Bringing privacy, control & feeless payments to social ✌️

A proposal for decentralized social media via IOTA’s Tangle

Introducing the SOCIETY2 Framework

Un réfugié de le Internet Âge raconte qu’il avait trouvé le point où l’identité auto-souveraine et les médias sociaux se touchent…
(a refugee of the internet age finds the point at which self-sovereignty and social media touch)

Photo of Ben Royce in black and white
Ben Royce

Note: Parts of this post were originally written some months ago, there is information with relation to IOTA technology (e.g. MAM/Streams) that may be slightly dated.


  1. A Directed Acyclic Graph (DAG) works differently than a blockchain(Bitcoin or Ethereum for example), but both are a kind of distributed ledger technology (DLT). The speed of DAG and its scalability are necessary for decentralized social media (DeSM) applications to function with the expected level of responsiveness.
  2. IOTA is a cryptocurrency which runs on the Tangle, a DAG implementation. IOTA’s financial aspects are not necessary for DeSM functionality, only the data storage and retrieval abilities of the Tangle (but the built-in financial aspects do open up the possibility for exciting DeSM features).
  3. Masked Authenticated Messaging (MAM) is a set of methods to store and retrieve data on IOTA’s Tangle. MAM chains messages in public, restricted, or private channels. Various aspects of DeSM would inherit from this design. With MAM we have a powerful workhorse for DeSM.

Brainstorming an approach to DeSM

At first we may consider some examples of existing social media that might be ported to DeSM:

Stack Overflow
Etc.: many more niches and varieties of social media have intriguing and exciting angles.

Analysis paralysis sets in. Which example represents that which is most ripe for reincarnating as DeSM?

Paralysis leads to epiphany: there is no need to focus on one kind of social media.

Instead, IOTA’s existing methods for storing and retrieving data (MAM) can be extended to serve as a toolchest of standard social media functions, and those extensions collectively packaged as a software framework, or perhaps a platform: SOCIETY2.

SOCIETY2 is ideal for development within the Tangle EE Working Group, the open source industry collaboration between the IOTA Foundation, the Eclipse Foundation, and leading organizations to accelerate commercial adoption in major IOTA use case areas.

A library of methods, properties, events, etc., common across all social media examples, can be abstracted out, for use by anyone. All sorts of sites and apps can be quickly instantiated. A number of powerful realizations are then made:

  1. The IOTA community is an eclectic and enthusiastic bunch, and can imagine possibilities one team cannot.
  2. If the SOCIETY2 team is, for example, working primarily in English in North America, it does not make sense if they are running the DeSM pioneering sites/ apps that experience the greatest initial adoption, if that occurs in the Dutch, Spanish, or German speaking world, for example. A team native to that language is the most suitable driver here.
  3. Central to DeSM, and many other projects, is the notion of Decentralized Identity, or DID. Rather than recreating the same identity over many different instances, for different Social Media companies, only one identity needs to be created, and shared, in part or whole, with many different DeSM apps and sites.
  4. Consider a Reddit-esque site for a moment, where people make posts and comment underneath, voting comments and posts up and down. Perhaps the model can be improved. But more importantly, many different models can be tried, by many different teams. Even more intriguingly: different DeSM sites might represent different voting/ sorting/ viewing models of the same posts and comments.
  5. The idea of merely providing the tools to easily create competing DeSM projects on the Tangle, and letting the best float to the top… there is nothing novel about this idea. However, there is something else going on with this sort of diversity: resilience. Resilience against social, political, and economic forces operating on social media as it currently exists in its traditional centralized silos:

But looking at it from a complex adaptive system’s point of view, we’ve been optimizing at the cost of diversity. Which decreases resilience. The result is that we’re increasingly less capable of dealing with unexpected change, and more in need of ever more control. Control that might only be an illusion. Regardless of how you look at it — economically, socially, ecologically — this is not sustainable.

Bas van Sambeek

Example functions

A first stab at what some part of a library of functions for the SOCIETY2 Framework might look like:


  • The userID here would be the moderator of the subtopic. The node would have a running list of subtopics, or more exactly, this would be a MAM channel.


  • This function would create two Tangle transactions: one on the list of subtopics MAM channel, and one under the userID. Each user would have their own private MAM channel of all of their posts (spanning all DeSM forums, sites, and apps). Each transaction would have a standard JSON format of date, userID, subtopicIndex, nodeAddress, content, etc.)


  • Yet another MAM channel, one for each post. Private? Public? Note the function would take a commentIndex as an argument to allow for a nested tree of comments.



  • This would be a moderation action, distinct from a user action.


  • A node owner (aka forum/ site/ app owner) could delegate moderation duties.



  • Occasionally some users may have to be banned. With current MAM architecture (this may change) once someone has rights to a channel removing rights is not so straightforward. Perhaps this function, if MAM architecture does not change, would consist of cloning an existing subtopic, recreating it with the same list of users (minus one) and then deleting the existing subtopic (as far as “deletion” goes, see below).






Etc. There are plenty of minutiae and variations on play here, depending upon the type of app or site, and the kind of common functionality that is desired.

A grey area here concerns large posts, or image/ audio/ video posts: while it is possible to put large amounts of data on the Tangle, it is not advisable currently due to performance constraints with transaction size/ speed. The workaround would be to deal with links to outside hosting. IPFS is a good candidate for this task.


A DLT transaction is immutable. Immutable simply means that once something goes on a blockchain or DAG, it does not change. It cannot be changed. This is by design and by necessity: a financial transaction should not be subject to alteration.

However, social media messages can and should be subject to deletion by the author, or, if on a forum, by a moderator if the message is inappropriate. There are ways to intermingle financial value and messages (which has exciting implications: paid content, patronage, tipping, rewarding content, etc.) but for the most part social media messages have no cryptocurrency value.

But how do we delete a message?

As a stopgap measure, a complementary MAM channel listing deleted messages can be created alongside the primary MAM channel. The website or app used to retrieve the messages would consult this list and not render any messages marked deleted. A technologically astute and determined user could still retrieve the messages, but this solves the problem for most practical purposes.

General Data Protection Regulation (GDPR)

A longterm solution is necessary for true deletion though. This would consist of alterations to IOTA node software such that a node owner can delete certain zero value transactions. Such alterations is not merely some wish for DeSM: all non-financial DLT applications will require deletions, by law in many cases. For example medical records, if they are ever to be stored on the Tangle or any other DLT, rules and regulations about their storage necessitates the need for deletion. According to HIPAA regulations (in the USA), and GDPR in Europe. GDPR also has rules about social media (“the right to be forgotten”), as well as CCPA in California.

Functionality for true deletion of data, with or without DeSM, will have to come to the Tangle.


Editing, something common to social media, is just as alien to immutable DLT as deletions. However, much as a transaction can be marked as deleted, so can it be marked as edited, and then another transaction marked as its replacement. While this may seem clumsy, intriguingly an audit trail of edits is made possible. (As well as deletions, which is good for transparency: that something was deleted, and by whom, is not hidden.)


xkcd 1357

Simply put: social media needs moderation to function. But regardless, there is a valid dichotomy on the topic between deleting genuinely illegal content/ content that merely destroys the forum’s ability to function… and the stifling of free expression. Rather than addressing this dichotomy directly, SOCIETY2 puts this question in the realm of the forum owner. Which translates to here as a node owner. The node owner would be responsible for the policies governing deletion of content, whether relaxed or strict, and would be responsible for complying with the laws of their country. That is, there would be nothing baked into IOTA node software about what is good or bad content. Simply that the ability to delete messages if necessary is allowed, and a particular node owner where a forum is hosted is the authority on the matter.

If a node owner is too strict, or too relaxed, however that is defined for a particular topic, the idea of a diverse ecosystem of forums means that people can vote with their feet and leave. What the SOCIETY2 DeSM scheme allows for however is great fluidity in that regard: there is no need to recreate a profile/ login, there is only the need to switch over to the new forum, with all the authentication and functionality already in place. Currently, if a forum’s owner develops moderation habits which greatly repel the forum’s community, a move to a new forum is very difficult, and might not even happen: the barrier is too high. This problem now goes away.

Current hurdles to implementation

The website will serve as a showcase, a prototype, and a guide to the framework. Work has already begun. But there are 3 main issues that, while not stopping implementation, really need to fall into place before DeSM on the Tangle can be considered robust enough for the mass market:

  1. Latest MAM version needs to be delivered. MAM is the workhorse for storing and retrieving data on the Tangle. The current version is pre-release, version 0. It works fine, with some quirks, and can be used in the interim. However, version 1.1’s release is imminent, and, besides containing breaking changes, promises more robust functionality, according to the March 2020 Dev Status Update by Jakub Cech.
  2. There is the need for a selective permanode. The way IOTA works is that occasional snapshots are taken of the Tangle in which all zero value transactions are discarded. This is not how you run a social media platform. IOTA does offer a permanode solution called Chronicle. However Chronicle takes the opposite approach: it keeps everything, all spam, all transactions, everything. The Tangle is small enough for now that even with all transactions, a large time period can still be stored on modest node. This suffices for showcasing DeSM functionality in the interim. But what is genuinely needed is a *selective* permanode, a node that only stores those transactions permanently which fit criteria the node describes. Luckily, such an idea is already being worked on: Olaf van Wijk’s AION project.
  3. IOTA’s Unified Identity Protocol needs to be implemented. In the interim, for showcase purposes, identity does not need to be established and can be temporarily generated and discarded. Traditional methods for establishing identity can be used for a serious DeSM effort on the Tangle. But in the future, the concept of decentralized identity (DID) will allow for seamless identity across all DeSM sites and apps. No more juggling multiple logins. DID is far more than that, and the implications of DID are quite extraordinary, well beyond the scope of this essay. Although DeSM is only one small aspect of DID, imagine for a moment IOTA’s Trinity Wallet negotiating authentication and sharing it seamlessly with a constellation of DeSM apps and sites to provide an experience far smoother than current experience. Rather than repeating the same profile across many platforms, only one profile needs to be written, and then shared, piecemeal or in whole, as needed for each kind of DeSM site/ app. The Internet as we know it was not built with identity in mind, and this has led to a fractured experience, and allowed private companies to monopolize negotiation of our identity and so, unfortunately, our data as well. This is a grand tragedy. The status quo must change and Self-Sovereign Identity (SSI) through DID, rather than identity beholden to and captured by corporations invested in mining our personal lives, is a potent and keystone ingredient to make that change happen. See Jelle Millenaar’s November essay on IOTA and DID for the IOTA Foundation’s vision for this future.

So… why combine social media with cryptocurrency again?

IOTA for DeSM: the SOCIETY2 Framework

MAM channels are encrypted and secure, but are distributed on nodes across the Tangle rather than a central database. This means users are in complete control of their own data. That which is intended as private is genuinely private and completely outside the purview of any third party, unlike social media today where personal data is mined and sold for purposes we may not agree to or even be aware of. With some work, which this essay took a first stab at organizing, categorizing, and explaining the benefits of, users can have an experience as good as and better than everything they currently know and love about modern social media- without the Orwellian aspects.

We regain our privacy, or, as an alternative goal, we sell our information on our own terms, under our control: the app/ site would allow for the accumulation of IOTA cryptocurrency by interested parties for disclosing your social media fingerprint.

We have to go back to the beginnings of the modern Internet to understand the flaw that brings us here. Establishing and persisting an individual identity was never addressed, but eventually became important. One response to a proliferation of logins is the OAuth API: open authentication. If you go to a site like Medium, you might notice you can sign with your Google or Twitter account, for example: this is OAuth in action. OAuth is a good response to the problem of a lack of identity in the design of the Internet, but its implementation still relies on companies to be the broker of your identity. The status quo we experience on the Internet today is that social media companies and others own our identity, and quite literally own our private data, the details of our lives, from the mundane to the deeply personal.

As cryptocurrencies evolved it became apparent that the underlying DLT has implications for more than just banking. Control a seed and you control more than just the address that links your financial holdings to you, you have a “home base” that can store many other aspects of your life. It can serve as proof of who you are, a repository of vital information: your DID, your distributed identity. A passport, a safety deposit box, a medical chart, a home address, a keychain, etc. There is a whole universe of applications here- we focus here on DeSM, social media profile and presence.

A bank is just a database, linking an account with an amount of money. Likewise, a social media website is simply a database, linking you to your social media presence. But as cryptocurrency renders the need for a central repository obsolete, so does DLT render the need for a central repository of your social media identity and comments obsolete. Your personal data need not be forfeit to a company to enjoy all the benefits of social media. You can merely “login” with your seed, and distribute social media messages in channels others can read and respond to, the whole time outside the control of any third party, whether public or private. If public, a third party can “screen scrape” what you post, but you will have fine granular control over what you choose to make public, and what you choose to make private, truly private, as it should be.

And when you choose to delete a message, if you choose to delete message? It will be truly gone forever, and there will be no nagging question of whether or not your private communications are still sitting on a Facebook server somewhere.

Let us keep you updated (we won’t use your email for anything else)

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on telegram