/tech/ - Tech

Technology.

catalog
Mode: Reply
Name
E-mail
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

Password

(used to delete files and postings)

Misc

Remember to follow the rules


(250.14 KB 2331x2400 hammer-keyboard-2.png)
PROGRAMMERS WANTED: SOCIAL MEDIA APP Comrade 09/30/2020 (Wed) 10:19:59 No. 5049
>clown license >Centralized ``Comrad Operator'' will be hosted by the security services, unless you inhabit a rose-tinted fantasy world. >up-vote or down-vote posts (~Reddit) >It verifies identities. Comrad's server, "The Operator", keeps a permanent record of one thing only: every comrad's name and public key, and requires that new comrades choose a unique name. Whenever you send or receive mail, the Operator will make sure that the name and public key on the letter matches what it has on file, verifying the identity of both parties. >Claims tor is secure, zero mention of measures against dragnet surveillance. Worked really well for silk road. >comrad.app registraNT in California, where patriot act and national security letters apply. comrad.app registraR in Ann Arbor, where patriot act and national security letters apply. badjoke/10
Switch to a more serious license like AGPL. https://www.gnu.org/licenses/agpl-3.0.en.html
Also since I see you're using Kivy, it suggests to me you want this on Android eventually. Someone can take your code, rename it, get it running on Android and sell it for profit. If it's ever discovered that the app is using your code, you're going to have a hard time paying for any lawyers to try to take it down, when GNU licenses are backed by an institution, FSF, that has the resources and experience to help you with any lawsuits. This is why you should never use joke licenses with untested, possibly non-binding agreements.
>AGPL Add a no wartime use clause to better it even more.
>>5096 That could still be manipulated by fiddling with whether ``wartime is in effect. For example the US gov is forbidden by law to financially support countries where a coup d'etat overthrew the elected gov. But the determination for ``coup d'etat is ultimately under the control of the same clique. So when Egypt restored military dictatorship after its brief experiment with elections, the US got around the law simply by asserting its fantasy that removal of the elected gov by the military was not a coup.
>>5049 > Installs in ~ FUCKING FOLLOW THE XDG STANDARD FOR ONCE
fyi, i got to until the opengl check on wsl 2. i haven't bothered to get the kernel update that lets me access the gpu, but this could be a solution for windows.
>>5370 scratch that, i got it to launch, but it is unresponsive
> github botnet > Show profile only to your local area Requires you to share your location to everyone => botnet > Anonymously up-vote or down-vote posts Impossible, unless you make it vulnerable to sybil attacks (which makes it useless) > Untraceable connection Impossible, unless you are communicating to someone directly. > P2P networks almost always expose your IP address > blah blah Tor is better Tor is the same as other P2P networks in that regard as all relays you connect to directly can see your IP address and whatever you're sending > Posts to the public are encrypted to @Comrades, a special account which automatically re-encrypts its messages back to any key-registered requester of them. Useless because anyone can simply make an account and view all of those messages anyway. > Whenever you send or receive mail, the Operator will make sure that the name and public key on the letter matches what it has on file, verifying the identity of both parties. That's ... not how public key cryptography works. > Direct messages auto-delete from the server as soon as they are downloaded Impossible to verify. > Posts to the world auto-delete in however many days you specify. Completely useless because anyone who views those posts can simply log them. > No invitation or server is needed on startup Which means it uses a central server and thus has a single point of failure. TL;DR: It's shit.
(Disclaimer: I am the developer) >>5077 > Switch to a more serious license like AGPL. You might be right. Ideologically however I agree with the ACSL ()'s critique of open source licenses: that they privilege the freedom of code and information over the freedom of people and the conditions of their labor. >>5218 > FUCKING FOLLOW THE XDG STANDARD FOR ONCE woops, ok, sorry >>5371 > scratch that, i got it to launch, but it is unresponsive is this in windows? >>5373 > > Anonymously up-vote or down-vote posts > Impossible, unless you make it vulnerable to sybil attacks (which makes it useless) There must be ways to limit accounts: enforce maximum number of accounts/keypairs on one device, make user prove not a bot, etc. If really impossible, we can sacrifice certain features like this. > Tor is the same as other P2P networks in that regard as all relays you connect to directly can see your IP address and whatever you're sending Sure, but the relays you use change every time you connect, so no one relay can ever see all of your activity. And the content of what you're sending is encrypted and illegible to the relays. > Useless because anyone can simply make an account and view all of those messages anyway. That's by design. They're meant to be readable to anyone using the app. Messages to individuals or groups work differently: they're encrypted end-to-end user-to-user. > > Whenever you send or receive mail, the Operator will make sure that the name and public key on the letter matches what it has on file, verifying the identity of both parties. > That's ... not how public key cryptography works. More precisely, a sender, using their private key, signs and encrypts a message to a recipient's public key. The encrypted message is sent through Tor to the Operator. The Op verifies the sender's signature by checking it against the sender's public key on file (a key part of public key cryptography), to verify the authenticity of the sender. It then stores the message, encrypted to the recipient (and so illegible to the Operator), in the recipient's mailbox. The recipient, when they request their mail, can then also check the sender's signature against the public key for the sender that they have on file; and they can then decrypt it with their private key. What's wrong with this picture? > > Direct messages auto-delete from the server as soon as they are downloaded > Impossible to verify. This is true of any website or app or server, to some extent. At least here the code is open source and the governing entity is/will be a transparent non profit organization. A p2p network would be even less likely to ever fully delete a piece of data, once uploaded. > > Posts to the world auto-delete in however many days you specify. > Completely useless because anyone who views those posts can simply log them. This is true of all messages sent between all sentient beings. > > No invitation or server is needed on startup > Which means it uses a central server and thus has a single point of failure. You can always set up mirror servers located around world. The data storage is minimal and it's all encrypted. > TL;DR: It's shit. Whatever dude, it's a hobby project improving as comrades help out
>>5445 Thanks for taking the time to respond to this guy. Not in a position to help right now, but I will lurk
>>5049 Holy shit, he actually did it: http://linktomanifesto.tk
>>5445 >they privilege the freedom of code and information over the freedom of people what a bullshit anti-GPL argument. <"oh no! I can't take other people's work, close the source and sell it. I wish I was code, so I could be free :(
>>5461 Open source software is complicit today with Big Tech capitalism. It exists in a toxic ecosystem with it, in which companies open source their code while also extracting free labor from the unpaid work of idealistic (but ideologically mystified) developers around the world. That's all the proof you need that the copyleft idea wasn't enough to protect the internet from its takeover from big corporate interests, much less protect actual workers from their deeper exploitation by capital. (Besides, the MIT license, which isn't even copyleft and is happy to let companies make more money, is now more popular than GPL anyway.) The fundamental divide within the free software movement today is, or should be, between libertarians and leftists. So many people fetishize decentralization and open-source while failing to realize that these commitments to 'freedom' do nothing to protect against, and even acclerate, the 'freeing' of markets and the new forms of cognitive labor extraction and exploitation which 'cybernetic capitalism' has developed. For more on this I recommend Nick Dyer-Witheford, Cyber-Proletariat: Global Labour in the Digital Vortex (Pluto, 2015).
The Internet was developed for the usage of the M.I.C. and the empire. It then was sold off to the telecom corporations. Afterwards, more software oriented corporations took over the cyberspace itself.
Technological fixes to inherent problems with capitalism are akin to strategies of reform through cases in court.
>>5445 Thanks for responding by the way. > enforce maximum number of accounts/keypairs on one device There is no good definition for "one device", especially over Tor. > make user prove not a bot This is necessary to prevent spam (even if you remove upvotes), but automatic verification would be difficult since it has to work in terminal and GUI. Additionally, Comrad does not seem to have any moderation, whether by users or by admins, meaning any verified user can easily spam. > If really impossible, we can sacrifice certain features like this. Anonymous from the users' perspective is possible and easy. Truly anonymous is impossible. In order to prevent a user from upvoting a post multiple times, the server must store all of the user's upvotes. Since the user has no way to verify that this information is not stored indefinitely, they have to act as if it were to maintain privacy, and so they gain no anonymity. If you really want to have upvotes, make them non-anonymous. That way, an upvote is just a shorthand for replying "Good post". > Sure, but the relays you use change every time you connect, so no one relay can ever see all of your activity. Same as every other anonymous P2P network (e.g. I2P, Freenet) > They're meant to be readable to anyone using the app Which is why it's pointless to encrypt them. There is no improvement to privacy compared to storing them in plain text. > The Op verifies the sender's signature by checking it against the sender's public key on file Is there any point to this being done by the server, rather than the client? > > Impossible to verify. > At least here the code is open source. Except it's also impossible to verify that the server is running unmodified code. > A p2p network would be even less likely to ever fully delete a piece of data, once uploaded. For publicly shared data, sure. But privately shared data would only reach its intended recipents unencrypted, meaning you only have to trust them. I suggest you look into anonymous P2P networks. > > Completely useless because anyone who views those posts can simply log them > This is true of all messages sent between all sentient beings. Good point, but the auto-deletion might make people more okay with sharing confidential information. > You can always set up mirror servers located around world. The majority of people would just use the default server due to convenience. Since Comrad servers are not federated, if you decided to use an alternative instance you would only be able to communicate with the other 3 people who use it. There are already far too many social networks. What advantages does Comrad have compared to: - PGP encrypted email (for activists) - Mastodon (*) (for normal people) - Freenet or I2P (for autists) - Any other non-meme network (i.e. not written in node.js) (*) No, privacy doesn't count. Mastodon has the same level of privacy as Comrad if you use Tor and PGP encrypt your private messages.
> Thanks for responding by the way. Same to you. Mobile apps and cryptography are admittedly not my day job, so talking over these details with folks is really helpful. > enforce maximum number of accounts/keypairs on one device Comrad makes heavy use of client's hardware: it compiles Themis, a high level cryptography library, so that all the encryption keys can be generated locally and only public keys need be transferred over the network; and it also uses torpy, a python-based implementation of a Tor SOCKS proxy. (This is why it can't work in a browser and needs to be an app.) So, similarly, the app could also just detect whether any encryption keys are already stored on the device's hardware that the app is running on, before allowing the creation of a new user/set of keys. You could probably get around this restricting by re-engineering the app software, but at least that's made more difficult to do. > > make user prove not a bot > This is necessary to prevent spam (even if you remove upvotes), but automatic verification would be difficult since it has to work in terminal and GUI. Hm. Are there no client-based/pythonic ways to test humanity? Some math problems? A funny socialist quote requiring some basic reading comprehension? Again, maybe not foolproof, but it adds another barrier. > Additionally, Comrad does not seem to have any moderation, whether by users or by admins, meaning any verified user can easily spam. Not yet anyway. For group accounts, the idea is that moderation could be achieved through a 'web of trust'. If A vouches for B, then B 'joins' the group. If B then vouches for C and D, potentially A would have to approve it for C and D to join. Then if B writes to the group, the message is actually only sent to A, C, and D (i.e. B's immediate neighbors in the web of trust). Each of those recipients would then have to accept B's message as legitimate in order for B's message to keep propagating through the web of trust to the rest of the group. The additional advantage of that model is that every message remains encrypted E2E between specific users, so no one actually needs the group's key; and the server doesn't need to store who vouches for whom, since every user can simply store whom they've vouched for on their hardware. At least, that's the idea so far. > If you really want to have upvotes, make them non-anonymous. That way, an upvote is just a shorthand for replying "Good post". Hm, that's interesting. So in that case the server could store which users have liked any given post. (Everything the server stores btw is in a simple key-value store: the value is encrypted with a symmetric key hidden on hardware, and the key is 'hidden' by running it through a hash algorithm using an extra 'salt' string, which is also hidden on hardware.) My worry (maybe paranoid) with allowing UserX-upvotes-PostY to be public is that someone could potentially reconstruct your real-life social network from whose posts you like, and from there guesstimate who you are depending on other creepy data the FBI or whoever has. But that level of paranoia may run counter to the logic of a social network, which is semi-public by design, anyway. I can imagine two other potential solutions to this problem, all half satisfactory: * Store only on your hardware whether you've upvoted PostY. Keeps anonymity, but leaves it susceptible to someone rewriting the client software. * UserX sends a message encrypted to the author of PostY that they liked the post. The server stores how many people liked the post, but only UserX and the author of PostY can read the E2E encrypted fact of the upvote. * Store on the server whether UserX-upvoted-PostY, but store this fact as an encrypted value with a salt-hashed key, so it's at least hard to find or read. Keeps anonymity but leaves anonymity vulnerable to attack on server (which would have to be hacking based, since you'd need hardware access to find the server's encryption key and hash salt phrase). > Same as every other anonymous P2P network (e.g. I2P, Freenet) I looked into that: I2P, Freenet, IPFS, etc. None of them (afaik) work on a mobile client, and some are hard to set up even on a desktop. I really want this to run on mobile and be easy to set up, since your average comrade/leftist has no idea how to set up all this stuff. > > They're meant to be readable to anyone using the app > Which is why it's pointless to encrypt them. There is no improvement to privacy compared to storing them in plain text. Maybe so, but it ensures that nothing unencrypted is ever stored or transmitted, which at least makes it more difficult for an outside actor (like an ISP) to listen in and decipher it. It also means that every message a user receives is encrypted E2E personally to them: since all group/direct messages are already direct, and since messages to the world are encrypted automatically to the user from the Operator. It also lets the Operator change its private/public key and notify users of the change, so that only someone storing the history of every public key over time could decrypt older data. > > The Op verifies the sender's signature by checking it against the sender's public key on file > Is there any point to this being done by the server, rather than the client? It's done by both. I guess the Op doing it too just makes sure nothing illegitimate is stored or sent to the client, even if the client could also determine the same thing. > Except it's also impossible to verify that the server is running unmodified code. True. Not sure what to do. Perhaps a public and legally binding commitment of some kind. But again, this seems standard. We can't ever fully know what bunkerchan or mastodon or any other server is doing with the data we send them. > > A p2p network would be even less likely to ever fully delete a piece of data, once uploaded. > For publicly shared data, sure. But privately shared data would only reach its intended recipents unencrypted, meaning you only have to trust them. > I suggest you look into anonymous P2P networks. See above: they don't currently work on a mobile client, as far as I know. Also, I thought that networks like IPFS never actually delete a piece of data. Which anonymous private networks are you thinking of? I initially set up a custom Kademlia P2P network for Comrad users, with the server just acting as the seed/prime node. All the data was encrypted E2E, but the users/nodes needed to know and remember each other's IP addresses in order to communicate. > Good point, but the auto-deletion might make people more okay with sharing confidential information. Fair enough. I guess you'd have to educate people what the risks are for any given action on the app. > Since Comrad servers are not federated, if you decided to use an alternative instance you would only be able to communicate with the other 3 people who use it. I meant something closer to piratebay: if the worry is that it could be shut down because it's only a single server, then it would be easy to spring it back up somewhere, and just change the .onion API address the app uses. > There are already far too many social networks. What advantages does Comrad have compared to: ... I try to lay that out [here](https://github.com/ComradOrg/Comrad/wiki/Comparison-of-alternative-social-networks), but I guess in short it's basically just a more accessible mixture of those elements. It makes public key crypto and Tor accessible to normal people: it all works behind the scenes in a single app, which to all appearances works just like twitter. Sorry for the long post, but thanks for your and everyone's comments, I appreciate it.
>>5478 > Mobile apps and cryptography are admittedly not my day job Same here. Most of what I know is from various internet schizos. > the app could also just detect whether any encryption keys are already stored on the device's hardware This could be circumvented easily by moving the keys to a different directory or renaming them. > Some math problems? A funny socialist quote requiring some basic reading comprehension? Math problems could be solved by a simple parser. The quote questions could be solved manually and then added to a script. > Each of those recipients would then have to accept B's message as legitimate in order for B's message to keep propagating If I understood this correctly: 1. Every message has to be manually accepted by its sender's WoT neighbors. 2. There is no way to distrust an identity rather than its individual messages. Point 1 means that any node can selectively censor messages that are sent to it, making its neighbors think they are seeing all of a given user's posts when they aren't. It also means that idle nodes do not propogate messages, and that all of a trusted identity's messages must be trusted one by one. Point 2 means that any user can flood the group with spam messages without being kicked out. Freenet implements WoT in a saner way. Freenet's release manager explains it better than I could: http://www.draketo.de/english/freenet/friendly-communication-with-anonymity > someone could potentially reconstruct your real-life social network from whose posts you like This is still possible with anonymous upvotes, it just takes server access. And of course, there's no replacement for basic opsec. > Store only on your hardware whether you've upvoted PostY. Keeps anonymity, but leaves it susceptible to someone rewriting the client software. Not only that, it's susceptible to someone who can type: grep -R "upvotes" comrad/ > UserX sends a message encrypted to the author of PostY that they liked the post. The server stores how many people liked the post How do you distinguish between regular messages and upvotes without metadata? How does the server verify that someone did indeed upvote without knowing who? How do you prevent a user from upvoting multiple times? > Store on the server whether UserX-upvoted-PostY, but store this fact as an encrypted value This is just as vulnerable to the server being seized, and the user still cannot trust the server. > None of them (afaik) work on a mobile client I2P has an android client: https://geti2p.net/en/download#android Freenet doesn't have one, but it's also written in Java, so it should be easier to make an android client. > some are hard to set up even on a desktop Both Freenet and I2P have simple installers, and Freenet has a simple social networking guide for microblogging, email, chats and forums. (I'm not sure if I2P has an equivalent) > I really want this to run on mobile and be easy to set up, since your average comrade/leftist has no idea how to set up all this stuff It's better to focus on making existing networks easier to use instead of making new easy to use networks and splitting the userbase further. It's harder to make something secure than it is to make it easy to use. And your average leftist is not an activist. You don't need ultra secure encryption for wojaks. > > There is no improvement to privacy compared to storing them in plain text > Maybe so, but it ensures that nothing unencrypted is ever stored or transmitted, which at least makes it more difficult for an outside actor (like an ISP) to listen in and decipher it Since you're running a hidden service, the connection never leaves the Tor network and your ISP can't spy on it. > It also means that every message a user receives is encrypted E2E personally to them > since messages to the world are encrypted automatically to the user from the Operator If you send a message to a special account, which then decrypts it, encrypts it again and sends it to everyone else, then that's not E2E encryption, it's a man-in-the-middle attack. So despite all the encryption, the user can not trust any public messages. > It also lets the Operator change its private/public key and notify users of the change, so that only someone storing the history of every public key over time could decrypt older data In what situation would someone have access to old encrypted data but not its decrypted form? > I guess the Op doing it too just makes sure nothing illegitimate is stored or sent to the client That an incorrectly signed message was sent is potentially useful information to the client. > I thought that networks like IPFS never actually delete a piece of data IPFS is specifically designed to be a distributed, permanent, filesystem, so of course it doesn't delete anything. > Which anonymous private networks are you thinking of? Freenet and I2P, but there are other, lesser known networks. > I initially set up a custom Kademlia P2P network That's where you went wrong. You should know what problems with existing P2P networks you're trying to solve before making a new one. > if the worry is that it could be shut down because it's only a single server What I meant is that if this one server is compromised, the entire network's privacy is compromised. This is why P2P networks are generally superior. To do something similar, you'd have to control half the network, not one node. > https://github.com/ComradOrg/Comrad/wiki/Comparison-of-alternative-social-networks I did look at that, but I don't think it's a useful comparison. It claims that anonymity and confidentiality are properties of design, when any network could be made anonymous and confidential with Tor and PGP, by the comparison's standards. And it compares networks which were not designed for privacy at all, like Scuttlebutt and Cabal (both written in Javascript) Additionally, it claims that some networks have identity verification when they do not have webs of trust for keys. (Comrad doesn't even allow you to use your own PGP keys and keyring)

Delete
Report

no cookies?