From 62c9a164226e997a4717e2d639102182609bd097 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Thu, 18 Jun 2020 18:03:10 -0700 Subject: [PATCH 1/8] Change template, move user exp to applications --- applications/ssb-applications.md | 9 +++++++++ applications/template.md | 25 +++++++++++++++++++++++++ protocols/ssb.md | 14 ++++---------- protocols/template.md | 6 +++--- topics/data.md | 22 +++++++++++++++++++++- topics/discovery.md | 2 ++ 6 files changed, 64 insertions(+), 14 deletions(-) create mode 100644 applications/ssb-applications.md create mode 100644 applications/template.md diff --git a/applications/ssb-applications.md b/applications/ssb-applications.md new file mode 100644 index 0000000..a2a2910 --- /dev/null +++ b/applications/ssb-applications.md @@ -0,0 +1,9 @@ +# Ssb Applications + +### User Experience + +Key management is one of the biggest challenges of ssb, as users often lose and forget their passwords. Users are in complete control of their identity. That means if they lose their cryptographic key, they can permanently lose access to their account. To address the problem of key management in a decentralized manner, a project in the ssb ecosystem, [Dark Crystal](https://darkcrystal.pw), has implemented a social key recovery system. It splits keys into shards to store with family and friends who can be trusted to help reconstruct a lost key. + +The p2p bootstrapping process introduces frictions for new users. First, new users typically join a pub to get connected to the network after they download an ssb application. Then, there is a period of waiting time during the initial sync when logs are being downloaded, like the syncing time of a blockchain. A user that has not opened an ssb application in awhile will encounter this synchronization delay again while their node catches up to the state of the network. + +The inability to edit or delete content also runs contrary to user expectations. Because of the append-only nature of ssb feeds, there is no ability to permanently delete a piece of content. Applications can work around this by honoring edit or delete messages appended to the feed, but the original content stays in the append-only log that is shared among all nodes, and other applications could choose not to honor such messages. An example of a workaround is [ssb-revisions](https://github.com/regular/ssb-revisions), a basic API that enables applications to use mutable messages by displaying the updated version. diff --git a/applications/template.md b/applications/template.md new file mode 100644 index 0000000..1e5143b --- /dev/null +++ b/applications/template.md @@ -0,0 +1,25 @@ +### Identity + +### Networking + +### Data + +### Moderation & Reputation + +### Social & Discovery + +### Privacy & Access Control + +### User experience + +### Interoperability + +### Scalability + +### Metrics + +### Monetization + +### Implementations + +### Links diff --git a/protocols/ssb.md b/protocols/ssb.md index 73ad757..0b8c040 100644 --- a/protocols/ssb.md +++ b/protocols/ssb.md @@ -11,6 +11,8 @@ A user's identity is their ed25519 key pair which is used to sign posts, verifyi Users can pick a human-readable nickname that is associated with their key, but nicknames are not unique because there is no global registry. +Ssb does not currently support multi-device login, because keys are stored on devices. + ### Networking Nodes request all messages in the feed that are newer than the latest message they know about. The networking component of SSB maintains a table of known peers which it cycles through asking for updates for all followed feeds. Messages are passed through the ssb network via a gossip protocol. Messages may be passed through third parties, which improves availability. @@ -33,6 +35,8 @@ Each message contains: - An identifier of the hashing algorithm in use (currently only "sha256" is supported) - A content object +Because of the append-only nature of ssb feeds, there is no ability to permanently delete a piece of content. Applications can work around this by honoring edit or delete messages appended to the feed, but the original content stays in the append-only log that is shared among all nodes, and other applications could choose not to honor such messages. An example of a workaround is [ssb-revisions](https://github.com/regular/ssb-revisions), a basic API that enables applications to use mutable messages by displaying the updated version. + ### Moderation & Reputation There is no global moderation, and no specialized moderators in ssb. A “flag” message is used to send a strong negative signal about bad actors. Applications built on top of ssb allow users to “block” and “ignore”. An ignore will simply not show that data to the user's node, although their node will continue to pass their data through the network. A block will cause the user's node to refuse to replicate data from that feed, segmenting it off from their portion of the network. If enough people block a user or group of users, their part of the network will become partitioned from the rest. @@ -55,16 +59,6 @@ The ssb ecosystem is supported through a variety of grants, donations, income fr Pubs, the most resource-intensive nodes, are currently volunteer supported. -### User Experience - -Key management is one of the biggest challenges of ssb, as users often lose and forget their passwords. Users are in complete control of their identity. That means if they lose their cryptographic key, they can permanently lose access to their account. To address the problem of key management in a decentralized manner, a project in the ssb ecosystem, [Dark Crystal](https://darkcrystal.pw), has implemented a social key recovery system. It splits keys into shards to store with family and friends who can be trusted to help reconstruct a lost key. - -Ssb does not currently support multi-device login, because keys are stored on devices. - -The p2p bootstrapping process introduces frictions for new users. First, new users typically join a pub to get connected to the network after they download an ssb application. Then, there is a period of waiting time during the initial sync when logs are being downloaded, like the syncing time of a blockchain. A user that has not opened an ssb application in awhile will encounter this synchronization delay again while their node catches up to the state of the network. - -The inability to edit or delete content also runs contrary to user expectations. Because of the append-only nature of ssb feeds, there is no ability to permanently delete a piece of content. Applications can work around this by honoring edit or delete messages appended to the feed, but the original content stays in the append-only log that is shared among all nodes, and other applications could choose not to honor such messages. An example of a workaround is [ssb-revisions](https://github.com/regular/ssb-revisions), a basic API that enables applications to use mutable messages by displaying the updated version. - ### Interoperability [Ssb viewer](https://github.com/ssbc/ssb-viewer), an HTTP server for read-only views of ssb content, brings read-only interop from ssb to the web. diff --git a/protocols/template.md b/protocols/template.md index 63374d8..3c140a5 100644 --- a/protocols/template.md +++ b/protocols/template.md @@ -10,7 +10,7 @@ ### Privacy & Access Control -### User experience (if applies) +### User experience ### Interoperability @@ -18,8 +18,8 @@ ### Metrics -### Monetization +### Governance & Business Models -### Implementations +### Implementations & Applications ### Links diff --git a/topics/data.md b/topics/data.md index bc9dbd7..09245e8 100644 --- a/topics/data.md +++ b/topics/data.md @@ -1,6 +1,26 @@ -# Data +# Data & Discovery Data structures, data availability, persistence, and mutability in decentralized applications. Data portability Decentralized systems do not have a single central system to coordinate updates. + +### Data availability + +No server has a unified global view of a decentralized network. + +Data is only available along user connections or the follow graph, whether that is determined by node or by server. + +Mastodon - No global search functionality + +### Mutability + +Ssb & Hypercore - Messages added to the append-only log are immutable. Applications can choose not to display messages indicated as deleted, but the data cannot be overwritten. + +IPFS - Once added to a network, content is discoverable by its hash. If a copy remains stored on the network, it is re-discoverable by this reference. + +### Data structures + +JSON-LD + +RDF diff --git a/topics/discovery.md b/topics/discovery.md index b0bfe10..8e09732 100644 --- a/topics/discovery.md +++ b/topics/discovery.md @@ -3,3 +3,5 @@ In decentralized networks, whether federated or p2p, there is often no global search functionality. This issue being discussed in Mastodon: https://github.com/tootsuite/mastodon/issues/9529 + +Hashtags are used to filter and discover content in ssb, diaspora, mastodon From c394ade970cb07049d2d80aba15da6e840481509 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Thu, 18 Jun 2020 18:06:49 -0700 Subject: [PATCH 2/8] Rm zeronet --- applications/zeronet.md | 55 ----------------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 applications/zeronet.md diff --git a/applications/zeronet.md b/applications/zeronet.md deleted file mode 100644 index 3090cc8..0000000 --- a/applications/zeronet.md +++ /dev/null @@ -1,55 +0,0 @@ -# Zeronet - -Zeronet is a browser for a decentralized network built on BitTorrent and Bitcoin. Instead of having IP addresses, Zeronet site addresses are Bitcoin public keys. - -Example sites created on Zeronet include ZeroTalk (like Reddit), ZeroBlog (microblogging), ZeroMail (encrypted mail), and ZeroMe (p2p social network). - -ZeroMe is a proof-of-concept that demonstrates how to build a Twitter-like site in a decentralized browser. It has not received wide usage. - -### Identity - -The creator of a site signs the files with the private key, and the public key is the site address. This is a Bitcoin key which can be exported to a wallet, allowing funds to be sent to the address and collected by the site creator. Zeronet domains end in `.bit`. - -ZeroId is an authorization provider that lets you interact with sites without contacting the owner, and is used for sites with user interaction like ZeroMe. - -### Networking/Message passing - -Zeronet uses the BitTorrent network to find peers that are seeding the site to download the site content from. When a user visits a site, they download the site files. Once they've visited, they start serving that site as well, seeding it to others. - -### Data Storage/Message Persistence - -Zeronet uses BitTorrent trackers and its own variety of trackers (zero://). - -### Moderation/Reputation - -Blacklists are opt-in. - -ZeroId provides some control over user accounts to fight spam, by limiting the number of registrations from an IP address. - -### Social/Discovery - -There are a few search engines for Zeronet, which have scraped and index the network. Zeronet addresses are commonly shared out-of-band. - -### Privacy and Access Control - -Sites that take user input, like ZeroMe, ask the user for permission to grant read/write access. - -### User Experience - -Zeronet's decentralized hosting design allows for one-click site cloning. Popular sites scale with demand, as visitors become seeders of site content as well. - -### Interoperability - -Despite being compared to Beaker Browser and IPFS, Zeronet does not interoperate with other sites, or even with BitTorrent. - -Zeronet can be run over Tor for privacy. but it does not support .onion sites. I2P is not supported. - -### Monetization - -The Zeronet project relies on tips. - -An interesting element of monetization in Zeronet is that the fact that site addresses are bitcoin addresses, which means that site owners can be tipped directly to the address. The owner can retrieve the funds by importing the private key into a bitcoin wallet. - -### Links - -[Zeronet](zeronet.io) From 2522ef21e1d1c8afa6cef2b4d89719c0efd5191e Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Thu, 18 Jun 2020 18:07:26 -0700 Subject: [PATCH 3/8] Rename ssb social --- applications/{ssb-applications.md => ssb-social.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename applications/{ssb-applications.md => ssb-social.md} (98%) diff --git a/applications/ssb-applications.md b/applications/ssb-social.md similarity index 98% rename from applications/ssb-applications.md rename to applications/ssb-social.md index a2a2910..eda0076 100644 --- a/applications/ssb-applications.md +++ b/applications/ssb-social.md @@ -1,4 +1,4 @@ -# Ssb Applications +# Ssb Social Applications ### User Experience From 989b4035d2ca0176511a2db9b9ef837b19a38d85 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Tue, 23 Jun 2020 09:54:48 -0700 Subject: [PATCH 4/8] Add edits --- topics/data.md | 27 +++++++++++++-------------- topics/discovery.md | 8 ++++++++ topics/identity.md | 14 ++++++++------ topics/moderation.md | 20 ++++++++++++++------ topics/security.md | 2 +- 5 files changed, 44 insertions(+), 27 deletions(-) diff --git a/topics/data.md b/topics/data.md index 09245e8..d800f09 100644 --- a/topics/data.md +++ b/topics/data.md @@ -1,26 +1,25 @@ -# Data & Discovery +# Data -Data structures, data availability, persistence, and mutability in decentralized applications. -Data portability +### Data Models -Decentralized systems do not have a single central system to coordinate updates. +Shared data models enable interoperability. -### Data availability +Solid - Solid's data model is RDF. [RDF](https://www.w3.org/RDF/) uses URIs to name the relationship between things, allowing structured data to be shared across different applications. RDF could potentially [be a barrier to adoption](https://hal.inria.fr/hal-01966561/document), due to its complexity. -No server has a unified global view of a decentralized network. +Matrix - Matrix transports messages using JSON, and tracks conversation history through DAGs. -Data is only available along user connections or the follow graph, whether that is determined by node or by server. +Mastodon - ActivityPub uses streams of JSON-LD. Mastodon was formerly compatible with OStatus, which used RSS. -Mastodon - No global search functionality +IPFS - IPFS uses a custom data model, [IPLD](https://ipld.io/), designed to treat hash-linked data structures as subsets of a unified information space. + +Ssb - Ssb uses append-only logs of signed JSON. ### Mutability +Federated applications allow users to edit and delete content, handled at the server level. Content may not be guaranteed to be deleted across the entire network in some cases - protocols should require applications to honor delete messages. + +P2p applications have more variance around mutability. + Ssb & Hypercore - Messages added to the append-only log are immutable. Applications can choose not to display messages indicated as deleted, but the data cannot be overwritten. IPFS - Once added to a network, content is discoverable by its hash. If a copy remains stored on the network, it is re-discoverable by this reference. - -### Data structures - -JSON-LD - -RDF diff --git a/topics/discovery.md b/topics/discovery.md index 8e09732..9c310a0 100644 --- a/topics/discovery.md +++ b/topics/discovery.md @@ -5,3 +5,11 @@ In decentralized networks, whether federated or p2p, there is often no global se This issue being discussed in Mastodon: https://github.com/tootsuite/mastodon/issues/9529 Hashtags are used to filter and discover content in ssb, diaspora, mastodon + +### Data availability + +No server has a unified global view of a decentralized network. + +Data is only available along user connections or the follow graph, whether that is determined by node or by server. + +Mastodon - No global search functionality diff --git a/topics/identity.md b/topics/identity.md index 2eaa6f4..5f446f6 100644 --- a/topics/identity.md +++ b/topics/identity.md @@ -18,7 +18,7 @@ Desirable qualities for decentralized identities: ## Decentralized Identity -OAuth is currently the most successful identity standard. OAuth was created to securely transfer user credentials from one site to another. OAuth identity providers became centralized because users could not run or choose their own identity providers. +OAuth is currently the most successful identity standard. OAuth was created to securely transfer user credentials from one site to another. OAuth identity providers became centralized because users could not run or choose their own identity providers. (See decentralized identity protocol comparisons in [Decentralizing the Social Web](https://hal.inria.fr/hal-01966561/document)) ### Identity in federated applications: @@ -41,18 +41,20 @@ P2p systems key management, key verification, key backup. Account recovery. - Aether - Iris -### Blockchain identity +### Blockchain Identity + +In 2001, Zooko Wilcox-O'Hearn named three desirable properties of decentralized network identifiers: human-meaningful (memorable), decentralized (global), and secure (unique). This became known as [Zooko's triangle](https://en.wikipedia.org/wiki/Zooko%27s_triangle). Prior to the invention of cryptocurrency blockchains, which enabled decentralized global consensus, it was thought that only two of these three properties could be achieved at one time. Now, many projects have created protocols for naming systems that fulfill all three properties. - Namecoin +- Blockstack - Handshake -Lots of them. -Microsoft -IBM +- Microsoft +- [IBM](https://www.ibm.com/blockchain/solutions/identity/networks) - IBM is helping to create, operate and maintain permissioned decentralized identity networks built using Hyperledger ### Decentralized Identifiers (DIDs) -[DIDs](https://w3c-ccg.github.io/did-primer/) are a new type of globally unique identifier that do not require a centralized registration authority, and can serve as a decentralized public key infrastructure. DIDs are a [W3C standard](https://www.w3.org/TR/did-core/). +The [DID W3C standard](https://www.w3.org/TR/did-core/) is an emerging standard around decentralized identifiers. [DIDs](https://w3c-ccg.github.io/did-primer/) are a new type of globally unique identifier that do not require a centralized registration authority, and can serve as a decentralized public key infrastructure. The format of a DID is: a scheme identifier, followed by the DID method, followed by a method-specific identifier. A simple example: `did:example:123456789abcdefghi` diff --git a/topics/moderation.md b/topics/moderation.md index a21743d..7aa37d7 100644 --- a/topics/moderation.md +++ b/topics/moderation.md @@ -1,8 +1,8 @@ # Moderation -One of the most acute problems with centralized platforms is the need to develop one-size-fits-all moderation policies for billions of users. Decentralizing social platforms places the power to determine moderation policies in the hands of users or communities. +One of the most acute problems with centralized platforms is the need to develop one-size-fits-all moderation policies for billions of users. Decentralizing moderation puts decisions about what content to block or allow in the hands of users and communities. -## Moderation in federated systems +## Community moderation ### Matrix @@ -10,10 +10,18 @@ Servers in Matrix have terms of use that users agree to when they join. Rooms ma ### Mastodon -Each server admin can create their own moderation rules as well as a theme for their server. Their TOS may include rules about whether data can leave the server, etc. Users choose which server to join, opting into the moderation policy, theme, and TOS they prefer. +Each server admin can create their own moderation rules as well as a theme for their server. Their TOS may include rules about whether data can leave the server, etc. -## Moderation in p2p systems +### Reddit -## Experiments +### Aether -Curation and moderation markets +Users elect and impeach topic moderators. + +## User moderation + +User level moderation allows users to opt into different content preferences, for example subscribing to shared blocklists, or enabling certain filters. + +# Mastodon + +Users choose which server to join, opting into the moderation policy, theme, and TOS they prefer. diff --git a/topics/security.md b/topics/security.md index 88916ce..da76225 100644 --- a/topics/security.md +++ b/topics/security.md @@ -9,6 +9,6 @@ Some e2e messaging encryption options: ### Access Control -There may be a need for different levels of access to user data - for example, to create read-only applications, paywall, or private sharing. +Different levels of access to user data can be controlled through server permissions on federated systems. In p2p systems, access control must be implemented through cryptographic permissions, or access control lists. Object capability security authorization system From 07c5539c7350ace3fda77b3553bbd4ca614dc787 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Mon, 29 Jun 2020 17:20:44 -0700 Subject: [PATCH 5/8] Add aether to data --- topics/data.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/topics/data.md b/topics/data.md index d800f09..b6afdba 100644 --- a/topics/data.md +++ b/topics/data.md @@ -23,3 +23,5 @@ P2p applications have more variance around mutability. Ssb & Hypercore - Messages added to the append-only log are immutable. Applications can choose not to display messages indicated as deleted, but the data cannot be overwritten. IPFS - Once added to a network, content is discoverable by its hash. If a copy remains stored on the network, it is re-discoverable by this reference. + +Aether - "Stale" threads that have not been referenced for 6 months get dropped by the network. This design attempts to make posts more ephemeral in a p2p setting. From 573a77e169c3db8eade70cf00cf3703127a10a3e Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Tue, 30 Jun 2020 17:00:11 -0700 Subject: [PATCH 6/8] Add monetization --- topics/monetization.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/topics/monetization.md b/topics/monetization.md index 3605350..4ed7474 100644 --- a/topics/monetization.md +++ b/topics/monetization.md @@ -10,37 +10,39 @@ Protocols must be open source in order to be used and adopted. Applications buil Advertising +- Charge advertisers for user impressions or clicks through the applications +- Users can pay to not be shown ads + In-app purchases - Charge for promoted tweets +- Charging for custom curation or moderation services, or taking a cut of monetized services offered by third-parties. Transaction fees on - User monetization of premium content - User tips and donations -Premium experience - -- Users can pay to not be shown ads - # Provider Level -If applications access the provider, (as in Solid, where applications access user data through pods), the provider can charge a commission of the revenues of each application. +If applications access user data through a provider, (as in federated systems where a user signs up to a server, or in Solid, where applications access user data through pods), the provider can have a separate business model from the application. -If users access the provider (as in federated systems where a user signs up to a server), the provider could charge the user a fee, perhaps for premium features like extra storage. Up-front membership fees for users tend to discourage adoption of social applications, where users have come to expect free service. +- Charge a commission of the revenues of each application. +- Charge users a membership fee. (However, up-front membership fees for users tend to discourage adoption of social applications, where users have come to expect free applications.) +- Charge users for premium features like extra storage. ## Protocol Level Protocol level business models have been explored in recent years through cryptocurrencies. -One method is the creation of a token used for transactions internal to the protocol. An example is Facebook's Libra. +One method of protocol-level monetization is the creation of a token used for transactions internal to the protocol. Facebook's Libra, which will allow users to send payments to each other, is an example of this approach. Brave browser created [BAT, Basic Attention Token](https://basicattentiontoken.org/), for transactions between publishers, advertisers and users. Advertisers pay in BAT to place ads. Publishers receive most of the BAT from ad revenue and Brave takes a percentage. Users of Brave browser earn BAT when they view ads. They can't withdraw it, and instead can only donate it to publishers of their choice. According to Brave's research, in 2020, Users could earn up to $200 by consuming ads. Publishers haven't been vocal about their earnings, but [freecodecamp have said that they earned $2000 between early 2018 to mid 2019.](https://www.freecodecamp.org/news/the-brave-browser-how-much-money-can-your-website-make-as-a-publisher/). -Existing cryptocurrencies can also be used for protocol-level business models. +Existing cryptocurrencies can also be used for protocol-level business models. Brave originally used Bitcoin instead of BAT for in-browser micropayments. In a server-based federated system, servers that provide services to the network could also function as Lightning hubs that route Bitcoin payments through the social graph using payment channels, and collect fees for doing so. -Servers could function as Lightning hubs that route Bitcoin payments through the social graph using payment channels, and collect fees for doing so. +Namespaces are a limited resource across a common protocol. For this reason, business models could be developed around username registrations, like how domain names are sold on the web. Currently, Twitter prohibits the trading of usernames, but a [black market has emerged](https://www.theguardian.com/technology/2018/apr/17/selling-twitter-handles-big-business-identity) anyways, illustrating the latent demand for good names. Legitimizing a username marketplace could be one method of monetization for a decentralized Twitter. -Sell username registrations +## Links -https://blog.ethereum.org/2014/04/30/decentralized-protocol-monetization-and-forks/ +[Decentralized Protocol Monetization and Forks](https://blog.ethereum.org/2014/04/30/decentralized-protocol-monetization-and-forks/) -https://avc.com/2016/07/the-golden-age-of-open-protocols/ +[The Golden Age of Open Protocols](https://avc.com/2016/07/the-golden-age-of-open-protocols/) From 2695fe1cacdf30bd36dbb8f81afbd0975e05e4b1 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Tue, 30 Jun 2020 17:00:26 -0700 Subject: [PATCH 7/8] Add data sections --- topics/data.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/topics/data.md b/topics/data.md index b6afdba..4ad36a7 100644 --- a/topics/data.md +++ b/topics/data.md @@ -1,16 +1,16 @@ # Data -### Data Models +### Data Structures -Shared data models enable interoperability. +Shared data structures enable interoperability. -Solid - Solid's data model is RDF. [RDF](https://www.w3.org/RDF/) uses URIs to name the relationship between things, allowing structured data to be shared across different applications. RDF could potentially [be a barrier to adoption](https://hal.inria.fr/hal-01966561/document), due to its complexity. +Solid - Solid's data structure is RDF. [RDF](https://www.w3.org/RDF/) uses URIs to name the relationship between things, allowing structured data to be shared across different applications. RDF could potentially [be a barrier to adoption](https://hal.inria.fr/hal-01966561/document), due to its complexity. Matrix - Matrix transports messages using JSON, and tracks conversation history through DAGs. Mastodon - ActivityPub uses streams of JSON-LD. Mastodon was formerly compatible with OStatus, which used RSS. -IPFS - IPFS uses a custom data model, [IPLD](https://ipld.io/), designed to treat hash-linked data structures as subsets of a unified information space. +IPFS - IPFS uses a custom data structure, [IPLD](https://ipld.io/), designed to treat hash-linked data structures as subsets of a unified information space. Ssb - Ssb uses append-only logs of signed JSON. @@ -20,7 +20,7 @@ Federated applications allow users to edit and delete content, handled at the se P2p applications have more variance around mutability. -Ssb & Hypercore - Messages added to the append-only log are immutable. Applications can choose not to display messages indicated as deleted, but the data cannot be overwritten. +Ssb & Hypercore - Messages added to the append-only logs used by ssb and hypercore are immutable. Applications can choose not to display messages indicated as deleted, but the data cannot be overwritten. IPFS - Once added to a network, content is discoverable by its hash. If a copy remains stored on the network, it is re-discoverable by this reference. From 106225cfc87d34c4756ba8e04feeef9566d19fce Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Tue, 30 Jun 2020 17:58:07 -0700 Subject: [PATCH 8/8] Edit security --- topics/security.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/topics/security.md b/topics/security.md index da76225..d4c7263 100644 --- a/topics/security.md +++ b/topics/security.md @@ -1,14 +1,23 @@ ### Security -Designing for public communication requires less focus on privacy than more intimate social applications. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported. +Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported. -Some e2e messaging encryption options: +Many decentralized social applications that include direct messaging use e2e encryption to preserve the privacy of messages. -- Noise protocol +- Matrix - [End-to-end encryption guide for Matrix clients](https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide) +- ActivityPub - Mastodon is [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server. +- Ssb - Ssb, as a p2p protocol, included [e2e encryption for direct messages](http://scuttlebot.io/docs/basics/encryption.html) from the start, so that unencrypted messages would not be passed around the network. + +Some more e2e messaging encryption options: + +- [Noise protocol](http://www.noiseprotocol.org/), used by WhatsApp - [Messaging Layer Security (MLS)](https://messaginglayersecurity.rocks/) ### Access Control Different levels of access to user data can be controlled through server permissions on federated systems. In p2p systems, access control must be implemented through cryptographic permissions, or access control lists. -Object capability security authorization system +Object capability security authorization systems: + +- [Adding object capabilities to ActivityPub](https://gitlab.com/spritely/ocappub/blob/master/README.org) +- Peergos provides [capability-based access control](https://github.com/Peergos/Peergos) for files on top of IPFS