![]() ![]() In fact we should have more than just that. LynX: Doesn't make much sense to use anything less but onion routing. Free social software should thrive to protect this information from third parties. Interpersonal relationships belong to the people making them, and as such belong to the private sphere of each individual. Social graph and transmission pattern obfuscation Implemented end-to-end: Pond, OTR, Briar, RetroShare?, I2P? Implemented on link level: Tor, I2P, Retroshare, Briar, OwnCloud?, GlobalSquare? OTR requires both sides to be online, which doesn't always work out. Briar and RetroShare use similar approaches. The problem with ephemeral keys is, when is the right moment to throw them away? Pond has a very advanced opportunistic approach to this problem that we need to imitate. Retroshare has it on the wire, but when the messages arrive they are either unencrypted or regularely PGP-encrypted, thus not forward secret. TLS typically provides this on link-level, but it is susceptible to downgrade attacks. It takes special effort that usually goes by the acronyms DHE or ECDHE to ensure that things you said cannot forever be tied to your identity and retroactively be decrypted if somebody gets her hands on your device. LynX: As you know I am very doubtful of web-browser based solutions Perfect Forward Secrecy Not implemented in: Diaspora, Friendica, GNU Social, Kune, Jappix, Movim, Buddycloud, StatusNet, Pump.IO, Sockethub, Tent. Implemented in: OTR, PGP, Retroshare, Pond, Briar, I2P?, Tahoe-LAFS?, OwnCloud?, GlobalSquare? ![]() Therefore, free social software must provide strong encryption support by default, and leave it to the user to opt-out from encryption. Encryption of connections to access public contents also makes sense as a privacy-preserving tool, against abusive surveillance. ![]() Friend-to-friend encryption reflects basic Human Rights and Constitutional Rights in democratic countries under the regime of res publica. We could reach consensus on this point. :)Įnd-to-End encryption is a basic requirement for social network programs to respect privacy by design. If the description does not match your expectations, please discuss it in the associated Talk page. This section provides additional details for consensual issues. The objective of this page is to come up with a short list of objectives we all share, and identify issues. Preparing Berlin's workshop, August 24-25 2013, on the next decade's strategies for privacy-preserving free social networking software. 1.3.2 Integration of old friends on legacy networks.1.1.3 Social graph and transmission pattern obfuscation. ![]()
0 Comments
Leave a Reply. |