PERCEIVED RELATIONS BETWEEN GOPHER GEMINI AND HTTP
The triplets from other mothers.

This piece is written with the expectation that it will attract:
 
* Those who are Gopher and Gemini enthusiasts,
* Those who are the above and have the opinion I'm wrong,
* Or those who have heard the two and want to know a bit more about them and
their relation to the current web.

If you haven't heard about either, you can quickly inform yourself by visiting
these two links:

Gemini: https://gemini.circumlunar.space/docs/faq.html
Gopher: https://mncomputinghistory.com/gopher-protocol/

Now let's add some context:

1. I am not a Gemini or Gopher enthusiast.
2. I am not a HTTP enthusiast.
4. I deal with the pain that is everything web (I'm a full stack).

I present my perceptions of Gemini and Gopher, and how they seem to be all
somewhat overlapping, and then give my two cents for people to fight over. ☺

The piece is structured so the focus is Gemini (as it's the subject of the day) 
compared to HTTP and Gopher. It's not necessary to read sections which don't
align with your interests. 


S 1. GEMINI THE MOVEMENT

                                   ___   ___
                               .d9969b d6966b.
                               d66b'e( )a`d99b
                               `d9p _/ \_ q6b'  hjw
                                 / (     ) \


https://gemini.circumlunar.space/docs/faq.html

This website is declared to be the HQ of the "movement". I say movement because 
that's what it feels like to me when people talk about it. I want to heavily
emphasize that this is my *perception*. I've asked others and it appears this
perception is accurate. The FAQ gives a taste of this sentiment: 

* "the web, stripped right back to its essence"
* "modern web is a privacy disaster"
* "leads to a [...] near-monopoly [of] browsers"
* "[they] dictate the direction in which the web evolves"
* "[...] be confident that they won't try to track you"
* "so you know you can trust it."
* "It's a very different, much more liberating and much more empowering
experience"

Among the various other expressions I see people write on the web.

I have a problem with this because it turns a technical idea into a manifesto, 
attaching a political tone to what's just a hobbyist protocol at the end of the 
day. It's off-putting to those who want to explore a technology, and I believe 
this is what hurts Gemini the most, other than the fact it's currently niche. 

As technologists, and humans, it's important to consider our moral obligations. 
So if the expressions above are not politically focused, but morally focused, 
what about the statements where the technology is actually accessible by the
public, the non-tech savvy? How can I trust a Gemini link won't serve me some 
malicious binary, or an HTML page (requiring a web browser once again), or the,
Gemini server won't track my IP? The answer is you can't guarantee any of these.
The following section will explore this further. 

Interestingly, in section 1.4 of the FAQ, "Do you really think you can replace 
the web?", is answered with a reasonable "no". So while many enthusiasts of Gem-
ini push the envelope to stop using HTTP, Gemini itself is indifferent. I think 
signalling this indifference is really important to its success in a social
realm. I would say this puts it on-par with the "Gopherspace", where enthusiasts
offer Gopher as a courtesy. How come this sentiment isn't more strongly
emphasized among the Geminists? 


S 2. GEMINI THE SPECIFICATION


                        ░█▀▀░█▀▀░█▄█░▀█▀░█▀█░▀█▀░░░░░░░█░░░█
                        ░█░█░█▀▀░█░█░░█░░█░█░░█░░░▀░░▄▀░░▄▀░
                        ░▀▀▀░▀▀▀░▀░▀░▀▀▀░▀░▀░▀▀▀░░▀░░▀░░░▀░░


https://gemini.circumlunar.space/docs/specification.html

On the technical side, Gemini is presented as a do-it-yourself, high power-to-w
eight ratio, privacy conscious, simple protocol. After personally reviewing the 
protocol, my professional opinion is yes, it is, minus the fact you need TLS 
(secure connection). The FAQ also acknowledges Gemini isn't perfect: 

  2.6 Does Gemini have any shortcomings of it's own?

  Naturally!

  Gemini has no support for caching, compression, or resumption of interrupted
  downloads.

More shortcomings can be found though.


S 2.1. SHORTCOMINGS


S 2.1.1. INSTABILITY

The most glaring is that the Gemini specification itself is not stable. It
addresses this instability, only to contradict itself mid-sentence later:

  You can write code to this pseudo-specification and be confident that it
  probably won't become totally non-functional due to massive changes next week,
  but you are still urged to keep an eye on ongoing development of the protocol
  and make changes as required.

If there is confidence about non-breaking changes, why do I need to keep an eye
on development and still make changes?...!?

Gopher and HTTP does not have this issue.


S 2.1.2. USER TRACKING

All URI schemes inherently allow user tracking. For Gemini to claim this is just
not correct. The claim is at https://gemini.circumlunar.space/docs/faq.html,
S 2.4, P 1:

  In fact, Gemini requests contain nothing other than the URL of the resource
  being requested. This goes a very long way to preventing user tracking.

Here is a proof:

1. Request gemini://blog.example.com/

2. Receive the following:
=> gemini://blog.example.com/article1?identifier=84811757129 My first blog post!
=> gemini://blog.example.com/article2?identifier=84811757129 My second blog post!
=> gemini://blog.example.com/article3?identifier=84811757129 I have opinions!
=> gemini://google.com/results?identifier=84811757129 Say hi to Google for me!

3. The user bookmarks any of the preceeding Gemini URLs.

4. The user is being tracked each time they visit the URL, and can be across
Gemini domains.

Of course HTTP has this issue and Gopher can be abused in similar ways.


S 2.1.3. A FOOTGUN

To unsuspecting or unfamiliar users, Gemini can be used to deliver malicious
software. Here is a proof:

1. Request gemini://blog.famous-internet-guy.ht/

2. Receive the following:
20 application/octet-stream
<... binary content ...>

3. The behavior is undefined - it could execute the malware, it could save it to
disk, it could display garbage.

Web browsers used to have this issue, but as we know today, there are many
warnings and messages before an application can even begin downloading.

Gopher appears to have the same potential issue.


S 2.1.4 SOLUTION TO THE ISSUES

Obvious solutions that come to me when I think of the problems above:

1. Finalize the specification.
2. Give warnings to users when it appears a website may try to track them. This
logic should be scriptable since it's a cat-mouse game.
3. Standardize how Gemini clients should work to avoid undefined behavior like
when downloading applications.


S 3. HTTP ⊇ GEMINI ⊇ GOPHER

                                                _____         
                                               /     \        
                      ,           /           /'''''\/ _      
                     <><        ,'`./        / @  _  \/ |     
                      `         `.,'\        >   <_)    |     
                                  \          \       /\_|     
                                              \...../\        
                                               \\____/        

                          (Art by Max Strandberg)


After taking a good look at Gemini and Gopher a few months ago, to finally 
inform myself what all the talk was about, I was left with feeling that all
this is just a pointless, feel-good, righteous endeavor. 

Let's start from the bottom up.

Gopher is essentially a directory listing, and nothing more. It's used to find
content, which is especially made apparent by how it does "search requests"
(which I found to be super cool).

Gemini is essentially Gopher, minus the cool search request feature, with yet
*another* Markdown variant nailed onto the side of it, and a grating of HTTP
flakes on top.

Finally HTTP is the most flexible of the bunch: it can be made to do all the
above and more. Obviously it's the heaviest.

The argument which is then made (and acknowledged by the FAQ) is: *why not just
use a subset of HTTP?*

It seems the answer boils down to enforcement. I don't see why this is a problem
though, because people need to force themselves to use Gemini clients. There 
would be less friction if browsers had a "subset" enforcement option, which tak-
es advantage of the fact HTTP / HTML is everywhere. On day one there would be 
thousandfold more users of the "HTTP subset" than the entire Gemini user-base.

The system I host this blog on uses a subset of HTTP / HTML so simple that it 
basically mimics exactly what Gopher does: the main page is a directory listing 
done with RSS / Atom, and each entry is something to download. I've opted to st-
ick to plain text for most of my content, but if I wanted to, I could serve svgs
or pdfs or anything. This means the entire system just boils down to HTTP GET,
some basic XML, and nothing else. It's as simple as Gemini without being Gemini,
and structured as Gopher without being Gopher.


S 4. CONCLUSION

As soon as some entity decides to release some HTTP subset enforcement mechanism
(browser extension, browser update, whatever), Gemini has no reason to exist. I
think Gemini is the mind child of someone who just had some time on their hands
to create a "what-if" scenario, and you know what, I'm glad they did create it.
It has led to conversations like this, and hopefully leads to the HTTP subset
enforcment a lot of us technologists desire! So thank you Gemini for that.


-- Len

Thanks to kline\0 for reviewing the draft of this piece.