While there is a surge in federated social media sites, like Bluesky and Mastodon, some technologists are hoping to take things further than this model of decentralization with fully peer-to-peer applications. Two leading projects, Spritely and Veilid, hint at what this could look like.

There are many technologies used behind the scenes to create decentralized tools and platforms. There has been a lot of attention lately, for example, around interoperable and federated social media sites using ActivityPub, such as Mastodon, as well as platforms like BlueSky using a similar protocol. These types of services require most individuals to sign up with an intermediary service host in order to participate, but they are decentralized in so far as any user has a choice of intermediary, and can run one of those services themselves while participating in the larger network.

Another model for decentralized communications does away with the intermediary services altogether in favor of a directly peer-to-peer model. This model is technically much more challenging to implement, particularly in cases where privacy and security are crucial, but it does result in a system that gives individuals even more control over their data and their online experience. Fortunately, there are a few projects being developed that are aiming to make purely peer-to-peer applications achievable and easy for developers to create. Two leading projects in this effort are Spritely and Veilid.

Spritely

Spritely is worth keeping an eye on. Being developed by the Institute of the same name, Spritely is a framework for building distributed apps that don’t even have to know that they’re distributed. The project is spearheaded by Christine Lemmer-Webber, who was one of the co-authors of the ActivityPub spec that drives the fediverse. She is taking the lessons learned from that work, combining them with security and privacy minded object capabilities models, and mixing it all up into a model for peer to peer computation that could pave the way for a generation of new decentralized tools.

Spritely is so promising because it is tackling one of the hard questions of decentralized technology: how do we protect privacy and ensure security in a system where data is passing directly between people on the network? Our best practices in this area have been shaped by many years of centralized services, and tackling the challenges of a new paradigm will be important.

One of the interesting techniques that Spritely is bringing to bear on the problem is the concept of object capabilities. OCap is a framework for software design that only gives processes the ability to view and manipulate data that they’ve been given access to. That sounds like common sense, but it is in contrast to the way that most of our computers work, in which the game Minesweeper (just to pick one example) has full access to your entire home directory once you start it up. That isn’t to say that it or any other program is actually reading all your documents, but it has the ability to, which means that a security flaw in that program could exploit that ability.

The Spritely Institute is combining OCap with a message passing protocol that doesn’t care if the other party it's communicating with is on the same device, on another device in the same room, or on the other side of the world. And to top things off they’re working on the protocol in the open, with a handful of other dedicated organizations. We’re looking forward to seeing what the Spritely team creates and what their work enables in the future.

Veilid

Another leading project in the push for full p2p apps was just announced a few months ago. The Veilid project was released at DEFCON 31 in August and has a number of promising features that could lead to it being a fundamental tool in future decentralized systems. Described as a cross between TOR and Interplanetary File System (IPFS), Veilid is a framework and protocol that offers two complementary tools. The first is private routing, which, much like TOR, can construct an encrypted private tunnel over the public internet allowing two devices to communicate with each other without anyone else on the network knowing who is talking to whom.

The second tool that Veilid offers is a Distributed Hash Table (DHT), which lets anyone look up a bit of data associated with a specific key, wherever that data lives on the network. DHTs go all the way back to Bittorrent’s tracker, where they help direct users to other nodes in the network that have the chunk of a file that they need, and they form the backbone of IPFS’s system. Veilid’s DHT is particularly intriguing because it is “multi-writer.” In most DHTs, only one party can set the value stored at a particular key, but in Veilid the creator of a DHT key can choose to share the writing capability with others, creating a system where nodes can communicate by leaving notes for each other in the DHT. Veilid has created an early alpha of a chat program, VeilidChat, based on exactly this feature.

Both of these features are even more valuable because Veilid is a very mobile-friendly framework. The library is available for a number of platforms and programming languages, including the cross-platform Flutter framework, which means it is easy to build iOS and Android apps that use it. Mobile has been a difficult platform to build peer-to-peer apps on for a variety of reasons, so having a turn-key solution in the form of Veilid could be a game changer for decentralization in the next couple years. We’re excited to see what gets built on top of it.

Public interest in decentralized tools and services is growing, as people realize that there are downsides to centralized control over the platforms that connect us all. The past year has seen interest in networks like the fediverse and Bluesky explode and there’s no reason to expect that to change. Projects like Spritely and Veilid are pushing the boundaries of how we might build apps and services in the future. The things that they are making possible may well form the foundation of social communication on the internet in the next decade, making our lives online more free, secure, and resilient.