Got Zot?

An introduction to the protocol that powers Hubzilla
2017/08/01 
Updated 2018/04/15

The world is full of protocols. Some are loosely defined by society, and some are rigidly defined by their architects. In many urban environments, for example, there is a protocol for how you ride an escalator: if you choose to stand, you stand on the right side so that those who choose to step can get past on the left. If you ignore this protocol, you may get some annoyed looks but you will still get where you are going. More rigid protocols, such as the hypertext transfer protocol (HTTP) that governs most communication on the web, can be much stricter and more elaborate. If your browser puts one semicolon in the wrong place you can forget about seeing those cute cat videos.

So what does that have to do with Hubzilla? And for that matter, what is Hubzilla anyway? Hubzilla is free and open source software designed to support your freedom and privacy; anyone can run it on their own server and inspect the code to learn how it works. It is an advanced platform for online communications and content publishing that provides decentralized access control. That last bit is the critical difference between Hubzilla and all the other blogging platforms, social networking sites, and messaging systems that dominate the web today, and it is precisely the motivation for inventing Zot instead of choosing from the plethora of existing communication protocols. To appreciate what is so innovative about Zot, we need to explain first what "access control" means and then why "decentralized" makes the problem of access control challenging.

Like protocols, the world has no shortage of access control. Does your house have locks on the doors? Do you let everyone watch you take a shower, or do you prefer to control access to that activity? How about conversations about your finances? I bet you publish those on billboards, right? Of course not! We all constantly control access to things for many reasons.

And sometimes you want to have a private conversation with someone that no one else should read.
Electronic publications and communications are no different. You may want to publish an article like this one for the whole world to read, but you may also want to participate in a restricted access forum online where members of your neighborhood can discuss community issues. And sometimes you want to have a private conversation with someone that no one else should read.

image

The traditional centralized solutions to these problems have existed for many years and are what virtually everyone currently uses online. This is because it is relatively easy to manage access control when you have one central authority acting as the gatekeeper to content. Facebook is the most influential example of this model. If you send a message to a select group of friends, only they have access to it because Facebook (1) authenticates them by identifying who they are based on their knowledge of their secret account password and (2) authorizes them to access the message by verifying that they are on the message's access control list (ACL), which is the technical term for what you created when you "sent" them the message.

image

There are several fundamental and serious problems with this centralized model. Arguably the biggest problem is that you do not own your identity. But that's absurd, you might immediately retort, of course I own my identity! Well, let's consider what ownership means. Ownership of identity means, for one thing, control. If you own your identity, you control it somehow. With Facebook and similar centralized services, they alone have the power to create and delete your online identity. They grant you access to your identity when you log in. As the years roll by and you share all sorts of content with all the people you have connected with, you may be alarmed to discovered that you need the centralized service. If you want to leave, all of that shared content and all those connections vaporize. What's worse, you can't even share something privately with people unless they also allow their identities to become hostage to the platform. It's like some kind of pyramid scheme.

They grant you access to your identity when you log in.

Now we can begin to appreciate some of the benefits of decentralization in our online communications. When you register an account on a “hub” — a server running Hubzilla — you can make connections with other people and share things even when they are on completely independent hubs operated by different companies or organizations. This is the essence of what it means when we say Hubzilla is a decentralized network. We like to call the network of Hubzilla-powered websites “the grid”. There is no single entity that controls the network or, by extension, you. It is ironic that this needs explanation, because the most ubiquitous and long-lasting online communication system — email — is a shining example of decentralization. Anyone can run an email server and exchange emails with other people, even if they are using an email server hosted by a separate business or university. As robust as email has been historically, however, it lacks a lot of capabilities that we want in modern communication. It is designed for passing small messages back and forth; it is not designed for controlling access to published content hosted on a modern website using secure encryption methods. This is what Hubzilla is designed to do. Hubzilla lets you do things like share photos privately with only your family and friends, or publish news articles only to paying subscribers, even if none of these people have an account on the server hosting the content.

What makes Hubzilla truly unique is combining the ideas of decentralized access control and identity ownership. The result is something that is frankly revolutionary: it's called nomadic identity.

To be clear, providing decentralized access control is an impressive feat per se. There are only a few other platforms available that provide this capability on the "standard" internet of websites accessible by browsers over HTTP. What makes Hubzilla truly unique is combining the ideas of decentralized access control and identity ownership. The result is something that is frankly revolutionary: it's called nomadic identity. Truly owning your online identity means that you maintain your contacts and access to the things people have shared with you even if you change accounts on different servers. It means that you can have clones of your identity on independent hubs allowing you to maintain your online presence and continue communicating even when one of your servers is unavailable (temporarily or permanently). No other platform provides this level of robust identity ownership.

Visit http://hubzilla.org to learn more about what Hubzilla can do for you...