Dweb: Social Feeds with Secure Scuttlebutt

In the series introduction, we highlighted the importance of putting people in control their social interactions online, instead of allowing for-profit companies be the arbiters of hate speech or harassment. Our first installment in the Dweb series introduces Secure Scuttlebutt, which envisions a world where users are in full control of their communities online.

In the weeks ahead we will cover a variety of projects that represent explorations of the decentralized/distributed space. These projects aren’t affiliated with Mozilla, and some of them rewrite the rules of how we think about a web browser. What they have in common: These projects are open source, and open for participation, and share Mozilla’s mission to keep the web open and accessible for all.

This post is written by André Staltz, who has written extensively on the fate of the web in the face of mass digital migration to corporate social networks, and is a core contributor to the Scuttlebutt project. –Dietrich Ayala

Getting started with Scuttlebutt

Scuttlebutt is a free and open source social network with unique offline-first and peer-to-peer properties. As a JavaScript open source programmer, I discovered Scuttlebutt two years ago as a promising foundation for a new “social web” that provides an alternative to proprietary platforms. The social metaphor of mainstream platforms is now a more popular way of creating and consuming content than the Web is. Instead of attempting to adapt existing Web technologies for the mobile social era, Scuttlebutt allows us to start from scratch the construction of a new ecosystem.

A local database, shared with friends

The central idea of the Secure Scuttlebutt (SSB) protocol is simple: your social account is just a cryptographic keypair (your identity) plus a log of messages (your feed) stored in a local database. So far, this has no relation to the Internet, it is just a local database where your posts are stored in an append-only sequence, and allows you to write status updates like you would with a personal diary. SSB becomes a social network when those local feeds are shared among computers through the internet or through local networks. The protocol supports peer-to-peer replication of feeds, so that you can have local (and full) copies of your friends’ feeds, and update them whenever you are online. One implementation of SSB, Scuttlebot, uses Node.js and allows UI applications to interact with the local database and the network stack.

Using Scuttlebot

While SSB is being implemented in multiple languages (Go, Rust, C), its main implementation at the moment is the npm package scuttlebot and Electron desktop apps that use Scuttlebot. To build your own UI application from scratch, you can setup Scuttlebot plus a localhost HTTP server to render the UI in your browser.

Run the following npm command to add Scuttlebot to your Node.js project:

npm install --save scuttlebot

You can use Scuttlebot locally using the command line interface, to post messages, view messages, connect with friends. First, start the server:

$(npm bin)/sbot server

In another terminal you can use the server to publish a message in your local feed:

$(npm bin)/sbot publish --type post --text "Hello world"

You can also consume invite codes to connect with friends and replicate their feeds. Invite codes are generated by pub servers
owned by friends in the community, which act as mirrors of feeds in the community. Using an invite code means the server will allow you to connect to it and will mirror your data too.

$(npm bin)/sbot invite.accept $INSERT_INVITE_CODE_HERE

To create a simple web app to render your local feed, you can start the scuttlebot server in a Node.js script (with dependencies ssb-config and pull-stream), and serve the feed through an HTTP server:

// server.js
const fs = require('fs');
const http = require('http');
const pull = require('pull-stream');
const sbot = require('scuttlebot/index').call(null, require('ssb-config'));

  .createServer((request, response) => {
    if (request.url.endsWith('/feed')) {
        sbot.createFeedStream({live: false, limit: 100}),
        pull.collect((err, messages) => {
    } else {

Start the server with node server.js, and upon opening localhost:9000 in your browser, it should serve the index.html:


      .then(res => res.json())
      .then(messages => {
        document.body.innerHTML = `
            .filter(msg => msg.value.content.type === 'post')
            .map(msg =>
              `<li>${msg.value.author} said: ${msg.value.content.text}</li>`


Learn more

SSB applications can accomplish more than social messaging. Secure Scuttlebutt is being used for Git collaboration, chess games, and managing online gatherings.

You build your own applications on top of SSB by creating or using plug-ins for specialized APIs or different ways of querying the database. See secret-stack for details on how to build custom plugins. See flumedb for details on how to create custom indexes in the database. Also there are many useful repositories in our GitHub org.

To learn about the protocol that all of the implementations use, see the protocol guide, which explains the cryptographic primitives used, and data formats agreed on.

Finally, don’t miss the frontpage Scuttlebutt.nz, which explains the design decisions and principles we value. We highlight the important role that humans have in internet communities, which should not be delegated to computers.

About André Staltz

André Staltz is an open source hacker who maintains open source libraries and teaches JavaScript at conferences and workshops. He is a core contributor to the Scuttlebutt community, focusing on developing the first Android app as well as representing the community externally.

More articles by André Staltz…


  1. Chris Troutner

    Other decentralized applications, similar to Scuttlebutt:

    Beaker browser and Fritter (twitter clone)

    OpenBazaar (can be used for social posting and tipping)

    IPFS and OrbitDB use very similar underlying technology.

    August 8th, 2018 at 11:14

  2. Jeremiah

    Is Scuttlebutt similar to Activity Pub applications?

    August 10th, 2018 at 11:26

    1. Andre Garzia

      Not really. ActivityPub is federated. You have multiple instances exchanging data with multiple users in them. So you can be on “Instance A” and write a message to a user on “Instance B”, when you do that, your client writes to “Instrance A” (a server) which then contacts “Instance B” (another server) which finally relays the message to the destination user. So this paradigm of “multiple servers with multiple users per server” and “server to server communication” is at the core of ActivityPub.

      SSB is different, there are no servers. When you want to reach a user, you write to your own local database, which is then gossiped to your friends and then their friends, eventually reaching the destination user.

      This makes SSB fully-decentralized, each user has all their content in their own machine. There is no such thing as “opening an account in a server” or “the server is down”, there is only gossiping.

      August 23rd, 2018 at 16:18

  3. Andre Garzia

    Great post Andre Staltz! :D thanks for all the hard work my friend!

    August 23rd, 2018 at 16:19

  4. devfreak

    Thanks for taking time, to make web truly decentralized.

    September 4th, 2018 at 03:09

Comments are closed for this article.