Comment

Comment on Plebbit is a peer-to-peer Reddit alternative that allows you to self host and own your own community

sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

Did they pay devs to build it for them?

I’m working on a similar project, but I’m 100% bootstrapping it. I’m using Iroh (similar to IPFS, but hopefully faster), and there will just be the one UI until someone makes another. I haven’t done authentication yet, but I might end up using blockchain for that, idk, I need some form of trusted directory.

I’m going to be looking through this, because it sounds very similar to what I’m working on, and I’d love to just join a project instead of doing all the leg work of getting traction myself. The things I’m particularly interested in are:

moderation - I plan to use something like a web of trust, but with transitive trust; you select people you trust, and whether you see something depends on how those users moderated
persistence when users go offline - I use a local first approach, so a post is cached locally if you either authored or viewed it, and peers will pull from you if you’re the closest source; caches would need to expire so we don’t blow up everyone’s storage
communities operate in a single namespace (so fix the main complexity w/ federation) - you create a community by posting to that namespace, and it gets mixed w/ other users who post to that same namespace

I’m also interested in building an ActivityPub bridge, so this network can act like an “instance” of sorts and push/pull content from the rest of the Fediverse. This is mostly to seed content in the early days, and I’ll decide whether it’s worth it once everything else works.

I don’t know if Plebbit does any or all of this, hence the interest. That said, someone spending actual money on it seems a bit… odd, since I don’t see how this could be monetized.

source

Sort:hotnew top

sem@lemmy.blahaj.zone ⁨2⁩ ⁨weeks⁩ ago
What would be the possible alternatives to block chain?

source
- sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
  Assuming you’re talking about authentication:
  
  public key signatures - users sign every posts and broadcast their username/pub key combo
  
  centralized (could be multiple) auth authority - openid, oauth, etc; posts signed by some unique key from that auth service
  
  I’m deciding if the first is sufficient or if I actually need some form of blockchain to prevent tampering.
  
  source
  - sem@lemmy.blahaj.zone ⁨2⁩ ⁨weeks⁩ ago
    Thanks for your thoughts on this.
    
    I am not sure how Matrix handles keys but it is a real headache for end users. For me at least
    
    With openid, etc, it’s decentralized compared with centralized and distributed, so you wouldn’t get stuck with one openid provider.
    
    I don’t know much about any of these so thanks for developing for the rest of us.
    
    source
    sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
    Yeah, I’m thinking of having a separate key per device, and there would be a registry that ties them together. Usernames would not be unique, so to tell two users with the same name apart, the app would check the post signature against the keys in the registry.
    
    This should prevent name squatting, but it would enable pretending to be another user. As long as user names aren’t very important (i.e. it’s closer to Reddit than Twitter/Facebook), this is probably fine and similar to what we have on Lemmy (only unique to your instance).
    
    If we want to guarantee unique usernames, we would probably need to use a consensus system like blockchain. But blockchain has other drawbacks and I’d really rather not go that route.
    
    Which one we go with doesn’t really impact my moderation plans, so I’m going with pub keys for now because they’re dead simple. It’s also nice that it’ll keep working if your country disconnects you from the internet, and someone could smuggle in data from outside if you really wanted to.
    
    source
  - catloaf@lemm.ee ⁨2⁩ ⁨weeks⁩ ago
    The first is sufficient. You only need to see someone’s public key once, then you cache it and can authenticate all future signed messages.
    
    source
    sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
    I just need to think about potential attack vectors. I think issues can be worked around, but I’ve spent most of my time thinking about how to create something and less about how to protect it from attack.
    
    But yeah, public key crypto w/o a central database is my first choice, blockchain is my second.
    
    source
- jagged_circle@feddit.nl ⁨2⁩ ⁨weeks⁩ ago
  Federation.
  
  source
  - sem@lemmy.blahaj.zone ⁨2⁩ ⁨weeks⁩ ago
    I thought Blockchain was how the protocol knew how to federate, e.g. where to find other users. (?) I don’t really remember how Blockchain works but iirc it is a way to verify trust, e.g. this person really is /u/sem because our shared document says they are.
    
    I know DNS is an alternative but it kind of sucks. Bluesky is inventing it’s open DiD thing for identity and it is centralized in practice but might be a good system. And I have no idea how it works.
    
    source
    jagged_circle@feddit.nl ⁨2⁩ ⁨weeks⁩ ago
    Blockchain works like bittorrent. That’s why bitcoin was called bitcoin.
    
    Federation doesn’t require blockchain. Blockchain was created for a very unique solution to storage of digital cash transactions that’s not relevant in almost any other system’s storage.
    
    source
  - Cochise@lemmy.eco.br ⁨2⁩ ⁨weeks⁩ ago
    Reading the white paper you find the “serverless” has servers. Each community needs to be always online to serve captchas to posters. The system is federated on community level, instead of instance level, and uses DHT instead of DNS.
    
    source
- Dragon@lemmy.ml ⁨2⁩ ⁨weeks⁩ ago
  Holochain is an interesting option I haven’t seen mentioned.
  
  source
Plebbitor@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
They pay the devs via bounties and meeting milestones.

We tried iroh but it wasn’t fit for purpose. We have tackled the moderation exactly how you’ve described it. Allowing multiple people to control a community. We’re in the process of implementing it. Our version of this allows people to create multicommunities where it shows similar communities in one sub.

Activity pub would be interesting but plebbit is so technologically different were not sure it would be technically possible. We forgo the concept of instances entirely allowing Plebbit to work closer to Reddit, where you just search a sub. Global admins don’t exist on Plebbit. Subs can still share ban lists if they wish but its optional

Plebbit is always looking for new devs, join our telegram group @joinplebbit to discuss with the main dev about joining the project.

source
- sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
  Ok, I read through the whitepaper, and it seems it works quite differently to what I’m working on. Main differences:
  
  communities
  
  plebbit - communities are public keys, and one person controls the private key, which basically makes them the admin (they choose the rules, moderators, etc); not sure why plebbit advertises it as "adminless"
  
  mine - communities are topics, nobody controls them, so the concept of “rules” doesn’t exist
  
  moderation
  
  plebbit - looks like moderators can delete posts, I suppose through rights granted by the community admin (i.e. they trust the moderator’s public key)
  
  mine - distributed moderation similar to a Web of Trust, but instead of explicitly trusting users, you build trust by moderating similarly to them; I’ll probably establish a default trust graph (the users and their trust weights) that new users can use, which will probably be based on popular trust graphs and will slowly go away as users participate in moderation; I’ll probably let users tweak the parameters to that trust model as well (i.e. how much weight to give votes vs reports)
  
  spam
  
  plebbit - captcha system between client and community admin
  
  mine - relies on distributed moderation
  
  how data is stored
  
  plebbit - community owner has all the content for the community, and other peers may have the content as well
  
  mine - unlikely for anyone to have all the data for a community, you’ll only cache what’s relevant to you, plus some random additional data depending on space to improve discoverability for your peers; in the beginning, I will have peers that cache all content until I figure out the right mix, but long-term, I intend to have most content live in someone’s cache through statistics, while very unpopular content (spam and whatnot) will disappear from the network
  
  And other notes:
  
  Browser users cannot join peer-to-peer networks directly, but they can use an HTTP provider or gateway that relays data for them
  
  Not exactly, WebRTC exists, so you only need an HTTP provider to initiate the WebRTC connection to peers. Look at WebTorrent for an example. I haven’t yet tackled the web on my own project, but I am building everything web-first (I’m using Tauri for my desktop app), and I intend to have it work on the web when I release.
  
  proof of balance of a certain cryptocurrency
  
  This seems odd to me. Why would someone holding an arbitrary amount of cryptocurrency have any bearing on their trustworthiness? Surely a bad actor could just move crypto around and spam as much as they like, no?
  
  Likewise, payment seems like a bad idea, because that would encourage exclusive groups that share illegal content (drugs, child porn, military secrets, etc).
  
  It would allow unlimited amounts of subplebbits, users, posts, comments, and votes.
  
  Aren’t posts, comments, and probably votes limited by the storage space available to the community owner? From what I can tell, they host everything, so once that storage space is full, things will stop working properly. The whitepaper isn’t clear here, so I could be mistaken.
  
  With my approach, there are no bottlenecks, and you can adjust how much storage you give to the app as you see fit, and the more storage you allocate, the better the experience for you and your peers (diminishing returns). But even if you set your persistent cache to zero, you can still use the service, though you’ll need to make a lot of DHT calls.
  
  That said, it seems like an interesting system and IMO a step up from Lemmy, because it reduces the cost to self-host (don’t need a copy of all data for every community you use, just the communities you own). I’ll certainly be tracking development, but I don’t currently use Telegram and want to work on my own project for now before getting involved in another project. Once I’ve proven the technical bits and feel comfortable sharing it, I’ll take a call on whether I’ll continue development or join some other project.
  
  Thanks for the offer, but I’ll stick to watching the project on Github for now, and maybe I’ll play with it a bit in my spare time. If you had a Matrix channel instead, I’d join and at least read through the discussion there.
  
  source