Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Retr0id 5 hours ago

I wish I could share a graph of my eyebrow height over time as I read through this part:

> sAT Protocol (s@) is a decentralized social networking protocol based on static sites. Each user owns a static website storing all their data in encrypted JSON stores.

Retr0id 5 hours ago | parent | next [-]

But in all fairness it seems like a reasonable system, given the narrow scope of its goals. It does not scale, but that's on purpose. Although I could still see "Feed Aggregation" becoming impractical even with a small number of friends with a modest number of posts.

Cryptographically, a problem is that it makes ciphertexts publicly enumerable, protected by a X25519-derived key. This makes it very vulnerable to harvest-now-decrypt-later attacks, if you believe quantum computing will ever happen.

bigiain 2 hours ago | parent [-]

> if you believe quantum computing will ever happen.

... and you don't believe that everything will be totally fucked when it does happen.

If there is a global passive observer, and they get quantum computing, a huge amount of supposedly encrypted private information just got popped. Whether or not I care about my dinky little private social network posts when every ssl/tls connection I've ever made is being cracked and data mined is an interesting question.

nine_k 4 hours ago | parent | prev | next [-]

Your app picks up a bunch of feeds and composes them into a nice page for you, much like an RSS feed reader. The twist is that each feed is encrypted in a way that only you can decrypt, so the cryptography also gives strong identity guarantees, and allows for private messaging.

It's basically PGP + RSS, only mapped to a bunch of files of specific structure. Those could be RSS/ATOM feeds instead of JSON, to reuse an existing format. The reuse of the ideas is good, these ideas are time-proven.

As any PGP-lookalike, this thing has the key distribution problem, and won't scale to billions of users due to that. Key rotation and revocation is another problem. But for a small-scale network it should be fine, and can run on very tiny, very low-power devices, maybe even with intermittent connectivity.

Retr0id 4 hours ago | parent [-]

> The twist is that each feed is encrypted in a way that only you can decrypt

Not true, the "content key" is common to all viewers of all posts, from a particular author. (hence the need to re-encrypt the world when you unfollow someone...)

nine_k 4 hours ago | parent [-]

The content key is common, like the PGP session key is common. But to obtain the content key, you need to first decrypt it by your private key. The content key is encrypted by the public keys of every intended reader, so each can have a secure copy of the content key. Again, exactly like PGP works.

Retr0id 3 hours ago | parent [-]

A PGP session key does not span multiple messages, however

RobRivera 5 hours ago | parent | prev | next [-]

So a database, that you can send a network response or request with that data, that when received by a client, builds a static website.

I see.

I see...

behehebd 4 hours ago | parent | prev [-]

> Key Rotation (Unfollow)

    _  /
    .  .