Trsst: a distributed secure blog platform for the open web(kickstarter.com) |
Trsst: a distributed secure blog platform for the open web(kickstarter.com) |
Why don't you build it first and if it gets popular then ask for donations?
What about the open source projects you're building on top of? Are you going to give any of those programmers some money?
> Yes. We're starting with the critical bit - the client - out in the open in JS w/ off-the-shelf open-source. Needs many eyes.
Frankly, I'm sick of people jumping on the "open-source" bandwagon and diverting resources from those who truly deserve it or who have a track record in the field they are asking funds for.
You know, people like Stallman and Torvalds took risk and bore the opportunity cost of spending time to build things they believed in and had passion for.
It seems too many of todays entrepreneurs are afraid of taking risk and want to pass it onto the public. I especially dislike what App.net did, conning people into giving money to build a closed source platform and then selling part of that company to venture capitalists.
Should be much quicker to develop a common library for use by the server and a (webstart) client - than to do two separate implementations? Also some of the code (and most of the interfaces) could probably be used on Android as well.
If you are doing javascript wouldn't nodejs on the server make sense?
We'll make a reference implementation, but we want and need many providers to experiment with price points and service options.
More importantly, anyone can roll-their-own provider on their server.
The intent is to extend an existing standard, RSS, with an http protocol to support it. We need to one of many providers for the system to work as intended.
Many open source software projects (some huge ones today) came out of the woodwork with no funding and little community support.
But I get your point, it will need some marketing to get people to understand what it is all about. But it's not like we knew what Twitter was at first. Did we?
No, you don't. It's not a matter of understanding the meaning, it's a matter of pronunciation.
That said, the architecture supports not only Twitter but FB-style friending and private group shares; we want to encourage different clients in different form factors, with the advantage being that they'd all interop. No more siloes.
It's an idea terrible enough that it will make people doubt your competence. For me, personally, "building strong crypto" and "lifting the twitter UI because too lazy to whip up some visualization of a simple roadmap" don't go together.
A hand-drawn sketch of the planned UI would look less vaporwarey.
What it stands for anyway?
But since you bring up, Facebook and Twitter are way better names.
IMHO it is not a good name because: * Not obvious at first glance that means 'trust' * How do you pronounce that? just say 'trust', spell it or try to say it in some bizarre way with a mute 't'? * Doesn't look pretty
For me the only good thing about the name is that is unique.
I know you probably meant to snark, but to take your question seriously, the question we have is: do we open up our working prototype, or write a reference impl from scratch in a language more useful to our community.
Is there a list of deserving people that gets curated by someone? I think that those who deserve are those that get support because what is being advertised is what people will pay for if they want it.
On the same note as those who truly deserve it I think that there are so many ideas and open source is not about a list of people but about whatever you want or need. Pushing back on new ideas is not necessarily the right thing to do. Vote with your money; support if you like something and walk away if you don't.
That said, we plan to generate keys like bitcoin does, so there if you have a bitcoin library in your language of choice, that part is done.
The server code will probably be less useful because there are so many choices, everyone's got their own preferences, and the server is pretty dumb compared to the client. Our leaning is to go with apache tomcat mainly because it's apache and it's widely deployed and, not least, it's what we use.
* If 100 different users are served the code, it's easy to pick 1 unsophisticated user out and serve them something different.
* Even if your users are sophisticated, they effectively have to install the code every time they use it, so any inspection they did yesterday will help them not-at-all today
* Browser Javascript code is influenced from all sorts of places across the DOM, meaning that you need element- by- element, attribute- by- attribute inspection of the entire page context (and this is before we get into things like caching) to have any clue what a piece of JS code might be doing
* The browser itself offers you no mechanism to hash and verify the whole runtime, so there's no way to lock in a specific inspected cryptosystem; even if you have the SHA2 hashes for your crypto .js, you won't have it for every point in the DOM that can override methods in that code
Leaning on browser javascript for cryptography is a bad idea that, I think, shows a fundamental disrespect for the security needs of actual real people who will be fooled into relying on it. I strongly advise you to go in some different direction.
Also, if a given, well-known resource could be pinned to a specific hash and third-parties could easily certify that specific hash, would that ameliorate the primary concerns with JS cryptosystems?
Thanks for your time.
Similarly if a host is compromised to serve bad js files. We can't solve endpoint security. And clearly NSA is now very good at breaking the endpoint at both ends.
I agree that it's not useful to say "just inspect the code"; no one really inspects their binary executables either, but we're committed to let you do so.
Let me be clear that JS is not required; it's just how we're making our reference client because we don't believe most people are going to download a custom client.
You can write a working client with bash+openSSL+curl if you want. The whole thing is simply signed text snippets over http.
Still, if anyone has mission-critical privacy they want to protect, we expect there will be hardened native clients to choose from.
Most posts from most people are going to be public anyway. We keep the public stuff public, but signed and search-indexable, and we let you do private stuff securely if you want to.
Just like how sending a gpg encrypted email to (some) users of hushmail wasn't secure, because in the end hushmail encouraged insecure handling of the private keys.
In the end, the only rational, informed choice, is to regard the whole system as (in)secure as its least secure part.
If there is to be any point to a "secure social network", the trust you can place in the network (implementation) should be at least as high as the trust you place in those you share with?
Will you be able to take reasonable steps to prevent private keys to be written to (unencrypted) swap, for instance?
Promising a "secure" social network, kind of implies that data you share is secure from your spouse, for example.
Very familiar with the document, but it mainly just boils down to watch-out for XSS attacks. We require SSL to deliver the entire page with no external libraries or references. His response to this doesn't really say anything. See: "WHY CAN'T I USE TLS/SSL TO DELIVER THE JAVASCRIPT CRYPTO CODE?" We need the crypto for keygen and signing and encryption, so he's missing the point completely.
To the other point made above along the same lines, the protocol is the key and you are free to choose your own client. No matter which you choose, you have to trust the source.
Our goal is to get the protocol adopted and used as widely as possible. Mass adoption is only possible if there's a web client with JS crypto, and there's no way around the need to trust the server you download it from.
If you run a hardened trustworthy client, your own public posts are still verifiable, and private posts meant for you are decodable only by you.
You would just need to make sure to send your private posts only to others that use trustworthy clients. But, because you're sending them a secret message in the first place, you already implicitly trust them.
I'll submit that because it's in-browser it's additionally difficult - very difficult - to get right, but I don't see that it's impossible.
And how would you make sure of that? Is there a field in the user data that says: "419 I speak the protocol, but I don't give security grantees - fool you for talking with me?". Is there planned an easy UI for showing you which of your contacts are part of the secure network, and which ones are backdoors into the network?
It is trivial to compromise the browser context of the page. In the case of a browser bug another tab can interact badly with the current tab. In the case of a MITM attack on (sadly quite possible given the potential adversary) the attacker can modify the JS in flight to the browser. In the case of an externally loaded resource embedded on the page that resource may modify the execution of your crypto. There are also CSFR, XSS and other JS vulnerabilities to account for.
Javascript is a hopelessly bad place to do crypto. Consider doing an signed browser extension that does this on the desktop and native apps on the phone. I would also suggest a native app on the desktop as well. People seem to really like them for twitter.
It's also not clear to me why you're any more secure with a signed browser extension or native app. Just because it's signed doesn't mean you can trust it any more than you can trust JS that you download via HTTPS from a server. What's worse, you didn't compile it from source, so how can you know there's nothing sinister lurking in there?
You are correct that people like native apps for their microblogging, and we want to encourage many native, hardened, peer-reviewed implementations for every platform imaginable.
Because the client is just appending signed entries to the end of an RSS file, send pushing and pulling those files over http, you could write a nice client running inside emacs (if you trusted your os crypto libs).
For one, one would hope that a team takes more care to manage their private (code) signing key, than their ssl private key. The signing key should probably be on an air gapped system. That isn't feasible with the key use for https/tls.
You could compromise ftp-servers all day without being able to generate a valid signature for your bad code.
Now, on the subject of: Wouldn't it be possible, in the future, to create mechanism where we could deliver signed js code in a more secure manner than we do today? Absolutely. But it that future doesn't seem to be arriving any time soon.
Browser JS is a uniquely terrible vector for delivering crypto to end users. Use something different.
Schneier thinks NSA may have already compromised certain binaries and checksums, and John Gilmore is wondering if certain source trees have been compromised.
JS is not immune to these kinds of attacks, nor is it any more susceptible. All we can do is make sure our implementation is clear and correct and avoids browser exploits. We can't control your binaries, OS, browser, or otherwise.