On Fri, 9 Nov 2018 at 15:24, Theodore Y. Ts'o <tytso@xxxxxxx> wrote:
On Fri, Nov 09, 2018 at 07:54:09AM +0000, Dave Cridland wrote:
>
> Finally, I dispute that XMPP has failed. The major providers have avoided
> federation, despite some early attempts by Google, due to the damage it
> would do to their business models based on lock-in. Federation has failed
> across the board, as non-federation and a lot of luck yields much better
> results - look at Github, which is based around a fully-decentralised
> version control system, yet has built a single silo'd platform.
I'd disagree on the first point. For players who are don't dominate
the messaging space (e.g., !Facebook Messenger && !Apple Messages),
Federation makes an awful lot of sense from a business perspective.
I agree. Note that I said "non-federation and a lot of luck" - the survivor bias is strong in this particular argument. The ideal ground for federation is a space where there are no dominating providers, but the moment a few gain significant market share the equations rapidly shift.
The main problem was that there wasn't anyone to really federate with,
and the primary, most enthusiastic users of federation were spammers
trying to inject SPAM into the messaging systems.
Well, that was certainly the rhetoric used at the time. However, XMPP has always had relatively strong server authentication, which Google never bothered implementing. It is, of course, perfectly possible that Google genuinely were seeing vast amounts of spam that, somehow, the rest of the network simply weren't experiencing - but if that was indeed the case, it suggests that better adherence to the standards might have strongly mitigated the problem. It's possible, of course, that the spam was entirely directed to gmail.com addresses, which would be easily identifiable - but strangely, I never saw any spam on any Google address or any other XMPP address back then. One can only assume that Google had the situation well under control, at least for my accounts.
Since Google dropped federation, spam has actually risen on the network in my experience - but it has also been largely kept under control by improved use of security that was available at the time - although it's become cheaper thanks to Let's Encrypt etc.
>From the perspective of a major provider, if the costs to a major
provider outweigh the benefits of Federation, it's not really
surprising that they would give up on it.
Well, sure. But the benefits of non-federation include market capture - unless there are at least two major providers federating, it doesn't appear that there would be many benefits to a dominating provider that would outweigh that. Even when a handful of major providers do federate, it works best when they limit that federation (or other cooperation) to other large providers, to maximize capture effects.
E-mail is a good example where due to the early success of federation
that the costs of SPAM are large, but not nearly large enough compared
to the benefits of keeping a federated e-mail system.
And perhaps another good example of this is mailing lists and DMARC.
DMARC was an attempt to deal with a certain class of spam, and it had
a horrendous effect on mailing lists. But there was enough federated
mailing lists that were of high value that just telling people, "so
sorry, you can't use mailing lists if you are using Yahoo mail; you
should use are walled-garden web forums instead" wasn't going to fly.
And so at great expense, the major providers agreed to work on ARC.
I suspect that had less to do with mailing lists in general, and much to do with the IETF mailing lists in particular. DMARC itself was a clear attempt to side-step the standards process, and a successful one at that. It's mirrored by other activities, like WHAT-WG. This again is an overt move by dominant providers to cement their control over the standards. And yes, I'm well aware that is not what it says on the WHAT-WG website - but it is, however, literally what the Steering Group is there to enforce.
DMARC has had the effect of raising the bar further for smaller service providers and self-hosting of email. It has disproportionately affected providers other than those involved in its creation. Unfortunately, one of those other providers was the IETF itself, and so it became strikingly obvious, and the providers were forced to compromise.
Sadly, I suspect there'll be a poignantly regretful decision to actively restrict federation over time, for reasons of performance, security, and so on. Spam is an excellent excuse, too - it's worked before, after all.
But make no mistake, if there weren't sufficient high-value mailing
lists that the major providers cared about losing as "collateral
damage, oh well", it's pretty clear they wouldn't lift a finger. In
fact, they tried that strategy at first. And while it had everything
to do with business, I really don't think it was due to a malicious
attempt to promote walled-garden web fora.
Well, they did indeed try that strategy first. I'm glad it failed this time, don't get me wrong, but I don't think it was performed with market capture as entirely a happy coincidence.
Dave.
