On Thu, Sep 19, 2013 at 10:48 PM, Melvin Carvalho
<***@gmail.com>wrote:

> On 19 September 2013 21:51, Nick Jennings <***@silverbucket.net> wrote:
>
>> On Wed, Sep 18, 2013 at 6:23 PM, Melvin Carvalho <
>> ***@gmail.com> wrote:
>>
>>> On 18 September 2013 18:06, Nick Jennings <***@silverbucket.net> wrote:
>>>
>>>> On Wed, Sep 18, 2013 at 5:59 PM, Melvin Carvalho <
>>>> ***@gmail.com> wrote:
>>>>
>>>>> On 18 September 2013 15:47, Nick Jennings <***@silverbucket.net>wrote:
>>>>>
>>>>>> On Wed, Sep 18, 2013 at 2:11 PM, Melvin Carvalho <
>>>>>> ***@gmail.com> wrote:
>>>>>>
>>>>>>> On 10 September 2013 19:45, Nick Jennings <***@silverbucket.net>wrote:
>>>>>>>
>>>>>>>> Hi Carlo, nice to see this work being done, specifically a
>>>>>>>> distributed pubsub implementation. Do you have a repo where this is being
>>>>>>>> developed? Also is this just the beginning or is there something working
>>>>>>>> already?
>>>>>>>>
>>>>>>>> One question regarding ActivityStreams below:
>>>>>>>>
>>>>>>>> On Tue, Sep 10, 2013 at 6:41 PM, carlo von lynX <
>>>>>>>> ***@time.to.swarm.psyced.org> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> At the same time as the implementation of this fundamental piece
>>>>>>>>> of the GNU Internet is taking place, we will soon present the equivalent of
>>>>>>>>> the ActivityStreams protocol, enabling developers to create user interfaces
>>>>>>>>> and further applications on top of an infrastructure that provides similar
>>>>>>>>> social functionality as the social services we are familiar with, but in a
>>>>>>>>> distributed and encrypted fashion.
>>>>>>>>>
>>>>>>>>>
>>>>>>>> I'm unclear why it makes sense to re-invent the ActivityStreams
>>>>>>>> protocol? There is nothing in it's nature that defines infrastructure, so
>>>>>>>> being distributed and/or encrypted is something that can build on-top of
>>>>>>>> the existing protocol, also something I'm working closely with in Sockethub.
>>>>>>>>
>>>>>>>
>>>>>>> Activity streams is not a protocol
>>>>>>>
>>>>>>>
>>>>>> That depends on who you ask, from the Wikipedia page:
>>>>>>
>>>>>> " The Activity Streams<http://en.wikipedia.org/wiki/Activity_Streams_%28format%29>project, for example, is an effort to develop an activity stream
>>>>>> protocol <http://en.wikipedia.org/wiki/Protocol_%28computing%29> to
>>>>>> syndicate activities across social Web<http://en.wikipedia.org/wiki/Social_Web>applications.
>>>>>> [2] <http://en.wikipedia.org/wiki/Activity_stream#cite_note-2> "
>>>>>>
>>>>>> While I agree there's more to a protocol than just the data format,
>>>>>> there's definitely work being done to make the content of the AS objects
>>>>>> indicate either intent or result, which lays the groundwork for a protocol.
>>>>>>
>>>>>>
>>>>>> It's a data serialization.
>>>>>>>
>>>>>>>
>>>>>> While basically true, I'm not sure that's a descriptive enough word,
>>>>>> as JSON itself is a data serialization method.
>>>>>>
>>>>>> I was using the same words Carlo used to reference it, and I don't
>>>>>> have a strong opinion either way, but I don't think using the term
>>>>>> serialization makes it any clearer.
>>>>>>
>>>>>>
>>>>>> The current version relies on a proprietary central registry of verbs
>>>>>>> which does not (currently) support any form of encryption as far as I know
>>>>>>>
>>>>>>
>>>>>> If AS is a protocol, then I don't understand why a definition of
>>>>>> verbs should be considered proprietary or centralized - in the same way
>>>>>> that any other protocol, be it HTTP, SMTP or FINGER, has a set of defined
>>>>>> commands.
>>>>>>
>>>>>> If AS is a data serialization mechanism, I don't understand how it
>>>>>> can written it to "support for any form of encryption". Are the two
>>>>>> related? Does JSON itself have built in support for encryption that AS
>>>>>> lacks? Could you give me some examples of data serialization which supports
>>>>>> encryption?
>>>>>>
>>>>>> Maybe I misunderstand what is meant by the original statement by
>>>>>> Carlo, but that's why I asked in the first place.
>>>>>>
>>>>>
>>>>> "Depending on who you speak to" is hedging your bets a bit!
>>>>>
>>>>> I was speaking to you, what's your take? Is activity streams a
>>>>> protocol or not?
>>>>>
>>>>>
>>>> I'm more interested in my original question, not whether AS is a
>>>> protocol or not. Like I said, I don't have a strong opinion either way.
>>>>
>>>>
>>> OK, then why did you argue the case?
>>>
>>>
>> I'm not arguing any case, I just pointed out that many people, including
>> the OP and Wikipedia refer to AS as a protocol. I really don't care what
>> people call it. Maybe you could ask Carlo why he chose those words.
>>
>>
>> HTTP is the protocol, Activity Streams is the serialization. A
>>> (communications) protocol is way more complex than a serialization.
>>>
>>
>> I'm fully aware of the differences between serialization and protocols.
>>
>>
>>
>>> And if this is what you want to do with sockethub / activity stream, I
>>> think you're going to run into major issues.
>>>
>>> My comment was that the Activity Streams specification does not mention
>>> encryption anywhere.
>>>
>>> You are the person that said: "being distributed and/or encrypted is
>>> something that can build on-top of the existing protocol" ... "something
>>> I'm working closely with in Sockethub"
>>>
>>> I have doubts about this comment ... how do you intend to build
>>> encryption on-top of Activity Streams?
>>>
>>
>> You have doubts that I'm working closely with implementing encryption
>> wherever I can? I'm sorry to hear that, but I asked my original question to
>> perhaps gain some insight into what shortcomings AS has in regards to being
>> implemented in a distributed, encrypted infrastructure.
>>
>
> i asked how you are working to build encryption on top, in line with our
> claim
>

I'm not working to build encryption on-top of AS, but I am working with
encrypting data and that data happens to be Activity Streams-like objects.
In fact all data that comes into Sockethub is immediately encrypted. (and
yes, I know that's not good enough, which is why GNUnet is aiming to be
what it's aiming to be)

I'm not a security expert and make no claims to any encryption
sophistication to the levels that GNUnet is aiming. In fact I chimed in
this thread not to argue semantics with you, believe it or not, but in the
hopes I might learn something new about shortcomings of AS from Carlos
perspective. Instead it seems I've caught a troll. :)



>> As in, what characteristics about a protocol or serialization method lend
>> itself to encryption or make it more difficult, and why does it really
>> matter what a payload is within an encrypted channel.
>>
>> I think it should be considered with care when deciding to re-implement
>> something that already exists, like AS, to serve the same purpose. So I was
>> curious as to what the thought process was, and asked the question in the
>> hopes I might learn something new.
>>
>> I don't really want to continue to get caught up in semantics with you
>> about wording of protocol vs. serialization, as it's completely unrelated
>> to my question.
>>
>
> activity streams itself is a reinvention ... you are saying pick one
> reinvention over another and at the same time not to reinvent ... it's a
> contradiction
>

I'm not saying anything of the kind, please don't put words in my mouth,
and please don't assume I'm evangelizing AS. The point I made you would,
and have, agreed with - or made yourself - on several occasions. I don't
care if it's AS or HTTP or FINGER or JSON, I think it should be thought
through and hopefully discussed as to the reasoning for re-creating
something. As I was not part of that conversation I asked that I might
learn something, but now I'm repeating myself.
http://xkcd.com/927/

I answered your question (re: encryption) above, because you asked, though
based on your comments so far, I question whether you asked for any reason
other than to find more avenues to attack... Sorry to say but I find this
thread completely pointless and not conducive to a constructive
conversation.

Let's end it shall we?

Cheers
Nick

On Fri, Nov 15, 2013 at 08:05:44PM -0300, hellekin wrote:
> *** I say it's blackmail for a government (agency) to force a company
> into betraying their customers.

Well, I'm afraid that's what the German and other governments are capable
to actually do in reaction to the NSA so they don't have a disadvantage.
That's why any strategy that depends on a company not to betray its
users (which from a business model unfortunately always makes sense)
is calling for trouble.

> likely, a lot of people will keep dancing in the ball room until the
> ship wrecks.

Yes, but they will do so on Facebook, so they're out of our reach anyway.
While concerning e-mail.. well.. bootstrapping PGP is more work and
less effective than bootstrapping Pond for example.

Btw, I updated Best Practice recommendations on http://secushare.org/comparison
from my best understanding and knowledge of the situation. There are Tor-based
or otherwise advanced ways to solve many use cases here today, so there is no
reason to spend time with federation or silo tools...

hellekin:
> *** I understand. So I propose this discussion goes on to the
> Socialswarm mailing-list alone, and when we have something to
> announce, we can use the GNU consensus. Otherwise, it mixes up
> the goals and means.

The exclusionary approach proposed by carlo von lynX also does not
seem to be aligned with the goals and means of Socialswarm:

"Oh no, not another social media project trying to save humanity?
That’s what we thought. There are plenty of people working on that
already. The only problem is: They are not working together.
That is why we want to build a platform to connect us all:
• users
• coders
• the different projects"

http://socialswarm.net/?lang=en

But my main question are the goals and means of the proposed 30C3
assembly. Maybe it makes sense to create an alternative, more open
proposal?

BTW: The proposal text created by carlo von lynX currently suggests:
"Contact us on ircs://psyced.org:6667/youbroketheinternet
Or join our #youbroketheinternet working group on RetroShare".

Maybe the discussion regarding the youbroketheinternet assembly
proposal should simply take place there? That would also help to ensure
that "legacy"-projects are kept out.

Cheers,
Andreas

On 17 November 2013 11:29, Andreas Kuckartz <***@ping.de> wrote:

> carlo von lynX:
> > On Fri, Nov 15, 2013 at 03:28:38PM -0300, hellekin wrote:
> >> *** We need to distinguish two vectors in our working group.
> >>
> >> One is the hardcore P2P "next generation" that focuses on GNUnet and
> >> peer-to-peer solutions ; and the other is the "transitional" that
> >> focuses on how to go from here to there, including contemplating
> >> alternate paths, such as patching hopeless protocols, or seeking to
> >> reform the existing nightmarish hell of a reality.
> >
> > No, we don't need to make that distinction. At the last meeting
> > there was a clear majority who only wants to get something solid
> > off the ground and doesn't care for legacy patchwork.
>
> Was there a vote on that? What does clear majority mean (60% of the
> participants? participants representing 90% of users?) ?
>
> Can you name those projects represented in that meeting which do not
> care about improving the situation for users of what you call
> "legacy"-software and -standards ?
>

At the workshop lots of projects were represented, including a good mix of
P2P techs and web.

Carlo gave a presentation where he argued that the federated social web, or
even the web in general, would lead to centralization such as we've seen in
webmail. We didnt spend that much time talking about the web.

I can understand the point of view, but I am unsure that there was
unanimous agreement. There was a session where one goal was to get a large
user base, and another where interaction with existing systems was a goal.

I left slightly early to get my train, but towards the end there was a
contingent that was keen on a DNS replacement, some viewing it as a "nice
to have" others as a "central component" my personal concern is that this
might be taking on too much.


>
> Cheers,
> Andreas
> --
> SocialSwarm mailing lists: https://socialswarm.net/en/participate/
> Websites: https://socialswarm.net/ https://wiki.socialswarm.net/
> Liquid Feedback: https://socialswarm.tracciabi.li/
> Digitalcourage, Bielefeld, Germany ***@digitalcourage.de
>

It is no longer clear if people in here are Social Swarm, GNU consensus
or something else currently using the name #youbroketheinternet. The
latter just seemed to be the most appropriate name since we can't get
social off the ground without fixing the Internet first.

In the past we worked out http://libreplanet.org/wiki/GNU/consensus/berlin-2013
and reached a consensus on at least these points:

- End-to-end encryption
- Perfect Forward Secrecy
- Social graph and transmission pattern obfuscation
- Self determined data storage

These four requirements make it such that any discussion of "improvements" of
the general situation that does not fulfil them should be seen as out of
scope for this group of people.

Feel free to put some band aids around SMTP, XMPP and other established apps,
but don't discuss it here - especially not as a solution to our list of basic
requirements. Let us work on solutions that fulfil OUR basic requirements for privacy.
This is the only thing that differentiates us from dozens of other similar groups.

And sorry for not having been patient enough to say this every couple
of months, using the best possible wording. As always with mailing lists,
memory fades quickly and people won't read documents before they start contributing.


On Sat, Nov 16, 2013 at 11:01:08PM +0100, Guido Witmond wrote:
> > Exactly, you are providing a neat alternative to X.509 but it doesn't
> > change anything about the entire rest of the architecture. I think that's
> > okay for banking or for Tor hidden services apps, but I don't like it for
> > a communications and messaging system as I won't accept that my naked
> > teenager pics are on your server's hard disk.
>
> The strong point is that it's easy to implement and get quite a lot of
> communication encrypted. A weak point is that it is still vulnerable to
> traffic analysis. It needs Tor for that. Another weak point is that if
> you lose a private key, you're out of that account forever. Unless you
> can prove identity to the site some other way.
>
> It also has a very simplistic repudiation model: delete the private key
> of an account securely and never mention that it was you.
>
> Eccentric has either unsigned or signed public messages, or encrypted
> private messages. To get your naked teenager pics in clear-view on my
> server, you need to publish it. If you send it to a specific person,
> whose public key you've learned somehow, it is encrypted and my site
> can't decrypt it. All private messaging is end-to-end. Guaranteed. I
> don't know if Snapchat can offer that guarantee. :-)
>
> I expect sites make it clear when you are publishing to the world or
> sending a private message. Anyway, the user agent should always show
> which of the two actions it is doing, signing a public message or
> encrypting a private message.
>
> You may still not like it but it is quite an improvement over the
> current http-internet. Or Dropbox, or Google drive or ... I hope that
> once people get used to this model they can search for other systems
> that offer even more privacy. We crypto-designers have to lead them. The
> hardest part is not designing, it is selling.

Currently many aspects are hard.

> > So the server has the complete social graph. The tools I am recommending
> > as best current practice try to protect the social graph.
>
> That is one other weakness but it is not so bad as you imagine. The
> server sees all traffic (not contents) between its users. As soon as two
> people have verified that there is no mitm, they can send this message:
> Hi User2@@guido's-site,
> Please connect to <protocol://my-ip:port/url>
> Use your certificate to authenticate, I use mine.
> Regards: User1@@guido-s-site
> User 1 opens the port on his computer and awaits if user2 connects.

And you can even do that with WebRTC's DTLS.

> Here we bootstrap a new channel based upon an existing channel. The
> protocol can be anything, xmpp, zrtp, maybe even psyc. My site acts as
> an introducer to people, like a mutual friend that arranges a blind
> date, only with cryptography.
>
> As the message is encrypted, my server doesn't learn of this new
> channel. All the server learns is that after a few message, the
> communication ceased. There is nothing that I can do to prevent this new
> channel from opening. And once established, my server that has signed
> the certificate is not needed anymore. It can be nuked from orbit.
>
> When User2 has previously established a private channel with User3,
> User2 can introduce User3 to User1 over their private channel. Again,
> the server cannot learn of this. The new channel between User1 and User3
> is invisible to the site. The site learns only about a partial social
> graph, not the full graph. The users, of course will learn the whole graph.
>
> That message from User1 to User2 can even be published as wide as
> possible by User1. The whole world will learn that 1 is trying to
> contact 2 but only they have the matching private keys to validate each
> others' public key. It can be used in case my server is gone. Success
> depends on User2 learning of the contact request and willingness to
> connect. If either uses Tor, the world won't learn if they ever get
> connected.
>
> That's the power of pseudonymous authenticated connections.

So to put it into the frame of our consensus, it doesn't preclude
installing something like Tor or GNUnet. It could be a tool for
dealing with web apps better - without them having to cooperate in
a the way they have to with unhosted.org. But it's a discussion aside
to figure out if we should politically require apps to work in an
unhosted style rather than eccentric. If we take requirement 4 of our
list for real, then eccentric must not substitute unhosted.

In any case this needs a patch of the browser and, what is the thing
that I criticize about browser extension approaches (and I did some
myself, so I know) is

1. that you only achieve the first two requirements, E2E and PFS, if
you have DHE implemented in such a browser extension AND
2. the user interface for encrypting and decrypting messages is kept
safely out of the regular HTML rendering so the user cannot be
fooled by some website recreating exactly that GUI
3. you still put your communications at risk because of the many potential
security leaks in web browser technology

That's the point when it is so distant from "the web" - if we can't even
trivially and safely use the rendering engine of the browser - that I
don't see a point to still use web technology and bring in all the risks
related to javascript backdoorability etc etc....

We don't need and we should not have javascript in THE tool that we intend
to use for the majority of our social interactions. It's unreasonable
and totally unnecessary since we require a software installation ANYWAY.
If people are installing some Tor/* bundle, let them have a fully viable
communications stack outside the browser.

I think, in future releases of a GNU internet OS, the web browser has
to run in a separated virtual machine from the actual communication apps,
anyway. Then it needs both an 0day for the browser AND the virtual machine
to cause harm. And you can easily make a two-physical-computers set-up as
recommended by Whonix if a VM isn't good enough for you.

These days we can even separate certificate control from the web browser
as we have developed a C version of Certificate Patrol that could be
integrated into the Tor socks proxy - thus it checks the validity of
certificates (beyond just the broken X.509) before the connection with
the sandboxed/isolated browser is even permitted.

Real security is feasible, why lose time on things that won't cut it?