Why Decentralization is the Only Way to Prevent Cybersecurity Breaches?
1/ A decentralized network is built by people, where individuals function as nodes within the network.
2/ There is no central server that stores data in a single location; instead, all data is distributed across random devices/nodes within the decentralized network.
3/ Data can only be decrypted using a unique private key specific to each user.
4/ Messages are sent with end-to-end encryption (E2EE) within a peer-to-peer (P2P) decentralized network, bypassing the need for a central server, unlike centralized platforms such as Telegram or WhatsApp.
The absence of a central server translates to no centralized data storage, which in turn means no potential entry point for hackers to exploit and compromise data, thus preventing data breaches.
Three decentralized tool that I tried:
- SimpleX:
- Simply a decentralized messaging tool, safer than Session
- Nostr:
- Fully decentralized social platform
- Full of spam, hard to use compares to mastodom.
- WireMin:
- Not open sourced (if they are open sourced, it will be my top choice.)
- A combination of mastodon and Session
Counterpoints:
Everything is built by people. People are imperfect, so mistakes happen.
Where the data is stored is meaningless. Once access is gained to the network, all resources are accessible.
This is not limited to decentralized networks. It’s completely feasible for a central system to be designed in such a way as to ensure that nobody including the system operators has access to user data. Likewise, it’s entirely possible to build decentralized networks with no encryption at all.
As with point 3, encryption is not a function of decentralization. While there may be value in getting rid of a central server, that value is not tied to encryption.
Problems with decentralized systems:
How to prevent breaches:
If these are properly implemented, it doesn’t matter whether the system is centralized or decentralized, no breach can affect more than one user at a time and having breached one user does not make it easier to breach another.
Since your examples all relate to interpersonal communications, I will describe such a centralized system:
There are a number of things that can be done to streamline this system and mitigate against loss of private keys and deal with “perfect forward secrecy”, but the system as described will work.
One interesting feature of this system is that, technically, it can operate completely in the open with no user accounts or log ins. Anyone can grab whatever they want because the only stuff they can decrypt is the stuff encrypted with their own public keys. In practice, of course, logins may desirable or even necessary for other reasons.
And going back to the very first point about people and their imperfections, I won’t be surprised if someone finds mistakes in my presentation.
There are several reasons to prefer decentralized systems, but data security is not inherently worse in a centralized system.
For me censorship and ads are the reasons pushed me away from centralized social platforms
Absolutely, me too. I was making the point that encryption is about protecting communications and data, not about network architecture.
It is possible to construct a centralized system that is completely safe against censorship and user profiling.
It is not possible to construct a network that eliminates ads, since anyone with access to the network can either inject ads or spam users who have published addresses. Those ads might not be targeted based on user profiles, but they will still be ads.
Even if you have mechanisms to punish bad actors, it will always be a game of whack-a-mole.
If you utilize any form of filtering, you will still always have false positives and false negatives.
The only ways to stop ads is through strong enforcement of legislation or through contractual agreements.
Enforcement of legislation would require proving that the ad was placed by the people offering the goods or services instead of someone trying to harm that business. If communications are being properly protected, that could be impossible.
Contractual agreements will likely require both centralization and paid service.
All we can ever really do otherwise is to spin up new networks when existing ones become unusable. That is where decentralization (and data ownership!) has much to offer. When it is inexpensive (both financially and with regard to their social graphs) for people to isolate undesirable nodes, create new networks, and migrate to new networks, it becomes more difficult and more expensive for advertisers to follow people around and maintain connections to multiple networks as they are created and die off. That can push the returns on ads too low to justify.