I Believe That It's Important For All of Us to Understand What 'Decentralization' Truly Means. Please, Let's Talk About That

It's a buzzword like AI but for lefties

I think this scoring system is missing Language Support as an important aspect of decentralization.
Centralization happens not just through commercial hosting (centralization of ownership), but even through self-hosters being in relatively centralized locations, limited jurisdictions, etc: an app with 300 self-hosted instances all located in one city (or even just all within 5 Eyes countries) is much easier to shut down than an app with those 300 spread across the globe, and language support is important to help facilitate that level of decentralization.
- If we're talking takedown-resistance, we may need to enter the dark web realm:
  Tor hidden sites are inherently hard to pinpoint
  ZeroNet was an interesting project, seems to be abandoned
  I2P is like Tor on steroids, can publish all sorts of services
  IPFS is a decentralized P2P storage system (best/worst known for NFTs)
  ~~FreeNet~~ Hyphanet is a 25+ years old distributed content system with limited support for services
  FreeNet is... honestly, haven't seen a working example, but it sounds interesting?
  Matrix... if they manage to get things under control
  Nostr is a censorship-resistant distributed messaging system
  Hosting distribution and localization varies, but they all have features to make it hard to pinpoint host and/or client locations.
  
  Takedown resistance is a natural consequence of decentralization, but it's not decentralization itself.
  Technical means to evade takedown like you're describing also tend to add complexity which reduces usability, whereas language support reduces complexity for speakers of the supported languages.
  I think this scoring system is a little haphazard, and should probably be divided into multiple separate, parallel scores. Takedown resistance needs its own score, based on ability to integrate with anonymization tools, ownership of codebase, accessibility and security of dependencies, etc.

Everyone that thinks self hosting E-Mail is easy, I urge you to run your own mailserver and see how many mails actually reach their targets.
Your mailserver won't be trusted by anyone, which makes your email always be delivered as spam, if they don't get blocked outright.
Otherwise this scoring system seems to be quite alright. Even though it could use some more detail and citing some sources for the numbers would be great.
- Self hosting emails is a pain, but I've been doing it for almost 2 years and I do not have any of these issues. I'm not an expert either, I just thoroughly followed a tutorial to properly configure dmarc, dkim and everything else and everything just works (I just hope I'm not jinxing it by writing this :D )
  
  Glad it worked out for you!
  But it's definitely one of the deadly sins of selfhosting.
  
  How many users are you supporting? And how frequently do they complain about spam, delivery issues, and that sending that last email with a 5G attachment keeps failing...
- Nobody thinks self hosting email is easy. Wtf.
- I've been self hosting my email for a long time, but I use an outbound SMTP relay so I don't have to deal with IP reputation. The more interesting part to self-host is the receiving part, not the sending part.

The real issue is lack of community-run ISPs. We can self-host all we want, but we're still using the network paths of major providers when data is in transit.
More community run mesh networks. More community run fiber networks. Generally, just more community, less business.
- It will cost way more and work significantly less. There's a reason networks are built like they are.
- There are many community networks out there, but they require more dedication and funding than simply paying an ISP, for a worse service. It's a hard sell to the average doomscroller.
  The EFF scaled down their efforts for OpenWireless.org after it became obvious that they'd have to support hundreds of different hardware models, and ultimately abandoned the project.
  A couple decades ago, Fon tried to build a mixed community-commercial network with their own standardized hardware, but even the commercial incentive was not enough to keep it afloat in the long run. Some of the hardware got repurposed for community projects, but most of the best placed hotspots ended up in the trash, replaced by municipal and ISP networks.
  In many places, fiber is a no-go. Like, in my city there was a large move to get fiber to most houses over a decade ago, but after the first deployment of a handful of ISPs, the city stopped giving permits for additional deployments: lease from one of the existing ISPs, or you're SOL.
- I think the most feasible solution is municipal internet, where the city owns its own fiber lines and essentially runs it like a non profit. Good cities that do this don't see it as a profit center; they see it as providing a critical service to their residents. Some of the maintenance cost comes from taxes, just like roads, public schools, etc.
  Palo Alto California is doing this. They're modernizing their electricity grid, so they're also running fiber at the same time as running the new electrical lines. Electricity in Palo Alto is run by the city, and as a result, electricity there is less than 1/3 of the price of electricity with PG&E, the investor-owned utility company that supplies most of Northern California.
  More community run mesh networks
  That's kinda what settlement-free peering at an IX (internet exchange) is. Multiple networks agree to connect to each other for free. Of course, the networks are usually large ones, so that kinda goes against your other points.
  
  It's one of those heavy network effect things where the argument for nationalisation is strongest, for sure.
- I'm only aware of people using ham radio for community mesh networks.
  Are there more sophisticated community networks? Or do you just mean something like an ISP cooperative group?
  
  Or do you just mean something like an ISP cooperative group?
  Yeah something more like this.

Email should not score this high. Self hosting an email server is a pain in the ass because every other server sends you to spam by default.

Realistically, more people need to self-host, or at the very least we need more mon-and-pop style datacenters. The foundational protocols of the Internet inherently make the web decentralized, but most would rather offload hardware costs and, more importantly, security, to those more knowledgeable. Not that I blame them, as running one's own hardware is extremely time intensive, nevermind power and equipment costs, but it's no wonder that conglomerates have stepped up to fill that role (nevermind economies of scale). Yet, this is how we've fallen into the situation we are in now.
- I'll second the mom-and-pop thing. It's a lot more realistic than the average Joe having to configure and manage things, but still will kill monopolies and associated fuckery dead. That's kind of how Lemmy instances work, although I only know for sure my own is on a private box.
  It's a bit harder for heavy things like streaming, though.
  
  Indeed, I think the entire idea that needs focus is distributing away from a handful of large corps, although I don't see streaming going in that direction largely due to IP rights for content, not necessarily bandwidth and resources. Many streaming platforms as I understand already have their content distributed through CDNs that are geographically dispersed as to ease network load, though they retain control over that hardware. I'm proposing providing more options for your average joe website than on something controlled by the likes of Amazon and Microsoft.
- mom-and-pop style datacenters
  I find this wording very funny for some reason. I do wonder what a more-decentralized internet would look like though, rather than 90% of it being in the hands of a few megacorps.
  
  I honestly think the drivers model has some merit to it, and it'd be interesting to see federated data centers. I dunno how well it would work out, but it would be interesting.
- Risk is also a factor re: self hosting.
  You're exposing potential attack vectors, which is particularly concerning if self hosting = home hosting.
  Also with home hosting, it's probably against your ISP's TOS. It is for mine (I actually read it!). Will they do anything? Probably not. But it's a risk.
  You could face legal issues if someone posts illegal content, since you're hosting it. Even unwittingly.
  Those concerns are what stop me. Because I otherwise think I'd enjoy hosting a little corner in the fediverse.
  
  Valid points. Also too, the cost associated with a business class data plan that actually allows hosting. If you think about it, it really is an arbitrary restriction put in place by ISPs to goad those who want to leverage the internet's potential into more expensive plans.
- more people need to self-host, or at the very least we need more mon-and-pop style datacenters.
  most would rather offload hardware costs and, more importantly, security, to those more knowledgeable.
  running one’s own hardware is extremely time intensive, nevermind power and equipment costs
  These three points that you've made are NOT accurate. I could go into great detail as to why this is but I won't waste our time nor embarrass you.
  The problem, unfortunately, always comes down to money.
  This isn't a technological problem.
  All of the popular widely used corporate platforms gain more users because they have the money in which to market/advertise themselves.
  
  That's not contradictory. Most would rather offload hardware and security costs, running one's own hardware is time intensive nevermind power and equipment costs, and you can indeed add advertising and awareness costs to that list. But you do also need the resource investments for a service to start with before advertising it.
  
  Wtf??
  What the hell are you even smoking???
  I do agree with one tiny little bit of your list, though, and that's the fact that your rebuttal would, in fact, be a waste of time.

There are a few things I don't like about this scoring system :
Why is there a "Top Provider Content Share" metric if its gonna score the same as the "Top Provider User Share" every time ?
Why is the Top Provider Content Share not higher than the user share ? For instance, emails usually have at least one sender and one recipient, making it twice as likely that at least one of them is using gmail. If an email has 10 recipients across 10 different providers, each provider has a copy of the data
Why is ease of hosting a mail server rated so well ? How is "leveraging email hosting services" decentralized in any way ?
Why are we using a random repo created a few hours ago by a random github user as a reference ?

Self-Hosting: Server: Easy (Leverage email hosting services) → Score: 18/20
Is it really self-hosting if someone else controls the data and software?
- I run my own mail server since sometime late last century, and it's gotten progressively more difficult over the years. Not setting up the server, that part is easy. Hardening it is a bit more work. But what's making it nearly impossible is the big players' anti-spam (or should that be in quotes) measures.
  \ My mail server checks all the boxes it should - TLS, SPF, DomainKeys, DMARC, a domain name that's been around for decades, same hostname and IP address for years, never been on any block list, ... yet still e-mails relayed by it are tagged as spam for increasingly ridiculous reasons: it's a residential IP (actually it's not), the PTR record doesn't match the A/AAA record (yes, that server has multiple jobs and multiple host names - not that unusual), the domain name is suspicious (same owner and tech-c for decades, same IP and SPF records for years), ... if I didn't know better, I'd suspect that MS, Google etc. just use their spam filters to make life difficult for anyone outside their oligopoly. But that's probably just beause I'm a cynic.
  
  Spam protection is hard given SMTP was never designed with it in mind.
  I also self-host my email, but I use an outbound SMTP relay to avoid having to deal with all that stuff. My server sends outbound emails to a company that's got that all figured out.
  Maybe that's not "true" self hosting, but it's really no different to people that self-host but put Cloudflare in front of their server, apart from the direction (Cloudflare is for inbound traffic whereas SMTP relaying is for outbound traffic).

What is this shady, unsubstantiated, posted yesterday ass random github repo trying to encourage people to compromise their email security and why is it worth posting?
- It's meant to explain what decentralization is and is not. That's all.

i like this scoring system, and not one piece of information surprises me.
- What surprises me is that they count using an email service as self-hosting. With that logic wouldn't bluesky get a high score because people can bring their own domain easily?
  
  email can be run using hundreds of servers on dozens of platforms even from your own house and interact with the email network.
  youre not doing anything like that with bluesky. even with the domain thing, there is only a single bluesky router that everyone connects to.
  no one is self hosting a bluesky router

Since when can you self host bluesky?!?
Edit: I dont see any mention of how to install a bluesky instance in their documentation https://docs.bsky.app/
- @jaggedcircle You don't install a Bluesky instance, rather you host your own PDS, or your own web client, or the feed part. It's all a mess and the latter has very high system requirements for one to self-host from what I understood. Basically, it's impossible if you're not a company with the willing and the money to do it.
  If decentralization actually happens on Bluesky, it will be more confusing for the average person than with something like Mastodon.
  @remington
- https://github.com/bluesky-social/pds
  Also, it isn't 'decentralization' in the strictest technical sense. That's what the Decentralization Scoring System is trying to show.
  
  It shouldn't be on the list if it isnt decentralized
- Just some parts of it. https://github.com/bluesky-social/pds

Technical ease of running your own backend. Full points for Docker/simple setup with good docs.
Oof, they neef a column for security to mark back down all the services that use docker.
- How does Docker reduce security?
  
  It downloads things without checking signatures by default. And even if you enable DCT, it TOFUs every key without even asking or checking against a WoT
  Basically, using docker means you could run malicious code (arbitrary code execution) in your container because it doesn't verify what it downloads.