> We are building the first fully-conforming trsst server, plus an open source web client including javascript libraries for core functionality like the cryptographic functions.
Wait, wat?
From the first glance it looks like they just patched buzz words together and decided to call it bitcoin-like decentralized syndication network on a PKI
What about anonymity? Anyone who has the whole signing chain could track down the author. The anonymity of bitcoin is achieved by mixing hubs[1], you can't split a blog post in half and mix it.
Here where I live the wide majority of cafes (and other hotspots) rely internet access service to telcos which require you to fill in a form on their website identifying yourself before you hit the web. That's why I asked. Nice to know you can browse around anonymously in Starbucks though.
All those I've seen (mostly abroad where I've used wireless in restaurants, airports, etc) allow you to use fake details. I've never registered with true information to use public wireless.
That is really great for you. Here there is not such thing. Go anywhere with public wireless, a hotspot or whatever, connect to their network and try to browse around. Bing, "please choose one of our plans: per hour, day, week or month". Type in your credit card number and you are "free" to go. Of course, you can try a stolen ID and/or credit card combination, but then you are at your own risk.
I spent some time working on a project to create an encrypted contact form for people to use on websites. Thought it might make for a good wordpress plugin, but I was wrong.
Having gone from a position of "why not" to "oh hell no" on javascript crypto, the fundamental problems as I see them (aside from the ones outlined in your comment):
* Each javascript engine is different, with different (or sometimes no) sources of differing (or no) levels of randomness, which is essential for crypto to work.
* Most browsers support some level of javascript introspection whether you like it or not. Sure, things like Content Security Policies can be used to limit access from other tabs or domains but it's not just secure delivery to browsers that's a problem with javascript, it's execution integrity too.
* Most of the Javascript crypto libraries I've seen are ports of C libraries using tools such as llvm. As such they were not designed with javascript's functionality in mind, and as such are unlikely to have been anywhere near as scrutinised for side channel leaks as something built from the ground up.
The final nail in the coffin for my project was the fact that I'm not supporting a set of browsers, I'm supporting a set of ecosystems. Anything from plugins and extensions to minor version changes can affect the behaviour of a javascript engine in an unexpected way with potentially dangerous outcomes. I couldn't in good faith release a tool that lets grandma contact you without having to install PGP but in reality may mean she gets black bagged regardless because she used a dodgy tablet with no randomness source.
There are some relevant considerations in that document but I found it to be very dismissive. SSL for example is not hard to implement, and going ssl-always is now quite common.
Don't get me wrong, I certainly don't want to advocate slapping some crypto lib onto a site with a bunch of marketing script. A project from scratch with these considerations might some day get it done.
For now, crypto should be done via a native client. In the case of encrypted p2p communication, clients such as http://retroshare.sourceforge.net/ get the job done nicely.
I think it's a play on "trust". Maybe capitalize on the current v for u trend and name it Trvst? It's slightly more legible and won't be a kick in the ego to change.
I'll leave aside the comparisons to tent.io, app.net, StatusNet, and many other services...
Considering that most Twitter users seem quite comfortable with publishing their posts for all to see, marketing a Twitter competitor as a post-Snowden measure seems somewhat opportunistic to me, especially when there are many other benefits to decentralized/open Twitter replacements.
Can someone explain this system? I see the word decentralized thrown around, but the Kickstarter seems based around them building a server and hosting this. What is decentralized about them controlling the user ids? Basically: What am I missing here?
Yeah, I'm not sure I get it either. They call it a "syndication network" which, for me, gives the impression of a distributed network that is strictly controlled, which defeats the purpose. I hope this is just poor wording.
I saw nothing but a picture of an RSS icon, and thought that was the joke: you can "follow" people by subscribing to their RSS feeds, and RSS already exists.
Twitter became popular because browsers didn't elegantly handle feeds. Tumblr blogs (or blogs in general) with post comments and following are much more open and just as usable as the Twitter platform, if you provide easy to use rss syndication and browsers support easy to use feed browsing without having to search out a google reader replacement.
Everyone and their mother can build a Twitter clone in 24h. Add a week for encryption and security.
There's absolutely nothing new about this idea. Nothing. They don't even have a working prototype. All thin air.
On top of that, what's the big deal with privacy nowadays? It's the opposite of what we should aim for as a society. Transparency is not only unavoidable, it's a good thing.
Market this as a tool to organize protests in countries where privacy is a necessary evil, and maybe it will make more sense.
Who'd have guessed? It's an article about tech on a tech site.
> What's the big deal with privacy nowadays?
We found out about wholesale global surveillance.
> It's the opposite of what we should aim for as a society.
Just as I want to poop with the door closed, I also want to discuss private matters privately. Not everything in my life should be public and I should have the final say over that. Should every start-up be subject to absolute transparency? Kinda eliminates any competitive advantage if your competitors know what you're up to.
> Transparency is not only unavoidable, it's a good thing.
Transparency of government, yes. For the rest of us, mind your own damn business.
> ... privacy is a necessary evil ...
The good thing about having the option of privacy is that it's not forced upon you. If you're not happy with your life being private, you're free to share. When that option of privacy is eliminated, however, you're forced to share everything even if you don't want to, and that's pretty much the opposite of liberty.
"On top of that, what's the big deal with privacy nowadays? It's the opposite of what we should aim for as a society."
That's what you (and Zuckerberg) think, but lots of other people disagree. For example, a journalist trying to communicate with a government whistleblower like Snowden (or any other sensitive source) requires privacy in any country. And some people just don't want the NSA/FBI/police reading everything they post to their group of friends.
I wonder when people will realize that Twitter is not the enemy. I do believe in decentralized social networking, but some software package you throw on your web server doesn't seem like the solution. We need a new Internet protocol.
Even so, I wish this team luck and hope it to gain traction.
Due to their centralized nature, and the result of being located in the US as one of the largest communication platforms, Twitter has become the enemy. It was probably not their intention to become the enemy, but that's the consequence of being located on US soil and being one of the largest service providers (just as Facebook and Google have.)
When you decentralize, where providers are only responsible for a relative handful of the overall userbase, 'hoovering' is much more difficult.
I already know about its centralization and being in the US. So what? I don't put sensitive information into Twitter like I do in Google services.
Do you expect your blogging service to be encrypted and private too? I guess the private messages should be secure but oh well, I've even heard Twitter demanding warrants for giving out DM info.
Edit: I do wish we could expect "private messages" to be private.
Maybe I'm lost on the service, but why would anyone expect privacy from Twitter? After all, any company can open their wallets and get the firehose from Twitter in realtime. Why would the NSA be barred from that?
The idea behind decentralization isn't that it eliminates surveillance, but that it makes indiscriminate mass surveillance less easy, especially when combined with good cryptography.
Mass surveillance has existed in other societies without the help of today's technology, but technology, especially when it aggregates aggregates data in large hubs, makes it very easy.
It's not the protocols that are to blame (they're just contracts for how things talk to other things) for enabling mass surveillance, but the way we've structured our software and services.
Sigh. There are so many people doing this. I couldn't access the main article but read the Kickstarter page. From what I understand this is a plea for funding for (basic) components that are already built by other teams, but with an extra layer of encryption and a copy-cat UI.
Why not just focus on encrypting content on an existing decentralized network project like pump.io or GNU social? Or any other open network? Build on some momentum that is already there rather than debug message transport for life?
I'm not entirely sure I understand what's going on. I suggest changing the explainer video to at least a talking head - yes, old, but they have much better recall and have been proven to change brand preference (even with cigarretes)a and try to find a better synonym for 'encryption' - Good luck. Going against Twitter is a tall order.
At first glance there's stuff I like and dislike about this, but the strongest thing is probably separating out how the messages move around from how the keys move around.
Moving encrypted blobs around is easy, as long as you don't care about traffic analysis. Handling keys is a bit harder. Separating those makes sense.
Thought about this before, but there is one problem: you still leak loads of metadata just like with e-mail (whom you're communicating with, when you're communicating, how much you're communicating, and perhaps other things). Because of this, I didn't see any advantage.
Do they hope to be as successful as Diaspora? "open social media network that encrypts your posts and distributes via RSS" sounds like a great summary of a killer project that nobody will ever use.
Wait, wat?
From the first glance it looks like they just patched buzz words together and decided to call it bitcoin-like decentralized syndication network on a PKI
What about anonymity? Anyone who has the whole signing chain could track down the author. The anonymity of bitcoin is achieved by mixing hubs[1], you can't split a blog post in half and mix it.
[1]: https://en.bitcoin.it/wiki/Anonymity
btw what happened to Open Source today? You have to hype on Kickstarter and waiting for people throwing money at you in order to start coding?