Elbmar wrote
Matrix is federated, not p2p, but when using it I noticed that if I changed my password, the encryption key for my posts would change as well which would make all of my past posts unreadable to everyone including myself, but my new posts would be readable. Of course if my past password was weak, it would still be easy for someone to decrypt my past posts.
It was possible to delete and edit posts as well. And if you disabled an account, you were met with a warning saying that people would not be able to read your past posts, which may disrupt the flow of conversations. Also, creators of a room could set it up so that any new user had no ability to view the old posts in the room. You could change your display name at any time, but your unique id is the name you chose when signing up. Your unique id is visible to anyone who right clicks on your display name.
When it comes to p2p tech, so far everyone is saying what you are suggesting is impossible, but I am at least interested to know whether it would make sense to code something similar to this, or if something similar already exists:
All posts are encrypted. nodes you connect to store your posts, but in encrypted form, and they store the encryption key for your posts. They store a generated unique id, not your display name. So if someone wants to save your posts to use against you, they have to have some basic technical capability. They need to know your account's unique id, not display name, and use the stored key to decrypt the posts associated with that id. (Most would just screenshot it in this case, which can be more easily faked so there is more plausible deniability for you)
You can change your encryption key at any time. If you change the encryption key for your posts, then the key will be changed for all nodes connected to you, making your past posts unreadable to yourself and connected nodes
if any node disconnects from you or you disconnect from it, your files automatically get deleted from their store and their files get automatically deleted from your store.
If someone really wanted to hold on to someone's posts to use against them later, they could of course make a copy of the store before they disconnect from the other node, but they would need some basic tech knowledge to decrypt what is in it. Unlike making an archive link of some centralized page which requires almost no tech knowledge. If the p2p network gets popular enough, someone might make a service to simplify this process for people (similar to archive.org). But privacy would at least be comparable to centralized services.
But I know jack shit about coding p2p protocols and applications.
Wahaha wrote
You wouldn't have to do anything complicated like that. Just create regular differential backups of everything, then you can go back in time and see the posts again. One of the points of decentralized networks is that you can still read everything, even without Internet. So if you design it in a way that requires an internet connection to read posts, it's no longer decentralized.
Another point is, that the reason people want to use decentralized solutions is so that nobody has the ability to memory hole anything. Not even typos. If that's not the case, then what's the advantage over centralized stuff?
Elbmar wrote (edited )
I think the main advantage of decentralized over centralized is that other people can't memory hole your posts. If you can memory hole your own posts, that is an advantage. If you ever get in trouble with the law, it's helpful to have no online history that they know about. Ideally, they will not know your username, but the right is too online now compared to the left. The right really should be using the internet to facilitate offline organizing more often, and that introduces the possibility of law enforcement knowing your online identity. But for example, if you are defending yourself from Antifa and get charged with assault, you may be happy if you deleted all your posts before meeting up with people so nothing you said can be twisted and used against you (though they might say it's suspicious that you deleted all your posts. It's nice that in Matrix, changing your password encrypts all your old posts by default, which looks less suspicious). The NSA or FBI could certainly still have the posts you deleted and know that you made them but local law enforcement is not so sophisticated.
I think you could have scuttlebutt or something like it, which stores all messages for you to read offline, but also have a feature where if you say that you want all of your posts deleted, then your computer could send that message out to all of your peers. They would forward that message to any of their peers who can also read your messages. (See the "Follow Graph" here https://ssbc.github.io/scuttlebutt-protocol-guide/#follow-graph ) The peers that are already online would respond immediately and delete your posts from their local store. Some of your peers and peers of peers with access to your posts could be offline so they would still retain your posts temporarily, but when they connect to the internet again, those peers would see that you want your posts deleted, either by checking with you or their peer who is connected to you, and they would immediately delete them as well.
In the scuttlebutt documentation I saw that in the future they do want to allow people to delete posts and it is just a feature they haven't implemented yet. They also want to hide IP addresses by default.
We want Scuttlebutt to be a safe cozy place but there are still some things we need to fix: Blocked people can see your public messages.
Content from blocked people is still on your computer. (This is almost fixed!)
Patchwork has some bugs that let you see blocked people in certain situations when they should be hidden
Scuttlebutt doesn’t provide IP address anonymity by itself, but you can use it with a VPN or Tor.
Messages can’t be deleted yet.
https://scuttlebutt.nz/docs/introduction/detailed-start/#stay-happy-and-safe
Wahaha wrote
I can see why people would want that feature, but it wouldn't change that somebody would have the ability to memory hole something, which isn't desirable, since it can be used maliciously and thus has the ability to harm trust.
If I can't trust for everything to remain there forever, there's no big advantage over centralized solutions.
Luckily, by design, all the content I see ends up saved on my computer, so with a differential backup, it should be trivial to go back in time and read memory holed posts.
Elbmar wrote
Not sure what malicious use would be. I haven't ever seen the type of drama where someone says something, deletes it, and then denies ever saying it and gets into arguments with people about it.
Ultimately, advantages are subjective for different people. You value posts existing forever but many people prefer the opposite. Signal is popular partially because of the disappearing messages feature. I think especially on the right, people will increasingly value privacy over convenience. I think we are probably heading into a very totalitarian, technocratic future where it will be more and more dangerous to have right wing views.
Personally, if I see a very interesting post online, I sometimes just save it in a document on my computer. If scuttlebutt implements the delete message feature, it would be nice for them to also have a save message feature that saves the message but not the username. Or allow users to just remove their identity from messages that they don't want associated with themselves any more. Similar to how reddit shows [deleted] for the username after someone deletes an account.
Patchwork and apps like it could agree to not show deleted messages in their user interface. That way, if someone was making backups, it would be harder to read deleted messages. It would still be possible, but the person doing it would need to know how to decrypt them. Don't know if that would be a desired feature by the community or not, but it would be a way to get the delete feature as complete as possible.
Wahaha wrote
If you're participating in a discussion and then memory hole your contributions, nobody can read up on the discussion, since part of it is missing. You could also write up a news story and then memory hole it yourself, if you feel like it.
The ability to remove something you published can be used maliciously. Thus, one of the points of decentralization is to prevent anyone from even having that ability.
Elbmar wrote
People can delete their messages but I haven't seen it happen enough that it really bothers me.
Yeah it's preferable for news stories to remain up forever. Maybe IPFS could eventually become popular enough that news organizations use it as well. But in the meantime archivists can use it to archive news stories permanently. I agree that it's important for news articles, scientific articles, statements from politicians etc. to not be memoryholed. But ideally, right wing groups should use private anonymous networks with auto-disappearing messages because it's safer. Members being targeted by law enforcement has a much worse effect on a group than any negatives that might come from people deleting their own messages.
Viewing a single comment thread. View all comments