update security, discovery, blockchain-social, identity

applications/blockchain-social.md

@@ -33,3 +33,17 @@ Other than depending on Steem price appreciation, Steemit monetizes through user
 ### Links
 
 [Steemit frontend application](https://github.com/steemit/condenser)
+
+# Peepeth
+
+[Peepeth](https://peepeth.com/welcome) is a “permanent Twitter” built on Ethereum and IPFS. Account information is stored on the Ethereum blockchai. Data is stored in IPFS, and a link to the IPFS address is stored on the Ethereum blockchian. Permanent posts are embraced as a design choice meant to encourage users to be more mindful of what they write. The main Peepeth client has a few monetization strategies, including a 10% fee on user tips, and charging for verifications of social accounts. Users log in to Peepeth through Metamask, and their identities are registered by posting account information to a smart contract that associates it with their address.
+
+# Bitcoin Fork Social Networks
+
+Memo is a Twitter-style social network that stores each action in a transaction on the Bitcoin Cash blockchain. Data stored on the blockchain is immutable and public. Memo uses a reputation system based on the ratio of how many people a user follows are mutuals, compared with how many have muted the user.
+
+Twetch is a Twitter alternative that stores post data on the Bitcoin SV blockchain. Almost all actions are monetized, and have a transaction cost. Users create a [moneybutton](https://www.moneybutton.com/money) account for sending and receiving money, and must fund their account to write, comment, like, or follow. There is a small charge to create a post, as a spam prevention mechanism. A cross-post to Twitter feature exists in Twetch.
+
+# Links
+
+[Blockchain Social Networks](https://medium.com/decentralized-web/blockchain-social-networks-c941fb337970)

protocols/peergos.md

@@ -32,7 +32,7 @@ Access is controlled through cryptographic capabilities. Access is hierarchical,
 
 A read-only capability consists of the hash of the file owner's public key, the hash of the writer's public key, a random label, and a symmetric encryption key. Access to files gained through social follows can be revoked by rotating cryptographic keys, but the interface does not display keys to users. Users simply click "revoke access to <user>".
 
-To make a file or folder publically visible, a user can publish its capability. A user can also share secret links to files, like a google doc "share" link, which lets anyone who views it view the file. These [secret links](https://book.peergos.org/features/secret.html) don't expose the file to the server. The file is not transmitted unencrypted over the network, as the key to decrypt it is in the URL itself (in the hash fragment which isn't sent to the server), and is interpreted locally in the browser.
+To make a file or folder publicly visible, a user can publish its capability. A user can also share secret links to files, like a google doc "share" link, which lets anyone who views it view the file. These [secret links](https://book.peergos.org/features/secret.html) don't expose the file to the server. The file is not transmitted unencrypted over the network, as the key to decrypt it is in the URL itself (in the hash fragment which isn't sent to the server), and is interpreted locally in the browser.
 
 A writable capability includes the private key corresponding to the writer key, which is used to sign updates.
 

topics/discovery.md

@@ -2,18 +2,26 @@
 
 In decentralized networks, whether federated or p2p, there is often no global search functionality, as no node has a unified view of the network. This section covers methods of content discovery in decentralized social networks.
 
+Data availability in decentralized social networks can be discussed in terms of the [CAP theorem](https://en.wikipedia.org/wiki/CAP_theorem), which states that a distributed data store can only provide two out of the three guarantees: Consistency, Availability, and Partition tolerance. Centralized social networks are consistent - all users see the most recent state of the network, or an error. Decentralized networks often sacrifice consistency for availability and partition tolerance. Networks that prioritize availability over consistency will always process a query and return the most recent version of the information even if it can’t guarantee that it’s up to date.
+
 ### Mastodon
 
-Mastodon has no global search functionality. This issue being discussed in Mastodon: https://github.com/tootsuite/mastodon/issues/9529
+Mastodon servers store content from users followed by members of the server. Users are presented with three timelines: a home timeline with posts from accounts the user follows, a local timeline with posts from the local instance, and a federated timeline with all posts that have been retrieved from remote instances. There is no global search functionality. This issue being discussed in Mastodon: https://github.com/tootsuite/mastodon/issues/9529
 
-Servers store content from users followed by members of the server. Mastodon users are presented with three timelines: a home timeline with posts from accounts the user follows, a local timeline with posts from the local instance, and a federated timeline with all posts that have been retrieved from remote instances.
-
-Hashtags are used to filter and discover content in ssb, diaspora, mastodon
+Hashtags are used to filter and discover content in ssb, Diaspora, and Mastodon.
 
 ### Matrix
 
 All conversations on Matrix take place through rooms, which people either join (if public), peek into (if viewable), or are invited to. Because of its focus on conversations in rooms, there is no focus on having globally discoverable content.
 
+Matrix [optimizes for Availability and Partition Tolerance](https://matrix.org/docs/spec/) at the expense of Consistency. Homeservers model communication history as a partially ordered graph of events known as the room's "event graph", which is synchronised with eventual consistency between the participating servers using the "Server-Server API".
+
 ### Ssb
 
 Content is propagated and discovered through follow relationships in the ssb network. When a follow relationship is initiated, the posts of the user being followed begins to be synced to the follower's node. Those messages and files are stored locally on the user's computer, indefinitely, for applications running ssb to read.
+
+Ssb prioritizes Availability and Partition Tolerance over Consistency. No node has a global view of the network, but can sync data with any other node it is connected to. Ssb applications can be used locally or offline, and the append-only log ensures that data will be ordered correctly, even if it is not up-to-date. Once synced to the network, a user will always see content when they open an ssb application.
+
+### Blockchain social networks
+
+Blockchain social networks essentially treat the blockchain as a distributed database guaranteeing global availability of content, prioritizing Consistency. Applications that store data on chain usually do not have Availability, as the user cannot get the most recent state unless they are connected to the blockchain. Tradeoffs of storing social network data on a blockchain include making the data public, immutable, and adding performance overhead for full-node servers that must sync the full state of the chain and perform mining or validation functions.

topics/identity.md

@@ -74,7 +74,7 @@ Reputation in decentralized networks is established using many of the same [mech
 
 ## Failure modes
 
-- Sybils and spam - Spam, and the creation of many fake users to carry out attacks or misinformation campaigns, are problems for existing centralized social networks. These problems are also present in decentralized networks, and approaches to combat them are still evolving. Federated architectures allow server administrators to intervene and block or filter malicious accounts. In p2p systems, other approaches are necessary. Aether requires a hash computation to be performed for every event posted, raising the computational power required to mass spam the network. Steemit, a blockchain social network, requires new user registrations to be approved by a centralized service in order to combat the problem of fake accounts created to rig the voting system that determines monetary rewards for posts.
+- Sybils and spam - Spam, and the creation of many fake users to carry out attacks or misinformation campaigns, are problems for existing centralized social networks. These problems are also present in decentralized networks, and approaches to combat them are still evolving. Federated architectures allow server administrators to intervene and block or filter malicious accounts. However, ongoing harassment and abuse through sockpuppet accounts in Mastodon has motivated the creation of [OCapPub](https://gitlab.com/spritely/ocappub/blob/master/README.org), an object-capability based upgrade of ActivityPub. Steemit, a blockchain social network, requires new user registrations to be approved by a centralized service in order to combat the problem of fake accounts created to rig the voting system that determines monetary rewards for posts. P2p systems also struggle with spam and sockpuppets, although they have not seen a level of adoption that leads to high levels of abuse yet. Aether requires a hash computation to be performed for every event posted, raising the computational power required to mass spam the network.
 
 - Account Loss and Recovery - Federated networks can allow server admins to help users reset lost or forgotten passwords. For example, Mastodon users can ask their server for a password reset as they would any other service. P2p networks do not generally allow users to recover lost accounts, as there is no third-party to facilitate the exchange. [Dark Crystal](https://darkcrystal.pw/), a project in the ssb ecosystem, implements social key recovery to attempt to address this problem. User keys are split into shards that can be shared with trusted friends and family, and later used to reconstruct a lost key.
 

topics/privacy.md

@@ -0,0 +1,20 @@
+# Privacy
+
+Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported.
+
+Many decentralized social applications use e2e encryption to preserve the privacy of direct messages.
+
+- Matrix - [End-to-end encryption guide for Matrix clients](https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide)
+- ActivityPub - Mastodon is [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server.
+- Ssb - Ssb, as a p2p protocol, included [e2e encryption for direct messages](http://scuttlebot.io/docs/basics/encryption.html) from the start, so that unencrypted messages would not be passed around the network.
+
+Some more e2e messaging encryption options:
+
+- [Noise protocol](http://www.noiseprotocol.org/), used by WhatsApp
+- [Messaging Layer Security (MLS)](https://messaginglayersecurity.rocks/)
+
+A few decentralized social applications focus on privacy.
+
+- [Peergos](../protocols/peergos.md) - Peergos provides [capability-based access control](https://github.com/Peergos/Peergos) for files on top of IPFS. Files are kept private. All encryption happens on the client, which could be a native Peergos client or a browser. Data is always encrypted on the servers. Servers do not have access to metadata or sensitive information. Access is controlled through cryptographic capabilities. Access is hierarchical, and stored in an encrypted structure called [cryptree](https://book.peergos.org/security/cryptree.html).
+
+- [Zeronet](https://zeronet.io/) - Zeronet is an example of a p2p network that was designed with a focus on privacy. It is a browser for a decentralized network built on BitTorrent and Bitcoin, and instead of having IP addresses, Zeronet site addresses are Bitcoin public keys. ZeroMe is a proof-of-concept Twitter-like social network on Zeronet. It has not received wide usage. Other sites on Zeronet include ZeroTalk (like Reddit), ZeroBlog (microblogging), and ZeroMail (encrypted mail).

topics/security.md

@@ -1,23 +0,0 @@
-### Security
-
-Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported.
-
-Many decentralized social applications that include direct messaging use e2e encryption to preserve the privacy of messages.
-
-- Matrix - [End-to-end encryption guide for Matrix clients](https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide)
-- ActivityPub - Mastodon is [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server.
-- Ssb - Ssb, as a p2p protocol, included [e2e encryption for direct messages](http://scuttlebot.io/docs/basics/encryption.html) from the start, so that unencrypted messages would not be passed around the network.
-
-Some more e2e messaging encryption options:
-
-- [Noise protocol](http://www.noiseprotocol.org/), used by WhatsApp
-- [Messaging Layer Security (MLS)](https://messaginglayersecurity.rocks/)
-
-### Access Control
-
-Different levels of access to user data can be controlled through server permissions on federated systems. In p2p systems, access control must be implemented through cryptographic permissions, or access control lists.
-
-Object capability security authorization systems:
-
-- [Adding object capabilities to ActivityPub](https://gitlab.com/spritely/ocappub/blob/master/README.org)
-- Peergos provides [capability-based access control](https://github.com/Peergos/Peergos) for files on top of IPFS