From 106225cfc87d34c4756ba8e04feeef9566d19fce Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Tue, 30 Jun 2020 17:58:07 -0700 Subject: [PATCH] Edit security --- topics/security.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/topics/security.md b/topics/security.md index da76225..d4c7263 100644 --- a/topics/security.md +++ b/topics/security.md @@ -1,14 +1,23 @@ ### Security -Designing for public communication requires less focus on privacy than more intimate social applications. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported. +Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported. -Some e2e messaging encryption options: +Many decentralized social applications that include direct messaging use e2e encryption to preserve the privacy of messages. -- Noise protocol +- Matrix - [End-to-end encryption guide for Matrix clients](https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide) +- ActivityPub - Mastodon is [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server. +- Ssb - Ssb, as a p2p protocol, included [e2e encryption for direct messages](http://scuttlebot.io/docs/basics/encryption.html) from the start, so that unencrypted messages would not be passed around the network. + +Some more e2e messaging encryption options: + +- [Noise protocol](http://www.noiseprotocol.org/), used by WhatsApp - [Messaging Layer Security (MLS)](https://messaginglayersecurity.rocks/) ### Access Control Different levels of access to user data can be controlled through server permissions on federated systems. In p2p systems, access control must be implemented through cryptographic permissions, or access control lists. -Object capability security authorization system +Object capability security authorization systems: + +- [Adding object capabilities to ActivityPub](https://gitlab.com/spritely/ocappub/blob/master/README.org) +- Peergos provides [capability-based access control](https://github.com/Peergos/Peergos) for files on top of IPFS