[Taek]

How does Kloak handle metadata? If people can see who you communicate with, they can get access to your social network, which contains a lot of information.

By seeing my location dozens of times, a company can figure out where I live. They might not know what bar I went to last night but they will be able to know that I visit Chipotele frequently.

It's better than nothing, but it seems like strong analytics could still access most of the important information.

[daviddahl]

You must approve all contacts who get a copy of your feed. There is no way to just follow others. It is a white-listed system. Analytics can only be performed by those you trust

[adrtessier]

I was about to ask a lot of these questions of how deep the metadata layer really goes - including using SpiderOak as the threat. It seems this is built on Crypton, linked below; however, the paper itself [1] goes into a lot of detail on what metadata SpiderOak could see, and what they can infer from it.

I am personally curious why p384/ECDSA was chosen; vs. p521 or Curve25519+Ed25519. I assume this is because p384 is standardized and recommended in NSA Suite B.

[1] https://crypton.io/crypton.pdf

[daviddahl]

p384 is the standard, yes, however, any future implementation of Crypton will, I hope, move to Curve25518