Update peergos.md
This commit is contained in:
parent
0fe1647edc
commit
876ec49a5a
|
@ -1,8 +1,8 @@
|
|||
# Peergos
|
||||
|
||||
Peergos is a p2p end-to-end encrypted storage and application protocol on top of IPFS. It is also a social file-sharing application by the same name. The goal of Peergos is to provide a global multi-user filesystem that provides privacy, identity, login, and secure sharing for decentralized applications. It is designed to be independent of DNS and TLS certificate authorities, and to protect privacy through quantum resistant encryption.
|
||||
Peergos is a p2p end-to-end encrypted storage, social media and application protocol and reference implementation on top of IPFS. The goal of Peergos is to provide a global multi-user filesystem that provides identity, privacy, login, and secure sharing for decentralized applications. It is designed to be independent of DNS and TLS certificate authorities, and to protect privacy through quantum resistant encryption.
|
||||
|
||||
Peergos was [started in 2013](https://peergos.org/about) with the aim of a secure decentralized file storage and sharing network with a secure email replacement.
|
||||
Peergos was [started in 2013](https://peergos.org/about) with the aim of protecting people online and restoring ownership over data.
|
||||
|
||||
### Identity
|
||||
|
||||
|
@ -10,19 +10,21 @@ Peergos users are identified by unique usernames linked to public keys. The uniq
|
|||
|
||||
Peergos allows [multi-device login](https://book.peergos.org/features/multi.html) through a password-based interface. A user's private keys are derived every time they log in using their username, password and a published salt. Specifically, a signing keypair, boxing keypair, and symmetric key is derived. Users store their friend's keys in their encrypted storage space in a TOFU keystore. Users can verify their friend's keys out of band using QR codes or fingerprints.
|
||||
|
||||
A user's identity is independent of their current storage server. This means they can move servers transparently and maintain their full social graph, and all existing capabilities/links to files continue to work.
|
||||
|
||||
### Network
|
||||
|
||||
Each user must be registered to at least one Peergos server (A server can host any number of users and any server can choose to mirror data for any user). Peergos servers run an instance of IPFS, which handles networking and connection management. A server is any device storing user data, and could be a mobile phone, a cloud server, or hardware plugged in at home.
|
||||
Each user must be registered to at least one Peergos server (A server can host any number of users and a user can mirror their data on as many servers as they like). Peergos servers run an instance of IPFS, which handles networking and connection management. A server is any device storing user data, and could be a mobile phone, a cloud server, or hardware plugged in at home.
|
||||
|
||||
### Data
|
||||
|
||||
Data in Peergos is content-addressed: stored in mappings from hash to data. During upload the client splits files into 5 MiB chunks which are each independently encrypted (along with encrypted metadata) and stored in a [merkle-CHAMP](https://book.peergos.org/architecture/champ.html) (compressed hash array mapped prefix trie) in IPFS. Directories can't be distinguished from small files. To hide file sizes and split files up into 5 MiB chunks which aren't linkable, the size within a chunk is also rounded up (padded before encryption) to a multiple of 4 KiB. This means all chunks can only have 1 of 1280 possible sizes. Servers do not have visibility into the file sizes, the number of files, directory structure, or which users have access
|
||||
Data in Peergos is content-addressed: stored in mappings from hash to data. During upload the client splits files into 5 MiB chunks which are each independently encrypted (along with encrypted metadata) and stored in a [merkle-CHAMP](https://book.peergos.org/architecture/champ.html) (compressed hash array mapped prefix trie) in IPFS. Directories can't be distinguished from small files. To hide file sizes and split files up into 5 MiB chunks which aren't linkable, the size within a chunk is also rounded up (padded before encryption) to a multiple of 4 KiB. This means all chunks can only have 1 of 1280 possible sizes. Servers do not have visibility into the file sizes, the number of files, directory structure, or which users have access. All blocks of data are store in dag-cbor format of [IPLD](https://docs.ipld.io/).
|
||||
|
||||
The user publishes the IPFS node ID (hash of its public key) of their server in the PKI. This allows writes and new friend requests to be securely tunneled to their server. It synchronizes their writes and publishes their latest root hashes.
|
||||
|
||||
### Social & Discovery
|
||||
|
||||
Users can follow each other. [Follow requests](https://book.peergos.org/architecture/follow.html) are sent through a user’s storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages. Critically, the server never sees who is following who (even follow requests are blinded). Users store their own social graph encrypted in their Peergos space.
|
||||
Users can follow each other. [Follow requests](https://book.peergos.org/architecture/follow.html) are sent through a user’s storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages. Critically, the server never sees who is following who (even follow requests are blinded). Users store their own social graph encrypted in their Peergos space. Once a follow request has been accepted, then a secure channel is opened up for sharing capabilities. Users can either look up people to add by their username, or new friends can be discovered by existing friends re-sharing a post from them. Friend keys can be verified directly using a QR code in person or by reading a number sequence using the same protocol as Signal.
|
||||
|
||||
### Privacy & Access Control
|
||||
|
||||
|
@ -44,11 +46,11 @@ Peergos can handle arbitrarily large files, including random access, upload and
|
|||
|
||||
### Governance & Business Models
|
||||
|
||||
Peergos was developed by the [core team](https://peergos.org/about) on a [self-funded](https://donorbox.org/peergos) volunteer basis for years. It has received grants from [Protocol Labs](https://peergos.org/posts/dev-update), the company that stewards IPFS, and from [Santander](https://twitter.com/oxfoundry/status/1232766848816549888).
|
||||
Peergos was developed by the [core team](https://peergos.org/about) on a [self-funded](https://donorbox.org/peergos) volunteer basis for years. It has received grants from [Protocol Labs](https://peergos.org/posts/dev-update), the company that stewards IPFS, from [Santander](https://twitter.com/oxfoundry/status/1232766848816549888) and most recently as [Next Generation Internet Acrhictects](https://peergos.org/posts/next-generation-internet) from NGI Pointer (part of Horizon 2020). They plan to use a business model aligned with the [interests of end users](https://peergos.org/posts/the-social-dilemma) to fund development.
|
||||
|
||||
### Implementations
|
||||
|
||||
Peergos is a private and access controlled layer on top of IPFS which can be used to build applications. Other than the Peergos reference implementation client which allows users to store and share private files, there are a few demo [applications](https://peergos.org/posts/applications), including a read-only viewer for PDF files, and an editor for text or code.
|
||||
Peergos is a private and access controlled layer on top of IPFS which can be used to build applications. Using the Peergos reference implementation as a substrate (which implements a global social filesystem), there are a few demo [applications](https://peergos.org/posts/applications), including video streaming, a PDF viewer, text editor editor, [todo board/kanban](https://peergos.org/posts/private-kanban), [private calendar](https://peergos.org/posts/calendar), a social feed and p2p web hosting.
|
||||
|
||||
The goal of allowing people to deploy apps on Peergos that are viewable from the browser is currently limited by [sandboxing constraints](https://kevodwyer.github.io/sandbox/) within browsers. [COOP/COEP](https://web.dev/why-coop-coep/) increase the security of in-browser applications.
|
||||
|
||||
|
|
Loading…
Reference in New Issue