Hi all, This Installfest, I mentioned about how we liked facebook of two years ago: It's apparent that to many people, facebook is too creepy, because it "knows" too much about you. Some people don't feel secure to share anymore: What do Facebook store? People tried to solve the facebook's problem either by building it on the reputation (google+) which turned out to be disappointing, or doing it by a distributed network (diaspora) which turned out to be too much of a pain in the ass to set up, and isn't feasible to the general public (one has to be really savvy and has a private server to be sure of that).
Recently I have this idea popping up to my mind. Can we make a "social network" that is inherently secure? That is, a crypted social network. That will solve the problem of people worrying about their privacy being invaded. RSA crypto or even better, OTR crypto (might be too overkill). All the (private) messages and status updates being flown on the network will be encrypted and decrypted *on the client side* so that everything the sever stores is inherently worthless unless "something" is provided to decrypt it at the user's end. My theory: It may be possible. We might be able to do that by "delivering" status updates from me to my existing friends by crypting any and every status update made by me to my friends' stream with their respective public key. I think it's even possible to piggyback this "cryptedsocial" network over a well-known protocol, such as jabber. That way we can indeed have a protocol with email-grade compatibility. This will leave the implementation/interface/whatever to each provider to implement. The web interface, if there is one, is just simply a front-end, not a requirement. We just have to agree on what the format of the messages between the cryptedsocial bots will be like and how to interpret them. For example, when it's me [email protected] connected to [email protected], it's just technically [email protected] pushing chats as status updates to handler [email protected] over jabber. It simply my server at cryptedsocial.nerdsocialnetwork.org talking to the server at cryptedsocial.freeshell.org. We can specify what server handles this cryptedsocial-over-jabber with a TXT record for each domain (we have to have a separate server as we don't want to confuse normal jabber with cryptedsocial jabber). As long as the "cryptedsocial" server caches messages from my friends delivering to me (i.e. "offline messaging"), I can use a modified version of say, Pidgin or Psi to "connect" to it and get updates from my friends every time I log in. It's easy to see that this solves both. You don't have to really trust the provider being honest with what they promise that they will store on the server, also client side/javascript even 1024bit RSA with is totally, positively possible and will require almost no special setup on the client's side. Javascript RSA is possible (http://cryptico.wwwtyro.net/). That poses an interesting problem of how do we make semi-public ("friends of friends") status updates, and how new friends that weren't friend with me get status updates I made in the past. This might or might not be a limitation, depending on how you view the problem. It also poese a problem for people with lots of friends, say 5000 because a status update will have to be crypted 5000 times to deliver to each of his friend's stream. But when a person has 5000 friends, they probably doesn't care about their privacy anyway. I exchanged a few emails with Dr. Bindner about this and I think it's an interesting concept if anyone cares. I wonder if anyone has any objections or thoughts about this idea. - Huan. -- http://tnhh.net/ | 6609889066 | @huant
