1 Sketches for a federated social network using strong crypto to protect the user's data
2 ===================================================================
7 The network structure is decentralized; status updates, posts, etc. are
8 transferred between endpoints. Users are identified by addresses that
9 follow RFC 822. Protocol is unclear:
11 * XMPP: wide-spread and allows easy implementation of a chat, has integrated
12 authentication, however not very light-weight to implement
13 * OStatus: used by Diaspora, StatusNet, identi.ca
16 * PubSubHubbub: pull-based, apparently not used frequently
21 All users have a private key and a keyring of public keys. "Friend"
22 requests are directed, the inquired person has to approve friendship.
23 Positive acknowledgement of this request leads to addition of the inquirer's
24 key to the user's keyring. All status updates, pictures, ... the user posts
25 are encrypted with the keys in his kearing, so only the followers can actually
26 encrypt and see it. NO PLAIN-TEXT COPYING OF CONTENT!
30 * encryption prevents accidental data leakage
31 * the user has full control about who can see the data
35 * encryption makes the process slow, needs additional cpu cycles
36 * advertising encryption could lead to false security, as the content can
37 still be distributed through explicit downloads by trusted users
38 * encryption for every single person in keyring leads to much traffic
42 * "Reposts"? If so, content can't be encrypted => checkbox: repost yes/no?
43 * Groups? Generate public/private key for each group?
44 * How is the data stored on disk?
45 * Private keys must be very well protected on the endpoint