> > For SSB, the aim was to be able to gossip feeds via untrusted intermediaries, with patchy network connections all round, and be sure that the intermediaries haven't added, changed or removed any posts in the feed.

> why would that need a blockchain (even without proof of work), as opposed to simple signed, timestamped, indexed posts and having the reading client app check the signature and post indices?

It depends on how the message is signed. If the message format's this:

sign_message(message + timestamp + index) + message + timestamp + index

The 'index' can be manipulated: The signer (malicious or not) can resign an old message & effectively overwrite a previous message.

sign_message(new_message + old_timestamp + old_index) + new_message + old_timestamp + old_index

This means that in the event of such a resigning, it's the app's responsibility to prevent resigned messages from overwriting old messages.

Blockchains prevent this at the data structure level because signature hashes are effectively random, meaning they're near-impossible to tamper with:

whole_message := prev_message_hash + sign_message(message + timestamp) + message + timestamp

wherein prev_message_hash := hash(prev_whole_message)

Just as a reminder: The original stated task was to protect against "untrusted intermediaries" and "patchy network connections", and in particular to make "sure that the *intermediaries* haven't added, changed or removed any posts in the feed." … which can perfectly well be done with simple signed, timestamped, indexed posts and having the reading client app check the signature and post indices.

In contrast, this here, which is the only thing the blockchain struckture really adds:

> The signer (malicious or not) can resign an old message & effectively overwrite a previous message

… is a rather radical shift of the goalpost, as the only capability the blockchain really adds is to protect against modification not by untrusted intermediaries (which was the purpose and which would already be covered without a blockchain) but by the legitimate owner/editor of the feed.

In other words: The only thing the blockchain adds is that it makes it impossible for YOU as the user to edit YOUR OWN posts. I'm not sure that's something most people in the social network context (as opposed to, say, a financial transaction ledger) would see as a feature and not an anti-feature.

> why would that need a blockchain (even without proof of work), as opposed to simple signed, timestamped, indexed posts and having the reading client app check the signature and post indices?

Yeah, that's exactly what SSB does, plus each post includes a hash of the previous post.

I think that's so that even the holder of the private key can't retroactively replace an old post with an altered version of that post (but with the same index number and similar timestamp).

Why do you need social network non-repudiation again? These are the programs over which people shitpost... Correct?

Feels like people are really just trying to play into "everyone has a number that can be banned" for the Internet/social life in general.