DeCentralia
Take back control. DeCentralia is a decentralized social media platform where no one body has access to all the data.
Created on 31st March 2023
•
DeCentralia
Take back control. DeCentralia is a decentralized social media platform where no one body has access to all the data.
The problem DeCentralia solves
As we spend more and more of our lives online, personal data has become a commodity. A decentralized social network is a good way to combat this. As user data is spread over several independant servers "pods", it makes it much harder to track user activity. DeCentralia is a twitter-like microblogging platform.
The central server only handles authentication and inter-node forwarding. The bulk of the data, such as posts, follows, comments, likes, etc are stored on publically run pods. The main server stores the authentication keys for the pods, which is hashed using the user's password, and decrypted everyting they log in.
Having publicly run pods also allows for increase flexibility, where rules can be changed from server to server while maining a consistent API to enable communbication with other pods. Or they can be used by larger organizations, allowing for greater control.
Challenges I ran into
It was more complex that I had initially planned for. There were many nuances I did not consider. Maining data consistency proved to be difficult, as there were many potential points of failure.
Fetch resources across pods is inefficient, especially without asynchronous support. Adding async support turned out to be too time consuming to finish the project in the alloted time.
Many planned features were left unimplemented due to time constraints. Things such personal messages, groups, inter-pod feeds, etc.
Security is also a concern. All outgoing connections to other pods are forwarded by the pod the user belongs to, user requests can easily be spoofed by whoever controls the pods. Inter-pod networking only relies on cehecking the incoming IP address and username againt a record on the central server. A possible solution would be using cryptographic signing, but that allows for repeating the same message.