Add Hubzilla (add new category for "distributed application ecosystems?)

Check this box to affirm you have no conflict of interest.

No conflict of interest or affiliation to Hubzilla

Website

https://hubzilla.org

Short description

Hubzilla is a distributed MIT-licensed application ecosystem service akin to Peergos. Like Peergos, there is a method for developers to create their own web applications (Pgos/Hubz), store and share files (Pgos/Hubz), social networks (Pgos/Hubz 1,2,3,4), and IMO most importantly, have a federated identity that can be cloned on multiple instances to handle the commonly cited concern of distributed apps of losing your account’s data, connections, or reputation (Pgos/Hubz).

While the functional goals seem to be well aligned there are some big differences I notice upfront. I’ll describe the differences of the two services in more detail in the why this should be added section.

Why I think this tool should be added

I asked this question around social media a few days ago as I believe that a lot of the existing alternatives are close to enabling a viable alternative to centralized social media, but the one critical part missing from decentralized platforms (and although less so, also missing from centralized platforms) is the ability to own your own information and time/effort you put into the posts you make in the public domain, without losing it if your Mastodon instance goes away, or you get banned from X or LinkedIn via censorship. I’m going to start by suggesting we should look at Peergos, which already exists in recommendations as cloud storage, and consider bundling it with Hubzilla if we do indeed end up adding it. The description above discusses what both Peergos and Hubzilla have in common, let’s talk about their differences:

Peergos is built on the libp2p which does a great job with open community-driven specs and MIT/Apache 2 licensed libraries. They utilize ipfs for storage which is built on the same libraries and have a very clear privacy-by-default, open spec-driven architecture. They also make using their paid service the default which is valuable as researchers like Moxie commonly suggests, “People don’t want to run their own servers, and never will”, yet still want privacy. But having the option to run my own server also boosts my faith in the potential adoption through zero-trust consumerism.

The tradeoffs are that Peergos is source-available vs permissively licensed which is great for bootstrapping such novel services as they’ll need investors to trust they can make money to fund the type of development that aims for converting people to a new way of thinking. However, there needs to be a valid permissive alternative that grows alongside a new market pioneer and ideally they form a symbiotic relationship.

Hubzilla is MIT licensed, has all the security options (though you are given the keys to do insecure and privacy-violating practices), offers a bunch of modules and similar to many Fediverse services leaves it up to you to find the inner motivation and drive to host your own server, do the marketing to push people to adopt, and so on and so forth…We know though that this is wishful thinking, but I do believe that this service provides a good political counterbalance to what many may be concerned about with a tool like Peergos and there will be different communities that form around both technologies that help the other out.

I have seen a couple more of these distributed ecosystem tools popping up and I think it is the direction we should be going to solve the cross server identity issues in distributed social networks, while also providing the beginnings of a web-of-trust layer. Maybe call these Distributed Application Ecosystems and move Peergos there instead of simply under cloud storage? There’s a lot more to that service than just storage.

These tools should be added because they fill a gap that killed fediverse social media adoption. These tools alone aren’t the nail in the coffin, but this tech sets up a market of many small companies to get some funding and make a more turnkey and simple privacy focused solution that builds on standards, and open software to drive adoption. These companies may themselves add in some basic nomadic identity capabilities by internally hosting a Hubzilla instance or providing compatibility with Peergos so more “normies” are incentivized to move to a private option with less lock-in, and more freedom of speech and not be hindered with the upfront challenge of “which server do I choose?” and lowers the attack surface for surveillance capitalism as we migrate off of centralized platforms.

Old Peergos tool suggestion thread for prior discussions.

Hubzilla Privacy and E2EE

Zot encryption in flight Help: Zot Protocol

Messages themselves may or may not be encrypted in transit, depending on the private nature of the messages. SSL (strongly encouraged) provides unconditional encryption of the data stream, however there is little point in encrypting public communications which have been designated as having unrestricted visibility. The encryption of data storage and so-called “end-to-end encryption” is outside the scope of zot. It is presumed that hub operators will take adequate safeguards to ensure the security of their data stores and these are functions of application and site integrity as opposed to protocol integrity.

Hubzilla e2ee possible Help: About

Additionally, messages may be created utilising “end-to-end encryption” which cannot be read by Hubzilla operators or ISPs or anybody who does not know the passcode.

This seems to be achievable through encrypting the storage, but is entirely optional for the Hubzilla Admin.

Recent thread on this very subject:
https://hubzilla.org/display/a45ca172-6de5-4ea3-bfd5-2ce46ccc25a3

Despite not having this baked in E2EE, I believe it would be worth it to have as an open and self-hosted alternative while providing the caveat that E2EE isn’t supported by default and maybe working on finding audited instances that do support it?

WDYT PG folks?

Section on Privacy Guides

Distributed Application Ecosystems

Thanks for sharing. Did not know about this. Will study this more.

If you’re curious what a Channel looks like, here: Scott M. Stolz - scott@authorship.studio

This can be a mixture of activity across a bunch of different Fediverse, Hubzilla, or other servers.

Thanks for sharing, @bitsondatadev One clarification is that we (Peergos) do not have investors, are not seeking them, and have refused them in the past. We don’t want any conflicts of interest to arise against our mission. We survive on subscriptions, donations and grants.

We are also open to parallel implementations in other languages that are not AGPL licenced, it is a protocol after all.

@ianopolous thank you for that clarification and apologies for the mksread of the situation. I hope it’s clear I’m not demonizing source available but this does set limitations on the community while safeguarding the code from oppotunistic capital.

I reallly believe it is healthiest to have both varients of communities that live in a synergistic relationship. The fact that you are not raising capital and have investors pushing monitization at every corner can even ease this relationship so this is great!

My main point is that there similar to a government, there needs to be a system of checks and balances in open source incentive structures where people feel safe adopting new technology, and having an alternative loke Hubzilla os a good way to do that.

One more small thing - though I don’t want to derail the discussion into discussing licenses (maybe start a new topic?). What limitations do you think come from AGPL? Anyone is free to take, modify and run it, and build companies on it as long as they release their source modifications to the public.

For checks and balances I think there are several effective options.
(1) Peergos LTD doesn’t own the copyright on the current peergos code, it is owned by the individual contributors. this defends against re-licensing against the communities interests, which is common.
(2) independent implementations

I’ll create a new topic shortly but first want to dig up any prior conversations around this. I know some exist.

Found some related topics, I’m going to post there and crosslink the topics once I write the initial revive topic and follow up with a response to this thread.

From here on, we should revert back to discussing the consideration of the new category (for lack of a better category “Distributed Application Ecosystems”) for Peergos, and for this thread considering adding Hubzilla to the mix. @ianopolous, does peergos and similar applications have a market “category” name yet?

Even if it’s still in the works as this is a relatively new software if marketers agree on the name then there will be money to drive adoption of that for the category. To be clear on other examples that I don’t think have privacy baked in are:

• FUTO’s ecosystem Harbor (web of trust) + Polycentric (social media) + FUBS App ecosystem
• Freenet ecosystem [Ghostkey] (web of trust) + Hyphanet (App ecosystem)
• GNUnet ecosystem (web of trust) + GNS GNU nameserver + re:ClaimID + Secushare social net

Blockchain ones:

• Holochain
• Ethereum
• I’m sure there are plenty of others

I haven’t seen much going on with FUTO lately, I was excited for Freenet/Hyphanet until I saw @jonah’s freenet review, and GNUnet still seems to suffer from hacker toolitis.

I’m less keen on adding blockchain due to the hype cycle confusion with cryptocurrency and the vulnerability this ecosystem places on people who don’t understand the tech yet - not to mention privacy is contingent on the network details and coupled with currency. I personally want currency and system resources as separate abstractions so that if one fails it doesn’t upend my entire existence.

This is ultimately to build an idea of the category I’m considering, it doesn’t just fit in cloud storage, distributed social media, web of trust, or alternate networks, but those aspects are kind of comingled in various ways.

Hubzilla seems to be promising as it integrates well into the Fediverse on many open protocols, Peergos is quite similar and both have my attention and esteem.

Replied to Ian’s licensing questions here. Please refer to that thread moving forward to continue the discussion on licensing.

UPDATE: There was a very long discussion that could be helpful to read over to get the various perspectives around licensing in the Privacy Guides community. I did my bust to summarize the takeaways from this conversation:

• Permissive licensing incentivizes sharing of ideas and deincentivizes big companies creating competing gamed permissive economies
• Copyleft licensing has a proven track record of deincentivizing big tech opportunism on open source and despite all the philisophical disparities of open source and copyrights, acknowledges the real world risks this imposes on sustainable open ecosystems.
• A mixture of both types of licensing that uses permissive licensing around the protocols and standards of the ecosystem abstractions that are necessary for interoperability and composability of systems and copyleft of implementations of these protocols draws on both licensing type strengths.
• You can’t mix GPLv2 licenses with Apache v2. It is like dropping gremlins into water.
• Users should be aware that the licensing and culture of a software project and its commercial equivalents shapes a lot of their freedoms, and having this cursory understanding can help you understand the incentive structures driving different technology that will future proof you, or cause you to do big painful migrations when a project folds or becomes the puppet of big tech.

@jonah, I know you had mentioned this before, do you have any considerations around the new topic or Hubzilla?