Holochain vs ActivityPub

vs

Holochain is being talked about in my circles as if it were a magic bullet, and the natural platform for any radical initiative to build on. It is true that Holo represents a radical break with web software, and allows a kind of decentralisation which until now has been very difficult. But I want to compare and contrast it with another approach which I believe is more appropriate in some use-cases, the new web standard, ActivityPub, a protocol for sharing and directing content between social networking hubs.

The technologies have important commonalities. Both can be used to diversify from our dependence on web applications hosted centrally by one organisation or in one country, and which hold all the data for all users. They both get around this by defining a protocol - a language - for different programmes running on different machines to connect to each other. More than that, both can be thought of as a meta-protocol, which allow protocols to be defined so that apps can share whatever information they like. In this software paradigm, anyone software which implements the protocol can become a node in an information-sharing network; data can be managed by its natural owners not by a single service provider, and any application can be re-imagined without a central server. In particular, we need to reimagine Facebook, Amazon, Ebay, Paypal, and both approaches allow that, although I'm not sure how well they scale (or will scale with more investment).

ActivityPub was created as a protocol for creating decentralised social networks to replace facebook. It sees the word in terms of actors who perform actions upon data objects called activities organised in chronological streams. So in a social network, that means a user would post a status update, and another user would 'like' that status update. Each user has an inbox and an outbox which publish and collect the activities of the agents they follow. This is perfect if you want to add functionality to your social network. You just define a new ActivityStream, and any node which implements that definition can work with your new datatype. Users can form groups and because a group is a kind of agent, they can act as a group. Each node lives on a web server (which means that it is always online), and users log in through their browser to their local node where their account is stored. If you forget your password, you can do a password reset, but the server can still be targeted by hackers or criminals.

Some ideologues insist on their tech being fully decentralised, meaning that it is peer to peer, and has no servers; ActivityPub doesn’t go that far, but rather, is distributed, meaning that it has many centres instead of one. Some would say that ActivityPub isn't 'truly' decentralised, but distributed because each node is a kind of centre. It is possible to be more decentralised by eliminating web servers altogether, creating a network only from the software instances who happen to be online at that moment. This is called a peer-to-peer, or sometimes 'agent-centric' network, and this is what Holochain makes it easy to create. Not having a server means you don't have an account anywhere, and you authenticate to the network using a private key on your device. This means that users have to manage their private keys and if they lose it, they lose their identity. It also means that peers need to cache each others' data otherwise you would only be visible in the network if you were actually online - but that's ok because Holochain manages all that.

Each Holochain application has a unique thumbprint, called its DNA, which is a hash of the application's data definition. That means that all apps with the same DNA comprise a network and can talk to each other. This is perfect if you want to disintermediate Uber with a decentralised ridesharing app. Everyone using your app is automatically part of the same network.

I see two major strategic differences between the technologies: Firstly it seems to me that many people are underestimating the problems of using agent-centric software, in which each user is responsible for keeping their private key safe and safe from theft. Most users don't have the mental apparatus, habits, tools or filing systems to look after private keys; they still use the same or similar password for everything and rely on a password reset sometimes. 3rd party services are emerging to help us manage our private keys, but giving your keys to somebody else kind of defeats the objective of agent-centricity.

The second difference is that Holochain is a protocol for defining protocols, each application implements one and only one protocol, and has one DNA thumbprint and one defacto network for sharing data. But ActivityPub offers a whole series of protocols each called an ActivityStream, each which can be implemented independently. Thus each datatype could be thought of as comprising a network in itself, but an application could use several of these types together. Thus a ridesharing network could be brought together with a room-sharing network in the same app. So while Holochain allows application developers to create new networks, ActivityPub requires that the community agree on the data definitions first, and then each definition (and by extension each network of publishers of that data type) is available to all.

For my purposes as someone who wants to see a massive coming together of alternative movements, ActivityPub seems a better way to go because it provides more opportunity for coordination at the political level - around the specification of each ActivityStream. My concern with Holochain is that it seems more optimised for the classic startup approach to software where one team makes one app and tries to monopolise a field with it. So saying it is early days for both technologies and they could go in different directions. Maybe I'll follow up this post in a couple of years...

Thanks to Lucas Huber, Dorian Cave and Bob Haugen for comment on the draft of this article.