Posted by Rambler in Privacy (edited )

RE: The scuttlebug post. ( /f/technology/2743/scuttlebutt-an-off-grid-social-network )

I know decentralized networks has a lot of advantages over centralized networks, and that there is a big push towards decentralization and P2P networking. I've always been annoyed with the needing to sync data, find peers, and other hiccups in the technology but also am wondering how they deal with privacy in regards to individuals or users wanting to remove their data from said networks.

Like, at least with this site a user can delete their account and all their posts and it's gone... It's not available. I could shutdown the server, wipe it, and all your posts, my posts, etc will just be a memory. That is both good and bad, depending on how you look at it, but I feel like it offers more privacy than a network consisting of posts/data being distributed among many peers.

I'll admit, I'm pretty ignorant on the subject and not something I've not spent much time looking into. I've personally never liked the 'feel' of P2P or decentralized networks. Federated websites, things like Zeronet, Aether, etc.

I believe people have the right to be forgotten, to vanish digitally. Is that something that can be reasonably done with decentralized P2P networks?

5

Comments

You must log in or register to comment.

dontvisitmyintentions wrote

Only if the users and nodes cooperate. So, no.

3

Rambler OP wrote

That's kind of what I've gathered but hopefully I get hit with some knowledge. My understanding is only very basic of it. And I still hop on Zeronet / Aether and lurk. I know other, similar networks exist too.

I'm not shitting on those types of networks, they certainly have value that centralized networks do not. Not sure if there is a good 'in-between' where a user/individual still retains the ability to control the data they've published after clicking "submit".

2

dontvisitmyintentions wrote

Decentralization by means of replication eliminates the power to control that data entirely, in exchange for dissemination. The way to distance yourself from your posts is the same as on an image board: create a new pseudonymous persona, or maintain no persona at all.

In federated systems, nodes rely less on local stores, so deleting data from a node may work better. It helps make Mastodon/Pleroma confusing and fragmented because instances capriciously block other nodes and users without any signal that's happening. The result is users subscribe to multiple nodes lest their conversions be mangled by getting muted by third parties.

Federated systems could be more friendly and work with users' idea of privacy, but that requires them not to abuse the powers which they abuse now. There's no future for it in wide-spread society, and any smaller group you trust to not abuse it, you can also trust to not abuse your posts.

2

Elbmar wrote

Matrix is federated, not p2p, but when using it I noticed that if I changed my password, the encryption key for my posts would change as well which would make all of my past posts unreadable to everyone including myself, but my new posts would be readable. Of course if my past password was weak, it would still be easy for someone to decrypt my past posts.

It was possible to delete and edit posts as well. And if you disabled an account, you were met with a warning saying that people would not be able to read your past posts, which may disrupt the flow of conversations. Also, creators of a room could set it up so that any new user had no ability to view the old posts in the room. You could change your display name at any time, but your unique id is the name you chose when signing up. Your unique id is visible to anyone who right clicks on your display name.

When it comes to p2p tech, so far everyone is saying what you are suggesting is impossible, but I am at least interested to know whether it would make sense to code something similar to this, or if something similar already exists:

All posts are encrypted. nodes you connect to store your posts, but in encrypted form, and they store the encryption key for your posts. They store a generated unique id, not your display name. So if someone wants to save your posts to use against you, they have to have some basic technical capability. They need to know your account's unique id, not display name, and use the stored key to decrypt the posts associated with that id. (Most would just screenshot it in this case, which can be more easily faked so there is more plausible deniability for you)

You can change your encryption key at any time. If you change the encryption key for your posts, then the key will be changed for all nodes connected to you, making your past posts unreadable to yourself and connected nodes

if any node disconnects from you or you disconnect from it, your files automatically get deleted from their store and their files get automatically deleted from your store.

If someone really wanted to hold on to someone's posts to use against them later, they could of course make a copy of the store before they disconnect from the other node, but they would need some basic tech knowledge to decrypt what is in it. Unlike making an archive link of some centralized page which requires almost no tech knowledge. If the p2p network gets popular enough, someone might make a service to simplify this process for people (similar to archive.org). But privacy would at least be comparable to centralized services.

But I know jack shit about coding p2p protocols and applications.

2

Wahaha wrote

You wouldn't have to do anything complicated like that. Just create regular differential backups of everything, then you can go back in time and see the posts again. One of the points of decentralized networks is that you can still read everything, even without Internet. So if you design it in a way that requires an internet connection to read posts, it's no longer decentralized.

Another point is, that the reason people want to use decentralized solutions is so that nobody has the ability to memory hole anything. Not even typos. If that's not the case, then what's the advantage over centralized stuff?

1

Elbmar wrote (edited )

I think the main advantage of decentralized over centralized is that other people can't memory hole your posts. If you can memory hole your own posts, that is an advantage. If you ever get in trouble with the law, it's helpful to have no online history that they know about. Ideally, they will not know your username, but the right is too online now compared to the left. The right really should be using the internet to facilitate offline organizing more often, and that introduces the possibility of law enforcement knowing your online identity. But for example, if you are defending yourself from Antifa and get charged with assault, you may be happy if you deleted all your posts before meeting up with people so nothing you said can be twisted and used against you (though they might say it's suspicious that you deleted all your posts. It's nice that in Matrix, changing your password encrypts all your old posts by default, which looks less suspicious). The NSA or FBI could certainly still have the posts you deleted and know that you made them but local law enforcement is not so sophisticated.

I think you could have scuttlebutt or something like it, which stores all messages for you to read offline, but also have a feature where if you say that you want all of your posts deleted, then your computer could send that message out to all of your peers. They would forward that message to any of their peers who can also read your messages. (See the "Follow Graph" here https://ssbc.github.io/scuttlebutt-protocol-guide/#follow-graph ) The peers that are already online would respond immediately and delete your posts from their local store. Some of your peers and peers of peers with access to your posts could be offline so they would still retain your posts temporarily, but when they connect to the internet again, those peers would see that you want your posts deleted, either by checking with you or their peer who is connected to you, and they would immediately delete them as well.

In the scuttlebutt documentation I saw that in the future they do want to allow people to delete posts and it is just a feature they haven't implemented yet. They also want to hide IP addresses by default.

We want Scuttlebutt to be a safe cozy place but there are still some things we need to fix: Blocked people can see your public messages.
Content from blocked people is still on your computer. (This is almost fixed!)
Patchwork has some bugs that let you see blocked people in certain situations when they should be hidden
Scuttlebutt doesn’t provide IP address anonymity by itself, but you can use it with a VPN or Tor.
Messages can’t be deleted yet.

https://scuttlebutt.nz/docs/introduction/detailed-start/#stay-happy-and-safe

1

Wahaha wrote

I can see why people would want that feature, but it wouldn't change that somebody would have the ability to memory hole something, which isn't desirable, since it can be used maliciously and thus has the ability to harm trust.

If I can't trust for everything to remain there forever, there's no big advantage over centralized solutions.

Luckily, by design, all the content I see ends up saved on my computer, so with a differential backup, it should be trivial to go back in time and read memory holed posts.

1

Elbmar wrote

Not sure what malicious use would be. I haven't ever seen the type of drama where someone says something, deletes it, and then denies ever saying it and gets into arguments with people about it.

Ultimately, advantages are subjective for different people. You value posts existing forever but many people prefer the opposite. Signal is popular partially because of the disappearing messages feature. I think especially on the right, people will increasingly value privacy over convenience. I think we are probably heading into a very totalitarian, technocratic future where it will be more and more dangerous to have right wing views.

Personally, if I see a very interesting post online, I sometimes just save it in a document on my computer. If scuttlebutt implements the delete message feature, it would be nice for them to also have a save message feature that saves the message but not the username. Or allow users to just remove their identity from messages that they don't want associated with themselves any more. Similar to how reddit shows [deleted] for the username after someone deletes an account.

Patchwork and apps like it could agree to not show deleted messages in their user interface. That way, if someone was making backups, it would be harder to read deleted messages. It would still be possible, but the person doing it would need to know how to decrypt them. Don't know if that would be a desired feature by the community or not, but it would be a way to get the delete feature as complete as possible.

1

Wahaha wrote

If you're participating in a discussion and then memory hole your contributions, nobody can read up on the discussion, since part of it is missing. You could also write up a news story and then memory hole it yourself, if you feel like it.

The ability to remove something you published can be used maliciously. Thus, one of the points of decentralization is to prevent anyone from even having that ability.

1

Elbmar wrote

People can delete their messages but I haven't seen it happen enough that it really bothers me.

Yeah it's preferable for news stories to remain up forever. Maybe IPFS could eventually become popular enough that news organizations use it as well. But in the meantime archivists can use it to archive news stories permanently. I agree that it's important for news articles, scientific articles, statements from politicians etc. to not be memoryholed. But ideally, right wing groups should use private anonymous networks with auto-disappearing messages because it's safer. Members being targeted by law enforcement has a much worse effect on a group than any negatives that might come from people deleting their own messages.

1

Wahaha wrote

The entire point of decentralization is to make exactly this impossible. The promise is that no one even has the ability to memory hole anything.

The right to be forgotten isn't granted in the centralized world, either. On a technical level, all that happens is that what you posted gets hidden. Easily retrievable ten years down the line, if someone with access wanted to. The reasons for that are legal in nature, as far as I know. So if it's a small site without a bunch of lawyers in the background, you might have a chance to get your stuff actually deleted. Especially if the one who operates it likes the concept of privacy. But as a user, you have no way to verify either way.

Since decentralization redistributes power from a single source to everyone, in a decentralized network everyone has that ability. Of course, everyone would first have to agree on hiding the content in the first place.

I don't really get why people want this "right" anyway. It doesn't exist in real life. All your records are kept and all the people involved will remember. Imagine if Donald Trump would say "guys, I really want to be forgotten online, please delete everything mentioning my name". That would be ridiculous, wouldn't it?

1

[deleted] wrote

1

Wahaha wrote

GDPR only applies to personal data. Whatever you posted is still fair game. Especially if it was under a pseudonym in the first place. It's different from the "right to be forgotten".

Also, on a technological level this process isn't automated. Someone has to go in there, make sure it's your data and delete it manually from the database. It could be automated in the future, but it wasn't in the past and without building everything from scratch again, it also won't be in the future.

Also, I'm an IT guy from Europe that is very fortunate that no one ever asked for shit to be deleted. But on the bright side, even if somebody did, there's still no way for them to verify that we actually deleted everything. So reasonably, all we have to do is to no longer expose their information and nobody would be any the wiser.

1