Ted Smith typeth: | This is a more compelling reason to have a clear core/UI distinction - | even if the core is running on commodity webhosting, all (end-to-end) | crypto could be done in the UI, and then the private keys scraped from | VM memory would just be session keys for talking to other nodes, rather | than persistent keys for talking to and identifying other users.
That sounds reasonable but does that mean we can't do it web-based? Oh, the answer to my question is at the end of the mail: | We can do crypto in javascript; it'll be a pain, but a web UI can be | done securely. Wow, that would be quite a hack. The browser would thus be the keeper of our private keys? In what form, as a TLS client cert? | > with a license that goes beyond the Affero GPL. It should be | > forbidden to run this software in virtual machines as the privacy | | That would not be a free license, so I think that's impossible here. Then I don't see any other option than to keep private data away from servers as good as possible. All they do is move around encrypted pieces of information. But wait, if it's browser based we can't keep our social graph encrypted - the server would still need to know who our friends are and that can still be harvested by ISPs, criminals or governments using extended laws in the data retention vein. -- ___ psyc://psyced.org/~lynX ___ irc://psyced.org/welcome ___ ___ xmpp:[email protected] ____ https://psyced.org/PSYC/ _____
