diff options
| -rw-r--r-- | wiki/gossamer/index.md | 5 | ||||
| -rw-r--r-- | wiki/gossamer/mistakes.md | 65 |
2 files changed, 69 insertions, 1 deletions
diff --git a/wiki/gossamer/index.md b/wiki/gossamer/index.md index 2f64e7c..2f5055b 100644 --- a/wiki/gossamer/index.md +++ b/wiki/gossamer/index.md @@ -22,7 +22,10 @@ into the Gossamer network. Gossamer does not exist, but if it did, the following notes describe what it might look like, and the factors to consider when implementing Gossamer as -software. +software. I have made [mistakes](mistakes) while writing it; I have not +rushed to build it specifically because Twitter, Gossamer's model, is so +deeply woven into so many peoples' lives. A successor must make fewer +mistakes, not merely different mistakes, and certainly not more mistakes. The following is loosely inspired by [Rumor Monger](http://www.mememotes.com/meme_motes/2005/02/rumor_monger.html), at diff --git a/wiki/gossamer/mistakes.md b/wiki/gossamer/mistakes.md new file mode 100644 index 0000000..bb006db --- /dev/null +++ b/wiki/gossamer/mistakes.md @@ -0,0 +1,65 @@ +# Design Mistakes + +## Protected Feeds? Who Needs Those? + +Gossamer's design does not carry forward an important Twitter feature: the +protected feed. In brief, protected feeds allow people to be choosy about who +reads their status updates, without necessarily having to pick and choose who +gets to read them on a message by message basis. + +This is an important privacy control for people who wish to engage with +people they know without necessarily disclosing their whereabouts and +activities to the world at large. In particular, it's important to vulnerable +people because it allows them to create their own safe spaces. + +Protected feeds are not mere technology, either. Protected feeds carry with +them social expectations: Twitter clients often either refuse to copy text +from a protected feed, or present a warning when the user tries to copy text, +which acts as a very cheap and, apparently, quite effective brake on the +casual re-sharing that Twitter encourages for public feeds. + +## DDOS As A Service + +Gossamer's network protocol converges towards a total graph, where every node +knows how to connect to every other node, and new information (new posts) +rapidly push out to every single node. + +If you've ever been privy to the Twitter "firehose" feed, you'll understand +why this is a drastic mistake. Even a moderately successful social network +sees on the order of millions of messages a day. Delivering _all_ of this +directly to _every_ node _all_ of the time would rapidly drown users in +bandwidth charges and render their internet connections completely unusable. + +Gossamer's design also has no concept of "quiet" periods: every fifteen to +thirty seconds, rain or shine, every node is supposed to wake up and exchange +data with some other node, regardless of how long it's been since either node +in the exchange has seen new data. This very effectively ensures that +Gossamer will continue to flood nodes with traffic at all times; the only way +to halt the flood is to shut off the Gossamer client. + +## Passive Nodes Matter + +It's impractical to run an inbound data service on a mobile device. Mobile +devices are, by and large, not addressable or reachable by the internet at +large. + +Mobile devices also provide a huge proportion of Twitter's content: the +ability to rapidly post photos, location tags, and short text while away from +desks, laptops, and formal internet connections is a huge boon for ad-hoc +social organization. You can invite someone to the pub from your phone, from +in front of the pub. + +(This interacts ... poorly with the DDOS point, above.) + +## Traffic Analysis + +When a user enters a new status update or sends a new private message, their +Gossamer node immediately forwards it to at least one other node to inject it +into the network. This makes unencrypted Gossamer relatively vulnerable to +traffic analysis for correlating Gossamer identities with human beings. + +Someone at a network "pinch point" -- an ISP, or a coffee shop wifi router -- +can monitor Gossamer traffic entering and exiting nodes on their network and +easily identify which nodes originated which messages, and thus which nodes +have access to which identities. This seriously compromises the effectiveness +of Gossamer's decentralized, self-certifying identities. |