The difference there is that your relatively small key holds the potential for everything on your page.
Why does it have to be a global key?
I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to... do you need to build a PGP public/private key for each of your friends?
Why not, it's cheap? You don't have 1M friend either...
Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.
It's not so much about encryption solution (that could be worked out anyway) as it is about access control.
The main question is actually how are update going to be disseminated and validated chronologically... beyond that it's already an improvement on the current situation.
And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node... and wait for legal action to get a potential file sharer's key by court order...
FreeNet integration? Popular files get spread more...
I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking...
Nothing is, just much better socially than what we currently have, let's talk about its weaknesses and improve on them:-)
there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage.
Oh, like everyone's hard drive is not on average 70% empty or such?
My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening.
The concept of being offline is not really trendy these days and is going away very rapidly in any case, you should really think about running a small home server like Eben Moglen suggested in that case to solve the issue.
People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.
Some people also don't upload on Bittorrent cause they are selfish fools. If we want this to work, just like FOSS, we need to have enough people willing to share bandwidth for the model to work.
And it seems like P2P and FOSS has proven to work up till now quiet well in that respect despite the morons... And in a social case you'd be dealing with your friends who are much more willing to share with/for you.
Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this.
Among other projects wit different aims like I2P, FreeNet, bittorent, aMule, OpenID and many more that could interact together in very interesting ways:
So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline.
Yep, and you could have close friend in your circle mirror your files / profiles and share them as needed... Or an encrypted fast repository (think, maybe, Firefox weave?) to which you lend a key to those you want to read it.
On top of that if you're disseminating photos or videos, this could get crazy for upload speed.
Well, Bittorent totally solved that issue and with friend mirroring you it'd be awesome. Also, this would help weed out asymmetrical connection in the long run, giving back citizens the expressive voice they deserve. (Fiber to the home is the only viable way forward...)
So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff.
They have what you allowed them to have, you won't backup your sex life on your ex's computer if you don't want to...;-) They can hack all they want, a well thought out system with crypto will solve any such issue.
Can you trust their node anymore than Facebook?
Definitively, why would you trust the middle man more than the person with whom you want to share your data? Who are you afraid is going to spy on you, the person who you are sending the data to anyway or the middle man?
Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force.
As discussed, don't share what you don't want where you don't want it and use proper encryption.
So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.
see above...
So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.
dial up are really on the way out but even with that, their initial upload is akin to sharing it with someone else that might help afterward with spreading the file to whoever else you'd want it shared.
Also, at some point, you can't control the information you release to someone, trying to build a social-DRM system is not going to work anymore than it did for bluray, DVD, music and whatnot...
Can anybody explain to me how they can claim that nobody knows where their servers are but still get shutdowned?
Are they routing from I2P to a data center with a huge cache? What if someone was to attack the DNS, then they'd be screwed. (until they register something ridiculous but...)
It would be really interesting to be able to use and improve on that setup for many people... anyone care to help?:)
This project (and others like it*) has to succeed, we need something that makes the net lean toward P2P as an organisational structure.
Without these types of fights the net is in the long term going to suffer a lot from corporate control and stifle people's ability to start new ventures.
I'm not saying they should remove the current options, but for example, isn't setting a normal credit card entering form going to cost more like 2% than 5% ? Are there even better solutions to add to the mix which they could hint to to make people aware and get more for charity?:)
And if some services cannot be distributed (not that it would be impossible but I'm not arguing about a specific technical solution) than they must be governed globally in a democratic matter according to human rights and all...:)
Yes, and that's exactly the point, when using a web of trust multiple people, you choose yourself, become your authority and you can switch them when you feel cheated.
Right now i have to trust big banks or certificate authority to care for me... I'd rather trust my family and friends. Of course you need time to construct all this but if everyone was to switch to such a system we'd all be setuped pretty quickly.
I'm not pushing for anything specific but just as Shneier talks about security as a process I really just want to push distributed system as a thought structure for future development to guarantee we can build security, privacy and distributed features into systems from the go as it can't be added as an after thought.
The whole idea is that if it doesn't work in a distributed manner, we can always group people together to form local authority, the reverse is impossible.
It's all about having a democratic network, that's all:-)
Indeed, we can always use just IPs but that's loosing a lot of functionality. And google is definitely a worst alternative than the actual DNS system which is at least a bit decentralized:-)
I didn't see anyone paying for namespace in p2p networks or on I2P/FreeNet/etc., maybe we don't need to have parent domains?
And you do realize that domains like.biz,.info,.jobs, and all those new weird domain were only created because they knew every company wouldn't risk not registering their name everywhere they could and that would give them a huge revenue source? Centralized political corruption indeed...
And I'm paying already to get connected, everything should be "intelligence at the border", I'm paying by offering others to use my CPU/RAM/Storage. Do we really need Facebook/Google to centralize the net when we could all do it?
There is such of waste of computer resource! And while we're at it, i wish more publicly owned fiber were built as a fair tunnel for ISPs to compete.
It's sad that the biggest super computer on earth are botnets, I just wish it was actually a voluntary citizen network instead...
The fact that you can't get a domain for 0$ implies that this is hierarchical and not free in any sense of the word which worries me and implies struggle about who controls the distribution... I'm no expert on BGB / DNS though.
And yes, p2p usually implies a less than 100% reliability and you might get conflict of namespace or some such problem, but it usually gives users a fairer share in the network and makes the user a citizen instead of a consumer.
Though, this might not be so much of a "p2p vs hierarchical" problem as one of who can trust IANA/ICANN to do the right job globally...
What I'm advocating is just that the more distributed (and not decentralized!) the structure of the network is, the better it'll survive longterm totalitarian control.
Another attempt to solve things in a hierarchical way that should have been rather fixed with p2p web of trusts so country and trust their own servers with a great degree than outside ones... But no, centralized control is much more fun in the eyes of politician who care more about guaranteeing their retirement than freedom for everybody.
We need to have a project that aims to unite all the privacy projects out there to make something good come out of it, using the power of the crowd with free software in a privacy respecting matter but in a much more powerful way that can actually serve people...
Here are some projects or ideas that deserves to be noticed:
I envision a setup where our cell phones or little home servers (open ones, like the n900 or better) can connect to each other via mesh, have open social infrastrcture running on them routed over an I2P layer so nobody knows who is talking to who and you have total control as to who/when/what is seen by your peers.
These setup have cameras that can use such network to create massive collaborative networks to document a situation or location. Be it a manifestation where you relay real time camera from all angles with sound level maps and other sensors to augmented reality group interaction and other crazy ideas.
This is more broad that what is discussed here as it touches all OSI layers and ask for a shift toward a p2p infrastructure at all level respecting and working for the user and independance from middle man as much as we can. Of course a distributed DNS might have to be worked on too. I think these research are fundamental to the survival of freedom online as we knew it...
Harper is just a totalitarian freak, 99% of the last round of comments on Bill C-61 were against it in one way or another... http://www.michaelgeist.ca/ has been awesome at covering this and not letting it all go under the carpet but he can't save Canada alone!
I wish we could evolve a P2P system where you get to control through a nice encryption setup where your data goes, who are your friend and only leak what you need... I wish to see systems like http://www.peerson.net/ evolve and maybe layer themselves over I2P or such anonymous networks.
... and have apple go back to the niche market it deserves with it's close-minded dysfunctional ideas ?
The rest of us will be able to move forward faster without them in the way! And those religious people needing to be told what to see or think can go back to their savior company...
So they actually got it connected with a SIM card or WiFi before trying it and filming the result and that's how it got remotely killed by big brother?
Strange thing... I had an eye operation for strabismus when i was 2-3 year old and was subsequently told I might not see depth properly...
Doing the which circle is higher and the catch the fly wing tests, I have more trouble than average but still managed to maintain some 3D vision. The weird thing is that I always had the feeling I had a better 3D ability in my head than others (over compensation?) and a weirder thing is that when I go to a 3D movie I get the feeling that since both my eyes are forced to see different things, it forces them to both be in the action and thus 3D seems much more "3D" than in my day to day life.
What I don't know is if that is normal or if it's a by product of my poor 3D vision? Are you guys feeling 3D in the theather is just like real life or much more than it should? Or maybe the SFX guys are overdoing it haha, I don't have a reference to point to though, last 3D movie was a while back...
Can't wait for 3D cell phones and the line without lenses to check them out and see how screwed up I am...;-)
Last i heard cell phone were not routed through FreeNet or I2P before reaching the carrier! There is NO anonymity in cell phone networks, even less than on the internet...
They should start by making every cell phone mesh-network-aware to route around problems in case of a destroyed tower.
Can't wait for them to program the phone to figure out where pot is being smoked and coke snorted.
Slashdot Mirror
bwahahahah, j'adore les threads sur le Québec :P
Well i wasn't targeting that reason for not sharing which can be dealt with with I2P and whatnot...
As for buying album, that's a completely different thread :)
The difference there is that your relatively small key holds the potential for everything on your page.
Why does it have to be a global key?
I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends?
Why not, it's cheap? You don't have 1M friend either...
Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.
It's not so much about encryption solution (that could be worked out anyway) as it is about access control.
The main question is actually how are update going to be disseminated and validated chronologically... beyond that it's already an improvement on the current situation.
And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...
FreeNet integration?
Popular files get spread more...
I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ...
Nothing is, just much better socially than what we currently have, let's talk about its weaknesses and improve on them :-)
there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage.
Oh, like everyone's hard drive is not on average 70% empty or such?
My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening.
The concept of being offline is not really trendy these days and is going away very rapidly in any case, you should really think about running a small home server like Eben Moglen suggested in that case to solve the issue.
People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.
Some people also don't upload on Bittorrent cause they are selfish fools. If we want this to work, just like FOSS, we need to have enough people willing to share bandwidth for the model to work.
And it seems like P2P and FOSS has proven to work up till now quiet well in that respect despite the morons... And in a social case you'd be dealing with your friends who are much more willing to share with/for you.
Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this.
Among other projects wit different aims like I2P, FreeNet, bittorent, aMule, OpenID and many more that could interact together in very interesting ways:
http://groups.fsf.org/wiki/Group:GNU_Social/Project_Comparison
So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline.
Yep, and you could have close friend in your circle mirror your files / profiles and share them as needed... Or an encrypted fast repository (think, maybe, Firefox weave?) to which you lend a key to those you want to read it.
On top of that if you're disseminating photos or videos, this could get crazy for upload speed.
Well, Bittorent totally solved that issue and with friend mirroring you it'd be awesome.
Also, this would help weed out asymmetrical connection in the long run, giving back citizens the expressive voice they deserve.
(Fiber to the home is the only viable way forward...)
So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff.
They have what you allowed them to have, you won't backup your sex life on your ex's computer if you don't want to... ;-)
They can hack all they want, a well thought out system with crypto will solve any such issue.
Can you trust their node anymore than Facebook?
Definitively, why would you trust the middle man more than the person with whom you want to share your data?
Who are you afraid is going to spy on you, the person who you are sending the data to anyway or the middle man?
Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force.
As discussed, don't share what you don't want where you don't want it and use proper encryption.
So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.
see above ...
So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.
dial up are really on the way out but even with that, their initial upload is akin to sharing it with someone else that might help afterward with spreading the file to whoever else you'd want it shared.
Also, at some point, you can't control the information you release to someone, trying to build a social-DRM system is not going to work anymore than it did for bluray, DVD, music and whatnot ...
If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...
Can anybody explain to me how they can claim that nobody knows where their servers are but still get shutdowned?
Are they routing from I2P to a data center with a huge cache? ...)
What if someone was to attack the DNS, then they'd be screwed. (until they register something ridiculous but
It would be really interesting to be able to use and improve on that setup for many people... anyone care to help? :)
Viva la Evolución!
This project (and others like it*) has to succeed, we need something that makes the net lean toward P2P as an organisational structure.
Without these types of fights the net is in the long term going to suffer a lot from corporate control and stifle people's ability to start new ventures.
* http://groups.fsf.org/wiki/Group:GNU_Social/Project_Comparison
I'm not saying they should remove the current options, but for example, isn't setting a normal credit card entering form going to cost more like 2% than 5% ? :)
Are there even better solutions to add to the mix which they could hint to to make people aware and get more for charity?
Great job!
Would there be a better solution next time not to give out 50k$+ to credit cards, paypal and others?
Well, 0$ for Quebec, $0 outside of it ;-)
And if some services cannot be distributed (not that it would be impossible but I'm not arguing about a specific technical solution) than they must be governed globally in a democratic matter according to human rights and all... :)
Yes, and that's exactly the point, when using a web of trust multiple people, you choose yourself, become your authority and you can switch them when you feel cheated.
Right now i have to trust big banks or certificate authority to care for me ... I'd rather trust my family and friends. Of course you need time to construct all this but if everyone was to switch to such a system we'd all be setuped pretty quickly.
I'm not pushing for anything specific but just as Shneier talks about security as a process I really just want to push distributed system as a thought structure for future development to guarantee we can build security, privacy and distributed features into systems from the go as it can't be added as an after thought.
The whole idea is that if it doesn't work in a distributed manner, we can always group people together to form local authority, the reverse is impossible.
It's all about having a democratic network, that's all :-)
Indeed, we can always use just IPs but that's loosing a lot of functionality. And google is definitely a worst alternative than the actual DNS system which is at least a bit decentralized :-)
I didn't see anyone paying for namespace in p2p networks or on I2P/FreeNet/etc., maybe we don't need to have parent domains?
And you do realize that domains like .biz, .info, .jobs, and all those new weird domain were only created because they knew every company wouldn't risk not registering their name everywhere they could and that would give them a huge revenue source? Centralized political corruption indeed...
And I'm paying already to get connected, everything should be "intelligence at the border", I'm paying by offering others to use my CPU/RAM/Storage.
Do we really need Facebook/Google to centralize the net when we could all do it?
There is such of waste of computer resource!
And while we're at it, i wish more publicly owned fiber were built as a fair tunnel for ISPs to compete.
It's sad that the biggest super computer on earth are botnets, I just wish it was actually a voluntary citizen network instead...
The fact that you can't get a domain for 0$ implies that this is hierarchical and not free in any sense of the word which worries me and implies struggle about who controls the distribution... I'm no expert on BGB / DNS though.
And yes, p2p usually implies a less than 100% reliability and you might get conflict of namespace or some such problem, but it usually gives users a fairer share in the network and makes the user a citizen instead of a consumer.
Though, this might not be so much of a "p2p vs hierarchical" problem as one of who can trust IANA/ICANN to do the right job globally...
What I'm advocating is just that the more distributed (and not decentralized!) the structure of the network is, the better it'll survive longterm totalitarian control.
Another attempt to solve things in a hierarchical way that should have been rather fixed with p2p web of trusts so country and trust their own servers with a great degree than outside ones...
But no, centralized control is much more fun in the eyes of politician who care more about guaranteeing their retirement than freedom for everybody.
We need to have a project that aims to unite all the privacy projects out there to make something good come out of it, using the power of the crowd with free software in a privacy respecting matter but in a much more powerful way that can actually serve people...
Here are some projects or ideas that deserves to be noticed:
An openID with privacy features:
http://openprivacy.org/
P2P social networks / research:
http://www.movim.eu/
http://www.peerson.net/
P2P search:
http://yacy.net/
P2P SIP:
http://www.blyon.com/blog/index.php/2009/06/22/p2p-sip-uri-dialing/
Encryption:
http://code.google.com/p/cryptsetup/
P2P encrypted networks:
http://www.i2p2.de/
http://freenetproject.org/
Augmented reality / group mapping:
http://www.openillusionist.org.uk/documentation/doku.php?id=site:home
http://www.biomapping.net/
Mesh:
http://robin-mesh.wik.is/
I envision a setup where our cell phones or little home servers (open ones, like the n900 or better) can connect to each other via mesh, have open social infrastrcture running on them routed over an I2P layer so nobody knows who is talking to who and you have total control as to who/when/what is seen by your peers.
These setup have cameras that can use such network to create massive collaborative networks to document a situation or location. Be it a manifestation where you relay real time camera from all angles with sound level maps and other sensors to augmented reality group interaction and other crazy ideas.
This is more broad that what is discussed here as it touches all OSI layers and ask for a shift toward a p2p infrastructure at all level respecting and working for the user and independance from middle man as much as we can. ...
Of course a distributed DNS might have to be worked on too. I think these research are fundamental to the survival of freedom online as we knew it
Harper is just a totalitarian freak, 99% of the last round of comments on Bill C-61 were against it in one way or another...
http://www.michaelgeist.ca/ has been awesome at covering this and not letting it all go under the carpet but he can't save Canada alone!
Cheers to that!
That's what i said the day the license choice came out and now I'm just laughing, sadly...
I wish we could evolve a P2P system where you get to control through a nice encryption setup where your data goes, who are your friend and only leak what you need...
I wish to see systems like http://www.peerson.net/ evolve and maybe layer themselves over I2P or such anonymous networks.
I hadn't seen a UID war in such a long time that I almost forgot about them... :P
Those youngsters with their retro trends
... and have apple go back to the niche market it deserves with it's close-minded dysfunctional ideas ?
The rest of us will be able to move forward faster without them in the way!
And those religious people needing to be told what to see or think can go back to their savior company...
So they actually got it connected with a SIM card or WiFi before trying it and filming the result and that's how it got remotely killed by big brother?
Major FAIL !
Strange thing... I had an eye operation for strabismus when i was 2-3 year old and was subsequently told I might not see depth properly...
Doing the which circle is higher and the catch the fly wing tests, I have more trouble than average but still managed to maintain some 3D vision.
The weird thing is that I always had the feeling I had a better 3D ability in my head than others (over compensation?) and a weirder thing is that when I go to a 3D movie I get the feeling that since both my eyes are forced to see different things, it forces them to both be in the action and thus 3D seems much more "3D" than in my day to day life.
What I don't know is if that is normal or if it's a by product of my poor 3D vision? Are you guys feeling 3D in the theather is just like real life or much more than it should?
Or maybe the SFX guys are overdoing it haha, I don't have a reference to point to though, last 3D movie was a while back...
Can't wait for 3D cell phones and the line without lenses to check them out and see how screwed up I am... ;-)
Last i heard cell phone were not routed through FreeNet or I2P before reaching the carrier!
There is NO anonymity in cell phone networks, even less than on the internet...
They should start by making every cell phone mesh-network-aware to route around problems in case of a destroyed tower.
Can't wait for them to program the phone to figure out where pot is being smoked and coke snorted.
Really, stop buying closed phones!
Anyone remember the movie Toys ?