[Cryptography] Interesting discussion of Web 3.0 ...

[Theodore Ts'o]

On Thu, Jan 20, 2022 at 03:59:00PM -0600, Brad Klee wrote:
> Wendy:
> > I don't think the claim is that technological innovation favors
> > centralization but that *users* do.
> 
> Is it users favoring centralization? Isn't the print news saying
> that people are finally starting to get smarter about wanting to own
> their own data?

Most of the news stories (example[1]) are users want to have control
over data *about* them.  This is more of a privacy concern about (for
example) Target using AI algorithms looking at what their customers
are buying, such that they can predict which of their teenaged
customers are pregnant before their father figured it out[2].

[1] https://hbr.org/2020/01/why-companies-make-it-so-hard-for-users-to-control-their-data
[2] https://www.driveresearch.com/market-research-company-blog/how-target-used-data-analytics-to-predict-pregnancies/

But as [1] pointed out, just because users *want* something doesn't
necessarily mean that they will take action.  Every January, lots of
people make new year's resolution about losing weight and starting
exercise program.  How much follow through of these resolutions last
even three or four weeks?

> Jerry:
> > The second explanation is that we just have not built the technology to
> > make it feasible for people, or even businesses, to run their own
> servers.
> > ... well, we as an industry haven't really been trying very hard, have we?
> 
> Products that don't seem to exist at retail (yet) are NACs (A for Atom)
> preconfigured to some particular purpose--as in the blog post, it could
> be as personal servers or as nodes in a distributed consensus problem.

I believe the cloest products to what you are looking for Network
Attached Storage (NAS) boxes, such as those sold by Synology and QNAP.
They are more expensive than what you are looking for, because their
primary use case is storage, and as media servers.  The plus side is
that they have a user friendly Web UI, and you can get regular
security updates, and some of these NAS products have app stores and
even support Docker.

You can of course just purchase a Intel NUC (Next Unit of Computation)
which is much closer to have you're talking about from a hardware
specific.  These are much cheaper, smaller, and require much less
power.  However, they has the do-it-yourself system adminisrtation
problem, and so it might be fine if you're targetting the niche
hobbist market.

> What's really slowing down this possible market is horror stories about
> stolen emails, ransomware etc.

It's not just the virtual security problem (and there *have* been
cases where the NAS boxes have been successfully attacked by
ransomware, since they basically are just a pre-configured server).
It's also the physical security problem --- what happens if you have
the last decade or two of your family photographs stored on a local
server, and your house burns down?  Or is burgled?  You can deal with
the former backing up your photos to the cloud, but (a) this takes
more effort, and (b) it adds cost, and it's much simpler just to store
your photographs in the cloud and be done with it.  Which is another
reason why users might not want to run their own servers.

But in the case of storage of NFT's and cryptocurrencies, it's not
enough just to back up the data; you also have to worry about
attackers who can make a copy of your keys (and in the worst case,
make a copy surreptitiously so you don't even know that you've been
compromised).

This last is one of the reasons why many *companies* have decided they
don't want to run their own servers.  Not only is it cheaper, but
cloud companies can make a lot of arguments[3][4][5] for why they might
be able to do a better job in prevent the company's won't get exposed
ala Sony and North Korea.

[3] https://safety.google/intl/en_us/security/built-in-protection/
[4] https://www.youtube.com/watch?v=kd33UVZhnAA
[5] https://services.google.com/fh/files/misc/google_security_wp.pdf

When you say "horror stories" you makes it sound like these stories
are not justified; just Boogieman stories that are scaring users from
doing what you think they *should* be done.  But given that hospitals
and gasoline pipelines have been brought to their knees due to
ransomware attacks, and stolen e-mails have changed the course
U.S. presidential elections, (not to mention NAS owners losing decades
of their family photos) I'd submit that many people would consider
these concerns to be perfectly reasonable.

And regardless of whether you *think* the concerns are reasonable,
you'll need to convince users that no really, they should do the
equivalent of taking their life savings and putting it on a home
crypto server is something you're going to have to figure out.  And
sure, banks could go belly up, and the FDIC *could* run out of money
to make banking customers whole.  But how likely is that relative to
the risk that their cryptocurrency wallet gets lost or stolen?  And
how do you change the perception of that risk?

> The other problem, even if users can get
> acceptable pre-configured hardware, is where you should put the public
> facing node. Are some ISP's more tolerant than others?

Of course!  For example, you could pay extra for Comcast Business
service, which runs on the same infrastructure as the normal Comcast
ISP.  But the difference is that you can get a stable IP address, and
you have access to help desk that is half-way competent.  You'll have
to pay extra for Comcast Business, though.

Ultimately, though, I think this is a market problem.  If there were a
large number of customers who *did* want to run a public-facing
server, there would be more ISP's that would be friendly to that, and
the cost for that level of service would come down.  The fact that the
ISP's aren't particularly tolerant is mostly due to the fact that (a)
in far too many locales, there isn't enough competition between ISP's,
and (b) there simply hasn't been enough customer demand because users
really aren't interested in running their own servers.

Cheers,

						- Ted