The open social web demonstrates that we can decentralize social infrastructure, but the process of designing apps on top of that infrastructure is still largely centralized among expert developers. How can we empower anyone to build on the open social web, regardless of their technical experience?

This workshop will overview the new research area of "malleable social software," provide space for people to play with and hack on some prototypes, and facilitate discussion on how malleability can be brought into projects across the open social web. The overview will start by covering the broader field of malleable software which has so far largely been focused on tools for personal use or among small trusted groups. I will then discuss how we might draw insights from malleable software, like the "tailorability slope," to the design of larger open social web systems. As concrete examples, I will overview two systems I developed as part of my PhD at MIT: Graffiti and Social.Wiki.

Given that the systems were designed to be malleable, Graffiti and Social.Wiki both have a very low barrier to entry. Therefore, based on experience I have running two hackathons involving these systems, I will similarly dedicate a large part of the workshop to hacking. Despite the short time, participants should be able to build working decentralized social software to meet their own needs, such as app for people to connect during or after DWeb. In tandem with the hacking, there will be ample space for discussion among participants. We might discuss:
- What are the barriers to bringing malleability into other open social web systems? How might we overcome those barriers?
- How might we mitigate risks associated with opening up the ecosystem, such as reduced quality and cultural changes?
- How can we balance malleability with performance and security?
- What are the risks of using AI in malleable systems and can they be overcome?

Graffiti is a client library for building social software that runs atop a decentralized protocol. Our paper describing Graffiti was published last fall at the premier user interface conference, UIST, where it was awarded "Best Paper". The Graffiti protocol was developed in parallel to AT Protocol, with some overlap and some divergence (always an interesting discussion to be had). One major difference is that the Graffiti applications are intended to be developed "serverlessly"---other than the generic Graffiti servers, there is no need to build and deploy app-specific "App View" servers, avoiding a large "malleability cliff". Additionally, Graffiti provides a client-side API that abstracts all of the protocol details and instead asks three simple questions: What data is being stored? "Where" (in a contextual, not physical sense) should that data be found? And who should have access to the data?

Social.Wiki is a meta application built on Graffiti for collaboratively building and distributing Graffiti applications. The Social.Wiki interface acts much like a web browser: one can click between various web apps including ones for messaging, microblogging, collaborative editing, gaming, and even ride sharing. Unlike a web browser, all of the Social.Wiki apps can be directly edited, just like Wikipedia pages. Social.Wiki therefore further expands the scope of who can participate in app design, and introduces a gentle "tailorability slope" that smoothly transitions from MySpace-style copy-paste programming to writing complete complex apps. Social.Wiki also explores how security might be considered in malleable social software and the open social web in general by providing granular "capability-based" access to social data. This makes it possible to securely browse and interact with apps build on Social.Wiki regardless of whether they are created by someone malicious or more innocently by a novice programmer or by vibe coding.