Thanks! Very interesting! The 10X speedup for curve25519 is very impressive (in linked crypto report). I can’t wait for those primitives to be exposed in webcrypto.

    1. 1

      A decentralized social network should have trust-less servers. The servers should just store encrypted data and serve it up, without being exposed to the social graph and with other metadata minimised.

      Identity should also be independent of servers (and hence DNS).

      At the networking layer they will also need to use something like onion routing or a mix network to fully protect the social graph.

      I don’t think existing decentralized social networks can really achieve all this, because privacy isn’t an add-on, it needs to be a fundamental guiding principle at every layer of design.

      1. 1

        May I be debunked around post-quantum proof cryptography: Is it something to bother this early? I feel like this is up to CryptoPeople to tell to NonCryptoPeople about that rather than the other way around.

        I have the impression that it is more about studying well how ciphers face the threat than finding the Golden Bullet.

        1. 3

          Should we be bothering with research and serious implementations? Yes. Quantum computers are an inevitability and it’d be nice to be ready when they’re there.

          Should we be putting them in production? Probably not. Many NIST post-quantum cryptography candidates are still getting attacked left and right. And there’s a non-zero chance that the result will still either be impractical, patent-encumbered or both.

          1. 2

            Being able to build large enough quantum computers to break current asymmetric cryptography is definitely not inevitable. There are many issues that may end up making it physically impossible to make such a computer that runs long enough to do such a computation. Of course, it is prudent to assume it will happen and develop resistant cryptography in the meantime.

        1. 2

          Get a domain and put it on the Public Suffix List. Generate fresh subdomains e.g. .domain.tld for your iframe. Different origin, different security context.

          If you want to opt in to be in a fully different process, you’ll need to look into Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy (COOP and COEP). Even then, you might not, depending on browser and underlying operating system.

          P.S: You may be able to cheat yourself into a separate process using https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Large-Allocation but that doesn’t work with iframes

          1. 1

            Hi @freddyb, thank you for the reply. We’re hoping to rely on OOPIF for isolation - my understanding is Firefox is planning on implementing that? We specifically don’t want to rely on the domain name system for a few reasons. We want to totally lock down the sandboxed code, so no web requests that aren’t intercepted by the service worker for example. This means we can prove that the apps can’t exfiltrate data. We decrypt everything locally and don’t want to expose that to code that is loaded from another server/domain, which you’d have to then trust.

            Other reasons we don’t want to rely on DNS are that we want to be able to work fully offline (including being connected to some local nodes over P2P), and we want self-hosters to not need to do anything to do with domain names (nor to trust us and our servers). We can currently run a localhost Peergos instance which does TLS 1.3 to other Peergos instances using IPFS’s P2P streams, where the address is the public key hash of the target so no need for DNS.

            I’d love to talk with you in more detail if your interested?

            1. 2

              OOPIF are mostly an implementation detail of chrome browser.

              What you need from a specification perspective is your own browsing context group. That’s what you’d get with COEP & COOP.

              1. 1

                I’ve set up an analogous example using COEP and COOP to sandbox the iframe as well as CSP, but it seems to have exactly the same problem. After loading the root document of the iframe from the service worker, any subsequent asset request fails to be intercepted by the service worker and thus 404s. In this case it’s for the image burritocat.jpg


          1. 2

            Not tested, but IIRC if tou do not use the sandbox attribute and instead use document.origin = document.origin you should get a cross-origin iframe environment that your service worker should be able to intercept…as it is in the same origin.

            …don’t ask how I know this ;-)

            1. 1

              The point is we have sensitive stuff like encryption keys in the outer context. So we need full separate process sandboxing to protect from Spectre et al.

            1. 4

              I wrote up my thoughts on how users can protect themselves from this: https://peergos.org/posts/keybase-left-building

              1. 3

                I’ve been optimising the direct S3 blockstore access in Peergos (not released yet, but it allows all reads and writes to act directly from the browser, rather than proxying through our servers)

                Also reacting to the Keybase acquisition:


                1. 2

                  I’ve been working on enabling direct reads and writes from/to our S3 blockstore in the browser for Peergos. The Java SDK from Amazon doesn’t expose this so I’ve had to roll my own request signing class, which essentially amounts to my own S3 SDK, but in a single class, not 60mb of jars. This should make hosted Peergos much more scalable and faster. The cool thing is for writes we can force S3 to verify the sha256 of uploads. This allows us to maintain the blockstore as content addressed.

                  1. 4

                    This is a very interesting article! @awn, I’d love to have a chat in more detail offline! It has a lot in common with the design decisions we’ve made in Peergos, where:

                    1. All our encrypted data is stored in a key value store, where the keys are random
                    2. You can’t tell the difference between a directory and a small file
                    3. Files are split into 5 MiB chunks and also padded
                    4. You can’t see the directory topology
                    5. You can’t see the size of any individual file, or even the number of files
                    6. This has all been designed with plausibly deniable dual (or N) login in mind
                    1. 3

                      Sounds interesting. I am working on applying the idea to create a deniable, in-memory, encrypted filesystem. I would love to compare notes! Feel free to reach out at the email in my profile.

                    1. 20

                      Java without a shadow of a doubt.

                      • unbeatable backwards compatibility on both source and binary level for 25 years
                      • best GCs in the world
                      • can even compile to JS with some work, as we do in Peergos
                      • AOT compile to native if you want
                      • world class debugging and profiling experience
                      • plugins for projects benefit from same backwards compatibility guarantees (unlike Go where a minor version change totally breaks things)
                      • the language is getting better every year, but in an extremely well thought out and considered way
                      1. 6

                        I can understand why the JVM is attractive, but why Java over Kotlin, Scala or Clojure?

                        1. 5

                          I love Scala the language, but can’t deal with the compile times from scratch, and Java seems to be getting all the good features of Scala slowly. I very much prefer static types, which rules out clojure. Kotlin I would consider, but it’s much more likely to go away or stop being developed than Java, being totally controlled by one small company. Kotlin’s JavaScript target is attractive though - I wonder how it compares to gwt/j2cl especially in jsinterop?

                          1. 1

                            Java or Kotlin.

                            But it usually ends with Java because I am trying to solve a problem, not learn a language.

                            And also because my favorite IDE doesn’t support Kotlin.

                          2. 2

                            the language is getting better every year, but in an extremely well thought out and considered way


                            Never had that impression about the latter part.

                            It feels like every presentation of new Java features consists of

                            • a first half in which past decisions to take shortcuts in language design are condemned,
                            • then the other half in which new language design shortcuts are applauded as clever.

                            I see a connection behind this yearly occurrence, Oracle devs somehow don’t. ¯\_(ツ)_/¯

                            So yeah, it gets a bit better (as long as you follow the ideology of “adding features improves a language”), but the design feels cobbled together, completely focused on navigating the ever-narrowing path between growing technical debt and past bad decisions, with no focus on making better decisions in the future.

                            It’s all “the feature is like this, because this is the only way we could make it work”, not “the feature is like this, because this is how it should work”.

                            1. 3

                              I’ve been programming Java since 1.4 and in that time we’ve gotten:

                              • generics
                              • enums
                              • lambdas
                              • world leading concurrency library
                              • streams
                              • fork-join pool
                              • type inference
                              • modules
                              • record classes
                              • a repl
                              • jlink to make custom images that don’t need a JVM, record classes
                              • built in aot native compilation
                              • Java implemented in Java with GraalVM, including a JIT
                              • zero overhead language interop via Truffle for languages like C, C++ fortran, JS, Ruby, et al.

                              Soon we’ll be getting inline (value) types which will make Java first class for matrix based calculations, and fibers/continuations which will remove the main feature Go has over Java.

                          1. 25

                            I actually discussed this with a friend because we were frustrated when we tried to persuade others to use eg Signal. We came up with a three tried argument list.

                            You might not care but others do.

                            This is basically the argument made by the two articles, Snowden et al. While one might not have anything to hide. We have to protect others that care for us such as NGOs and journalist. I’m from Germany and folks here still can remember the last to dictatorships. So it’s probably more convincing here.

                            You don’t know if you have anything to hide.

                            A lot of people don’t really know what they have to hide until it hits them. That was covered in the article below as well. My example is often WhatsApp. Facebook might encrypt the messages but the value is in the meta data. Who wrote to whom when from where. It is very scary what these data points can reveal. I once saw a talk by someone who started to track himself. He found that he could predict his movement with just around two weeks worth of data. So what would your opponent say if the next credit card, apartment or job is refused based on some meta data on them?

                            Your future self might care a lot.

                            This is the most convincing to me and usually got others as well. While we might not have anything to hide now we might care quite a bit in the future. Any data is saved for basically forever. Companies and states might not see value in the data they have now but they are quite eager to find use for it. Facebook is in active talks with banks to base decisions on data. It takes not much imagination to see health care companies evaluate our purchasing behaviour of the last decades to decide on our premiums.

                            This is a sloppy write down. I know the frustration.

                            1. 6

                              You might not care but others do.

                              One thing I heard that really opened my eyes to this was the idea that, in order for a restrictive law to be changed, it must be broken. The easiest examples are prohibition laws - with alcohol prohibition in the 1930s US, to more contemporary prohibition laws involving cannabis. Millions of people smoke weed erryday, be it for recreational or medical purposes, and many state governments have caught on that maybe it’s not as bad of a thing as they originally thought.

                              Another example that might fit would be in countries where homosexuality is illegal. If authorities snoop texts and phone calls in order to determine homosexuals in their country, they will forever be oppressed by the whims of whoever is in charge that day.

                              1. 1

                                smoke weed erryday

                                I see what you did there ;)

                              2. 5

                                Donald Trump has been a strong example for “Your future self might care a lot.” (in the past I’ve heard “what if the nazis got into power again!” to which the response is “like that would ever happen”). You may trust some governments, but Donald Trump is president now. He has a console in front of him, he can search everyone’s emails, everything. What do you think he could do with it? Did you ever say anything bad about him he might not want you to repeat? Do you think he could use it to target people he doesn’t like and prevent them fighting him? If only those people had been using encryption to protect themselves.

                                1. 1

                                  Can we please not have politically-charged content here?

                                  1. 4

                                    Eh, I’m personally fine with it as long as it’s stated civilly and makes a relevant, substantive, & debatable point. Once someone starts throwing stones, then we can start talking about shutting people down.

                                    1. 1

                                      I’d just like to state, as I didn’t make this clear enough despite it being my intention as the message, I didn’t mean to express an opinion on politics. Mostly because I don’t have one! I don’t follow political news, or Donald’s latest controversial news story or whatever. It was intended to be entirely a specific aspect of the government angle that historically I’ve failed to express. Due to a lot of dislike for Donald, it has recently gone down much better.

                                      I apologize if it came across any other way, I also don’t want that kind of content here. Hopefully my point wasn’t too diluted by my failure to properly include that in my comment.

                                  2. 3

                                    There is one more you missed:

                                    Massive data stores mean massive data breaches. This costs the whole society, and sometimes in the billions. There was great blog posted that I believe I saw here on lobste.rs that used the analogy of stockpiling oily rags to extract tiny amounts of oil from and the dangers that poses. I can’t find it right now though.

                                    tl;dr: Collecting too much data in one place can be dangerous, it is not about you personally.

                                    1. 3

                                      A good example that highlights the last two categories is:

                                      Are you okay with being denied insurance, or having increased premiums because some machine learning algorithm drew some incorrect inference based on your private data?

                                      1. 1

                                        The simplest way to communicate “You might not care but others do” for Signal specifically is: whenever people ask for contact info, explain why they should make a Signal if they want to contact you, and refuse to use alternatives.

                                        If they insist on not using Signal to contact you, they’re putting their convenience over your privacy, which is what we call a lost cause.

                                      1. 12

                                        Personal story: back when I was 19 or so, I was at a University where the head of the IT department didn’t like me. As part of that, he ordered his minions to go through everything I’d done - including restoring backups to go through things that happened in the past. What they found wasn’t much, but it was assembled into a superficially damning report.

                                        What I learned from this is the investigator is not neutrally trying to uncover facts. If somebody is investigating you, they have a goal, and that goal is to impugn you. It doesn’t matter if you did nothing wrong; it matters whether there’s anything that can be cherry-picked, taken out of context, and misrepresented as something that might be wrong. The more material an investigator has, the more such things they can find.

                                        Have you ever wondered why political campaigns like to dig up old photos of an opponent standing next to $shady_character? Since they’re public figures, these people are in hundreds or thousands of photos per day over careers spanning decades, so the amount of potential material is huge. The old photo is presented without context as to how it came to be; maybe $shady_character wasn’t even known to be shady at the time and the person standing next to them had no way to know. They might be standing next to Mother Teresa the next day, but that won’t be the picture that’s presented to undermine them.

                                        What’s sad is, as far as I can tell, the “I have nothing to hide” group are the ones most prone to being influenced by this type of behavior.

                                        1. 13

                                          This is along the lines of Cardinal Richelieu,

                                          “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”

                                        1. 1

                                          I think we can all agree by now that there’s really no such thing a privacy on social networks.

                                          I strongly disagree with this. We can do a lot better than the data and metadata spraying that is the fediverse.

                                          1. Private messages should be E2E encrypted, in fact everything should be encrypted!
                                          2. Your data should be exposed only to your chosen audience (who also opt in themselves)
                                          3. Your social graph should be known only to you.
                                          4. You shouldn’t need to trust the server
                                          5. You should be able to move servers without losing your social graph, and without them needing to do anything

                                          The list goes on.

                                          1. 9

                                            Is this finally how we get Java as the one true language platform we were promised in the 90s? Java -> WASM. What a world we live in.

                                            (Only half being snarky here)

                                            1. 4

                                              Google already wrote a java->js compiler a long time ago. I think parts of gmail etc were written in java for a long time if they aren’t still.

                                              1. 3
                                                1. 2

                                                  And the GWT replacement, J2CL

                                            1. 29

                                              As much as I believe every single last person involved in cryptography yelling “use Signal”, it doesn’t fit everyone’s use case of a chat application.

                                              Signal has a hard requirement that you give them a mobile phone number to tie to an account and register from a smartphone. This number is also exposed to other contacts. As for the alternatives in the article, namely: Wire has monthly fees that may prove difficult to pay anonymously. WhatsApp is owned by Facebook; even if you consider this okay enough somehow, that still requires you to go through your smartphone, on which it requires a phone number for registration; not that you could install it on an OS that isn’t macOS or Windows anyway.

                                              People may suggest to “just get a burner SIM”. But that is not a reasonable option if your goal is to hide your real life identity: For example, in Greece and Spain, you must provide ID and formerly anonymous SIM cards were blocked see COM(2010) 253, p. 69. That’s a non-starter in these scenarios. Of course, you may still argue that people that need to go to such extents to hide are almost certainly criminals, terrorists or dissenters (none of which may be worth protecting depending on your morals), and you’d probably be right. Nonetheless, the increasing disappearance of an untied, non-real-life identity scenario is a worrying prospect to me.

                                                1. 5

                                                  Read to the end of the article, where Signal clarifies that they don’t consider it a problem because the goal was never for Signal Desktop to provide at-rest encryption. (I will say however that I too have always wondered why they bothered using SQLCipher to begin with.) If you need that, use full-disk encryption. That will protect you much better.

                                                  “But they should be aiming for at-rest encryption.” Let’s play this out:

                                                  1. The only way Signal Desktop can accomplish this without some additional support from the platform*, AFAICT, is to require a decryption password that the user types in at startup. Already this breaks a lot of useful things: it breaks the ability for the app to autostart when the user logs in, and that means that if the user forgets to type in the password (and they will) notifications for new messages won’t work, silently. So already we’ve seriously broken the UX.
                                                  2. The decryption password can’t even be secured properly. A malicious app on your system can just sniff the keystrokes. Or, it can just record the screen. AFAIK Windows and macOS don’t restrict these operations by default (maybe keylogging, but I’ve never gotten a prompt or anything for screen recording IIRC). Wayland on Linux is supposed to fix this but adoption is “in progress” at best on that front so that doesn’t do us any good.
                                                  3. Let’s say that isn’t a problem. Maybe something changed since I used Windows or macOS and they’re better now. The password still isn’t secure. Your disk isn’t encrypted so the attacker can tamper with the Signal binary if they have physical access. Now Signal is malicious. Game over.
                                                  4. But let’s say that the attacker doesn’t have physical access, and you’re sure all the apps on your system are trustworthy. Are you sure they don’t have a security vulnerability and won’t get compromised to sniff your Signal password?

                                                  The list goes on. This can’t be mitigated at the app level because the platform is fundamentally not designed for this. Mobile devices isolate apps by default; you don’t routinely run processes that aren’t sandboxed. But on desktop, the opposite is true. There are valiant efforts to sandbox apps, like the Mac App Store requiring that all apps distributed through it enable sandboxing, and Flatpak on Linux. But those are still opt-in. Are you sure that everything on your system is sandboxed enough? To actually guarantee this, you need something like Qubes.

                                                  Signal Desktop absolutely has problems… but I don’t think this is one.

                                                  [*]: keyrings have this same problem. Usually they’re unlocked automatically on login, so any unsandboxed app running in the user’s session can just ask the keyring to give it the Signal password. At least AFAICT… I vaguely recall macOS having some sort of access control.

                                                  1. 2

                                                    The core premise of the article is completely mistaken. The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.

                                                  2. 9

                                                    I definitely agree that, when possible, people should avoid communication tools that require phone numbers and use something like XMPP with OMEMO instead.

                                                    If you do need/want to use Signal or similar, there are phone number options that let you maintain anonymity. For example, https://jmp.chat/ gives you a Canadian or US number without requiring any identifying information (you can even signup over Tor). If you want to keep the number past 30 days, you can pay in Bitcoin Cash or Bitcoin, or use https://shapeshift.io/ to pay with other more anonymous cryptocurrencies.

                                                    1. 8

                                                      Yep. I use Signal extensively in my labor activism. This is an example of an activity which is entirely legal in the United States, but where I am putting people in danger simply by talking to them. I agree 100% with all your criticisms, and it’s quite unfortunate that there are many situations in which there isn’t a realistic alternative.

                                                      1. 2

                                                        Is there at least groundwork for such an alternative to Signal that doesn’t require a phone number? I’m in the same situation.

                                                        1. 1

                                                          The protocol is open, although it’s my understanding somebody would need to do a lot of implementation. I’d also suggest that future work should be based around expecting users to explicitly manage their keys, rather than trying to abstract that away.

                                                          1. 2

                                                            I’d also suggest that future work should be based around expecting users to explicitly manage their keys

                                                            Why? To me this is the main selling point of Signal. And from my observations teaching PGP (long ago), key management is one of its biggest downfalls.

                                                            1. 1

                                                              Sure. It’s because the automatic management both introduces insecurities, and makes it so that good key-verification practices are more friction than sloppy practices.

                                                              The most significant insecurity is that anyone with control over your phone number can gain control of your account. A stolen SIM or a number-porting attack could both be used that way. They won’t see message history, but they’ll be able to impersonate you. The only defense against this is that there’s a small notice in each chat about the safety number being reset.

                                                              The point about safety numbers dovetails with my larger point about good practices being hard. When you’re scaling up a large organization, educating everybody about what the safety number means and how to verify it is a constant undertaking. Meanwhile, people are constantly replacing their devices, accidentally reinstalling the app, intentionally reinstalling the app, etc for a variety of reasons. It’s constant tedium, and if you just punt on doing the work, there’s a chance of an impersonation attack being successful.

                                                              What I would like is to put key management front and center, so that everybody gets the message that this is something they should be paying attention to and learning more about. I’m envisioning, for example, a first-start wizard that walks users through creating an offline key and using it to sign a per-device subkey, with alternatives also presented if they want to add a key some other way. Yes, it’s a lot of work which would slow down adoption immensely. Thus, I don’t realistically expect any for-profit entity to be the first to offer a product that works this way. Still, in my ideal world, it’s what I’d like to see.

                                                              1. 1

                                                                Hm. So if I can rephrase this position, basically you’re saying that good practices (i.e. verifying safety numbers) isn’t on a level playing field with unsafe practices, because it’s much easier to do the latter. And basically you want to level the playing field by making both take equal amounts of effort? Did I get that (somewhat) right?

                                                                1. 1

                                                                  I think that’s right, yes. I know it’s in some ways a quixotic idea.

                                                      2. 6

                                                        I use Signal constantly, but this is a sound comment and still only covers maybe half the serious concerns I have with Signal.

                                                        1. 2

                                                          We are pseudonymous in Peergos (no phone number or even email required to sign up). At the moment we are focussed on storage and sharing, but we plan to implement a group chat/messaging solution using Messaging Layer Security once it stabilises.

                                                        1. 3

                                                          First paragraph is wrong. You can simulate a quantum computer on a classical computer. It’s just much slower.

                                                          1. 5

                                                            I have a few questions I’d love to know about Matrix:

                                                            1. Can I run a matrix server in my house if it is behind a NAT?
                                                            2. Do I have to have a domain name if I want to run a server?
                                                            3. Am I able to change the domain name of my server without breaking my account?
                                                            4. Is there a statement anywhere of exactly what information is public, like the source and target of each message. What I want to know is what metadata is public (also with encryption enabled)
                                                            5. Is it possible to backup my data elsewhere such that I can restore my identity and social connections to a new server if the old one shuts down suddenly?
                                                            1. 7
                                                              1. Yes, but you would have to enable port forwarding. For carrier-grade NATs you might need something like a WireGuard VPN to publicly expose your server.
                                                              2. Yes, using an IP address is only supported for development purposes, don’t do this in production.
                                                              3. No, when MSC1228 is implemented this will be possible. But I assume that won’t happen too soon. While you currently can’t change the domain that is included in your identity (@user:example.org) you can change the domain where your server is running. E.g. your username can be @user:example.org while your server is running at matrix.example.org. This is documented here. You can later change the domain where your server is running, but the domain in your username is fixed. I would recommend not to include a matrix.-prefix in the username domain.
                                                              4. If e2e-encryption is enabled in a room, all content (text messages, images, files, one-to-one voice calls) is encrypted end-to-end. Room membership, permissions and invitations are visible to the adminstrators of the participating Matrix servers. Integration stuff like group voice conferences via Jitsi are visible to the server administrators of the integration server (which is usually vector.im).
                                                              5. You can do regular backups of the database and the media directory, as long as you keep control of your domain you can spin up a new server and just restore the data.
                                                              1. 1

                                                                Thanks for your answers MazeChaZer!

                                                                A few clarifications: for 4 I’m interested if there is any effort to hide things like message sizes, file sizes, file names. How is the membership list restricted only to participating matrix servers?

                                                                For 5 I’m talking about the situation where my hosting server shuts down (say I’m using a service that decided to shutter). Am I able to restore my backup on another server? It sounds like the answer is no. Which means that to be safe you should never sign up with a domain name you don’t control. Could you set up you own domain name and point it to another matrix server’s domain which you don’t control and sign up that way?

                                                                1. 1
                                                                  1. I’m not aware of any efforts to hide message or file sizes. But the file names should be encrypted as part of the message content. Membership list is restricted to participating servers because you can only access the membership list if you’re part of a room. Federation doesn’t mean that every bit of available data is publicly exposed.
                                                                  2. Yes this is correct, I recommend that you get your own domain name. Then you can use the domain you control for your username and the hoster domain that you don’t control for the server itself. On how to connect these domains see the federation doc I linked above.
                                                            1. 1

                                                              About your problem of not having writablestream available on firefox, maybe you can use serviceworker instead.

                                                              1. 1

                                                                Thanks for your suggestion. We’re already using service workers, but that’s not sufficient to download a file larger than you can fit in memory. As far as we’re aware there is no solution other than writable streams. For more information see https://github.com/jimmywarting/StreamSaver.js

                                                                1. 1

                                                                  I eventually understood.

                                                              1. 1

                                                                for others, who like me were not familiar with the tool, I found this brief intro useful:

                                                                “… You can think of Peergos as a cross between Dropbox, email, Facebook, YouTube and Twitter, but fully end-to-end encrypted and decentralised to keep your data and social graph private. … “


                                                                My questions for @ianopolous would be

                                                                a) can I use the technology without singing up for anybodys’s central service

                                                                b) can I host some content (eg my resume) on my mobile phone (android), and what would happen when phone is off (eg, is there caching?) , if not there yet – is that planned?

                                                                c)how can my resume (as example noted in b) can be discovered/searched by others

                                                                d) can it be deleted? forever?

                                                                e) I did not know fully understand appreciate the social network aspect – is that like mastodon or something else?

                                                                thank you for sharing

                                                                1. 1

                                                                  Hi vladislavp,

                                                                  Thanks for your questions. Yes you can self host Peergos and then your instance will be responsible for storing all your data. When you sign up you communicate with a global pki to claim your username. We chose the UX tradeoff there because that’s what people are used to.

                                                                  Currently there isn’t any guaranteed caching (though if someone else views your file, ipfs should cache it on their instance temporarily. Longer term we hope to let you mirror your stuff on your friend’s nodes.

                                                                  Only people who you grant access (read or write) to a file can see it. You can also create a public link to a file which anyone can use to view it, without needing to install or sign up to anything, e.g.: https://demo.peergos.net/#6MDZhRRPT4ugkJuUfcPPhf1US9u7FvRALmj42mJ6e3yDibnLtqfhchE6Frm6Lf/6MDZhRRPT4ugkJuUfcZdxu6JLKyrLBE36Kasxb4jix7An4dbeiekpDF6h2fDBM/HUja6zmXVs24zcRf15s1MWB7kfvyTCp2X9NF4EZqcw7/5Pf7SvCKyBYfP1vm5LfTSw8TMHtLWvJDLv1P4QtCXV8P2Zv8FwR

                                                                  You can delete your files yes. That was a core requirement. It should behave like a global filesystem.

                                                                  At the moment the social side is quite primitive, you can share files and folders (read only, or writable) with other peergos users who follow you (and revoke said access, which means rotating keys and re-encrypting). We plan to add many-to-many messaging ala Signal, and later a more traditional social feed as well. The whole thing is independent of DNS or the TLS certificate authorities (unless you choose to use a public web interface) so there’s no need to get a domain name and manage all that complexity if you want to run your own instance. (You can access your instance from elsewhere still without DNS or TLD using ipfs’s p2p streams which are E2E encrypted independently).

                                                                1. 2

                                                                  Now that the Peergos alpha is released I can chillax a bit. That means gardening and enjoying the sunshine mainly.