Centralistic


About proprietary and even non-proprietary messaging/chat/social platforms that use the one server fits all paradigm and why that doesn't work in many cases. PSYC already has the decentralization, but it is missing a whole lot of features, especially in the social network area.

That's the price for doing an open source system, especially when potential helpers aren't seeing the necessity for it yet. Or doubt the feasibility. It can be done, it's not even such a long way to go really, and people will switch, as they have switched from one system to another plenty of times before.((s))

If you find any information in here outdated, please edit it.

Optional read: Some observations from Mr. Nicholas Carr.
«At work and at home, people found they could use the Web to once again bypass established centers of control, whether corporate bureaucracies, government agencies, retailing empires, or media conglomerates. [...] As the disparate pages of the World Wide Web turn into the unified and programmable database of the World Wide Computer, moreover, a powerful new kind of control becomes possible. Programming, after all, is nothing if not a method of control. Even though the Internet still has no center, technically speaking, control can now be wielded, through software code, from anywhere. What’s different, in comparison to the physical world, is that acts of control become harder to detect and those wielding control more difficult to discern.» A Spider's Web.
«I think we’re at the early stages of a fundamental shift in the nature of computing, which is going from something that people and businesses had to supply locally, through their own machines and their own installed software, to much more of a utility model where a lot of the computer functions we depend on are supplied from big, central stations, big central utilities over the Internet.» the big switch to utility computing.

Update: The term cloud computing has risen, which relates to the virtues and problems of centralistic architectures. Some interesting thoughts on the topic in the Maya paper blog.

Contents

Technically

No message storage in absence

The most obvious and ridiculous function, several systems have a scalability/storage problem providing it. Whenever you want to leave a message for somebody, you have to switch to another medium like email or phone.

Limit on amount of contacts

bartman got a message on ICQ today, he has too many friends. Other systems have social limits, too. This does not reflect people's real lives. Humans have hundreds and thousands of people they like, even if they can't meet each other every week. You may not want to have presence information for each of these all the time, but you may want to stay in touch, and you may want to be able to browse through their friends-only bulletins. These relationships need to be finer grained than just friend or not friend. PSYC has a scheme how to get there, and no matter how, PSYC can handle the traffic (see Routing), other systems have a scalability problem on this topic.

No bulletins to all friends

The most popular function on friendster and myspace, a message to tell all friends what is happening in your life, has become essential in people's internet communications. Yet most systems consider this a form of abuse, even Jabber. No it is not! I can't talk to Casey Spooner every day, but I want to know when big things happen in his life, like a new album coming out or a gig in my hometown, and it is obvious he can't send a message to each person individually. Yes, you can do email newsletters for that, but they are too clumsy and email addresses have an expiry date due to SPAM. By the way, PSYC's bulletin function is called /shout, and we are looking into ways to extend it both in the way it travels and the type of data it can carry.

Problems due to heavy load

I remember the days when on ICQ sometimes a friend would sit down on the PC next to you but it would take 15 minutes until he showed up in your buddy list. The messenger tools have all dramatically improved on that, but the social network tools often make you suffer for every click you make. Wait and reload.

No interactive chat functions

The social network tools are better on the offline functions, but completely lack the real time event aspects, instead they bombard you with notification emails.

<lynX> I have a procmail rule which throws myspace notifications away after the subject line has been forwarded to my PSYC account by psycmail, so I get realtime myspace notifications in PSYC. Others have a harder time weeding out myspace spam.

Update: Myspace now has an integrated IM system.

<coyo> Facebook has a chat function now as well, and is accessible with XMPP clients. it is still slow and clunky, however, and not everyone logs into chat.facebook.com in order to remain online all of the time.

SPAM-friendliness

Theoretically a centralistic system should have quite better chances at filtering SPAM (or SPIM, but why differentiate really). Still many companies don't take the problem seriously, or are just overwhelmed by other issues at hand.((s)) So going for the centralistic system doesn't even always save you from SPAM.

Sniffable login procedure

You cannot log into your accounts from an unsafe network, because your credentials can be sniffed upon. This is a problem with most systems except for the cryptomanic Skype.

Encrypted communications

are only available if you use a non-official client. And even then it may not be technically feasible. Again, there may be exceptions like the Skype special case.

Vulnerability

In these days where a Botnet can take down a huge central system, and might even have only be aiming at one specific person or company, decentralization is a way to become less vulnerable. You're never safe if you have enemies, but it shouldn't be likely you will be attacked as a side effect of somebody else's problem. If you are employing centralistic technology, you are running that risk.

Die Zukunft gehört kleinen dezentralen Plauderräumen.

Politically

Big Brother 1984. There are so many political reasons not to want to stick to centralistic systems in the long run, that I won't even start talking about it. Not now. Feel free to add your thoughts here: <coyo> everything i post to facebook i consider freely available to the entire world, especially people like the CIA and Homeland Security. I hope that, by including enough information to have a cohesive paradigm evident in the data, that that will deter them from taking action like that depicted in V for Vendetta. Really, everyone should see that movie.

Closed Access

Because they want you to use their client software, they do what they can do to enforce it. First they tried to change the protocol often, but the client developers are just as fast adapting their clients. So some systems are still fighting that war, some have given up. One could think Skype has even won the war, because their protocol is encrypted and obfuscated so well, you have hardly a chance to figure out what the Skype client software is actually doing on your computer. All other proprietary systems have been analyzed and you can use alternative clients for them, and even multi-protocol clients which log you into many systems at once, such as Gaim (now Pidgin, using the libpurple library) or Miranda.

But the proprietaries haven't given up yet - they don't let several users log in from the same IP for too long, making it hard to keep up a steady gateway service such as the Jabber transports. Also they don't like when one account relays messages for others, especially with an obvious name like PSYCgate - that's how our own Gatebot has died while we hadn't even started using it. It was under development.

Yes, they have no interest in open or federated communications. It doesn't make money.((s)) <coyo> As a Finance Major and entrepreneur, i'd have to disagree with that notion, but why waste my time saying that, when i can finish my finance degree, and prove it.

Terms & Conditions

Most notably ICQ, but also other systems have T&Cs which allow them to re-use in commercially interesting ways whatever content you let them distribute. Whatever you chat, whatever you offer for download.. Check your T&Cs for details, or anyone contribute some.

<coyo> If i am honest, this is my primary interest in PSYC. and i am far from alone. there is massive demand for a secure and inexpensive conferencing system to be used for porn purposes.

<coyo> For more information on this demand, please refer to [the Rule of First Adopters]

Better anonymity

With the rising number of governments who want to spy on their citizens communication and save connection relevant data (who with whom, when, ..) centralistic systems provide greater anonymity then decentralized or even peer to peer systems ever could. The prerequisite for this is, that the centralistic servers are inside a free country and the government does not have access to it. Routing information (who talks with whom) are the only necessarily unencrypted information to the servers eyes. Everything else can be encrypted in a way that only the clients talking to each other are able to decrypt it. This also provides plausible deniability for the server admin in case the free country is not-so-free and demands him to log, for example, all VOIP connections. He cannot know if the clients to VOIP or not and noone could ever proof that they actually did it. From outside it just looks like many people are accessing some service in another country, it looks like garbage because of encryption and you cannot track a "line of conversion" provided that not only two people are active at a time.

Lacking privacy

Proprietary systems make you leak your private data to them, if not to the whole world. But the degree varies a lot.

<coyo> again, please see [The Rule of First Adopters] to see exactly why privacy and security matters. and why an inexpensive video conferencing solution is something we need really badly. it doesnt take a rocket scientist.

Related Commentary

<lynX> I used to say it's a shame we lost chat and messaging to the proprietary forces. We must reclaim them back. But now we're about to lose e-mail to them as well, if we don't step it up quickly. We even lost large amounts of personal web publishing to large centralistic providers. And Youtube tops it all, by giving the average people a centralistic platform for sharing copyrighted materials. Oh okay, that was not intentional. Uh-huh.

Related News Items

Systems with central servers are a security risk (not only) for governments...

» Members of the new French cabinet have been told to stop using their BlackBerries because of fears that the US could intercept state secrets «
» Germany's Armed Forces do without Blackberry due to security concerns «

One article even goes as far as doubting the safety of the entire push principle, which of course is non-sense. It's a question of non-decentralization combined with missing encryption - push is still better than poll in most cases.

» Mobile e-mail devices that work with the so-called push-mail approach are lacking data security «

Specifically for each system

ICQ™

  • Limit on amount of contacts
  • Periodic unsolicited messages and friendship requests from spimmers
  • Sniffable login procedure
  • Lacking privacy: You share your computer activity times with AOL

saga says his ICQ client has a "message to all friends" function, and a "request secure channel"

Recent extra feature: Because ICQ keeps on having serious problems with SPIM, although it really should do better, you can now no longer exchange URLs (links to your favorite funnies, movie clips, important news articles etc etc). URLs are currently being filtered which reduces the usefulness of a chat system enormously. You can manually modify your spam filter by editing a file called antispam.xml, but that's pretty useless if you can't do it for your friends.

AIM™

  • Limit on amount of contacts?
  • No bulletins to all friends
  • Sniffable login procedure
  • No encrypted chat AFAIK
  • Lacking privacy: You share your computer activity times with AOL


MSN™ Messenger

  • Limit on amount of contacts?

No intelligence on this, yet

  • No message storage in absence

"Message could not be sent because the user is offline" as if this were a reason.

  • No bulletins to all friends

Or do full blown MSN clients have such a function?

  • Sniffable login procedure (or is there some trick with passport?)
  • No encrypted chat AFAIK
  • Lacking privacy: You share your computer activity times with Microsoft and are also required to fill out lengthy forms about you.
  • This BBC story shows you they are not forgetting about your messages once you sent them. Maybe they are kept for posterity?

Skype™

  • Limit on amount of contacts?

No intelligence on this, yet

  • No message storage in absence

It lets you type a message to somebody who's not there, but it does not get stored on Skype's servers. It hangs around in your client program until you come back online, making the whole process pretty useless, confusing yes even embarrassing occasionally.

  • No bulletins to all friends
  • Lacking privacy: You share your computer activity with Skype, and can't even tell what kind of observations the Skype software sends to its servers.
  • Completely out of control

Running Skype on your computer is a serious risk to your personal safety and privacy. Read all the scary details on the Skype page.

Myspace™

  • Problems due to heavy load
  • Interactive chat functions!
  • Sniffable login procedure
  • No encrypted communications
  • SPAM-like mostly music-oriented marketing by automatic mass befriending, mass generating testimonials and mass private messaging. The only cool thing about is, you can do it, too. Cool? Go figure.
  • Close to zero privacy

Myspace wins for its music integration and HTML-abuse personalisation abilities. What was a bug turned out to become a feature.((s))

The downside is immense: You expose your social network, plenty of data of yourself, and make it available to pretty much anyone on the planet. New Scientist and Der Spiegel report that intelligence agencies are harvesting the MySpace database to store models of who knows whom of an entire Internet generation.

Also MySpace has developed a whole new breed of Trojans and forms of abuse.

P.S. They solved the friend-search issue.

Non-integrated Messaging

They gave up on getting IM to work through their website (hey, why didn't you ask symlynX to fix that up for you!?), instead they offer yet another downloadable IM application. We haven't looked into it yet, but it sounds like you have to re-add all your friends to it, which is just like switching to any other software.((s))

http://www.myspace.com/myspaceim

... still none of my hundreds of contacts have asked me to use this IM function, so I presume it's not catching on...((s))

Myspace extra bugs

Check out our little extra collection of Myspace bugs, which is probably completely non-exhaustive.

Facebook™

The idea of having external applications integrated into a centralistic closed system is quite interesting. Still having all of those applications decentralized with an open interchange protocol is much better, as Twitter has shown by now.

Even Facebook with its custom server infrastructure and tailored software for scalability is doing tricks to reduce the load: By default FB only shows you status updates of 250 of your friends. If you have more, they are simply ignored. You can raise that limit for yourself in "Most Recent/Edit Options" but hardly anyone does that. Delivering each update to each intended recipient apparently is too hard to do, so people and advertisers resort to tricks to achieve that, like tagging all recipients in a flyer photograph.

Friendster™

  • Problems due to heavy load
  • No interactive chat functions
  • Sniffable login procedure
  • No encrypted communications
  • Close to zero privacy, too (see above)

Friendster now has URLs, too. But it also has alphabetic friend listing and builtin bookmarks, my friends search function and even a 2nd degree search.

Orkut™

  • No interactive chat functions
  • Various kinds of spam messages
  • No encrypted communications

Google provides for an encrypted login procedure, but then forwards you to the non-encrypted Orkut system.

  • Close to zero privacy (shouldn't be hard to harvest orkut data, either)

Orkut at least has this complex friends level classification system, which allows you to sort things out, but it expects you to spend time on it. Concerning social network management Orkut is ahead. But when it comes to bulletins, they are very spam prone and cannot be handled seperately from personal messages.

Xing™ formerly openBC

  • No interactive chat functions.

But they provide Skype™ links instead, which isn't exactly integrated really.

  • No bulletins to all friends
  • Xing uses HTTP over TLS/SSL! Thus you have protected login and encrypted communications to the server, not within the server.
  • Medium privacy: It is still not a good idea to submit so much personal data to a company, but at least you can specify pretty well what is only supposed to be shared with your contacts.

Too bad however that most people allow strangers to surf their social network, which gives you the chance to harvest the openBC database to gain knowledge of who knows whom in the whole European business world. You might however require a botnet to do so, and spread the requests over a month in time.

When it comes to searching for people, the functions are quite elaborate, then again maybe that's just because I have a lifetime premium membership and no clue what it is you get for free. Yeah well, since the scope of the system is well-defined it also performs reliably. Also the system architects are doing their job.

Hell, today I went through the beauty of 184 different paths between me and a person 4 grades away. The system is capable of spitting that data out at a finger snap. That's quite impressive, haven't seen that with any other system.

StudiVZ (German Facebook)

StudiVZ is a perfect example how to do nearly everything wrong when you are implementing a social network.

Twitter™

Twitter is a centralistic microblogging service with a mostly open API. psyced implements a bit of that. Unusual about it is its SMS integration.

  • Message storage in absence
  • Limit on amount of contacts

Probably for reasons of spamming and malmarketing you can follow up to 2000 people, maybe less in future. You may argue, that the service becomes pretty unuseful with so many subscriptions in place, anyway. Then again all those trend researchers require automatic analysis of pretty much every posting on the service.

  • Problems due to heavy load

It notably ran into scalability issues (or rather, complete blackouts) during popular events.

  • No interactive chat functions

@replies, #hashtags and the client API with its 100 calls an hour limit are all hacks compared to a true chat and messaging subsystem. And still you have no chatrooms, just the complete audience of your entire listenership.

Yet, every Twitterer would argue that microblogging isn't the same as chatting, which is true. There are subtle differences in the approach, which aren't typically covered by a chat system. The technological implications are very similar instead.

The @replies are increasingly being abused for spam. The mechanism that was supposed to give the fan a way to reach out for a VIP starts to fail as popularity rises. Hashtag spamming and direct message spamming are also quite annoying. Recently trojans are increasingly being offered by direct message.

How do the decentralized systems compare?

IRC

  • No message storage in absence? Not necessarily.

Although there are four possible workarounds, the NOTE extension (hardly in use), a Messenger Service Bot, your personal Bouncer or just stay logged in forever.

  • Limit on amount of contacts

In one way, because an IRC network cannot carry endless amounts of people, and in the other way, because a server will slow down your ISON polls so much, that the more people you have on your /notify, the slower you will be notified that they are online.

Also, most servers have a limitation that you may only join about ten channels per user. This is unpractical when channels are to be used for newscasting. You would probably have to add a second IRC identity to your client configuration just to be able to join the various news sources, which again raises the general load on the network.

  • No bulletins to all friends

The formally correct way to do this would be to invite all of them into your channel. Then put on moderation and let nobody else talk. Factually, this will not get accepted. The other solution is to have a client side script which issues a PRIVMSG to each person, this will trigger flood control on the server.

  • Problems due to heavy load? Not really.

This only happens to really big networks. When adding one more server means adding a lot to the overall network traffic, you try to keep as few servers as you can, which then are under heavy load. Generally you could say, if the administrators are good, this is not a problem, but they have to spend time and energy on it to make it so.

  • SPAM-friendliness? Not really.

The direct way is inhibited by setting yourself to MODE +i, then you are no longer visible in the WHO list for spam robots and other peers alike. This has become pretty common, whereas SPAM on channels has been addressed in newer networks by introducing a MODE for channels that requires users to be registered with NickServ before they can join them. In other words, protection is possible, but you have to turn the right switches.

  • Sniffable login procedure? Not necessarily.

Most servers provide IRC over TLS on port 9999.

  • Pretty good privacy

You don't need to say anything about yourself really, and modern IRC networks even cloak your IP address, which was formerly the privacy and security weakness.

  • Closed access

You can't just join your friends on their favorite network with your own server. IRC isn't openly federated, you could argue that politically it is halfway between the centralistic and the open. You could say it's oligarchic. You can however get all the software to do your own network. It's as if somebody would publish the software to do your own myspace. It's not the same as with everybody having her own data on her own server.

Jabber

  • Limit on amount of contacts?

None predefined, but there are limits how well a non-multicasting decentralized system can scale. See the Jabber page on its scalability issues.

  • No bulletins to all friends?

There is no message format for this, so either you use the away message for your needs or you have to implement a function that sends a copy of the message to each friend, which some people on Jabber will consider a form of abuse.

  • Problems due to heavy load?

Only a problem for those who run large popular servers and aren't making real use of the decentralization capabilities of Jabber. Large popular servers do not scale so well because of the general scalability problems of Jabber described over here.

Note that several large installations like Google Talk are actually decentralized and do some extra effort at keeping all users visually under the same hostname. This can be achieved with PSYC too, see Virtual hostname for that.
  • SPAM-friendliness? Probably.

We don't know, Jabber isn't popular enough yet to be seriously attacked by SPAM. It does have two problems that could have been left out by design however:

  1. JIDs look like e-mail addresses, so they are collected by e-mail spam bots.
  2. Jabber likes to take top-down approaches, which are SPIM-friendly. Check out the SPIM page for details on that.

PSYC

We don't have our own end-to-end encryption in place yet, but you can arrange to use IRC or Jabber clients with compatible end-to-end encryption. Other than that all the points do not apply. Feel free to ask questions if it isn't clear, why that is the case.