[Groxx]

Which exposes you to greater complexity in combating abuse, and greater difficulty in discovery.

I agree entirely, and I really like the fine-grained "part P2P part federated" stuff that's growing more and more popular, but it's not a zero-cost thing to do. And it's not just a "oh, well, the code's a bit more complex" cost, the user experience will be unavoidably more complex as number of hosts increases, as they now need to select one in order to enter the ecosystem... but they're outsiders, how do they make an informed choice?

[hammyhavoc]

Abuse is something that there's work being done over: https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix...

I disagree re discovery, it's working-as-intended. It's got better discovery than say email, at least there are actually identity servers for people who wish to use them, and can work with both phone numbers and email addresses.

Non-publicly-addressable accounts are excellent, that's why the EU gov, military, healthcare and emergency services are using Matrix protocol versus say WhatsApp.

People can host their own node right now, and that's encouraged rather than joining Matrix.org or a paid Matrix provider. 60m+ publicly-addressable accounts on Matrix thus far. A Raspberry Pi starts at the price of lunch.

However, going forward, there's work being done to have on-device lite servers, eliminating the need for a third-party server to send/receive messages. These can even work P2P via BLE, meaning connectivity in areas of natural disaster, warzones, and political unrest where an oppressive government or invading force may disable the internet.

[Groxx]

That post on abuse is a good example of what I mean, tbh. It's proposing a tagged reputation system.

That means users choosing and updating tags, service-owners choosing and updating tags and taggers, taggers having to follow[1] purposes of tags and changing purposes of tags, eventually mime-type-like things for better specificity and disambiguation, etc. There is absolutely no way that that is a better non-technical / non-deeply-invested user experience than "the company checks on and deletes violating stuff for me so I don't see it".

I generally like it, reputation systems are a reasonable option for nearly everything in a federated or P2P system, and they're wonderfully flexible. But they're not simple. Any time you choose reputation, you're depending on a manually-selected pool of trusted actors (at the very least for bootstrapping), or putting highly-technical expectations on users. You can reduce the impact (significantly) with good UX, but you can't truly remove it.

[1]: or abuse! abuse of abuse-management systems is a huge problem.