[messaging] Distributed Social Graph + GNU Name System

carlo von lynX lynX at i.know.you.are.psyced.org
Mon Nov 17 05:09:50 PST 2014 

Hi folks. I've been told this is yet another place-to-be list
and since it treats a topic I've been involved with since the
80s I guess I should participate. Many already know me, for the
others I summarize my contributions in a few keywords: IRC, PSYC,
psyced, Certificate Patrol, secushare, youbroketheinternet.org.

I was taking a glance at the archives and would like to add some
info in reply to Trevor Perrin's mail from Mon Oct 6 02:08:57 PDT 2014
( https://moderncrypto.org/mail-archive/messaging/2014/000943.html ).

> Making it easy for people to pass public keys or fingerprints is a
> challenge.  We could try to optimize text representations, use QR
> codes or NFC, use Namecoin-like names, and so on.  GNS looks like
> another alternative.

Since secushare is aiming to provide a distributed social graph for
the purpose of offering an alternative to Facebook & co that actually
delivers more than what people expect from Facebook, it was pretty
straightforward for us to realize that no key discovery method can
ever beat the power of adopting a person from the social graph. When
Amy, Eleanor, Billy and Jake claim that Bob is a friend of theirs,
and they all provide the same public key for Bob, why should Alice
worry that Bob may actually be a fake that fooled all their common
friends?

So once a distributed graph is available as an instrument to the
majority of human beings, I expect that public keys will proliferate
freely and construct a solid basis for an end-to-end encrypted
infrastructure for humanity. The question to me is only who will
be the first to provide such a tool. I am not aware of anyone else
working on the same challenge.

Of course you need to bootstrap your social graph with a few solid
public key exchanges, but that can be achieved by sharing QR codes
on business cards or shaking bluetooth devices at each other. I am
optmistic that we could be having humanity on a secure messaging
system within years if we only focus on the right issues to deal with.

To reenforce the motivation to introduce such a secure messaging
system for all of humanity I also came up with a EU law proposal,
but that is a story for another post. Please change the subject line
accordingly if you want to talk about that.

>  * "Scoped" names seem sort of confusing and less useful than global
>  names.  I.e. "carol" isn't the global name of Alice's key, it's only
>  my name for Alice's key, so it's only useful if you already know my
>  key and understand this concept.

Well, Facebook has shown how little real people care about global
names if the applications are designed to not need them. We just need
to design all applications like that, the entire GNU Web and Internet.

>  * "Query privacy" doesn't seem enough to prevent harvesting a lot of
>  the social graph.  I.e. if you know my public key and are willing to
>  do thousands of DHT lookups, you'll probably find a lot of my
>  petnames.  And if there's no DHT, storing all the entries in one place
>  will enable offline cracking.

Yes, in Christian's original design if you brute force the nicknames of 
people you can get a glimpse of the social graph even if you're not entitled
to. That can be fixed easily however, simply introduce a friend circle
concept (think G+ circles, since 2003 PSYC uses the "channel" terminus)
and have the nicknames be stored in THAT public key rather than in a
person's root key. So in order to look up any people you need to know the
public key of a channel which you typically only know if you have been
invited to it.

Even better than that I presume is to use the distributed social graph
instead. A nickname then does not need to be looked up in a DHT, it is
already available on your device - and you can only consult the graph
if you are a legitimate subscriber of your friends' social channels.
So secushare has a fault redundant strategy for solving this problem -
if our own distributed social graph doesn't do it, we can use GNS as a
fallback.

By the way, secushare is currently roughly at some 50% of implementation.
You can find the code in the GNUnet repository in the src directories
named psyc, psycstore, social and multicast. There is a prototype UI
in the gnunet-gtk repo. We can use hands working on it all.


-- 
	    http://youbroketheinternet.org
 ircs://psyced.org/youbroketheinternet

More information about the Messaging mailing list