Forwarded conversation Subject: MyZone social network ------------------------
From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 12:18 PM To: [email protected] Hi, With all the recent news on NSA spying on social network users the concern over the user privacy has increased even more. I am not arguing whether it is ethical or not and whether it is needed for the safety of citizens and how effective it would be. even before this, social network providers like Facebook and Google were violating user privacy in so many ways and only a small fraction of it were revealed. A need for a more secure and private social network has always been there and was never adequately addressed. I have been working on this issue for a long time and I have been able to design and implement a social network that is inherently user privacy preserving. it uses military grade encryption and no authority can have any control over it. one design goal behind it was actually to make it resilient towards government imposed censorship and filtering. I have implemented a prototype and you can check it out on joinmyzone dot com. It is a complex piece of software but to summarize how it works you can think of it as implementing a social network over bittorrent. Feel free to send me your feedbacks. thanks. Ali -- You received this message because you are subscribed to the Google Groups "The Next Net" group. To unsubscribe from this group and stop receiving emails from it, send an email to building-a-distributed-decentralized-internet+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. ---------- From: *Melvin Carvalho* <[email protected]> Date: Thu, Jun 27, 2013 at 12:29 PM To: [email protected] On 27 June 2013 21:18, Alireza Mahdian <[email protected]> wrote: > Hi, > > With all the recent news on NSA spying on social network users the concern > over the user privacy has increased even more. I am not arguing whether it > is ethical or not and whether it is needed for the safety of citizens and > how effective it would be. even before this, social network providers like > Facebook and Google were violating user privacy in so many ways and only a > small fraction of it were revealed. > > A need for a more secure and private social network has always been there > and was never adequately addressed. I have been working on this issue for a > long time and I have been able to design and implement a social network > that is inherently user privacy preserving. it uses military grade > encryption and no authority can have any control over it. one design goal > behind it was actually to make it resilient towards government imposed > censorship and filtering. I have implemented a prototype and you can check > it out on joinmyzone dot com. It is a complex piece of software but to > summarize how it works you can think of it as implementing a social network > over bittorrent. Feel free to send me your feedbacks. thanks. > You may be interested in http://retroshare.sourceforge.net/ > > Ali > > -- > You received this message because you are subscribed to the Google Groups > "The Next Net" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > building-a-distributed-decentralized-internet+unsubscr...@googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > > > ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 12:46 PM To: "[email protected]" < [email protected]> I've seen this before but myzone is Facebook but decentralized. There are some huge challenges when you want to achieve such a goal. Sent from my iPhone On Jun 27, 2013, at 1:29 PM, Melvin Carvalho <[email protected]> wrote: On 27 June 2013 21:18, Alireza Mahdian <[email protected]> wrote: > Hi, > > With all the recent news on NSA spying on social network users the concern > over the user privacy has increased even more. I am not arguing whether it > is ethical or not and whether it is needed for the safety of citizens and > how effective it would be. even before this, social network providers like > Facebook and Google were violating user privacy in so many ways and only a > small fraction of it were revealed. > > A need for a more secure and private social network has always been there > and was never adequately addressed. I have been working on this issue for a > long time and I have been able to design and implement a social network > that is inherently user privacy preserving. it uses military grade > encryption and no authority can have any control over it. one design goal > behind it was actually to make it resilient towards government imposed > censorship and filtering. I have implemented a prototype and you can check > it out on joinmyzone dot com. It is a complex piece of software but to > summarize how it works you can think of it as implementing a social network > over bittorrent. Feel free to send me your feedbacks. thanks. > You may be interested in http://retroshare.sourceforge.net/ > > Ali > > -- > You received this message because you are subscribed to the Google Groups > "The Next Net" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > building-a-distributed-decentralized-internet+unsubscr...@googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to a topic in the Google Groups "The Next Net" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/building-a-distributed-decentralized-internet/nfrWbVmMicU/unsubscribe . To unsubscribe from this group and all its topics, send an email to building-a-distributed-decentralized-internet+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. ---------- From: *Nathan Rixham* <[email protected]> Date: Thu, Jun 27, 2013 at 12:50 PM To: [email protected] The only real way to tackle this, is to tackle it from the ground up. Once you have private, encrypted, ACL controlled personal data storage, then you can mount anything on top of that in the same way we do with the web. It simply makes a private, encrypted, ACL controlled web. Then everything built on it, social or not, is built the right way. retroshare is worth looking at. ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 1:26 PM To: "[email protected]" < [email protected]> Well myzone has a service layer that works pretty much the same way. Sent from my iPhone ---------- From: *Nathan Rixham* <[email protected]> Date: Thu, Jun 27, 2013 at 1:30 PM To: [email protected] will read the Thesis http://joinmyzone.com/Thesis.**pdf<http://joinmyzone.com/Thesis.pdf>and then take a look. n ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 1:45 PM To: "[email protected]" < [email protected]> Ok Sent from my iPhone ---------- From: *Melvin Carvalho* <[email protected]> Date: Thu, Jun 27, 2013 at 3:13 PM To: [email protected] On 27 June 2013 21:46, Alireza Mahdian <[email protected]> wrote: > I've seen this before but myzone is Facebook but decentralized. There are > some huge challenges when you want to achieve such a goal. > Facebook but decentralized sounds intriguing. So the first question I normally ask is how you identify a user. In facebook it would be graph.facebook.com/bob The retroshare people say the hardest part in this is getting through firewalls. How well tested is your system in terms of real world NAT busting etc. ISPs often make it hard to break through. ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 3:16 PM To: "[email protected]" < [email protected]> It does Nat traversal and uses relay servers for firewalls that are not traversable and the user is not even aware of all the things that are happening underneath. As for identities we link each person to a certificate and a verified email address. Sent from my iPhone ---------- From: *Melvin Carvalho* <[email protected]> Date: Thu, Jun 27, 2013 at 3:21 PM To: [email protected] On 28 June 2013 00:16, Alireza Mahdian <[email protected]> wrote: > It does Nat traversal and uses relay servers for firewalls that are not > traversable and the user is not even aware of all the things that are > happening underneath. As for identities we link each person to a > certificate and a verified email address. > Thanks for the reply. Would it be possible to give an example of an identity string in your system. How can you ensure that an identity in your system does not clash with an identity in another system. The example I gave with facebook I can do a few things e.g. I can add that to my roster of friends (decentralized friending), I can find out more information about the user (standards based discovery), I can rate and create reputational data about that entity (distributed claims) as well as use the provided APIs for messaging, requests, chat, payments etc. Does the identity in your system have any of these properties. Sorry, lots of questions, but this will give an idea of how easy it would be to interact with your proposal... ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 3:32 PM To: [email protected] each user has his own pair of keys (we use RSA) the username is a unique email address that the user provides upon sign up they send us their public keys and we issue a certificate and only send them the certificate if they verify their email address. all the other interactions on the system uses this certificate infrastructure for authentication and security. I am not sure if I could answer your question or not. as for your friends they probably know your email address so if anybody wants to spoof your identity they can probably figure it out based on the fact that the invite came from a user with an unknown email address. -- Alireza Mahdian Department of Computer Science University of Colorado at Boulder Email: [email protected] ---------- From: *Melvin Carvalho* <[email protected]> Date: Thu, Jun 27, 2013 at 3:55 PM To: [email protected] On 28 June 2013 00:32, Alireza Mahdian <[email protected]> wrote: > each user has his own pair of keys (we use RSA) the username is a unique > email address that the user provides upon sign up they send us their public > keys and we issue a certificate and only send them the certificate if they > verify their email address. all the other interactions on the system uses > this certificate infrastructure for authentication and security. I am not > sure if I could answer your question or not. as for your friends they > probably know your email address so if anybody wants to spoof your identity > they can probably figure it out based on the fact that the invite came from > a user with an unknown email address. > Thanks for the details. I'm less concerned with authentication, initially, more interested about identity. I'm unsure that you gave an example of an identity string used in your system. So I would be unsure of what to put in my existing roster, say, wanted to add someone from your network you as a friend. Or is the idea that everyone should join MyZone. a bit like skype or facebook? ---------- From: *Alireza Mahdian* <[email protected]> Date: Thu, Jun 27, 2013 at 3:59 PM To: [email protected] Oh now I think I get what you are saying. so you have add their email addresses and whenever they join myzone and by joining I mean getting a certificate from us they will receive the friendship requests that are pending for their email addresses. upon accepting the friendship request a friendship is established between the two identities. you can also add a friend of friend by for example clicking on a comment they made on a friend's post and the system will automatically take you to a page where you can send the friendship request. either way uses the email address as the identifier if that is what you are asking about.
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
