An Initial Exploration and Review of Secure Scuttlebutt

Many who have abandoned Facebook, Reddit, and similar mainstream social media platforms are looking for better alternatives. Isolation brought about by Covid-19 has reminded us of the importance of social interaction. The increased difficulty in finding it in the physical world has only served to underscore the value of a higher quality of interaction in the virtual world. We want to interact with those with whom we share common interests. Many want more intellectual stimulation with less rudeness. Some want to be free to express themselves without being censored for bringing up topics that they feel strongly about. They want to be free to pursue information and ideas regardless of whether they are popular or acceptable to authorities in their countries' governments. Interacting with others on a platform that is not likely to disappear in six months is also important.

In 2014, a software engineer named Dominic Tarr was living off the coast of New Zealand on a sailboat. He often spent weeks at a time sailing and needed a way to communicate over unreliable Internet connections. So, he invented a new decentralised social network which later became Secure Scuttlebutt (SSB). In a 2019 interview, Tarr said that part of his motivation for building SSB as open source software was his disillusionment with the software development process in organisations whose managers did not understand or care about software quality or usefulness. I can relate. A blogger named Dan McKinlay claims that, "[Scuttlebutt] started as the übergeek social network for survivalists. Run it from your bugout yacht after a climate apocalypse, while malevolent totalitarian states try to censor your messages and steal your stockpiled tinned food!" Although Tarr mentioned the phrase "zombie apocalypse" during his interview, unclear is the extent to which the perennial threat of some future apocalypse was a motivating factor for his development of SSB. I can see, however, that fears of an apocalypse might motivate some to learn to use SSB. Tarr also mentioned that SSB appeals to the Solarpunk crowd, but he spoke more extensively about the existent need to take back control of our communications from central providers like Google.

An Overview of Secure Scuttlebutt

Secure Scuttlebutt is both an implementation of a decentralised/distributed social network and a peer-to-peer communications protocol. Messages posted on SSB may contain up to 8 KB of text each, and they can also contain pictures. In this article, I will use the terms "message" and "post" interchangeably. SSB users can communicate in three ways. They can exchange messages directly over a small local network, for example, a WiFi network in a home or coffee shop. They can hand carry or mail a USB flash drive to a friend. Finally, SSB users can communicate with other users around the world with the aid of volunteer-run SSB servers on the Internet, called "pubs". Pubs run 24 hours a day, seven days a week, so users can interact with others who are currently off line. SSB servers and clients have the same code. The only difference is that servers are always connected and have public IP addresses. In theory, anyone can host a pub on his Internet-connected computer, so pubs should not be able to charge membership fees. This means that the system of SSB pubs should, in theory, forever remain a decentralised network that anyone can use free of charge. In practice, however, the present and future of pubs are not quite as bright. I will discuss the realities of SSB pubs later in this article.

In a hypothetical world more conducive to the use of SSB with millions of users, few would be forced to rely on pubs. Users on local networks automatically form mesh overlay networks of their own, so most SSB users in cities could receive messages through local WiFi connections. As travellers arrived, after crossing oceans and other sparsely populated areas, local SSB users could connect with them by WiFi to receive their data.

Node Magazine summarised SSB's use of blockchain technology with these words,

The heart of Secure Scuttlebutt is a database comprised of entries from message feeds. Much like with Bitcoin and other cryptocurrencies, SSB feeds are immutable, append-only blockchains. Nobody can go back and modify previous messages, and messages cannot be "forgotten." Only the owner of any given feed has permissions to write to that feed, which is enforced by digital signatures.

Although SSB posts are in some ways similar to those found on online forums, posting messages on SSB is not exactly like visiting an Internet forum. SSB messages flow from a user to his friends and to their friends but no further. Friends of friends of friends will not receive messages. Any user can also block any other users so that he cannot see their public posts or private messages, and they cannot see his or his friends'. A pub is like a friend who has many other friends, including other pubs as friends, so every user can see all messages posted publicly to a pub. I am unclear about the visibility of messages posted to a second pub that is a "friend" of a pub to which a user has access. My impression is that the user can see those messages too, but technically, people who post on the second pub are friends of a friend of a friend by the time their messages reach the users of the first pub.

In addition to posting public messages, two SSB users can exchange private messages. Each message is encrypted with keys that allow only the correct receiver to view the message and confirm the identity of the sender.

SSB acts somewhat like a network of encrypted email servers, but with significant differences. Although I have described the passing of messages as if each message is routed to a specific individual or group of individuals, Tarr says that in reality, SSB passes every message through every user's computer and stores every message on every computer that connects to the SSB network. Each user's computer can only decrypt messages that he is entitled to see. This makes a very robust network in which no routing is required. The downside of this is that the number of SSB users is limited by the amount of data that each user's computer can realistically be expected to receive, store, and transmit, or more precisely, by the amount of data that each user is willing to receive, store, and transmit. If every SSB user had to store ten terabytes of data on his computer and transmit a terabyte a month, virtually no one would want to use the network. This means that SSB's data storage and transmission requirements make it self-limiting in size. Currently, SSB works fairly efficiently, because the number of users is probably less than ten thousand. This is an estimate. The design of SSB prevents anyone from knowing exactly how many people are using it.

In my opinion, the best feature of SSB is that it is designed for dual use. It allows an individual who is connected to the Internet to compose, send, receive, and view messages whenever he pleases. When he is off line, he can read previously downloaded messages and compose his own. For example, a sailor without an Internet connection in the middle of the ocean can read previously downloaded posts. He can also compose new messages, which SSB will store on his computer's hard drive. When he reaches a port where he can access the Internet, SSB will send his stored messages and download new messages from other SSB users.

SSB users can choose from a number of clients that understand the SSB protocol. A client is a program that runs on a user's computer and uses a particular communications protocol to receive services provided by a server. For instance, an Internet browser is a client that understands the HTTP and HTTPS protocols and receives webpages from a server hosting a website on the Internet. Three SSB clients are Patchwork, Oasis, and Manyverse. Patchwork runs on Windows, MacOS, and Linux computers. Oasis runs on Linux computers. Manyverse runs on Android devices. Several other software packages written for SSB can be found scattered around the Internet, for example, on this page.

An 11-minute video on the Scuttlebutt website puts SSB's system of communication in more human terms that may be useful for persuading your friends to try it.

Secure Scuttlebutt's Openness, Decentralisation, and Privacy

In addition to direct ownership of infrastructure, organisations have at least two other means of taking control of communications networks. The first is by somehow restricting users to having access only to servers controlled by the organisation. The second is by forcing all users to connect to the network with only the organisation's client. By the way, this is the reason for the current critical need for diversity among Internet browsers.

The point of using a well-understood (or "open") communications protocol is that it enables anyone with any type of client that recognises the protocol to communicate with anyone else using any other type of client that also recognises the protocol. An open protocol prevents any one group of developers from controlling the network by controlling the client that people use to access the network. This is why SSB's use of an open protocol is so important.

Email is another example of a communications network with an open protocol. In theory, anyone can use any email client and server running on his own computer to communicate directly with anyone else who is doing the same. In practice, large email providers like Google do not pass email to their users from servers that they do not know and trust. For this reason, users of large email providers generally cannot receive email from someone running an email server in his home. Since nearly all email users are unsavvy enough to have allowed themselves to be manipulated into using email services provided by commercial companies, an email server running in a home now has little practical value. This system is now locked in with little hope of change. So, other types of communications networks are needed with open protocols that prevent large commercial organisations from acting as intermediaries in the communications process. By removing the need for intermediaries and through the use of strong encryption, we remove opportunities for giant corporations like Google to spy on our communications. Hopefully, Secure Scuttlebutt will avoid the fate of email and continue to provide privacy for its users.

Currently, only a handful of public SSB pubs exist. This is not my idea of decentralisation. Such a small number are by no means beyond the reach of governmental interference. Perhaps, the only positive thing that can be said is that pubs can be accessed from anywhere in the world, so a single hostile government is less likely to be able to take them all down physically. However, since many governments can now block IP addresses in their countries, blocking a small number of pub IP addresses should be trivial for them. I searched the Internet for references to governments blocking SSB and found none. Perhaps SSB is protected at the moment by a combination of its obscurity and lack of objectionable content that governments can use to justify taking actions against it.

In my view, the storm cloud on the horizon of SSB's future is its heavy reliance on pubs that make it vulnerable to control by any corporation looking to create a new source of revenue. Since virtually the entire SSB network presently relies heavily on a handful of public pubs, an interested company should have no problem quickly buying most or all of them. That company could then "pull a Google" by refusing to allow connections from its public pubs to private pubs or any new public pubs, and the network effect would lock SSB users into a walled garden. This could, and in my view probably will, happen without warning. Most SSB users might not even know when it occurs. The only change they notice might be the appearance of unblockable advertising in their SSB feeds.

Secure Scuttlebutt began with an earlier version, called Scuttlebutt, and added encryption to make it more private. This makes Secure Scuttlebutt inherently more private than email, which transits the Internet as unencrypted text through a series of unencrypted servers. This is why governmental agencies like the NSA can attach devices at critical junctions in the Internet's infrastructure to capture a large part of the world's email traffic, which can then be stored and perused later.

Most will be satisfied to know that SSB insures that messages are encrypted and that no one on the SSB network can impersonate anyone else, so no one but the intended recipients can read messages.

Installing the Oasis Client

I had been wanting to try Scuttlebutt for years, but I had never been successful at installing the Patchwork client on my Linux computer. For multiple reasons, I refuse to use a Windows computer on the Internet. Recently, after once again trying and failing to install the Patchwork client, I finally found a client called Oasis that runs as an appimage. Oasis has the added benefit of not running any JavaScript. It uses only HTML and CSS.

Oasis can be installed in more than one way.

Then, set its file permissions to make it executable. Simply double click on it to run it. The first time Oasis runs, it creates a ".ssb" hidden directory on your hard drive into which it will later deposit all the data that it downloads from the SSB network. Those who are concerned about installing an Oasis binary file from a Github page can install Oasis with the npm package manager using the "sudo npm -g install fraction/oasis#semver:" Linux command or compile Oasis from source code.

Using Secure Scuttlebutt

When an SSB user runs Oasis on his computer, it automatically opens a page (or tab) in his Internet browser. I have not yet discovered how to select a particular browser for Oasis to use if several are present on my computer. I would rather Oasis use my Tor browser, but it may simply choose the default browser or perhaps a random browser if no default has been defined.

Oasis

When Oasis opens a browser, the user will see the following. On the right side of the browser's Oasis page are posts from users displayed in one of a number of ways. Arranged vertically on the left side of the page are links labeled as "Popular", "Latest", "Topics", etc. For lack of a better term to use to refer to these links, I will call them "view" links. Each view displays posts in a different way on the right side of the page. Each view also contains a brief description at the top of the page. Oasis users can read posts using one of these views: "Extended" (posts from people one does not follow (i.e. friends of friends)), "Popular" (posts ordered according to number of "likes"), "Latest", "Topics", "Summaries", "Threads", "Mentions" (posts that mention the user), and "Private". Switching between views in Oasis took me anywhere from 5 to 30 seconds on my laptop with a Core 2 Duo CPU and a solid state drive. The length of time required to switch between views may annoy some users, but for me it was tolerable.

In addition to links to views, other links can be found on the left side of the Oasis page. The "Publish" link takes the user to a page for writing posts. The "Profile" link allows him to create a profile by entering nothing more than a "nickname", a picture, and a short description of himself. A nickname can be his real name or anything he chooses to use instead to preserve his anonymity (which I recommend). Oasis will then generate a private and public key for the user's profile. I have not yet determined how, or if, users' clients can connect directly over the Internet without using a pub. Assuming this is possible, a user would somehow have to generate an "invite" code from his nickname and public key. Of course, a sure way of connecting directly to other users is for a user to run his own pub on his own always-connected server. This would ensure that his friends can download his posts whenever they try to connect. SSB user Cy said,

Currently, I think Scuttlebutt never connects peer-to-peer, and you request all your posts only from various pub servers. (LAN being the exception) That’s problematic, because if you’re invited to a pub, and you make a bunch of friends, then they can only get your posts from that pub. That gives the pub the power to cut you off from your friends, even if you and your friends protest this. You might be able to get invited to another pub before that happens, though that puts a lot of pressure on pubs to invite people just for the purposes of keeping friends connected.

The "Settings" link on the left side of the Oasis page takes the user to a menu that allows him to connect to the SSB network, synchronize data with other users or pubs, and then disconnect. He can also accept an invite, change the Oasis color scheme (called a theme), and choose his preferred language. That is all he can do in the Settings menu.

After I had the Oasis SSB client running on my Linux computer, I opened Oasis and created a nickname for myself as directed under Profile/Edit profile/Profile name. I also added a profile image and description. At this point, I had an identity on SSB!

Next, I tried to add a friend to follow using the Oasis "Settings" page under "Invites", but an error message appeared saying SSB was unable to parse what I had given it. In other words, SSB did not like the format I used to enter my friend's nickname and public key. I tried several different formats, but they all resulted in the same error message. This is another indication that SSB clients cannot connect directly over the Internet without a pub. I do not know the procedure that two users employ to connect over a local network. Perhaps SSB clients do that automatically; I don't know.

I was disappointed to see the small number of configuration options that Oasis has on its "Settings" page. I wanted settings to reduce the amount of data that is downloaded and increase or decrease the number of posts I can see in the various views. The SSB documentation says changing the permissions on the "blobs" folder in the ".ssb" directory to read-only prevents pictures from downloading, but I have not verified this. One reason for the lack of options may be that SSB's fundamental design does not normally allow users to limit the amount of data that is downloaded to their computers. One way of getting around this is through the judicious choice of pubs. I have also seen that choosing to follow a few popular SSB users significantly increases the amount of data that SSB downloads to my computer. This suggests that, although all data is theoretically downloaded to everyone's computer, in practice, the friends-of-friends limitation has a large effect on the amount of data that actually downloads.

I thought about how I wanted to connect to the SSB network and quickly realized that, without having local friends who are already SSB users, my only option was to connect to a pub. I was disappointed to see the small number of active SSB pubs that were available to choose from. One even charges a fee of $2.50 US for an invite code. I was not really surprised by the small number of pubs or the fee because a new user can download gigabytes of data when he first connects. Expecting volunteers to pay for so much data transmittal is unreasonable. I briefly considered creating my own pub just for fun, but the potentially high upload bandwidth required made it unrealistic. Still, I have not completely dismissed the idea of running a small private pub.

I did not want to download gigabytes of data, so I hoped to find a smaller pub. I chose the FreeSocial pub, pasted its invite code, pub.freesocial.co:8008:​@ofYKOy2p9wsaxV73GqgOyh6C6n​RGFM5FyciQyxwBd6A=​.ed25519~ye9Z808S3KPQsV0MWr1H​L0/Sh8boSEwW+ZK+8x85u9w=, into the Oasis Setting/Invites box, clicked the "Accept invite" button and then the "Start networking" button. Data downloaded for about a minute, and then I had messages on my computer! Later, looking through the conn.json file in the ".ssb" folder, I realized that Oasis includes three pubs by default: scuttle.us, pub1.upsocial.com, and xmr-pub.net. Two of them, pub1.upsocial.com and xmr-pub.net, are listed as inactive on the list of pubs on the Github page to which I provided a link above.

Initially, Oasis behaved rather erratically for me. Under "Settings", I had to press the "Start Networking" button and then the "Connect and Sync" button five or six times over a few days to download a significant amount of data from the pubs. I do not mean that I was connected for a few days, just that I connected for a minute or two, watched as data downloaded, and then disconnected when the download appeared to have completed. Initially, only the "Extended" and "Threads" views showed any posts. Posts were at first displayed in a completely random order that made following a conversation impossible. After a few days, however, the posts in most views were ordered mostly from newest to oldest. The "Popular" view is the only one that lets a user choose whether to display content from the last day, week, month, or year. Posts older that one year are rarely visible. Why? They should all be there. The "Threads" view orders responses to each post directly below it. No pictures are displayed in the "Threads" view, which makes sense. Although I recognize that private communication is very important for creating a true community, I never tried the "Private" view, because I had no one with whom to correspond privately. I briefly saw posts in the "Latest" view, but when I scrolled down, they disappeared. An additional day and a multi-hundred megabyte download were required before posts appeared in the "Topics" and "Summaries" views. Then, the "Latest" view also filled with posts that did not disappear. Initially, posts consisted only of text. Pictures appeared suddenly after a few days.

SSB posts can contain hyperlinks to other SSB posts and to web pages on the Internet. Many posts also include hash-tagged topic links that will take a user to all the SSB posts on a particular topic. This is a very nice feature for quickly reading everything posted about a particular topic.

My initial impression of SSB when used with the Oasis client is that it lacks polish. It seems a bit disorganized--definitely no Facebook. I still have not determined how some of the SSB views order posts or how most choose which posts to display. Sometimes, the order seems to be loosely based on creation date, but sometimes I just cannot see a clear pattern. Though I may simply be rationalizing, the very disorganization of SSB may have subtle implications. I learned years ago that I can tell as soon as I walk in the front door of a thrift store whether I want to shop there. If the store is disorganized with miscellaneous items piled randomly on the floor, it is usually a low-priced gold mine. If the entire contents of the store are arranged neatly like any other retail store, the prices are invariably high and the selection low. Highly-organized stores intentionally filter out exactly the types of items I look for. The analogy with social media should be clear. My guess is that a high level of organization is more likely to imply a culling of anything that a professional mediator feels is not in line with the image that a social media company wants to project. Very large social media companies should have money to hire bureaucracies filled with those who see their work as a vocation rather than an avocation. If you are like me, you want developers creating your social media platforms who build them to use them. Perhaps SSB's slogan should be, "Secure Scuttlebutt, the disorganized thrift store of the social media world." Well, maybe not.

Secure Scuttlebutt's Content

The combined content on the two active pubs to which I connected seemed to be fairly diverse. I will give you the flavor of their content by summarizing some example posts.

• A post about a vintage Sinclair Spectrum computer

• Several short posts about ongoing SSB development efforts

• Someone talking about feeling under the weather

• A post with picture of a found cat asking if anyone had lost it (seriously)

• A post about parties in Japan

• A post on solar-powered aircraft

• Several posts by new users introducing themselves

• A posting of a cartoon

• A picture of an alpaca race

• A few artists talking about their paintings

• Someone posted about seeing a coyote during a bike ride.

• Someone posted about a plant identification journal they are keeping.

• Discussions of random theories about people, life, and the Internet

• Discussions of self-hosting activities (which I found very interesting)

• A post about a job-opening for someone to work on a Scuttlebutt IOS application

• Someone posting images of a carrot cake he or she had baked

SSB seems tame compared to other free-speech platforms with which I have experimented. I saw no pornography, and nearly all users are polite. Some are rather "out there", but like people simply being themselves, not in an obnoxious way. The high quality of posts is probably due to SSB being specifically designed to filter out posts by users who are disliked. As mentioned previously, each user can choose to follow or block any other user. Users you block do not appear in your feed, but others who have not blocked them can still see them. If you block someone, my understanding is that your friends who follow you will not see posts from the person you blocked if that person was your friend but not your friends' friend. I am not yet clear about exactly how this works, so I cannot give more details on exactly who sees what.

Final Words

My initial impression of Secure Scuttlebutt is that it is likely to be the most appealing to average social media users of any of the decentralised and distributed networks I have tried--Aether, IPFS, I2P, Lokinet, Gopher, Gemini, and ZeroNet. Though I still prefer ZeroNet and feel that many other technically-minded people will too, I find SSB content to be both broadly appealing and remarkably polite. The lack of pornography should appeal to many. The topics of conversation seem appealing to a general audience as well as to those who have certain interests. The volume of new content seems appropriate for holding one's interest enough to encourage him to look forward to checking daily for new posts without feeling overwhelmed. SSB's peer-to-peer and private communications features also have the potential for providing a better platform for discussions among close friends and family members than any other decentralised platform that I have tried. Though I did not use SSB for sending private messages, it apparently makes this easy for conversations that one would like to keep private--for example, when one is throwing herself a birthday party and wants only her closest friends to attend.

One significant downside of SSB is that most will be forced to use it with a pub. This means that in order to communicate with friends, a user must also download data from other users in which he may not be interested. The only other alternative is to create one's own always-connected SSB pub server, which I believe few average users will want to do. However, I read on SSB that Yunohost now provides an SSB "room", which may make this easier. I do not yet have a good grasp of the practical differences between SSB rooms and SSB pubs, but my understanding is that SSB may be transitioning away from pubs and toward rooms. SSB user @Vojta said eight months ago,

Very recently, someone created something called #rooms which is a new way to connect to people. They forward your IP address and port so that you do connect directly to your friends, unlike with pubs. And unlike pubs, they don’t just do that for your friends. Anyone else connected to the room gets to connect to you as well.

The privacy implications of sending your real IP address to others worries me, but as I said, I really do not know anything about SSB rooms yet. Note that, unlike SSB, ZeroNet does not require users to have always-connected servers to host content. By employing Bittorent trackers, ZeroNet's peer-to-peer functionality works across the entire Internet, not just between users on the same local network.

SSB is currently far from the decentralised tool that it seems to have been designed to be. I mentioned the problem posed by the small number of public SSB pubs. I suspect that many unpublicized private pubs also exist, but they do not benefit the average SSB user much. My guess is that the problem of the small number of public pubs will persist as long as Internet service providers continue to provide relatively low bandwidths and data limits for residential customers. This is unlikely to change significantly any time soon.

An advantage that the Oasis appimage has over the ZeroNet client is that the appimage is easier to install. As I said, I have tried and failed multiple times over the years to install the Patchwork SSB client on Linux computers.

Finally, Oasis seems more geared toward a consumer of Internet content, rather than a producer. Oasis does not allow the user to create a "web" site, the way ZeroNet does. However, I did see one SSB application, called Ticktack, that claims to be designed for blogging. I have not tried it.

The bottom line on Secure Scuttlebutt is that it seems fairly easy to use, has nice offline features, and contains polite, interesting content. For these reasons, I intend to look more closely at it. Despite the long-term problems I see, I think SSB makes sense for many who are currently looking for a decentralised social media platform.