[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Cryptographic social networking project



On Tue, Dec 30, 2014 at 03:14:33AM +0330, contact@sharebook.com wrote:
>  
> 
> Hi all. we published documentations about our big plan here
> sharebook.com/design.html

Thank you for posting to several mailing lists about it.
I see you have spent quite some time in the design of
the cryptographic aspects of things, but as the designer
of http://secushare.org - a distributed social network
supposed to protect data, metadata, but also to scale,
I see some aspects that may turn out troublesome on the
scalability front.

Most transactions on a social network are one-to-many
distributed messages.. your model provides postings
and comments to postings, both requiring "hundreds" of
circuits to hidden services being established or
maintained each time something happens on one person's 
timeline. In your example, Alice has 167 friends,
therefore if a posting of hers triggers a conversation,
her node would have to relay each piece of conversation
to 167 other hidden services without a distribution
strategy.

This will not scale well since Tor has no optimization
for one-to-many use cases. We are specifically developing
a multicast distribution layer into GNUnet to address
these types of use. See http://secushare.org/scalability
and http://secushare.org/pubsub for further details.

But that's not all yet, according to your document
each posting or comment isn't actually delivered directly 
but rather stored in form of what you call a "Block" on a
"PseudonymousServer." All of the 167 recipients have thus
to maintain a circuit to one or more PseudonymousServers
in order to retrieve the ongoing comments of the discussion.

This also opens up doubts concerning anonymity. If a
global passive observer can correlate EntryNode activity
with the traffic going in and out of PseudonymousServer,
wouldn't it be likely that very similar bursts of Block
retrievals would allow to reconstruct the social graph
of Alice? Even more, if the attacker p0wned this specific
PseudonymousServer and thus knows which Blocks are being
retrieved? Your design doc specifies that you are lacking
an incentive for creating large numbers of such Pseudony-
mousServers, thus the attackers would be the only ones to
have a motivation to offer such "free" services.

These would be things that worry me at first glance, maybe
I could find more if I spend further time. I do in any case
appreciate your idealism and the effort you have put into
this so far. I would love to have you work with us on
secushare.org. You can fork it and call it sharebook if
you like.


-- 
	    http://youbroketheinternet.org
 ircs://psyced.org/youbroketheinternet
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk