Thomas, There is more to the security, than simply decentralization.
We had had discussions in the past (on the IRC, not sure if it got to this list) about how best to encrypt/sign deltas of each user (by giving each user their own keys) in such a way that the whole wave can be read/edited by participants in that Wave, but that any non-participants are actually incapable of decrypting it. There is some complex work to happen when you add/remove a participant to an existing wave though... Ali On 5 December 2013 15:41, Thomas Wrobel <darkfl...@gmail.com> wrote: > "nsa-resistant*" > > Thats absolutely a good plus point in this day and age. Its wouldn't be > "proof" by decentralization but > certainly makes things more resistant. > The idea of a federated protocol that lets people selectively share stuff > with others is going to be harder to spy on (on mass) then a nice convient > all-in-one-place Google or Facebook server. > Don't trust Bobswave server? Then start your own! Then you own have to > worry about stuff shared with bobswave users ;) > > This could be quite a selling point - both to individuals, but also > to company's worried about trade secrets being lost. > > > ~~~ > Thomas & Bertines online review show: > http://randomreviewshow.com/index.html > Try it! You might even feel ambivalent about it :) > > > On 5 December 2013 16:29, Bruno Gonzalez (aka stenyak) > <sten...@stenyak.com>wrote: > >> This can be a good idea, and I agree with the general design and goals >> of your project. >> >> I'm not sure whether this should be a replacement for WiaB, or just a >> parallel project that can evolve side-by-side, but if you go forward >> with it, we'd just have to wait and see how users and possible >> contributors react to it (I'd definitely contribute however I can, be it >> code, paypal-beers or whatever! :-) >> >> Random suggestion: I'd try to direct/promote the project (amongst other >> people, of course) towards those who want nsa-resistant* and open source >> whatsapp alternatives. >> >> (*) whatever that means... (it can not be worse than current email >> protocols hehe) >> >> On 12/01/13 05:03, Joseph Gentle wrote: >> > I still really want to make the wave platform we've been talking about >> > for awhile. I just don't have any time because I need to work to eat. >> > >> > So I've spent the last month thinking about running a kickstarter to >> > fund the work. Christian's email was really timely. >> > >> > >> > I want arbitrary JSON documents, or arbitrary embedding like we talked >> > about a few months ago. >> > >> > I want a protocol based on real P2P algorithms rather than the hacky >> > mess we have at the moment with trees of servers connecting via an >> > XMPP extension >> > >> > I want the same fundamental protocol to work server-server or >> > server-client. The OT stuff should work like git. >> > >> > No single person can maintain our 500k of legacy java code. I want to >> > write a better version with much cleaner separation of OT protocol and >> > application specifics. I still want a web client, but it should be >> > written in pure javascript. >> > >> > Messages should be cryptographically secure from snooping. >> > >> > >> > The way I see it, there's fundamentally three pieces that make up wave: >> > >> > 1. A set of OT primitives which allow peers to generate & interpret >> operations >> > 2. A platform on top of (1) for exchanging operations between networked >> peers >> > 3. An application on top of (2) which is trying to replace email >> > >> > These pieces should be separate from one another, and usable in other >> contexts. >> > >> > I have a clear idea of how we can make (1) and (2) work. The OT part >> > we've talked about on the list and I've been slowly prototyping out >> > here: http://github.com/josephg/tp2stuff >> > >> > I have a bunch of applications I want to build on top of a platform >> > like this. For example, I want my text editor, compiler & unit tests >> > to all talk to one another so my text editor doesn't need >> > language-specific completion or syntax checking, and so my friends can >> > jump in and help me code. >> > >> > I don't know what the best way to build (3) is - but I'm more than >> > happy to build the platform that a new kind of email could be built on >> > top of. Maybe the current WIAB design is totally fine for that part - >> > though I want end-to-end encryption. >> > >> > I don't know when the right time to do this would be. I don't know if >> > I should work alone or if we should put a team together (Hi Ali!). If >> > I were to do this properly it would take about a month of prep to get >> > a kickstarter together, and if it is successful I'd want to quit my >> > job to do it. I think it'd take me about 6 months to a year of work to >> > get a stable, secure platform working (probably closer to a year), and >> > I'm also not allowed to stay in the US without an employer on my visa. >> > >> > The earliest this will probably happen is the end of the year. >> > >> > Kickstarter might also not be the right way to fund it. Cryptocat was >> > funded in 2012 mostly by Radio Free Asia's Open Tech Fund[1] to the >> > tune of ~$100k. A kickstarter would give us users (great) and >> > publicity, but the right private sponsor might also work. >> > >> > Maybe the most contentious part of all, I don't think I'd want to call >> > it wave. But it really would be the grandchild of what we've been >> > working on all this time. >> > >> > Thats my thoughts. If anyone has any ideas, I'm all ears. As I say, >> > I'm keen to build this, but I'm too old to live on ramen in a granny >> > shack. This thing we've been working toward has real value, and could >> > be put to great effect if we can actually make it good. >> > >> > -J >> > >> > >> > >> > [1] https://crypto.cat/documents/report-1213.pdf >> https://www.opentechfund.org/ >> >>
