Scalability & Paranoia in a Decentralized Social Network



There's a lot of buzz out there about "replacing" Facebook with a privacy-enhanced, decentralized, ideally open source something. In this talk we'll focus on how much privacy we should plan for (specifically about how we cannot entrust our privacy to modern virtual machine technology) and the often underestimated problem of getting such a monster network to function properly. These issues can be considered together or separately: Even if you're not as concerned about privacy as we are, the scalability problem still persists.


More Than Just "Privacy"

One of the aims of a new social network infrastructure should be to maximize privacy, not just by encrypting exchanged data, but also to hide who is talking to whom, who is friends with whom, and more aspects of this kind.

The need for this degree of privacy may sound excessive at first, but "the history of cryptography is an arms race between cryptographers and cryptanalysts."1 Therefore what is a theoretical fear today is a real threat tomorrow.2 3 In order to achieve long-lasting improvements over the current status quo it's a good idea to aim for the highest degree of protection currently feasible, right from the start, even if the end-users may not be aware and may not be asking for it as yet.

We want to provide several social network features with absolute privacy:

  1. updates, comments, postings, messages, files and chat are only visible to the intended recipients
  2. the type of the message cannot be guessed at by looking at its size
  3. communication between parties cannot be measured as they may have none to several routing hops in-between. an observer never knows if a communication came where it came from and ends where it is going to.
  4. automatic responses and forwarded messages can intentionally be delayed so that an observer cannot tell two communications are related
  5. communications cannot be decrypted weeks later, just because the attacker gained access to one of the involved private keys (forward secrecy)
  6. even if an attacker gains access to a cleartext log, there is no proof the material was actually ever transmitted by anyone (for a case in court mere data would not suffice, you need actual testimonies)
  7. the list of contacts is never managed on potentially unsafe servers, it is only visible to those it should be visible to
  8. the infrastructure is robust and resilient against attacks

There is currently no technology we are aware of that actually fulfills all of these requirements...


Read the whole paper here:




  • up

    Sepp Hasslberger

    A more readable (to the non technical) version of this is on a page called Secure Share.



    This isn't yet another alternative to Faceboogle.

    Secure Share provides a new communication paradigm for the Internet as it enables your applications to communicate securely between the personal devices of people. This is achieved by combining a flexible and efficient social communications protocol (PSYC) with an advanced anonymized routing technology (GNUnet).

    This changes the way we do things on the Internet as many applications currently offered by companies run on servers with inevitable privacy implications. These can now be architected to operate from privately owned hardware. The most popularly requested one being a social platform equivalent to Faceboogle, but distributed and encrypted straight from your phone or desktop...