I see.
This makes perfect sense.
So basically, seeing that you don't have people like servers or, you know, like people
who actually own your, who actually are your point of access,
it's asynchronous by design, right?
So basically if I send you data or some kind of message,
you don't, if you're not online,
you're not getting it at that moment.
And so can you describe the process
by which this message kind of permeates the network
and arrives at your device?
Yeah.
So basically when any two peers connect to each other,
they start by doing a handshake
where they basically like,
So they start by just sending a list of who they have talked to since the last time they
talked to you and they check if you have the same news.
So it's like, I see you, I'm going to you on the street and I'm like, oh, hey, have you heard
from Bob recently?
And you're like, oh, no, I haven't.
And then I tell you the news about Bob.
And then if sometimes you already had heard the gossip about Bob from a different channel,
in which case we'd see that and don't see anything.
So let's maybe just use your example or it's like your life is.
an example. Like, you live on a boat, right? And let's say that I live in New Zealand and,
you know, Federica lives in Germany. So you're on your boat and you write public posts.
And by the way, we're all friends. So you write public posts like today I caught this huge fish.
And like today there was like a big gust of wind and I went with the far. Okay. I'm not a,
I'm like, I don't know much about it. That stuff happens. That stuff happens. That's like the
The two things that happen on the boat, right.
Then you know, you come to shore, I meet you, we sit in a cafe, and then we, I get all those updates.
So, you know, like maybe like a month of updates, basically just you, life blogging, kind of your diary of what's happening in your boat, I get all that stuff.
And I'm like, great.
And then maybe also you sent a private message to Federica.
And then at some point,
Fereika comes to New Zealand
for like some conference and you're still on your boat
and we meet up,
she'll presumably get all of those public updates
because I'm friends with her
and then she'll also get the private messages you sent her
because I'm gossiping those to her.
So the messages are all just in one log
so it'll just be like public, public, private, public, whatever.
So they just all sort of come
and they just all get copied
cross and they always get copyright across from oldest to newest. And that means that if it breaks
part way through, next time it just can replicate from there. So I'm only receiving, I'm only
receiving that private message to Felica because the client knows that we're both friends.
No, you, the message, the, you don't know that it's for Frederico. You just,
you just take all of my messages in order.
All of your messages regardless of whether or not I know those people,
whether or not we're friends or whatever.
I just duplicate everything.
I replicate everything that you've posted.
Yes.
Okay.
So there might be some garbage in there, like for people that I'll never encounter
and for whom those messages will never get sent from me.
Yeah.
But replicating these extra messages isn't a huge burden.
Basically, it's designed so that it all fits with.
in the realm of just like the small favor that you wouldn't really think about doing for a friend.
Like it's not really a problem.
Even if like, even after like several years of using Skogglebat a lot, because, you know,
talking about Skidabut, talking on Skidabutubut, every day, my entire list of messages is only like 10
megabytes or something like that.
Oh, okay.
So it's quite efficient then.
Yeah.
So it's not really, and it could be more efficient as well.
but it's just not, it's not really a big deal to have a few extra messages.
The thing that is a bigger deal is like attachments that are images and files and that sort of
stuff, but that is sort of handled separately.
So you won't take those unless you want to like view them.
So that's left, that's sort of handled by different protocol.
So if I took a picture of that fish, if you didn't look at the picture of the fish, you might not see it.
you might not have it to pass on to
Regrico.
Okay, I see. So basically it's a lot like having your own
personal blockchain that you share with people
and where you basically cryptographically encode parts of your updates
so they're only readable for some people.
So can you talk a little bit about the role that public service plays?
So basically the pub service that when you log into the
network and you connect to it, you can get an invite from a pub server. So can you talk a little bit
about that? The pub servers only really exist to create, to make it possible to connect to the network.
It's kind of wrong to say log in because when you say, so the terms we have left over from,
you know, that we're used to using on the internet like account and.
log in and like logging in is like you know you go into a you check into a hotel and they write
your name in a book and um account is like you join a club and they write your name down and in a book
and that kind of concept really isn't um doesn't really apply in the skittled butt world it's more
like you just create an identity and once you've created an identity um you are um other people can
have relationships with you. So the role of the pub is really, in an ideal world, we wouldn't
even need pubs. It's just because of this shortage of IP addresses. And because your computer,
you know, like I have friends here, I'm in Europe right now. My friends are in New Zealand
tend to be asleep now while I'm awake and then awake when I'm asleep. So there's only a small
gap when we might both be online. But if there's a server that follows me, it will get my
messages and then give them to my friends. So in a way, if the network were dense enough,
you wouldn't need those servers, right? Correct. Yeah. Yeah. And if all the servers went away,
if, you know, like some kind of like, you know, zombie apocalypse took out all the data
sensors and all the national level infrastructure.
Scuttlebutt would still work as long as we had like solar panels and like local to run our
laptops and local Wi-Fi.
And we just like, you know, we could like put SD cards onto migrating birds or something
like that.
And that would actually work.
Couldn't we, couldn't Scuttlebut utilize sort of similar architecture to BitTorrent to
reduce its dependency on these servers?
With, yes.
So BitThorrent has this Dht thing.
You could do that,
but the problem with a Dhty is you still need to have,
to make a proper peer connection.
You basically need to do this trick where it's called hole punching.
Without getting stuck in the weeds,
it's more like being set up on a date
than by just like, than just making a phone call.
so you need to have an introducer that is a third part a third power that you connect that connects you
and then once you've connected then you can talk directly right this is what the torrent trackers
fulfill as a role i suppose do you still need to have some sort of a yeah essential point
of trust which introduces the at least the first initial peers yes for discovery and then okay
Yeah, so you'd still need to have something like PubS servers for that anyway.
And you like, I think, so basically I use a Pub Server design so that there would be,
because it's like there's just enough reason for people to, who are like, you know, good at computers to be able to run a pub server.
It's not really that much effort.
You know, lots of people have like developers and computer people and stuff like this.
really have a server that they pay for and they run a website off it or something like this.
And you could put the pub server on that.
And that's enough to like act as an introducer to your friends.
So this is the plate.
We haven't actually got around to implementing this like fully peer-to-peer thing.
But the idea was that it's enough that people will want to run the pubs and then they can act as
introduces.
And then you've got a full peer-to-peer thing.
And as long as one of your friends has a server.
then it should you'll be fine but it doesn't really matter if more than one or you know more than more than
more than more than one do great but it doesn't really matter and this means that the requirement of
of like the server being up all the time is actually very low so contrast that with like email like
if your email server goes down and someone tries to send you an email then they'll just get a message
back saying it didn't work in scuttlebar if the super super
if the pub that we were going to communicate through is down at the time,
it just,
it's still,
you just post a message of your log.
It will get,
when the server comes back up,
it will receive the message then.
So it's just like you don't need to worry about.
But just everything works smoothly,
even if there's,
um,
offline to,
yeah,
one fun anecdote is one time my friend Yoran was on an airplane and he was
browsing Scuttlebutt and,
um,
completely offline.
It was just like his local database.
And the person sitting next to him is,
like, how come you have the internet when like no one else has? And he's like, oh, well, I'm actually
not on the internet. Let me explain. So we explained Skittled But it turns out this guy was
some electrical engineer from the South African Antarctic base. So they had like, you know, not very much
or very, they probably have some kind of satellite thing. But basically, they have a lot of
Derwin's debt in Antarctica.
And, yeah, it's got work great.
So how many users are there?
How many connections do they have on average?
And have you done any percolation theory on the graph to see how long messages would actually
take to percolate the network to outliers, say the South African and Arctic base?
Or have you done any data science on this at all?
Not really.
I mean, there's so much things to do, just like using the thing.
Usually, like, there's certainly many cases where we're having a conversation with someone
and messages get through pretty quick, like fast enough.
Sometimes, you know, if you're offline, I mean, the message could, if you're writing them offline,
message could be delayed for an arbitrary amount of time, depending on how long it takes to get online.
Once you're sort of connected in the community group, it's,
pretty fast.
So the protocol is kind of designed so I can't know too much
about who's using it.
We do know there's, we can see like 10,000-ish.
I haven't really looked, but Andre looked recently.
He's building the Android app, like 10,000-ish identities in the network.
There could be more people.
people who had installed it, but haven't connected to the network.
And then there's, you know, like a small but very vibrant community of people that's like
300 that are like still regularly using it.
So we didn't, we didn't put any kind of like notification or something to pull people back.
So people that are still in the, you know, community that are there because they've made
friends and they're coming back actively to check and participate in discussions.
Yeah, I looked into this a little bit yesterday when I did my research for this episode
and it seems to be a super friendly community,
very unexpected when you're usually on Twitter.
So I have one last question for the protocol.
So there's no cost to broadcasting, right?
So basically I can give you, as my friend,
I can give you an arbitrarily long list of messages
that I would like to see passed out into the world.
Do you see any kind of attack that would use this property
that basically as my friend,
you're kind of obliged to take on my gossip,
no matter whether it's relevant
or whether it's wood-aline abuse or whether it's abuse.
You're not really obliged because you're free to change your mind.
That's one of the sort of philosophical design ideas behind Skadolbert
is everything is voluntary.
So if you don't want to do something,
if you don't want to connect to a particular peer
or relay particular pairs messages,
you can always get out of that.
It doesn't, like other things like a Dht only really work
if you sort of interact with everyone uniformly.
There's no way to choose which peers you want to interact with.
You can't make any value judgments in a blockchain.
And Scuddlewit, you could always make value judgments.
So if you did make a map, like an unreasonably long log,
I would just block you.
Okay, so if I were to DOS the network, I'd just be blocked by all my friends,
and I'd have no friends left.
Okay, cool, that makes sense. Cool.
Yeah.
With regards to interests and topics and things that people are using the Scuttlebutt for,
when you download password and you saw it and you get to a pub server,
there's all these topics sort of like hashtags, which are quite diverse,
and there's like all kinds of different topics.
So could you talk about how those were?
work and this community of people that are there, what are some of the dominant communities
and themes that are being discussed on Skuttlebutt in sort of the open forums?
There's sort of a kind of variety of things.
There's definitely people that have privacy and decentralization interests, but there's
also like I think there's an unreasonable amount of people that are living in cabins in the
or in boats or something like that.
There's a lot of people talking about stuff like that.
There's this whole solar punk idea.
Are you familiar with this too?
A little bit.
Yeah, I think someone mentioned it on the podcast before.
Can you give a brief explanation for me though?
Yeah, so solar punk is the hopeful genre of scientific that we,
of science fiction that we have been waiting for.
So basically it's like, so we have cyberpunk, which is like dystopian, with computers and VR,
and it's steampunk, which is like this historical fantasy where like Victorian stuff just continued.
But solar punk is like, it's a optimistic future maybe in a hundred years or something like this,
where humans now live in, that's still high tech, but now they live in harmony with nature.
we someone
Zach came on
Skittle button is like oh is anyone heard of this
this genre of science fiction
I really like it
and we suddenly all got really excited
and we're just like we are solo punks
like this is what we're trying to do
and interestingly it can be sort of
it can be traced back to a particular
tumb post where someone just sort of describes
an aesthetic so there's lots of ways of
you know there's lots of people who are concerned about
climate change and the environment and things like that.
But Solar Punk is like this vision of like what the world would be like if we solve all these
problems.
And I think that's really important because just thinking about the problem of, you know,
the impending climate collapse that we're causing is like way too depressing.
Yeah, I would invite our listeners to Google.
solar punk. It never rains in solar punk land. Well, I think, no, it definitely rains.
But there's a lot of rainbows. Yeah. Yes. This episode of Epicenter is brought to you by Microsoft
and the Azure blockchain workbench. Getting your blockchain from the whiteboard to production
can be a big undertaking. And something as simple as connecting your blockchain to IoT devices
or existing ERP systems is a project in itself. Well, the folks at Microsoft had you covered.
You already know about the Azure blockchain workbench and how easy it makes bootstress.
your blockchain network pre-configured with all the cloud services you need for your enterprise app.
Their new development kit is the IFTTT for blockchains. Suppose you want to collect data from
someone in a remote location via SMS and half that data packaged in a transaction for your HyperLedger Fabric blockchain.
The development kit allows you to build this integration in just a few steps in a simple drag-and-drop interface.
Here's another great example. Perhaps you're an institution working with Ethereum and rely on CSV files sent by email.
One click in the Devkit and you can parse these files and have the data embedded in transactions.
Whatever you're working with, the Devkit can read, transform, and act on the data.
To learn more and to build your first application in less than 30 minutes,
visit aka.m.m.s. slash Epicenter.
And be sure to follow them on Twitter at MSFT blockchain.
We'd like to thank Microsoft and Azure for their supportive Epicenter.
Moving on to another topic that I really wanted to talk to you about.
about is this idea of centralization versus decentralization. You gave a talk, I think it was earlier this
year or maybe last year. Last year. Last year at the decentralized web summit where you sort of redefine
the idea of decentralization. I thought it was interesting from the point of view that
decentralization is sort of the opposite of centralization. And everybody in the blockchain space
I think it's like striving or trying to reach the goal of like building more decentralized systems
when it's just sort of the opposite of something else.
And you made the argument that it would be much better for the for the communities
working on this stuff to try to actually define sort of in a positive way what they're trying
to achieve.
Rather than like the opposite of decentralization, like what's the positive version of that?
So describe in your words what it is that projects like Secure Skellibut and maybe some other
sort of blockchain projects with similar goals are trying to achieve and how we should maybe use
that when educating people about like the benefits of this.
Yeah, well, I think the thing about centralization is it's centralization describes a structure
like a pyramid or a star where there's like one thing in the center that's in control
and a bunch of things outside of that.
And decentralization, presumably, is anything but that.
And that includes a lot of different things.
So you could have a, you know, all of the nodes in circle,
and then everyone is connected to everyone.
That's kind of like how a Dhty works.
And that has a sort of a uniform structure
where all the nodes are strictly equal.
And then you could have like a grid or like a lattice,
structure. So there's actually networks that do have that shape. So cell phone towers are
actually arranged in a hexagonal lattice. And you can imagine mesh networks, stuff like this,
laid out in some kind of more hazard version of that kind of structure. Scuttlebutt, because it is
based on the idea of a social network, it's actually not quite a uniform.
mesh because some people have a lot of friends and other people have fewer friends.
There's like a range of things.
So this is called a small world or a scale-free network.
And this has some interesting properties.
And, you know, there's actually a lot of things that behave like this.
So but particular interest is human relationships.
So you probably heard of this six degrees of Kevin Bacon.
so the idea is that every
Kevin Bacon has been in so many movies
that you have been in film
with someone who has been
you've been in a film with Kevin Bacon
or you've been in a film with someone who's been in film
with Kevin Bacon or someone who has been in a film
with Kevin Bacon and so on
and it's actually like quite
surprisingly short path
from any particular person to Kevin Bacon
there's nothing really special about Kevin Bacon
just that he has been in a lot of movies
there's apart from anyone to everyone
quite often through Kevin Bacon
because of all the movies he's been in
and this is kind of like
you get this kind of thing through
like celebrities
basically so
celebrities have a lot
know a lot of people
and known by a lot of people
and this makes
celebrities like a little bit centralized
but I think it's
okay
because
first of all, they don't completely control who, like they can't force anyone to like them.
They have to, they are, people don't like them because they do good stuff.
Like they're funny or, you know, they make great music or something, or make music that people enjoy, etc.
And if they still really starts doing stuff that you don't like, then you can stop liking them and then they start to lose their power.
So it's kind of a bottom up thing where, you know, there are some.
points that have more power, but they're not, they don't have absolute power.
Maybe Kevin Bacon should have a scalable pub server.
Yeah, sure.
Yeah.
So what are the, in your view, like the problems with centralized systems?
So I think maybe to preface this, we could talk about it in the context of this
trilemma between scalability, security, and user experience.
And, you know, where do the, where do the problems start to immer?
merge when all of those properties kind of erode.
And where does Scuttlebutt sit on that triangle?
Well, Scuttlebutt is high, it's like highly,
but it's scalable and secure and as good a user experience as it can
handle. I think these kinds of
Traylemas are like not necessarily
like there are some designs that are just better than other designs.
So you can have, if you have a really good design, you can have
more than your share of all three. A really bad design will be stuck out
in one corner. So we're sort of
somewhere in the middle, you know, some things that would make it perhaps a better use
experience as if it like did all those things.
but didn't use any data on your phone at all,
or didn't use any storage.
And of course, that's not realistic.
For me, I think the most important thing is
who is, like, in control of the system.
Like, are you able, if you have a problem,
are you able to make some deliberate choice?
It does something to improve your situation.
So, like, if there's something that you don't like,
can you make a decision about it?
So for example, the email app on my phone from Google has these suggestions of like,
someone sends a message and be like, you can say one of these canned things.
And I really wish this would go away because like I feel that it would be like the height
of insusory to just push a button and send someone a canned message rather than type out
what I actually think.
really, it's like it's convenient, but I don't actually want convenience.
Like I want to write a, when I write a message to my friend, I actually want to write it.
But often, often the messages that Google kind of gives you, they are sound bites of things you regularly write.
So things like, sure, let's do that.
So, you know, like, that works for me.
Or, you know, something that is, you know, like, that is approving in some way.
I don't ever get one's way
that say,
this doesn't work for me or let's do it another way,
presumably because I don't write that as often.
And why would you see it as insincere to press
or to complete and just send it off like that?
Because, I mean, it just, in a way, you could also just do a thumbs up, right?
Yeah, so if, but if someone actually typed a thumbs up,
I know how much effort they put in,
if they push the button, it looks like they put in more effort than they really did.
So if it said, if they pushed the button and it said order a complete message from Google,
then I would know that they just pushed one button.
So there's in this case where it used to say like sent from my iPhone,
that actually helps because if someone puts like a really short, awkward message that's like badly typed,
it's like, okay, they send it on a phone so that's acceptable.
if they push a thing that just says like that's the canned message,
it's like, oh, you didn't really, you know,
it's about estimating how much effort someone put in.
And I feel that is like the essence of, you know,
to show someone respect when you're talking to them over, you know,
if I text, it's like you need to tell how much,
how much effort they've put in to writing that message to you.
And just pushing a button very little, very little.
effort. And so I'm kind of terrified every time I see that, that I use one inappropriately,
especially if it's something like this totally visitor where it's like the experience,
the things are like the opposite of what I actually want to say. And like that I'm terrified
of like hitting one by accident. But the place where this is relevant to Skittledbutt is like,
this is like these things are like, like Google has spent all of these, all of this effort,
analyzing what people, they're probably doing things like testing if people push the buttons
and keeping track of that and stuff like that. But they didn't actually ask me what I wanted.
They are just studying me. So I don't really feel, like if they actually asked me and respond to
that, then I would feel like I had some influence. Okay. So you just, you don't just want to be
A, B tested. Yeah, I don't want to A B tested. I want to be able to choose A or B. That would feel like,
that would, I think that would be a better user experience. That would give me a feeling of
autonomy. Instead I feel like an animal that's being like hurted. They could do an AB test where,
you know, a group of the people, they're just asked instead of, you know, being randomly assigned
and so basically a meta-ab test, whether people actually like AB testing. Yeah, I think that would
be interesting. Let's go back to the topic of centralization versus decentralization. I think it's a
hallmark of human nature that you think the time that you live in is special in some way, right?
Oh, yeah.
It feels like over the past, say, 50 years or maybe 30 years, things have become enormously centralized.
So if you look at the amount of data that, for instance, Google or Facebook or Twitter actually amass, it's enormous, right?
So do you actually think that this is some sort of a special point in history where we have to choose the right path?
Or do you think that, you know, this just seems like it right now?
Or maybe it doesn't seem like that to you at all.
Yes.
Well, I think, yeah, I think I do.
In particular, so there's something like, so like cryptography is actually.
very, like modern cryptography, it's very new. Like computer science has existed since the,
okay, computers have only existed since the 50s, but computer sciences exist a little bit longer
than that. Let's see the 30s or something like that. But, um,
modern cryptography, um, so both hashes and signatures have only existed since the 70s. Um,
and we're only just beginning to figure out how you can build things using,
cryptography.
Without
cryptography, without
like, so for a long,
the first, like,
massively deployed cryptography was
TLS. So this lets
you connect to
a server and then do
a secure connection so that
this means that no one else can see your credit card
number and that you can log into
websites with a password without anyone seeing that.
Without this, it would be basically impossible
to do commerce over the internet.
it would just be too insecure to really to buy or sell things or like, you know,
I own an interaction control thing.
And that's really just getting started.
That's just like the simplest possible thing.
They're basically taking like an insecure network and securing it.
And there's so many more things that you can build using by, so basically,
secure, all the other, all the recent things, I call it cipher space.
So cypherspace, so cyberspace is the space created by signals.
So that's like the ordinary internet.
Cipherspace is the space created by algorithms.
Cipher means like algorithm or code.
In cipherspace, the security isn't in the network.
The security is in the data.
So the database is secured and the information inside it is secure.
And we're just totally beginning to experiment with how you can.
build things like this.
There's a few
example,
like all of these examples,
so Git,
blockchain,
SSB,
IPFS,
data,
are like,
you know,
it's just basically,
we're just experimenting.
It's a totally different approach
with lots of different,
with different approaches.
I think the thing is,
as well,
is I think potentially,
like,
there's all of these,
you know,
there's this like cyber war thing.
And like,
computers as they are,
are so terribly insecure that we need, we just need something.
There's so many problems to fix.
So currently you have all these, you know, like states, governments,
having hackers like hack each other and collect all these vulnerabilities
and they're just sort of hoarding them.
And the funny thing is they don't really use them very often
because if you use them, so zero day is only useful if no one knows about it,
no one else knows about it.
So if you have no vulnerability and you use it,
you'll reveal that you know that.
And then if someone else does know that vulnerability,
now they'll know that you knew it.
And so they will better estimate
how many other things you must know about
if you will willing to burn that one.
So they're just like hoarding these vulnerabilities.
But it's like, so it's kind of like an arms race.
But you could have a defensive,
Sorry, so this just all goes away if you actually had a secret,
if you actually had a secure system.
So, you know the fairy tale of the three little pigs?
So there's three pigs and one builds a straw house,
one builds a stick house, one builds a brick house.
And the wolf just comes along and he just blows the straw house over
and blows the stick house over.
And that's kind of like how most computer systems we have today
are like all operating systems and stuff like this.
Like you just have to, when you attack it,
attacking sounds actually misleadingly violent because you don't actually attack it.
Like you don't attack it like you might attack a person with like a blunt object.
You attack a computer by just asking it to attack itself.
And you just have to find exactly the right way to trick to like to trick it to like falling apart.
And the third little pig has a brick house.
And this is like a sturdy house that can't be blown.
we could build this brick house if we had using like cryptography and
into encryption and secure sandboxing and stuff like I definitely think this the
brick house software is possible it's just needs more people working on it we just need to
rewrite everything we're doing and start again from scratch basically but I think it can
probably be I think it can be done and I think it would be better that we do that than
be hoarding these
that had continued to have
insecure computer systems
we just need to sort of
approach this in a way
where
you start you have to just find a niche
that really needs this and then
get it working well enough
and then expand out to other things
so to follow up on that question
you know revolutions have been around
since the dawn of time
and people have been you know fighting
against concentration of power and centralization of power since forever.
And there are so these waves, right?
So, you know, the French Revolution was one.
I wonder if at our particular point in existence and at the dawn of what some people might
call the technological singularity, if we as a society might cross a point where it is no longer
possible to revolt against centralized systems.
Because once state powers or concentrate enough power and enough technology for mass surveillance,
just look at China, for example, it's very hard for people there to revolt.
We kind of see it there a little bit.
It's very hard for people there to revolt because of the fact that these technologies exist
and they're so powerful in serving the interests of the interests of the same.
state itself. So I wonder if you think that if this is if this is true that at some point we
arrive as a society at a point where going back is no longer an option. Like we get to a point
of no return with regards to our personal sovereignty and sort of like protection of our privacy
and data, etc. Well, I think the thing that's the force that's on the side of decentralization
is that innovation is always anti-authoritarian.
Like it's need to have good ideas and like try different things.
You need, like people don't like that.
If you're trying to do, if you, because you find a different better way of doing something.
So if you want to be more innovative, you have to be, you have to allow people freedom.
So like the, I think it's no mistake that.
the, you know, Silicon Valley grew out of San Francisco, which was also the, like, center of the, like,
um, like hippie movement and that you can read a book about like the sort of 70s and 80s,
even like, um, like government funded research from, um, Stanford, uh, AI laboratory and, um, the NLS online,
uh, the, but did I get?
Burr Bart and stuff like this.
Well, those people are all totally taking LSD with the hippies.
And that was like where a lot of their stuff came from.
And I think, you know, we talk about like China being authoritarian.
But I think that if China is going to grow, grow in power and if people, if China is going
going to start designing new stuff rather than just then having the like design in California
built in China, China is actually going to have to become, it will become more real.
acts and they have already they've got like Hong Kong which is like a special area
which has different roles where the like finance happens and you know there isn't the same
sort of stuff so I think basically that freedom is essential to innovation but you need to
like that's why you know you get your best work done when the boss is on holiday and to build
things you know like the skunk works like that spy plane right the
that big, you know, Batman spike line thing.
Like that was built, to build that, they had to get all the engineers and put them in
the skunk works, which is like a secret unit that is free from managerial interference.
So working on new ideas in secret where people can't interfere can actually be,
like essential to like having good ideas.
I see.
So freedom is,
essential for innovation. That kind of leads me to my almost last question. How are you guys
funded? Because basically you need you need to have some sort of funding in order to have the
freedom to innovate, right? Yeah. So there's like a bunch of things. So it started out with just
I was just like working on it at my on time. I had by living on a boat, I mean I didn't have to pay
rent, so my living costs were greatly reduced. Right now I have a side job where I do security
audits through least authority. This is like a really good, this is like the perfect
side job because I also keep current in how everything else works, so auditing lots of
blockchain things and stuff like that. So I get to see what everyone else is doing. There's
companies that are emerging and building things on Skiddlebut,
this verse thing,
they actually raised venture capital in a building an iOS app.
They are funding some developers.
We received a grant from DFINITY,
who another interesting blockchain thing
that I'm sure you've done a podcast about.
They just gave us $2,000.
for no reason, basically, because they wanted to support us,
but they didn't ask for anything.
And we just, you know, we just broke this up into little grants
and shared it with the community.
I generally try to encourage anyone who wants to build something on Skodlbutt,
and, you know, this is sort of more of an ecosystem approach.
I think it's more interesting because I don't want there to be like a single company
that owns
Scottelbert,
I would much rather
a network of companies
that,
because I don't really trust
anyone company,
even if they say
they have good intentions,
then, you know,
people change,
especially when money is involved.
And then,
but if there's a whole bunch of companies,
they'll keep each other honest.
Like, for example, the web itself,
like the web as protocol and web browsers,
if you want to change the web browser,
you have to get,
Microsoft, Google,
Fia, Mozilla,
and Apple on board,
and because they are mutually suspicious
of each other, have
competing agendas,
then one of them doesn't have the power
to mess it up and take over the whole thing.
Even if they have a larger
significant share like Google or something like this,
they can't really control what happens.
And the web
doesn't mean that the web is the saviour
of everything, but I think that's
basically it gives us a model for how things can work.
So I think a couple more, so at the moment it's kind of a problem that there's just one
company with a lot of money, but I think there's, but they haven't really missed, they haven't,
they're still just getting started.
So there's totally room for like more things like that to appear.
And I think the most interesting thing we're doing, though, is, you know, open source doesn't
really, doesn't really work that well with money. Like, it's just open source is such a different
thing. Like, money doesn't really, for example, we've received, like, some money from just, like,
small, like, regular people's donations and quite a, quite a lot compared to, you know, we've raised
like a few thousand dollars from just people donating, like, $5 a month. And that's actually pretty,
that's actually pretty good as things go. But those same people who are donating a small amount of
money, you're actually donating multiple hours of their time to like answering people's
questions and things like that. And that time is worth way more, I think, than the money
that I've been donating. So I'm interested in a thing where we basically have some kind of system,
like a little bit of a system to coordinate just people's volunteer labor. So imagine something like
Kickstarter or Open Collective, which does recurring donations. But instead of donating,
money, you're donating time.
The thing that I really like about the internet is how everything's free.
And so much sort of, like, say, Wikipedia was all entirely created by just like volunteers.
And if we can build a thing where you don't even need the infrastructure, then I think you
could build a thing, even big, impressive things without actually using money at all.
So, you know, to write software, all I need, I really have a laptop.
and it only costs a few hundred dollars.
Then I just need coffee and somewhere to sleep,
like the actual, like, you know, the means of production,
I really control it.
So it's just about organizing,
it's just about organizing the labor.
So where can people learn more about secure Skullbutt and start using it?
And where would you recommend people go to?
The best place to learn about Skidlbutt is the,
There's on Scuttlebutt.
We also have a website, which might be a good more accessible place.
So scuttlebutt.nZ.
There's also a bunch of all the repos are on GitHub under the SSBC.
That stands for Secure ScuddleBat Consortium.
The consortium part is a joke.
And so from there, then they can download patchwork or this,
this Android client that we mentioned a bit earlier.
The Android client you can install from the App Store.
I don't actually personally maintain either.
There's also another client with checking out called Patch Bay.
That's currently the most actively maintained and has interesting features such as
that as chess.
You can play decentralized chess.
It's actually popular.
Cool.
That sounds wonderful.
Dominic, thank you for coming on the show today.
It was fascinating to learn about Skuttlebutt, and I'll definitely keep using.
In fact, there's one friend of mine who refuses to use any social media or even, you know, secure messaging.
And I think the only way to reach him is probably through Skuttlebutt.
That's great.
All right.
Thanks again for coming on and have a good time in Berlin.
Cool.
Thanks for much.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify,
YouTube, SoundCloud, or wherever you listen to podcasts.
And if you have a Google Home or Alexa device,
you can tell it to listen to the latest episode of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places
where you can watch and listen.
And while you're there, be sure to sign up for the newsletter,
so you get new episodes in your inbox as they're released.
If you want to interact with us, the guest or other podcast listeners,
you can follow us on Twitter.
And please leave us a review on iTunes.
It helps people find the show, and we're always happy to read them.
So thanks so much.
We look forward to being back next week.