Comment by SpaghettiCthulu
2 years ago
Genuine question: Does Tor fall under the definition of federation? Either way, a Tor-like model would have security benefits over a centralized system like Signal, right?
2 years ago
Genuine question: Does Tor fall under the definition of federation? Either way, a Tor-like model would have security benefits over a centralized system like Signal, right?
Tor is distributed, not federated. And it has drawbacks, like high latency and a lack of a centralized system for human-friendly names (because that would mean a system like DNS, which is centralized). As far as security goes, there's probably little benefit. E2EE doesn't get more secure because there's more encryption.
The most comparable system to Tor that has practical properties I can think of is maybe ipfs, but nobody will store your encrypted chat blobs for you out of the goodness of their hearts. Ipfs also tends to have high latency. A slow system of uncooperative nodes isn't what you want your messaging app built on.
A federated messaging system looks a lot more like Matrix. The obvious problems are that splitting users up over multiple nodes mean encrypted data doesn't live on your instance, it lives everywhere the people are you chat with. Another problem is what you see with bsky, where identifiers come with a domain name (like an email).
IRC is also federated (sort of), and there's a long list of tired, age-old problems. The most common one is simple: different servers have different features, so you can't reliably "just use it" like you can with Signal.
Because code is law, centralized systems that grow bigger than the polity they started in are inherently problematic. See Facebook in Burma/Myanmar as one recent infamous example.
Some centralized systems. But I don't think there's any evidence to suggest that's universally true. Nor is the implication that non-centralized systems don't suffer from similar problems, or other problems which result in substantially bigger drawbacks.
1 reply →