Peer-to-peer ephemeral public communities

Aether News & Updates - June 2018

Hey folks - this is your monthly update, as usual, with your friendly developer hard at work full time on getting this thing to be something that we can all actually use.

There is a short (ha) description of what Aether is below for folks just tuning in. It also includes a bunch of things that are recently implemented, so if you’re interested in how it works, it might be interesting to check out. Otherwise, feel free to skip to the June 2018 updates section.


For newcomers - what is this thing you’re building?

It’s a privacy-rooted, anonymous and ephemeral Reddit-like platform with features that allow for the users to control moderation. It’s also decentralised, and based on proof-of-work systems, but without a blockchain involved (it has its own decentralisation technology). Finally, it’s open source, both the client and the protocol. The aspiration is that it would become what email is to private communication, to mass communication. Aether is an app that runs on Windows, Mac OS and Linux. It is not a website, though websites that read content from the network and post it to the web can exist.

So there’s a chance if you’re reading this, you’ve understood this perfectly, and in which case you should probably just skim over the next part. But if you’re not into these kind of things all that much, or you want more details, here’s what the above paragraph means, word by word.


When you create content on Aether, your IP address is not recorded. The reason this is possible is that “posting” on Aether is in fact just contributing the content into a pool that is shared and copied over between devices participating in the network in a random fashion. (Don’t worry, all nodes have a full copy of all data, it’s just that the way it reaches them is random.) That means when you get a piece of data from a remote node (a remote computer running the same app), you don’t know if that node created that content or not, since very likely that node is just remitting information. Even if it was somehow created from that device, a node can have zero to thousands of people using it as their communication provider, just like an email server. So as the recipient of the information provided, you have no idea where it come from, in terms of the physical IP address.

That said, the messages are sometimes signed, which means if I’m using the name ‘Bob’, that means I can opt to have a key that I can sign my messages as Bob. So not knowing where a message is originated does not actually mean that you can’t identify people. You can do that if the creator of the message wants it.

In effect, what this means is, Aether is privacy-protecting by default, and it gives out no information that you haven’t explicitly chosen to provide to other computers participating in the network. However, you have the option to become as private, or as public as you’d like. The choice is yours, and yours only.

As an aside, the savvy reader will point out that it is I, the developer saying this, and the developer is the weak point in the system, in that it has the privilege to change the system to a less private one. This is a really good, and often overlooked point, and this is why Aether is designed in this specific way from the beginning: privacy is not an add-in feature that I’ve worked specifically to provide an extra icing on the cake, it is a side effect of a series of architectural choices, and without fundamentally reconstructing the app it is impossible to change this. In the case that happens, well, the beauty of the open source is that you can fork it away.

In more familiar terms, this is the difference between having a house made of glass, but your neighbours and you promising not to look in each others’ houses, and your friendly local supermarket promising to not fly drones* over you to see which brand of orange juice you’re consuming this morning, versus, having a house of brick and concrete. I can trust my neighbour (and you should, and that’s great! Society wouldn’t work without some baseline trust), but I’m still going to go with good ol’ brick-and-concrete. You need trust and walls.

And if a contractor comes in overnight, and replaces your house with one made of glass, you’re probably going to notice.

Aether also supports using it over Tor proxy (already implemented, in fact), for additional privacy. However, it’s important to understand that given enough resources, any privacy protection can be bypassed. The intended users of Aether are normal people who are privacy conscious. If the use case you have in mind is more sensitive, you should be using tools specifically designed for those requirements, like Signal, or SecureDrop, both of which are security audited.

* Model planes technically don’t count as drones. They’ll fly those.


This was briefly mentioned above, but to explain it further, Aether is by default anonymous, or more specifically, pseudonymous. If you post anonymously (i.e. without any username), those posts cannot be updated (since the nodes receiving the update can’t know the post and the update came from the same entity) and with some other limitations arising from that fact. Generally speaking, most people will have a username (a public key) that they control so that people can know if the messages are coming from the same entity, but that key is not tied to any real world person or entity unless the user himself or herself gives out that information on his or her own volition in a post.


Anything that’s posted on Aether will eventually disappear. This disappearance is usually around 6 month mark. This means, effectively, that the content will be fading out on a rolling basis, which makes Aether useful for certain things, and not so useful for others. Why? Well, quick answer is, if you are a Reddit / Twitter user and you open your profile accidentally, you go ‘oh god’, you know exactly what I’m talking about.

The longer answer is this. The internet is permanent. Human memory is not. This means the more you participate in all the discussion on the internet, the more permanent footprints you’re leaving all around, each of which may be brought in front of you any time in the future, without context, with the worst possible interpretation, and used as a proof that you’re a horrible, horrible person. In some ways, being permanent is good, we can hold politicians accountable to their past tweets for example. But is it true, really? If you think about it, the people who are going to back off on their promises in their tweets, if they’re halfway smart, will delete the tweets themselves first before reneging on their promises, before the media can take a dive into their twitter profile triggered by their backtracking, and they will find nothing. Effectively, the one and only user ‘benefit’ of keeping a forever history is only actually a benefit if the politician in question is incompetent.* Modifiable history (by deletion) is actually worse than having no history at all in that it gives a false sense of trust: we have no way of discerning a history that was unedited from one that is. Given no evidence on the contrary, most people will assume the absence of a post as proof that it never existed.**

So there’s actually not that much point in keeping a history if it can be modified in terms of accountability. There are some benefits in keeping it even when modified as a record of human discussion, and that has an intrinsic value for research and archival. Unfortunately the side effect is that the participants in these discussions end up exposed in perpetuity, if any of them end up becoming a person of public importance later, even with a wholly different set of beliefs that he expressed two decades ago, he can still be found, and held to those views. Yes, the idea of a fully coherent human being over large periods of time is an illusion, but the understanding that it is so has not reached public consciousness yet, since we’ve only just achieved being able to retain communication records spanning decades for ordinary people. Which means, you will get held to your views and posts from decades ago until people learn that is usually not a fruitful conversation. Unfortunately, considering that this was common even in the days of the Roman Empire 2100 years ago***, we haven’t learned much. If one has to choose between relying on the benevolence of unknown readers from the future in interpreting the context of today, versus just making things disappear over time by default unless someone decides to preserve it, the sane choice to teach machines to forget.

Forgetfulness is not a bug, it is a core feature of being a human, so that we can move on, forgive, and have compassion. Our minds cull the history as time goes on, the further past you go, the fewer things you remember, and those tend to be important things worth saving. Aether works the same way. The things that keep being referenced will stay. The things that don’t will disappear. The things that some people think worth saving will stay. The things that nobody takes action to save to save will disappear.

Ephemerality doesn’t mean things will disappear tomorrow, it means they’ll disappear, eventually, unless it keeps being referenced, or unless somebody quite literally exports it out and saves in a disk somewhere. So this is not about recordless discussion. If you’re a person of importance, 6 months is plenty of time for journalists to decide to start saving your history. What it gives you is that at some point in the future you become a person of importance, no one can go back more than 6 months and hunt back your tweets from forever ago. (But they will be able to start from that point on, and keep recording, and they should, because that is how press makes people accountable.)****

In the immortal words of the Nintendo quit screen, “All that is not saved will be lost.”

A happy side effect of this is that the content data in Aether can occupy a fixed amount of space in memory, unlike a blockchain, which by default will grow without any upper bound. If you give Aether 10gb of space to work with, it will use that space, and when it approaches the limit, it will automatically start to delete old, stale data in a way that it will always stay within the limit.

* The fact that most are incompetent can be seen somewhat as a negation of this argument, but it balances out, because it makes the competent ones all the more dangerous.

** This is also why you get that hollow feeling when you scroll down a public profile and see something that used to be there not there — it challenges your perception of reality. A nonexistent post that you remember existing doesn’t say that it was there and now it is not, it says that it was never there, and you’re either hallucinating, lying, or misremembering it ever being there. For a feed that purports to be a written history, it being able to be modified at will is just not very nice, in that any changes to a written history that claims to be authoritive implies that the problem is with you if your own human memory doesn’t match the ‘authoritive’ record. This is arguably worse than having no history at all.

*** They even had a term for it, argumentum ad hominem, which we still use.

**** What if someone comes in and decides to just, you know, record everything, just in case? Well, that’s why not having anybody’s IP addresses and personal data is important. If an app has your real-world name and is ephemeral, then everybody can record everything and you’d gain nothing from ephemerality. If an app has your nickname and no personal data, but not ephemeral, then you yourself will eventually give out enough pieces of information that your nickname can be fairly easily mapped. Each of these pieces of information are usually not very specific on their own (which is why you feel comfortable sharing them separately), but the combination of a few non-specific things can be surprisingly specific, which is why looking at your permanent history on a service can be a little weird. In the case where the app is both ephemeral and pseudonymous, so long as the app doesn’t know IP addresses, there is no easy way to trace a nickname to an actual person, and the hardness of this problem exponentially increases as the records fade further and further into history. If you want even more privacy to improve on this, you can change your public key occasionally to break the historical chain, so even an adversary that collects the full history of everything (which would be a challenge, since the size would be massive) cannot follow further.


This is admittedly a little bit of a shorthand for a ‘threaded message board’. There are many examples of it, Slashdot is actually one of the oldest, and Reddit the most popular - they are largely the same. This is a good format for discussion because it allows people to direct their responses to the specific people, not into a larger ‘roll’ of time-ordered responses like a classic forum would do.

It also allows for changing the order based on the community perception, so if something is voted as useful, that can be used to concentrate the useful stuff in a thread to the top, so that the ‘value’ would be most dense in the places the reader will most likely see.

If I’d have to describe it based on existing platforms, the closest I can get, ignoring 90% of what makes Aether unique, would be something like Snapchat(Reddit+Twitter). Kind of.

This is the basic structure, but Aether does have a few more things that nobody else does. It does have personal profiles (to the extent that you actually want to have one, which you don’t have to), and you can post to your own profile without actually posting into any specific board or thread. Other people can comment on your profile posts, and they’re just like any other thread in any board, these personal profile posts are also threaded, voted on, etc.

You can also choose to only allow certain people to post on your personal profile.

For boards, an admin can choose to make the board only accepting contributions from a certain number of people (though everyone can always read). This is designed to protect communities that suffer from harassment from the outside, like LGBT communities, or those that hold political views outside the mainstream. There is a limit to the number of people you can whitelist for posting, though. The reason is, if you’ve reached this size threshold as a community, you are now grown and mature enough to start accepting people from opposing viewpoints joining your discussion. You can remain small and limit contributions exclusively to your supporters, or you can grow and become a public community that is accepting of opposing viewpoints.

This sounds like an arbitrary limitation, but is actually a pretty fundamental effect of how a distributed network operates. Because the content you create consumes resources from all participants in the network to be broadcast, moved around and made available, the nodes are incentivised to do that only if they gain some benefit from it. If you could grow to become a major part of the data transmitted over the network, and still remain and exclusive community, the people who cannot post in your board would still be carrying your messages for no benefit to themselves. Eventually, they would get pissed off enough, and they would modify their app in a way that would not communicate the messages from boards that do not allow them to post in, and the network would get fragmented. Your messages would not go through. Everyone would lose. Having a threshold* is a reasonable compromise between everybody being able to post in everything (thus making less sizeable communities vulnerable from the start, before they can take roots and start benefitting from discussion), and every community being exclusive, in which nobody would have any benefit in carrying data that belongs to other communities, which would fragment the network into infinitely small shards that negate any benefits from having a global community. There is a benefit in seeing opposing viewpoints alongside the ones you support, at least occasionally, so that you do not inadvertently construct yourself a mighty fine Truman Show.

* This threshold is around about 1000 users, that is, a whitelist can only hold up to 1000 people. If you want to grow beyond that, you’ll need to remove the whitelist. (But you can still moderate the community as per usual.) Needless to say, this value is a best guess and should / will be adjusted based on community feedback.

“Users controlling moderation”

Users can elect moderators, impeach them, or just enable, disable them just for themselves. So if somebody is unhappy with some moderators, s/he can just disable the ones that he doesn’t think are doing a good job, and choose new ones. This makes it so that the people who participate in the communities actually have a say in how they are governed (if they want to do so). All moderator actions are auditable and reversible by the local user, so if there’s censorship, you can flip a switch and you can see all posts the mod has deleted, and their reasons. If you don’t like what you see, you can disable the mod locally and impeach publicly as needed.

The users can vote on moderators publicly on whether they want them to moderate, or not moderate. These votes are always ongoing, and if a moderator falls below a certain threshold of popularity, the moderator loses moderation privileges.

Likewise, an ordinary user can also be promoted to a moderator based on people in the community voting for him in the same way.

Moderators can be elected for boards, and for the whole network. For a moderator to be elected, at least 5% of the total population of the scope in question has to have voted, and more than 50% of those votes should be positive. For a vote to be counted valid, the user has to have been actively posting in that scope at least once in the last two weeks. If a user ceases to be active, his or her vote is discounted from the active votes. A vote lasts for 6 months, and then expires. This means the election can always be ongoing, and the desires of the current population of the board will be the effective force in bringing change, not past decisions made by users that stopped contributing a long time ago.

When a user casts a vote for some person to be a moderator, the person the user votes for immediately becomes a moderator for that user, so that the effects of voting for someone to be a mod is immediate for that person. That means you can actually choose your own mods as you like. Same goes for disqualifying somebody from being a mod. If you vote negatively on an existing mod, that mod will no longer be a mod for you, and the edits that mod made will be reverted from your system retroactively.

But to know which mod to choose and which mod to impeach, the users need to know what mods do, and for which reasons. Which brings to our last keyword, auditability.


This means you get the raw mod deletion signals from the whole network, and it is actually compiled on your local device into something that you can use. That means, when a post is deleted, what it means is that you have the post, and the deletion signal, and if the source of the deletion signal is a mod for you, the signal is applied, otherwise it has no effect.

This means you can actually go to the appropriate section of a board, and you can see all the deletions that has taken place in a board, and see which mod is it from, with an optional ‘reason’ field. If you find deletions that you find to be in poor judgment, or those that you consider censorship, you can revoke the mod privileges of that mod for your own device by casting a disqualify vote on that mod. If enough people vote the same way as you, the network will decide collectively (at 50%+ disqualify and 5%+ participation) that a given mod is no longer trustworthy, and even the people who has never voted for that mod will default to not trusting that mod.

This auditability is what makes mod election system work. Had this not be present, moderators would be able to control the discussion to such an extent that they could suppress all talk of dissatisfaction and generate the impression of a happy populace to newcomers, which is indeed what happens in quite a few public forums on the internet today. Without free, unfettered access to information and discussion, democracy does not work.

Thankfully, using the system is much simpler than explaining it. You choose which mods you want as you go, but with sane defaults that are decided by the network as a starting point. As you choose your mods, those decisions you make are considered signals for other people so that the network can decide on a better set of default mods.

The reason behind making mods electable is actually fairly pedestrian, and illustrated well with The Lord of The Rings, of which two word summary would be something fairly close to: “Power, corrupts.” The people who explicitly want to be in positions of power are often those least fit to be there. That alone is bad enough. To make any one person or a small group of people perpetually in power, well, pretty much the entirety of human history is a good showcase on why that’s a bad idea to the point that I’ll avoid listing individual examples here.

There is an intellectual argument that can be made for an absolute monarchy, which a group of people have been making for the past few years. It appears that the main thesis is thus: a ruler that is above all vulnerability to his person, who is completely outside the system, is the only person who can work on and improve a system as a whole, as an unincentivised incentiviser.

That sounds fine on paper. The problem is, though, the best way to test this would be to move to an absolute monarchy, say, North Korea, and not many people appear to be doing that. This kind of highlights the problem: wanting a thing for other people, or even for a society as a whole, but maybe not for your own self. My hopefully obvious point being, people act a lot more carefully when their own skin is in the game.

This is why when you vote for a moderator, that person immediately becomes a moderator for you, not when they win the election. If you’re voting for somebody, you yourself have to live under that person’s moderation. This blunts the power of rhetoric from people who actually do want to get elected for power, because every vote from every person means that vote becomes immediately effective for that voter at that instant in time, not when in an undefined future where the election might complete. The voter can immediately see what that vote would bring, for good or bad, which means even voting for somebody to make that person a mod is auditable.

On the other side of things is surfacing people who actually don’t really want to be moderators but happen to be good at moderating and making them mods, since they tend to be the best mods so long as their interest in that board remains in place. The way this works is that if you find someone whose moderation history looks good* and vote for them to make them a mod for yourself, that is a public vote for that person to be a mod for that context. If enough people do that because they think the edits by that person saves them time and grief by making the board a more pleasant place to be, the person ends up an elected moderator for that board with no need for ever being a candidate, running a campaign, or even caring for the fact that s/he is a moderator for that board.

Both of these effects are achieved by pairing the voting process with immediate activation / deactivation as a mod, and this is why elections system is implemented in this specific way that is effective immediately on an ongoing, rolling basis.

* A moderation history is available for everyone and everyone can moderate their own view. Voting for someone to be your mod fundamentally just means that their edits to their own view for their own comfort will be replicated in your view too. If they delete something, and you trust them as a mod, your view will also remove it as well. That’s all being a mod means.

June 2018 Updates

Aether is composed of three parts: a backend, a frontend and a client. The backend is the part that communicates with the network, (This is referred as a node above.) The frontend is the part that compiles this raw network data into human-readable boards, handles elections, and so on. Lastly, the client is the visual interface that allows an user to read, interact, and create content in Aether.

As of now, the backend is complete, and the frontend is nearing completion. The user interface will likely take a few weeks to design and build whenever the frontend is complete. The launch date I have in mind is August 1, 2018, though you should take all launch date claims from all projects with a huge grain of salt, and this one is no exception.

I’m currently working on finishing the elections system, and I am almost done with it.

This system of three major blocks has several advantages. Principally, the system’s three levels are isolated from each other. This means working on one layer is much easier than what it would be otherwise.

For user interface changes and surface-level improvements like better user experience, features that affect the local user, and those which pertain to the local machine, changing the client is very easy, since it is written in Javascript (Electron and Vue). This is the most accessible level.

For the features that change how the network is compiled to a human-readable collection of boards, changing the frontend, written in Go would be the best place. This is useful, because anything in the frontend is encapsulated and running locally, which means you can safely make changes there that affect only your local machine. An example for that would be to add a new type of vote that does a certain thing. This changes the interpretation of the network data, but not the data that traverses the network.

Frontends connect to backends, and multiple frontends can connect to a single backend. A backend is a node that connects to other nodes, distributing Aether’s data blocks. These nodes share data across each other and make sure that each of them have a recent copy of the data in the network. Your backend does not know anything about your frontend, so even if your backend were to be compromised somehow, it would not have any information about you. This means you can run a backend as a public service and let a number of people use it as their backends.

Backend is arguably the hardest part to change, since it determines how your node reacts to the network. That said, it does have a lot of configuration options, so it is likely that what you want is achievable through configuring it, rather than changing the code within it.

I expect most people to not change anything, since by default Aether should be a foolproof, simple and pleasant experience in all three platforms, Windows, Mac OS and Linux.

The default application package comes with the client, the frontend and the backend working as a single app that collapses to the menu bar / tray to keep running as long as your computer is running, so you can keep up to date with the network.

After the launch for all three OSes, depending on the feedback, I’ll be setting time for fixing the initial round of bugs reported by the users (I want to say “if any”, but I know that’s way too optimistic).

Afterwards, my goal will be building the mobile applications. These applications are a little trickier, because they don’t have the bandwidth to run a full Aether node, so they have to be ‘light’ nodes composed of only clients and frontends.

Finally, as always, all of this code and platform is available under an OSI-approved open source license at

Who’s funding you / this work?

I’m currently working on this project full time, and I have been doing it for the past four months. I’m funding it through my own savings. My initial plan is that I want to release the full app around August, and then consider getting a job, because, well, my savings aren’t infinite. That lines up nicely with the end of the majority of the development effort for the release, so for the initial release, I don’t foresee any problems. After that, it all depends on how many people actually end up using it. If a lot of you guys do, then we’ll find a way to make it work.

My motivation is not that there’s money to be made out of this. If you’re interested in that, ICOs might be a better bet, but I’d still recommend index funds over anything crypto-related, Vanguard is a good provider for that. I find most ICOs to be fairly distasteful (with some very rare exceptions), because I’d rather have my work speak than empty promises, as opposed to what ICOs typically do, hence my starting to speak about my work just now, when 80%+ of the total work is already done and implemented in cold, hard code.

If you are happy with any of the existing solutions solving similar problems out there, you should consider donating to them. There are a lot of open source creations for different kind of needs. They do often suffer from poor user experience and poor usability though, most of the time, which unfortunately renders them unable to gain adoption. If your project requires the user to compile it before running it, it’s fair to say that your audience is not the general public. That is in itself not a bad thing, and if any of those projects actually satisfy your needs, consider donating to them. I’m focusing on better experience for the mass public, to provide all of us with more accountability, more transparency, more privacy, and hopefully some real discussion that we all sorely need — as a human society, we’ve gotten far too good at stifling each others’ voices.

The reason I think I can make a difference is that I’m an ex-Google, ex-Facebok product designer with a lot of experience in the field, and while I have some ideas on what can be improved, I’ve learned through the long and hard way that the best ideas come from people who use the actual thing. I’ve also learned a second, almost as crucial other thing: people doing something that they genuinely, honestly care about tend to achieve much better results than a team of highly experienced specialists that are just meh about it, even if the first team is relatively inexperienced. I do have experience, and I do feel this problem every day, to the point that I was willing to quit my job and start working full time on it using my life savings. I’m lucky to be able to do that, but more than luck, I also care enough about this that I wanted to do that.

So, in summary, I think there’s a need for it, and it should exist, in some form of another. Nobody else seems to be doing it, so I’m doing it. This won’t make you rich, this definitely won’t make me rich, but this has, if done right, has the chance to create an open, simple, free, decentralised, and private way of mass-communicating for the next half century — a public online gathering place that also happens to belong to the public, with no catches, and no kings.

If you think this is worth supporting, you can fund me via Bitcoin at: 1K12GwzAtPWa6W864fkm48pc4VNqzHXG4H, and via Ethereum at: 0x3A4eC55535B41A808080680fa68640122c689B45. Your funding will extend the amount of time I can stay working full time on it. I don’t need the funding to finish it (I made sure that I can actually finish it with my own savings), and if you are a student, new graduate, or on a budget, you should not — keep your money, use it for yourself and use your money for good whenever you can. But if you consider yourself relatively well-off and thinking about how your money can do the most good in the world, and you’re interested enough that you’ve read this far, I’d offer this as a pretty good bet.

I’ll open a Patreon page, eventually, but I’m focusing on actually writing the code and releasing the app right now. The Patreon benefits I have in mind are mostly cosmetic, such as getting a ‘benefactor’ username class with some visual distinction, and priority in picking from available unique usernames. If you fund me through Bitcoin or Ethereum, you’ll get the same benefits as Patreon supporters.

This is all I have for this month. I’ll be working pretty crazy hours this next 6-7 weeks to make this get out the door on time. But in the meanwhile, I’ll be speaking about Aether in Our Networks decentralisation conference in Toronto, Canada, in mid-July. If you’re in Toronto then, come say hi!

Same thing with San Francisco, actually. If you’re excited about this, have questions, hit me up, happy to go for a coffee. Might take a while to schedule considering that I work 14-16 hour days (as exemplified by the fact that I’m posting this at 4am) but we’ll probably find a time.

As per usual, feel free to reach out to me with any questions at