Closed dcposch closed 5 years ago
retrohacker
commented
5 years ago Heya, coming back after a long hiatus today and saw this message.
I think the biggest thing for me is identity management. I keep losing my keys (upgrading laptops, doing fresh installs, etc) and it isn't clear how I should be backing them up :thinking:
I'm going to be starting my 4th identity now. First classing "backup your identity" may be useful? Maybe this already exists and I'm ignorant of it?
dcposch
commented
5 years ago @retrohacker as far as I understand, the only good way to solve this requires multi-writer support in the underlying protocol. in other words, the underlying protocol must be OK with two devices that come online independently of each other to both post to the same scuttlebutt feed.
You install & start using Patchwork. You download Manyverse. (Side note: ideally we want consistent branding across interfaces and the underlying protocol. Signal used to be "TextSecure" for SMS, "RedPhone" for calls, and "Axolotl" for the underlying E2E protocol. Only nerds understood this--a journalist who just wants secure comms would get confused. So they fixed the problem: it's now "Signal", "Signal" and "Signal Protocol". We currently have a thing called "Patchwork", "Patchbay", "Manyverse" and "Secure Scuttlebutt" lol--probably a good time to consolidate and clarify!)
Anyway: you go to Patchwork > Profile > Add Phone. It shows a QR code. You scan it with Manyverse. Welcome, DC!
Your phone shows latest posts immediately, starts connecting to pubs and syncing deeper history in the background.
You get a new computer. You install Patchwork, go to Profile (empty profile...) > Add Phone. You scan this new QR code. Phone prompts, "Add DCs-Macbook to your account?". You click yes. Computer profile page changes from empty to my own, posts start syncing in background.
The QR code contains peer information. This allows the phone to connect to the computer as a local peer. Then:
AccountInfo comprises pubs and secret keys. The secret keys
Post initialization, the two devices do not talk to each other except as normal SSB peers--they just talk to some of the same pubs, authenticated as the same user.
This is a rough draft. In the ideal case, secret keys are ephemeral and never shared across devices. Achieving that requires fancier setups, and you generally lose the ability to read old PMs on the new device. However, I think the implementation described probably offers enough security for our needs, and might solve the issue that @retrohacker pointed out.
black-puppydog
commented
5 years ago I note that you both completely side-tracked the discussion from "measure and reduce churn" to "change protocol+client to support multi device". I'll be answering to the churn, but you might want to check out #same-as on ssb and probably here, too. TL;DR: it's hard, because if two devices are supposed to post to the same feed, but cannot see each other, they can't safely agree on successive post numbers and/or a unique, strictly ordered, hash chain. This would be great, and it's a super interesting topic, but it would also be a huge change to ssb, and it's off topic in this issue. :)
Regarding churn: if we wanted to measure something, I'd argue it would have to be opt-in, not opt-out. After opt-in however, we could even just generate a randint64 and use that for pinging. There might be further steps to reduce the possibility of correlation problems, like adding random timedeltas to the ping timestamps. Anyway, I think if done properly, this can be done with very minimal privacy implications, and still be effective. I'd sure be interested in the outcome.
stale[bot]
commented
5 years ago Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
Patchwork has made amazing progress. The nux is still rough, syncing is still slow, and there's still a few bugs (I create a new Gathering, I can't interact with it in any way until I hard quit and restart Patchwork). But it much faster and more stable than last time--getting better!
Sadly, we have already lost a number of users, including users who are smart, technical, and care about decentralization. They downloaded Patchwork, took it for a spin, then stopped using it.
Those users include @jondashkyle, @pfrazee, arcalinea, @feross, substack, etc, etc, and, until yesterday, myself. (I hadn't opened Patchwork in ~6mo). I visit those pages and see last activity > 1 year ago, which is a bummer. Pretty much everyone's still active on Twitter.
Goal 1: measure churn
I don't know if Patchwork currently has any growth metrics. How many people ever run the installer? How many of those people manage to join a pub? How many make it thru the (long!) sync process? How many ever make a post of their own? How many are still users on day 2 / week 2 / month 2?
Those numbers are critical--the centrally controlled, ad-monetized services we're up against track them religiously.
Those services also track every click and page view. We don't need to be nearly as intrusive, but a basic ping (user with pubkey X has run the app / has made a post) would go a long way. It can even be opt-out at install time.
Side note: this is roughly the same level of tracking that Signal uses. No metadata is collected (due to org policy), no contents can possibly be collected (due to e2e encryption). Open Whisper Systems only stores {phone number, pubkeys, date created, date of last sync}. Just enough for accurate DAU/MAU/churn metrics & no more.
Goal 2: reduce churn
TBD depending on the results of measurement. Where in the funnel are people dropping off?
I suspect that speed is a main factor. If we could wave a wand and make Patchwork load instantly and reliably, I bet we'd have higher retention.
Stretch goal: reverse churn
Some of the most active contributors to the decentralized world--the people listed above, Devine and Rekka, etc-- have tried SSB and moved on. Now that the obvious bugs are mostly fixed, how do we start getting people to give Patchwork a second look?