24 lines
1.6 KiB
Markdown
24 lines
1.6 KiB
Markdown
### Security
|
|
|
|
Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy for user metadata is still important, and private direct messaging is a feature that may need to be supported.
|
|
|
|
Many decentralized social applications that include direct messaging use e2e encryption to preserve the privacy of messages.
|
|
|
|
- Matrix - [End-to-end encryption guide for Matrix clients](https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide)
|
|
- ActivityPub - Mastodon is [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server.
|
|
- Ssb - Ssb, as a p2p protocol, included [e2e encryption for direct messages](http://scuttlebot.io/docs/basics/encryption.html) from the start, so that unencrypted messages would not be passed around the network.
|
|
|
|
Some more e2e messaging encryption options:
|
|
|
|
- [Noise protocol](http://www.noiseprotocol.org/), used by WhatsApp
|
|
- [Messaging Layer Security (MLS)](https://messaginglayersecurity.rocks/)
|
|
|
|
### Access Control
|
|
|
|
Different levels of access to user data can be controlled through server permissions on federated systems. In p2p systems, access control must be implemented through cryptographic permissions, or access control lists.
|
|
|
|
Object capability security authorization systems:
|
|
|
|
- [Adding object capabilities to ActivityPub](https://gitlab.com/spritely/ocappub/blob/master/README.org)
|
|
- Peergos provides [capability-based access control](https://github.com/Peergos/Peergos) for files on top of IPFS
|