8
As we had the occasion to observe in previous mapping research on P2P services
[9], part of the reason why there is such a great diversity and complexity in this field
is the relatively short life span of several projects. While our mapping covers only
projects that are currently active (with one exception, Pond, „in stasis‟ albeit not deac-
tivated), our preliminary research revealed countless others that, after two or three
years of pre-beta phase, and sometimes less, stopped development with no evident
explanation. While in more than a few cases, the motives behind this are primarily
related to a technical experimentation that did not deliver as hoped or expected, a
number of additional factors may also be responsible, including the failure to develop
an economic model, the internal governance of FOSS development groups, and the
inability to rally a critical mass of users around the app (possibly due to a lack of
ease-of-use, as discussed below). These socio-technical factors will be useful to ob-
serve in the cases eventually selected for the in-depth ethnographic analysis, as a pre-
cious source of „lessons learned‟ in terms of user recruitment and governance models.
A social perspective is necessary for the design and refinement of technical proto-
cols, with a focus on whether or not users understand and value the various security
properties of the protocols. For example, do users understand what a “key” is and
forward secrecy? Often protocol designers make assumptions about whether or not
ordinary users can understand the security and privacy properties of their protocols.
For example, almost all protocols from PGP to Signal use methods such as “out-of-
band fingerprint verification” to determine whether or not the recipient of their mes-
sage really is who they think they are. It is unclear if users actually use these tech-
niques to verify the identity of their contacts. Another example that has been debated
in the technical community is deniable authentication. While a protocol may be tech-
nically deniable, would this cryptographic deniability hold up socially, much less in
court? Answering these kinds of questions influences the kinds of protocols that can
be designed by the research community. Lastly, why do only some protocols enable
decentralization via open standards? It is unclear if users prefer (or can even tell the
difference between) peer-to-peer solutions and centralized services. Between these
two extremes, there is the question of how users make trust decisions in open and
federated environments such as PGP and XMPP where users could run their own
software or delegate this to a trusted group. Answering these questions is vitally im-
portant to ground the design of new decentralized protocols and refine existing ones
to become decentralized.
The interdisciplinary character of NEXTLEAP project provides us access to sev-
eral important communities working on improving messaging protocols and encryp-
tion, such as the LEAP/Pixelated team, Cryptocat, Open Whisper Systems, Briar,
CJDNS, Tor and others. We plan a set of interviews with the teams of three selected
projects, as well as observations during important cryptography, decentralization and
privacy-related events. We are focusing on both developers and users. Thanks to pre-
vious research conducted in the field of activist-targeted technologies, we have con-
nections within several activist user communities in different countries (France, Ger-
many, UK, Austria, Greece, Russia, Mexico, Tunisia, and Lebanon). We will focus on
the patterns of adoption/rejection of different messengers/mailing clients, on users‟
“careers” (e.g. studying usages of encryption and privacy enhancing technologies in
dynamic relations to the activist careers and life trajectories), with a specific interest