wishlist: two of Doug Stowe's Boxes books
[www-rohieb-name.git] / projects / crypto-fsn.mdwn
1 [[!meta title="Sketches for a federated social network using strong crypto to protect the user's data"]]
2
3 Network structure
4 -----
5
6 The network structure is decentralized; status updates, posts, etc. are
7 transferred between endpoints. Users are identified by addresses that
8 follow RFC 822. Protocol is unclear:
9
10 * XMPP: wide-spread and allows easy implementation of a chat, has integrated
11 authentication, however not very light-weight to implement
12 * OStatus: used by Diaspora, StatusNet, identi.ca
13 * Salmon?
14 * RSS/RSS Cloud?
15 * PubSubHubbub: pull-based, apparently not used frequently
16
17 Concept
18 ----
19
20 All users have a private key and a keyring of public keys. "Friend"
21 requests are directed, the inquired person has to approve friendship.
22 Positive acknowledgement of this request leads to addition of the inquirer's
23 key to the user's keyring. All status updates, pictures, ... the user posts
24 are encrypted with the keys in his kearing, so only the followers can actually
25 encrypt and see it. NO PLAIN-TEXT COPYING OF CONTENT!
26
27 Pro:
28
29 * encryption prevents accidental data leakage
30 * the user has full control about who can see the data
31
32 Contra:
33
34 * encryption makes the process slow, needs additional cpu cycles
35 * advertising encryption could lead to false security, as the content can
36 still be distributed through explicit downloads by trusted users
37 * encryption for every single person in keyring leads to much traffic
38
39 Problems:
40
41 * "Reposts"? If so, content can't be encrypted => checkbox: repost yes/no?
42 * Groups? Generate public/private key for each group?
43 * How is the data stored on disk?
44 * Private keys must be very well protected on the endpoint
45
This page took 0.037055 seconds and 5 git commands to generate.