On July 15, 2020, Twitter got hacked. The hackers gained access to a swath of high-profile individuals’ accounts like Elon Musk and Joe Biden, and used that access to scam other users into handing over bitcoin. Having coincidentally written about decentralized social media the day before the hack, I thought it would be a good idea to further break down what decentralization means.
To better understand decentralization, I think it’s helpful to identify the opposite. Centralized services play an integral role in our lives. For example, when you log into Facebook, you are accessing a centralized service. If you pay with your credit card, the credit card company is a centralized service. A service is centralized when a single party is in control of access to a platform or medium of exchange. When you create an account on a social media platform like Facebook or Twitter, you are creating an account on that platform’s server. In these cases, it is easy to think of centralization occurring at the server level. The server is where data is stored and processed. As shown with the recent Twitter hack, with centralized social media, having access to the service’s servers means access to every account on the platform.
With a credit card company like MasterCard, centralization occurs at the point of exchange. When you purchase something with your credit card, whether online or in-person, MasterCard is in control of the payment from you to the recipient. This can be extended to banks and third-party payment processors like PayPal. Unless you use cash, a third-party is in control of any transfer of money. Besides knowing the sender, receiver, and amount of each payment, these third-parties are given full discretion to stop payments without the sender’s or receiver’s permission.
Decentralizing our social media platforms and finances has many actual and potential benefits. I will be focusing specifically on benefits to security and censorship resistance.
Decentralization and Security
As stated above, centralized social media platforms are particularly vulnerable to devastating attacks. Centralization is a major component to that vulnerability. Often times we think about online security in terms of encryption and firewalls. Though important, the biggest vulnerability any online system faces is actually people. We humans will always be the biggest vulnerability to any system. Whether it’s using the same password for every account we ever make, innocuously clicking on a phishing email, or even being coerced or bribed into exposing a system to attackers, we are the proverbial “weakest link.”
So how do we reconcile the fact that the systems we use are vulnerable because of us? I believe the solution lies not in elimination of vulnerabilities, but rather mitigation of harm. If we assume all systems managed by people are inherently vulnerable because of said management, mitigation would entail reducing the system’s exposure to people. Organizations already have measures in place to consolidate access to particular systems in a small, select group of individuals. These measures can be thought of as similar to having multiple user accounts on a single computer. There could be five different users on one computer, but only one user has access to every system on the computer as an administrator. Now, what happens if someone has access to the administrator account? Herein lies the major difficulty of securing a centralized system. Administrative access to a centralized service risks access to every component of the system. It is at this point that we must look beyond security measures and towards changing the structure of the system itself.
With a decentralized system, there is no longer one administrator with access to the entire system. Using social media platforms as an example, if we compare Twitter and Mastodon we see how the damage from being hacked can be mitigated through a decentralized platform structure. When Twitter’s servers were compromised, hackers essentially had administrative access to all of Twitter. Administrative access on a centralized service like Twitter results in access to every account on Twitter, similar to administrative access on your computer enabling access to every user on said computer. On the other hand, Mastodon is not a centralized platform. There is no singular Mastodon server. Instead, Mastodon is a collection of servers run by many individuals and organizations around the world. If hackers gained administrative access to one of the many servers running Mastodon, they would only have access to the accounts hosted on that server. Because there is no central Mastodon server, damage from hackers infiltrating a server is mitigated. This is one of the great strengths of a decentralized system. With a distributed network of independently run servers, a central point of attack is significantly minimized.
Decentralization and Censorship
Censorship and centralization go hand-in-hand. Controlling content is most effectively done through a central point of control. Having covered censorship on centralized social media platforms already, I will discuss censorship through centralized finance. Centralization of finance is best understood through an examination of a single transaction. If person A wants to send money to person B, they can go about it several ways. One way would simply involve person A handing person B cash. In this transaction the only two people who know that person A gave person B money are person A and person B. Person A can also send money to person B online through their bank’s e-transfer system or an app like PayPal. Now, not only do person A and person B know of the transaction, but so do both of their banks and any application they used to make the transfer. Centralization in finance shines a light on finance’s middlemen.
Third-parties like banks and payment processors control the pathways through which money is exchanged. These third parties are notorious for payment censorship. One group of individuals heavily impacted by censorship from third-party payment processors is sex workers. Sex workers have been banned and restricted from most third party payment processors and are often denied the ability to open business accounts at banks due to the nature of their work (Engaget, 2015). Preventing sex workers from making a living is one of a myriad of ways centralized finance often harms marginalized communities and demonstrates the need for decentralized finance.
Decentralized finance takes the middleman out of transactions. In the digital space, decentralized finance occurs through cryptocurrencies. Similar to how Person A and Person B can transact directly with one another using cash, cryptocurrencies allow that same A to B transaction online. Cryptocurrencies as a whole are much more complex with plenty of nuance, but for the purposes of discussing censorship resistance, a peer-to-peer network where people and organizations can transfer value between themselves, without a third-party payment processor or bank, prevents censorship from those third-parties.
Protection through Decentralization
With the exponential growth of cryptocurrencies and a growing audience and stability in decentralized social media alternatives, people are taking control and protecting themselves through decentralization. As a concept, decentralization is nothing new. However, between tech companies tightening their grip on the internet’s infrastructure, and banks tightening their grip on the market, it’s important to remember that decentralized alternatives are available to everyone.
Opt-out of centralization and into decentralization.
Where to Begin:
The First Cryptocurrency: Bitcoin