JS on the client, and that's the important bit where all the crypto happens. Likely Java on the server, basically a drop-in servlet for any Tomcat, but still TBD.
Why don't you build it first and if it gets popular then ask for donations?
What about the open source projects you're building on top of? Are you going to give any of those programmers some money?
> Yes. We're starting with the critical bit - the client - out in the open in JS w/ off-the-shelf open-source. Needs many eyes.
Frankly, I'm sick of people jumping on the "open-source" bandwagon and diverting resources from those who truly deserve it or who have a track record in the field they are asking funds for.
You know, people like Stallman and Torvalds took risk and bore the opportunity cost of spending time to build things they believed in and had passion for.
It seems too many of todays entrepreneurs are afraid of taking risk and want to pass it onto the public. I especially dislike what App.net did, conning people into giving money to build a closed source platform and then selling part of that company to venture capitalists.
> Frankly, I'm sick of people jumping on the "open-source" bandwagon and diverting resources from those who truly deserve it
Is there a list of deserving people that gets curated by someone? I think that those who deserve are those that get support because what is being advertised is what people will pay for if they want it.
On the same note as those who truly deserve it I think that there are so many ideas and open source is not about a list of people but about whatever you want or need. Pushing back on new ideas is not necessarily the right thing to do. Vote with your money; support if you like something and walk away if you don't.
The problem I see is that if the public donate several times to projects which don't work out, by the time the true domain experts get around to setting up a Kickstarter, the public are already tapped out.
I get where you're coming from, but I was sitting at an Eclipse game with ESR last week (where he beat me on the tiebreaker but I digress) and he thought our approach was great. KS didn't exist back then. If it did, it might have funded some of the great foss projects. #truestory
You're right that this is relatively new so we don't know how things will pan out. For example, will third party contributors be discouraged from helping if they don't get some form of compensation?
I hope you at least consider a java client as well, so there will be one implementation that is actually usable - as javascript and crypto doesn't mix (unless something is happening wrt api-support in the various engines/browsers? But then I guess you'd say html5, not "javascript").
Should be much quicker to develop a common library for use by the server and a (webstart) client - than to do two separate implementations? Also some of the code (and most of the interfaces) could probably be used on Android as well.
If you are doing javascript wouldn't nodejs on the server make sense?
If normal people are going to use it, it has to run in a browser, hence JS. There are working open source crypto libs in JS today, and kind of the nice thing about them is that they're not compiled, so (if unobfuscated) you can literally just inspect the source.
That said, we plan to generate keys like bitcoin does, so there if you have a bitcoin library in your language of choice, that part is done.
The server code will probably be less useful because there are so many choices, everyone's got their own preferences, and the server is pretty dumb compared to the client. Our leaning is to go with apache tomcat mainly because it's apache and it's widely deployed and, not least, it's what we use.
No, you can't. It's a pervasive and harmful meme that JS crypto code is easy to inspect. But it's not:
* If 100 different users are served the code, it's easy to pick 1 unsophisticated user out and serve them something different.
* Even if your users are sophisticated, they effectively have to install the code every time they use it, so any inspection they did yesterday will help them not-at-all today
* Browser Javascript code is influenced from all sorts of places across the DOM, meaning that you need element- by- element, attribute- by- attribute inspection of the entire page context (and this is before we get into things like caching) to have any clue what a piece of JS code might be doing
* The browser itself offers you no mechanism to hash and verify the whole runtime, so there's no way to lock in a specific inspected cryptosystem; even if you have the SHA2 hashes for your crypto .js, you won't have it for every point in the DOM that can override methods in that code
Leaning on browser javascript for cryptography is a bad idea that, I think, shows a fundamental disrespect for the security needs of actual real people who will be fooled into relying on it. I strongly advise you to go in some different direction.
While I agree with your general point, there has been some recent work < http://www.defensivejs.com/ > on isolation of javascript from the rest of the DOM/session. What's your take on this kind of static analysis?
Also, if a given, well-known resource could be pinned to a specific hash and third-parties could easily certify that specific hash, would that ameliorate the primary concerns with JS cryptosystems?
If your device or browser is compromised, you have bigger problems than someone subtly modifying your js runtime.
Similarly if a host is compromised to serve bad js files. We can't solve endpoint security. And clearly NSA is now very good at breaking the endpoint at both ends.
I agree that it's not useful to say "just inspect the code"; no one really inspects their binary executables either, but we're committed to let you do so.
Let me be clear that JS is not required; it's just how we're making our reference client because we don't believe most people are going to download a custom client.
You can write a working client with bash+openSSL+curl if you want. The whole thing is simply signed text snippets over http.
> If your device or browser is compromised, you have bigger problems than someone subtly modifying your js runtime.
It is trivial to compromise the browser context of the page. In the case of a browser bug another tab can interact badly with the current tab. In the case of a MITM attack on (sadly quite possible given the potential adversary) the attacker can modify the JS in flight to the browser. In the case of an externally loaded resource embedded on the page that resource may modify the execution of your crypto. There are also CSFR, XSS and other JS vulnerabilities to account for.
Javascript is a hopelessly bad place to do crypto. Consider doing an signed browser extension that does this on the desktop and native apps on the phone. I would also suggest a native app on the desktop as well. People seem to really like them for twitter.
That said, the js crypto isn't the part I'm worried about. It's all the scripting vulnerabilities to guard against in the browser.
Still, if anyone has mission-critical privacy they want to protect, we expect there will be hardened native clients to choose from.
Most posts from most people are going to be public anyway. We keep the public stuff public, but signed and search-indexable, and we let you do private stuff securely if you want to.
I think it's a bad idea to mix a system that isn't expected to be secure, with ones that are expected to be secure.
Just like how sending a gpg encrypted email to (some) users of hushmail wasn't secure, because in the end hushmail encouraged insecure handling of the private keys.
In the end, the only rational, informed choice, is to regard the whole system as (in)secure as its least secure part.
If there is to be any point to a "secure social network", the trust you can place in the network (implementation) should be at least as high as the trust you place in those you share with?
Will you be able to take reasonable steps to prevent private keys to be written to (unencrypted) swap, for instance?
Promising a "secure" social network, kind of implies that data you share is secure from your spouse, for example.
Java/Tomcat is an unsavory prospect for many folks. The options for building the server side are numerous; Tomcat is a clunky, resource-hungry PITA that many folks, myself included, go out of their way to avoid. If the devs are Java guys then that's their business, but the choice will almost certainly decrease the user base.
Yes, this is the kind of feedback we're looking for with regard to another comment here. This is why we haven't committed to a language for the server-side reference impl yet, because we're not sure what would be useful. (Our prototype is java, fwiw.)
Very familiar with the document, but it mainly just boils down to watch-out for XSS attacks. We require SSL to deliver the entire page with no external libraries or references. His response to this doesn't really say anything. See: "WHY CAN'T I USE TLS/SSL TO DELIVER THE JAVASCRIPT CRYPTO CODE?" We need the crypto for keygen and signing and encryption, so he's missing the point completely.
To the other point made above along the same lines, the protocol is the key and you are free to choose your own client. No matter which you choose, you have to trust the source.
Our goal is to get the protocol adopted and used as widely as possible. Mass adoption is only possible if there's a web client with JS crypto, and there's no way around the need to trust the server you download it from.
Assume for a moment that JS crypto is insecure. If you use a web client with JS crypto to bootstrap acceptance, then the majority of your clients will end up using JS crypto. If the majority of the clients on the 'network' are insecure, then what's really the point?
A single client isn't weakened by other compromised clients.
If you run a hardened trustworthy client, your own public posts are still verifiable, and private posts meant for you are decodable only by you.
You would just need to make sure to send your private posts only to others that use trustworthy clients. But, because you're sending them a secret message in the first place, you already implicitly trust them.
> You would just need to make sure to send your private posts only to others that use trustworthy clients.
And how would you make sure of that? Is there a field in the user data that says: "419 I speak the protocol, but I don't give security grantees - fool you for talking with me?". Is there planned an easy UI for showing you which of your contacts are part of the secure network, and which ones are backdoors into the network?
I'm not being flip about it. Granted, entropy is an issue with in-browser JS, but the rest of it is really just cautionary about browser bugs, compromised browsers, and known page-based browser attacks. Very little doesn't also apply to every crypto system on every platform. If you can't trust your OS or browser, you've got bigger problems.
I'll submit that because it's in-browser it's additionally difficult - very difficult - to get right, but I don't see that it's impossible.
Well, it's kickstarter so we're deferring some decisions until it closes, and leaving room to listen to our backers.
I know you probably meant to snark, but to take your question seriously, the question we have is: do we open up our working prototype, or write a reference impl from scratch in a language more useful to our community.