Finally launching our decentralized encrypted social network in Peergos which is super exciting.
Also lots of gardening now the sun has discovered the UK still exists. More running too to counteract weight gain during lockdown.
Lots of chocolate! Chocolate eggs and chocolate koalas. Also getting a new fence installed.
As a consumer I don’t want anything to do with companies that use that level of tracking. I will happily pay for a product that respects me and my privacy. We really need OSes to focus more on privacy and locking down apps using a strict capability system. I’m not a fan of Apple, but at least they seem to be priming everyone for this with their privacy warnings.
I like the aesthetic, but it’s incorrect about Java. There have been Java AOT compilers for decades, and, more recently, free and open source ones. These give you the same end result as Go - a small native stand-alone executable with no runtime except a GC.
Java AOT compilers are either slow or not fully compliant. There are a few things that make Java difficult for AOT compilation:
Most Java AOT compilers I’ve seen either completely punt on the class loader / reflection (and risk Oracle suing them, because they have a bunch of patents on bits of Java that are licensed only to 100% conforming implementations - they’ve probably all expired now though), require some special treatment (any class that you will load must be compiled to a .so), or hit really slow paths if you use them (e.g. including a simple interpreter that is used to run every dynamically loaded class, so you hit a factor of 10 or more slowdown when you use the class loader).
The AOT compiler I linked can work on a closed world assumption, or it can embed a runtime class loader (which itself is AOT compiled) - you control this at build time. Reflection targets must be determined at build time, but this can be automated with a test run, and you can always manually add entries.
As I mentioned, I’ve tried this out on a complex real world app and it worked fine and performance was excellent.
Coincidentally, Amazon have just last week announced that their entire SDK supports this AOT compiler out of the box:
Interesting, thanks. I’d heard of that, but I didn’t think they were widely used. When I’ve used applications written in Java I’d always had to run them with java -jar foo.jar or similar … then again, I guess if it was natively compiled I might not have known it was written in Java. Do you know how widely this is done, i.e., Java applications being distributed in a native, compiled format?
java -jar foo.jar
This is the most recent one I was referring to:
I’ve used it myself on Peergos. Ended up with a 32 MiB executable (including 19 MiB of web assets, sqlite, postgres client, and FUSE bindings).
Thanks for the great article!
Nice, thanks for the link. I’m glad “they” are focussing on this for Java these days. 32MB for an app like that isn’t bad at all nowadays (it’d probably be a similar size in Go).
if you look at the postJson funcition described in the article as an example of you-might-not-need-jquery. there is no error-handler. how do you find out if there was an error?
The error handling I do have (for HTTP errors) is in the callback. I don’t have any error handling for network or lower-level errors here. For this use case it’s a somewhat throwaway or easily-repeatable action, and if nothing happens the user can simply click again. Not perfect, but I think reasonable for my use case here.
You can set the onerror property to catch network level errors, e.g. https://github.com/Peergos/web-ui/blob/master/vendor/priors/gwt.js#L84
Reminds me of the Turing Tumble mechanical computers for teaching kids (highly recommend).
@soatok, I’m curious how you justify the assertion in the questions that the Signal servers have no way of identifying who can contact who? I know Signal blinds the sender of messages, but surely they still see the source IP address? Even if they somehow don’t, because they go through Google first or something, the timing is more than enough. In chats people frequently have a quick series of back and forth messages and over a little bit of time I’m fairly confident you could deduce the social graph from this.
That’s a good question. I don’t know.
It may be the case that, if Signal turned malicious and evil tomorrow, they would be able to identify who is talking to who via network timing, like you said. If that’s true, I wouldn’t know any reliable techniques from stopping that attack capability.
Thanks! Very interesting! The 10X speedup for curve25519 is very impressive (in linked crypto report). I can’t wait for those primitives to be exposed in webcrypto.
A decentralized social network should have trust-less servers. The servers should just store encrypted data and serve it up, without being exposed to the social graph and with other metadata minimised.
Identity should also be independent of servers (and hence DNS).
At the networking layer they will also need to use something like onion routing or a mix network to fully protect the social graph.
I don’t think existing decentralized social networks can really achieve all this, because privacy isn’t an add-on, it needs to be a fundamental guiding principle at every layer of design.
May I be debunked around post-quantum proof cryptography: Is it something to bother this early? I feel like this is up to CryptoPeople to tell to NonCryptoPeople about that rather than the other way around.
I have the impression that it is more about studying well how ciphers face the threat than finding the Golden Bullet.
Should we be bothering with research and serious implementations? Yes. Quantum computers are an inevitability and it’d be nice to be ready when they’re there.
Should we be putting them in production? Probably not. Many NIST post-quantum cryptography candidates are still getting attacked left and right. And there’s a non-zero chance that the result will still either be impractical, patent-encumbered or both.
Being able to build large enough quantum computers to break current asymmetric cryptography is definitely not inevitable. There are many issues that may end up making it physically impossible to make such a computer that runs long enough to do such a computation. Of course, it is prudent to assume it will happen and develop resistant cryptography in the meantime.
Get a domain and put it on the Public Suffix List.
Generate fresh subdomains e.g. .domain.tld for your iframe.
Different origin, different security context.
If you want to opt in to be in a fully different process, you’ll need to look into Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy (COOP and COEP). Even then, you might not, depending on browser and underlying operating system.
P.S: You may be able to cheat yourself into a separate process using https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Large-Allocation but that doesn’t work with iframes
Hi @freddyb, thank you for the reply. We’re hoping to rely on OOPIF for isolation - my understanding is Firefox is planning on implementing that? We specifically don’t want to rely on the domain name system for a few reasons. We want to totally lock down the sandboxed code, so no web requests that aren’t intercepted by the service worker for example. This means we can prove that the apps can’t exfiltrate data. We decrypt everything locally and don’t want to expose that to code that is loaded from another server/domain, which you’d have to then trust.
Other reasons we don’t want to rely on DNS are that we want to be able to work fully offline (including being connected to some local nodes over P2P), and we want self-hosters to not need to do anything to do with domain names (nor to trust us and our servers). We can currently run a localhost Peergos instance which does TLS 1.3 to other Peergos instances using IPFS’s P2P streams, where the address is the public key hash of the target so no need for DNS.
I’d love to talk with you in more detail if your interested?
OOPIF are mostly an implementation detail of chrome browser.
What you need from a specification perspective is your own browsing context group. That’s what you’d get with COEP & COOP.
I’ve set up an analogous example using COEP and COOP to sandbox the iframe as well as CSP, but it seems to have exactly the same problem. After loading the root document of the iframe from the service worker, any subsequent asset request fails to be intercepted by the service worker and thus 404s. In this case it’s for the image burritocat.jpg
Not tested, but IIRC if tou do not use the sandbox attribute and instead use document.origin = document.origin you should get a cross-origin iframe environment that your service worker should be able to intercept…as it is in the same origin.
document.origin = document.origin
…don’t ask how I know this ;-)
The point is we have sensitive stuff like encryption keys in the outer context. So we need full separate process sandboxing to protect from Spectre et al.
I wrote up my thoughts on how users can protect themselves from this:
I’ve been optimising the direct S3 blockstore access in Peergos (not released yet, but it allows all reads and writes to act directly from the browser, rather than proxying through our servers)
Also reacting to the Keybase acquisition:
I’ve been working on enabling direct reads and writes from/to our S3 blockstore in the browser for Peergos. The Java SDK from Amazon doesn’t expose this so I’ve had to roll my own request signing class, which essentially amounts to my own S3 SDK, but in a single class, not 60mb of jars. This should make hosted Peergos much more scalable and faster. The cool thing is for writes we can force S3 to verify the sha256 of uploads. This allows us to maintain the blockstore as content addressed.
This is a very interesting article! @awn, I’d love to have a chat in more detail offline! It has a lot in common with the design decisions we’ve made in Peergos, where:
Sounds interesting. I am working on applying the idea to create a deniable, in-memory, encrypted filesystem. I would love to compare notes! Feel free to reach out at the email in my profile.
Java without a shadow of a doubt.
I can understand why the JVM is attractive, but why Java over Kotlin, Scala or Clojure?
Java or Kotlin.
But it usually ends with Java because I am trying to solve a problem, not learn a language.
And also because my favorite IDE doesn’t support Kotlin.
the language is getting better every year, but in an extremely well thought out and considered way
the language is getting better every year, but in an extremely well thought out and considered way
Never had that impression about the latter part.
It feels like every presentation of new Java features consists of
I see a connection behind this yearly occurrence, Oracle devs somehow don’t. ¯\_(ツ)_/¯
So yeah, it gets a bit better (as long as you follow the ideology of “adding features improves a language”), but the design feels cobbled together, completely focused on navigating the ever-narrowing path between growing technical debt and past bad decisions, with no focus on making better decisions in the future.
It’s all “the feature is like this, because this is the only way we could make it work”, not “the feature is like this, because this is how it should work”.
I’ve been programming Java since 1.4 and in that time we’ve gotten:
Soon we’ll be getting inline (value) types which will make Java first class for matrix based calculations, and fibers/continuations which will remove the main feature Go has over Java.
I actually discussed this with a friend because we were frustrated when we tried to persuade others to use eg Signal. We came up with a three tried argument list.
This is basically the argument made by the two articles, Snowden et al. While one might not have anything to hide. We have to protect others that care for us such as NGOs and journalist. I’m from Germany and folks here still can remember the last to dictatorships. So it’s probably more convincing here.
A lot of people don’t really know what they have to hide until it hits them. That was covered in the article below as well. My example is often WhatsApp. Facebook might encrypt the messages but the value is in the meta data. Who wrote to whom when from where. It is very scary what these data points can reveal. I once saw a talk by someone who started to track himself. He found that he could predict his movement with just around two weeks worth of data. So what would your opponent say if the next credit card, apartment or job is refused based on some meta data on them?
This is the most convincing to me and usually got others as well. While we might not have anything to hide now we might care quite a bit in the future. Any data is saved for basically forever. Companies and states might not see value in the data they have now but they are quite eager to find use for it. Facebook is in active talks with banks to base decisions on data. It takes not much imagination to see health care companies evaluate our purchasing behaviour of the last decades to decide on our premiums.
This is a sloppy write down. I know the frustration.
You might not care but others do.
You might not care but others do.
One thing I heard that really opened my eyes to this was the idea that, in order for a restrictive law to be changed, it must be broken. The easiest examples are prohibition laws - with alcohol prohibition in the 1930s US, to more contemporary prohibition laws involving cannabis. Millions of people smoke weed erryday, be it for recreational or medical purposes, and many state governments have caught on that maybe it’s not as bad of a thing as they originally thought.
Another example that might fit would be in countries where homosexuality is illegal. If authorities snoop texts and phone calls in order to determine homosexuals in their country, they will forever be oppressed by the whims of whoever is in charge that day.
smoke weed erryday
smoke weed erryday
I see what you did there ;)
Donald Trump has been a strong example for “Your future self might care a lot.” (in the past I’ve heard “what if the nazis got into power again!” to which the response is “like that would ever happen”). You may trust some governments, but Donald Trump is president now. He has a console in front of him, he can search everyone’s emails, everything. What do you think he could do with it? Did you ever say anything bad about him he might not want you to repeat? Do you think he could use it to target people he doesn’t like and prevent them fighting him? If only those people had been using encryption to protect themselves.
Can we please not have politically-charged content here?
Eh, I’m personally fine with it as long as it’s stated civilly and makes a relevant, substantive, & debatable point. Once someone starts throwing stones, then we can start talking about shutting people down.
I’d just like to state, as I didn’t make this clear enough despite it being my intention as the message, I didn’t mean to express an opinion on politics. Mostly because I don’t have one! I don’t follow political news, or Donald’s latest controversial news story or whatever. It was intended to be entirely a specific aspect of the government angle that historically I’ve failed to express. Due to a lot of dislike for Donald, it has recently gone down much better.
I apologize if it came across any other way, I also don’t want that kind of content here. Hopefully my point wasn’t too diluted by my failure to properly include that in my comment.
There is one more you missed:
Massive data stores mean massive data breaches. This costs the whole society, and sometimes in the billions.
There was great blog posted that I believe I saw here on lobste.rs that used the analogy of stockpiling oily rags to extract tiny amounts of oil from and the dangers that poses. I can’t find it right now though.
tl;dr: Collecting too much data in one place can be dangerous, it is not about you personally.
A good example that highlights the last two categories is:
Are you okay with being denied insurance, or having increased premiums because some machine learning algorithm drew some incorrect inference based on your private data?
The simplest way to communicate “You might not care but others do” for Signal specifically is: whenever people ask for contact info, explain why they should make a Signal if they want to contact you, and refuse to use alternatives.
If they insist on not using Signal to contact you, they’re putting their convenience over your privacy, which is what we call a lost cause.
Personal story: back when I was 19 or so, I was at a University where the head of the IT department didn’t like me. As part of that, he ordered his minions to go through everything I’d done - including restoring backups to go through things that happened in the past. What they found wasn’t much, but it was assembled into a superficially damning report.
What I learned from this is the investigator is not neutrally trying to uncover facts. If somebody is investigating you, they have a goal, and that goal is to impugn you. It doesn’t matter if you did nothing wrong; it matters whether there’s anything that can be cherry-picked, taken out of context, and misrepresented as something that might be wrong. The more material an investigator has, the more such things they can find.
Have you ever wondered why political campaigns like to dig up old photos of an opponent standing next to $shady_character? Since they’re public figures, these people are in hundreds or thousands of photos per day over careers spanning decades, so the amount of potential material is huge. The old photo is presented without context as to how it came to be; maybe $shady_character wasn’t even known to be shady at the time and the person standing next to them had no way to know. They might be standing next to Mother Teresa the next day, but that won’t be the picture that’s presented to undermine them.
What’s sad is, as far as I can tell, the “I have nothing to hide” group are the ones most prone to being influenced by this type of behavior.
This is along the lines of Cardinal Richelieu,
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”