[messaging] new peerio architecture

Nadim Kobeissi nadim at nadim.computer
Wed Jul 12 13:50:15 PDT 2017 

> On 12 Jul 2017, at 9:15 PM, Mikalai Birukou <mb at 3nsoft.com> wrote:
> 
> 1) From whitepaper: https://s3.amazonaws.com/peerio-static-assets/whitepaper.pdf
> 
> Quote:
> 
> """
> Peerio’s current security objectives do not include:
>  1. Anonymizing the identities, connections, and social graphs of users.
> 
> """
> 
> 
> 2) The "redundant" characterization of storage comes from Microsoft Azure. Stored blobs seem to be the "kegs" from KegDB. These keg object are usually encrypted (page 11). Yes, in 4th party, Azure cloud, not 100% encrypted, but only usually.
> 
> By the way, kegs having kegs in them, and user access to particular kegs -- all of it reminds of concepts from file system, cause that what folders + permissions do.

Here are my technical nitpicks:

1. The way in which content is sometimes repeated across kegs allows for easy split view/transcript inconsistency/confusion attacks from the server. If it were me, I’d have this all on some kind of authenticated ledger/CONIKs style verifiable data structure [0] and tie some authentication properties to how these split kegs are served. The entire keg design could be replaced with something simpler that has stronger integrity/authenticity guarantees.

2. They still won’t let you revoke and rotate your long-term identity! This is nuts. How are you supposed to deal with compromise? The entire account lifecycle is not well thought out yet and that’s unacceptable in a V2 product.

3. I felt bad about Peerio not introducing forward secrecy in 2015, but not doing so in 2017 is just selling short. There’s so much work on this right now inspired by improvements to puncturable encryption [1] (and some upcoming research that I don’t think is public yet.) In terms of preventing content loss and synchronising devices, Signal and iMessage (as of iOS 11) both have different approaches to this, just to name a couple.

> 
> These two are highlights (in my partisan opinion :) ).
> 
> 
> There were strong statements dropped on twitter when Nadim left peerio. In absence of any other information, we may guess that current architecture is what investors wanted. May be there were emotions high, hence, a little misinterpreted in darker colors.
> But really, this currect peerio architecture is just one more of those lock-in islands, walled gardens, since they will not federate with competitors' users. Giving up some control with introduction of federation and openness is not what investors want.

It’s unfair to the team over at Peerio for my objections at the time to be considered timeless. They’re redone their entire architecture, and seem to have not followed through with the business goals that I objected against in 2015. This seems like an honest product. This is a company run by human beings who deserve a chance.

It would be much better for everyone if this new design was evaluated based on its face-value technical merit.

They’re obviously following investor whims, which is fine, but these desires seem to have gone from “dangerous” to “boring”, which is, admittedly, still an improvement.

How Peerio otherwise behaves as a company is, frankly, not something I care about anymore.

> 
> Let's recall again, wiretapping is looking into content, while surveillance is knowing what you do, what is your social graph. It is a social graph part that is monetize-able, these days.

Everyone is doing this, though. WhatsApp, Wire… Signal and Cryptocat are exceptions, but their ideological bent makes funding almost impossible (I’m sure the Signal folks would agree.) Peerio is hardly alone. They’ve also given no indication towards wanting to monetise their social graph, and I don’t think this is something they would do.

There’s the NEXTLEAP project which is trying to come up with a social/technological understanding on how to get folks to federate (led by Harry Halpin) [2].

References:
[0] https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf
[1] https://eprint.iacr.org/2017/223.pdf
[2] http://nextleap.eu

> 
> 
> Cheers,
> 
> Mikalai
> On 2017-07-12 12:59 PM, Michael Carbone wrote:
>> Hi folks,
>> 
>> Has anyone been following Peerio's move to a new architecture and have
>> any thoughts on it? Or see others' thoughts online worth sharing?
>> 
>> 
>> https://blog.peerio.com/the-new-peerio-a-technical-deep-dive-2b25dba9cd0
>> 
>> 
>> Thanks,
>> Michael
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Messaging mailing list
>> 
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
> 
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

More information about the Messaging mailing list