projects/crypto-fsn.mdwn

   1 Sketches for a federated social network using strong crypto to protect the user's data
   2 ===================================================================
   3
   4 Network structure
   5 -----
   6
   7 The network structure is decentralized; status updates, posts, etc. are
   8 transferred between endpoints. Users are identified by addresses that
   9 follow RFC 822. Protocol is unclear:
  10
  11 * XMPP: wide-spread and allows easy implementation of a chat, has integrated
  12   authentication, however not very light-weight to implement
  13 * OStatus: used by Diaspora, StatusNet, identi.ca
  14 * Salmon?
  15 * RSS/RSS Cloud?
  16 * PubSubHubbub: pull-based, apparently not used frequently
  17
  18 Concept
  19 ----
  20
  21 All users have a private key and a keyring of public keys. "Friend"
  22 requests are directed, the inquired person has to approve friendship.
  23 Positive acknowledgement of this request leads to addition of the inquirer's
  24 key to the user's keyring. All status updates, pictures, ... the user posts
  25 are encrypted with the keys in his kearing, so only the followers can actually
  26 encrypt and see it. NO PLAIN-TEXT COPYING OF CONTENT!
  27
  28 Pro:
  29
  30 * encryption prevents accidental data leakage
  31 * the user has full control about who can see the data
  32
  33 Contra:
  34
  35 * encryption makes the process slow, needs additional cpu cycles
  36 * advertising encryption could lead to false security, as the content can
  37   still be distributed through explicit downloads by trusted users
  38 * encryption for every single person in keyring leads to much traffic
  39
  40 Problems:
  41
  42 * "Reposts"? If so, content can't be encrypted => checkbox: repost yes/no?
  43 * Groups? Generate public/private key for each group?
  44 * How is the data stored on disk?
  45 * Private keys must be very well protected on the endpoint
  46