[prev in list] [next in list] [prev in thread] [next in thread]
List: moderncrypto-messaging
Subject: Re: [messaging] new peerio architecture
From: Nadim Kobeissi <nadim () nadim ! computer>
Date: 2017-07-12 20:50:15
Message-ID: 43B1850D-99EF-467D-A967-9F3BFA0B311B () nadim ! computer
[Download RAW message or body]
> On 12 Jul 2017, at 9:15 PM, Mikalai Birukou <mb@3nsoft.com> wrote:
>
> 1) From whitepaper: https://s3.amazonaws.com/peerio-static-assets/whitepaper.pdf
>
> Quote:
>
> """
> Peerio's current security objectives do not include:
> 1. Anonymizing the identities, connections, and social graphs of users.
>
> """
>
>
> 2) The "redundant" characterization of storage comes from Microsoft Azure. Stored \
> blobs seem to be the "kegs" from KegDB. These keg object are usually encrypted \
> (page 11). Yes, in 4th party, Azure cloud, not 100% encrypted, but only usually.
> By the way, kegs having kegs in them, and user access to particular kegs -- all of \
> it reminds of concepts from file system, cause that what folders + permissions do.
Here are my technical nitpicks:
1. The way in which content is sometimes repeated across kegs allows for easy split \
view/transcript inconsistency/confusion attacks from the server. If it were me, I'd \
have this all on some kind of authenticated ledger/CONIKs style verifiable data \
structure [0] and tie some authentication properties to how these split kegs are \
served. The entire keg design could be replaced with something simpler that has \
stronger integrity/authenticity guarantees.
2. They still won't let you revoke and rotate your long-term identity! This is nuts. \
How are you supposed to deal with compromise? The entire account lifecycle is not \
well thought out yet and that's unacceptable in a V2 product.
3. I felt bad about Peerio not introducing forward secrecy in 2015, but not doing so \
in 2017 is just selling short. There's so much work on this right now inspired by \
improvements to puncturable encryption [1] (and some upcoming research that I don't \
think is public yet.) In terms of preventing content loss and synchronising devices, \
Signal and iMessage (as of iOS 11) both have different approaches to this, just to \
name a couple.
>
> These two are highlights (in my partisan opinion :) ).
>
>
> There were strong statements dropped on twitter when Nadim left peerio. In absence \
> of any other information, we may guess that current architecture is what investors \
> wanted. May be there were emotions high, hence, a little misinterpreted in darker \
> colors. But really, this currect peerio architecture is just one more of those \
> lock-in islands, walled gardens, since they will not federate with competitors' \
> users. Giving up some control with introduction of federation and openness is not \
> what investors want.
It's unfair to the team over at Peerio for my objections at the time to be considered \
timeless. They're redone their entire architecture, and seem to have not followed \
through with the business goals that I objected against in 2015. This seems like an \
honest product. This is a company run by human beings who deserve a chance.
It would be much better for everyone if this new design was evaluated based on its \
face-value technical merit.
They're obviously following investor whims, which is fine, but these desires seem to \
have gone from "dangerous" to "boring", which is, admittedly, still an improvement.
How Peerio otherwise behaves as a company is, frankly, not something I care about \
anymore.
>
> Let's recall again, wiretapping is looking into content, while surveillance is \
> knowing what you do, what is your social graph. It is a social graph part that is \
> monetize-able, these days.
Everyone is doing this, though. WhatsApp, Wire… Signal and Cryptocat are \
exceptions, but their ideological bent makes funding almost impossible (I'm sure the \
Signal folks would agree.) Peerio is hardly alone. They've also given no indication \
towards wanting to monetise their social graph, and I don't think this is something \
they would do.
There's the NEXTLEAP project which is trying to come up with a social/technological \
understanding on how to get folks to federate (led by Harry Halpin) [2].
References:
[0] https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf
[1] https://eprint.iacr.org/2017/223.pdf
[2] http://nextleap.eu
>
>
> Cheers,
>
> Mikalai
> On 2017-07-12 12:59 PM, Michael Carbone wrote:
> > Hi folks,
> >
> > Has anyone been following Peerio's move to a new architecture and have
> > any thoughts on it? Or see others' thoughts online worth sharing?
> >
> >
> > https://blog.peerio.com/the-new-peerio-a-technical-deep-dive-2b25dba9cd0
> >
> >
> > Thanks,
> > Michael
> >
> >
> >
> >
> > _______________________________________________
> > Messaging mailing list
> >
> > Messaging@moderncrypto.org
> > https://moderncrypto.org/mailman/listinfo/messaging
>
> _______________________________________________
> Messaging mailing list
> Messaging@moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic