This commit is contained in:
Demos 2016-01-19 20:04:41 +00:00
parent 2754d613ef
commit 0e132a6acc
1 changed files with 52 additions and 52 deletions

60
EDN.mw
View File

@ -31,7 +31,7 @@ A penal action against these secret processes is nearly impossible, starting wit
This status quo endangers our democracy.
However, it can be countered in different ways.
The following is a technical approach:
: To repurpose and to extend existing digital communications infrastructure to make surveillance more cumbersome, especially through decentralization.
: To re-purpose and to extend existing digital communications infrastructure to make surveillance more cumbersome, especially through decentralization.
== Background Long ==
@ -75,7 +75,7 @@ poses a particular threat to democracy.
## '''End-to-end-encryption''': ubiquitous end-to-end encryption, removing the necessity to trust any third parties that might access our data while it is being transmitted or stored. No intermediate actors gain access to the exchanged content.
## '''Perfect Forward Secrecy''': encryption is regularly renewed in such a way that past communications cannot be retroactively be decrypted upon access to key material.
## '''Link Encryption'''
# '''Meta data protection''': obfuscation of transmission patterns, preventing the analysis of social relations, behaviour patterns and topical interests of the participants in a network;
# '''Meta data protection''': obfuscation of transmission patterns, preventing the analysis of social relations, behavior patterns and topical interests of the participants in a network;
# '''Authentication''': by direct interaction or by common social contacts, no trust delegation to external third party authorities. When interacting among private persons, the counterpart is directly or socially authenticated by default. When interacting with businesses, customers choose whether to stay fully anonymous, to adopt a long-term pseudonymity (equivalent to accepting a web cookie) or to authenticate themselves as a physical person. An integrated payment system enables an economy where the customer can remain anonymous.
# '''Decentralization''': Essential to removing single points of failures and highly concentrated data flow from the calculation. Without distribution it is not enough: Whenever there is a fixed server in charge of a certain person it will gain access to all of that person's metadata. Even worse if that server is operating in a [http://about.psyc.eu/Federation Federation] kind of style or the application [http://secushare.org/2011-FSW-Scalability-Paranoia assumes its server to be in any way a safe place to store private data];
# '''Distributed data flow and storage''': making bulk collection of data economically unattractive. No traditional server nodes may gain access to either content or metadata of communications, therefore only a distributed system of agnostic relay nodes can provide scalability, intermediate storage and anonymity from third parties all at once;
@ -87,7 +87,7 @@ poses a particular threat to democracy.
Beyond the application of cutting-edge security standards, our concept emphasizes
scalability and usability. We want to establish an attractive technological platform for
applications that can be used by large user bases and businesses worldwide.
Using a modular approach, we are integrating existing best practises and results from the
Using a modular approach, we are integrating existing best practices and results from the
scientific community to build a coherent system.
# ''' Easy to install'''
@ -96,14 +96,14 @@ scientific community to build a coherent system.
# '''Functionality representation''': the user interface represents in an easy way the functionality that is laying beneath;
# '''Efficient distribution''': heterogeneous distribution trees, because we need to interconnect billions of users without resorting to cloud technology
# '''Security vs. Performance''': The network shall be as '''performing''' as it can be, considering the grade of security for the specific services;
# '''Available public data''': The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfil this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
# '''Available public data''': The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfill this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
# '''Resilience''': The network has to be '''resilient''': stable, adaptable, fault-tolerant (e.g. against jamming);
# '''Robust against fluctuating node participation''';
# '''Real-time communication''': The infrastructure supports also real-time communication;
# '''Partial ressource souveranity''': The amount of bandwidth for private usage can be configured;
# '''Partial resource sovereignty''': The amount of bandwidth for private usage can be configured;
# '''Energy consumption restrictions''': The nodes can be mobile, but technology in mobile devices must be aware of energy consumption restrictions;
# '''Sneakernet''': Whenever necessary, data exchange may also happen by taking a storage device physically from one place to another (Briar, GNUnet transports etc.);
# '''Ressource contribution incentives''': The network provides incentives for peers to contribute more resources than they consume;
# '''Resource contribution incentives''': The network provides incentives for peers to contribute more resources than they consume;
=== III. Software Criteria ===
@ -120,8 +120,8 @@ scientific community to build a coherent system.
=== IV. Society and Legal Criteria ===
# '''Public support''': ethically, politically and financially supported by public entities;
# '''Restrictions to proprietary applications''': they may use the new Internet protocol stack unter the conditions that:
## they run in a securely sandboxed environment;
# '''Restrictions to proprietary applications''': they may use the new Internet protocol stack under the conditions that:
## they run in a securely sand-boxed environment;
## they do not gain access to any data of constitutional relevance, in particular not the social graph which the user is not entitled to share with external third parties as other people are affected by such gesture;
# '''Participation''': The network is '''open''': that means everyone can easily participate (after installation of the protocol stack);
@ -146,15 +146,15 @@ scientific community to build a coherent system.
* crypto currency/ pay system
* Searching in local and other reachable networks including the Internet
* filesharing
* file-sharing
* blogging
* Private communication with embedded devices
== Privacy Projects ==
Below you can find our current list of relevant promising projects.
Promising means that they fulfil already some of our criteria and have solutions (implemented) that we want to evaluate.
'''We aim to let these projects share code and build bridgdes in between to let them grow together.'''
Promising means that they fulfill already some of our criteria and have solutions (implemented) that we want to evaluate.
'''We aim to let these projects share code and build bridges in between to let them grow together.'''
[http://youbroketheinternet.org/map Here] is a helpful overview including a part of the following projects that considers the layer they serve.<br>
[http://skilledtests.com/wiki/List_of_Federated_Communication_Platforms#comparison A] and [https://redecentralize.github.io/alternative-internet/ B] were very helpful lists.
@ -187,12 +187,12 @@ Feel free to add other fitting projects or missing information as well. Thank yo
* ''' I2P ''' (https://geti2p.net/en/): "I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties." Written in Java. Known issues: See paper.
* ''' Freenet ''' (https://freenetproject.org/): "Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect." Written in Java.
* ''' Tribler ''' (http://www.tribler.org/): "Tribler aims to create a censorship-free Internet. Already deployed, used and incrementally improved for 8-years. Tribler uses an upcoming IETF Internet Standard for video streaming - (http://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protocol/) - and is backward compatible with Bittorrent. Future aim is using smartphones to even bypass Internet kill switches. An early proof-of-principle Tribler-mobile is available on the Android Market. Key principle: the only way to take it down is to take The Internet down. Overview paper." Written in Python.
* ''' Retroshare ''' (http://retroshare.sourceforge.net/index_de.html): Secure communication. Chat, mail, forums,telephony and filesharing based on a friend-to-friend (F2F) network
* ''' Retroshare ''' (http://retroshare.sourceforge.net/index_de.html): Secure communication. Chat, mail, forums,telephony and file-sharing based on a friend-to-friend (F2F) network
* ''' GNUnet ''' (https://gnunet.org/): Secure, fully decentralized P2P network, extensible component-oriented framework, a possible future Internet architecture. See also secushare. '''[wiki:PromisingProjects/GNUnet Status Quo]'''
* ''' net2o ''' (http://net2o.de/), (http://fossil.net2o.de/net2o/doc/trunk/wiki/net2o.md): new internet stack
* ''' Ind.ie ''' (https://ind.ie/about/vision/)
* ''' Qaul.net ''' (http://qaul.net/text_de.html): Provider independent, self-configuring, multiplatform communication network that integrates services
* ''' Invisible ''' (http://invisible.im/): filetransfer and conversation without trace/evidence
* ''' Invisible ''' (http://invisible.im/): file-transfer and conversation without trace/evidence
* '''RINA''' (http://rina.tssg.org/): Theoretical model of another Internet stack.
* '''Avatar'''(http://avatar.ai): A distributed “operating system for the Internet” running inside the web browser. It allows for secure messaging (think email, social networks) and distributed data storage, employing a policy of “privacy and data security by default”. Building its own encrypted P2P network, it does not rely upon any central authority.
* '''Firestr''' (http://github.com/mempko/firestr): A simple decentralized communication and computation platform. Apps are written in Lua and are pushed to peers where they automatically run and connect. All communication is P2P and encrypted. Written in C++.
@ -210,7 +210,7 @@ Feel free to add other fitting projects or missing information as well. Thank yo
* ''' Briar ''' (https://briarproject.org/): Delay-tolerant network for secure messaging (one-to-one, one-to-many and many-to-many), capable of operating over a diverse mixture of transports including Tor, Bluetooth, Wi-Fi and portable storage devices.
* ''' Ricochet ''' (https://ricochet.im): Anonymous peer-to-peer instant messaging using Tor hidden services, written in QT.
* ''' Bitmessage ''' (https://www.bitmessage.org/wiki/Main_Page): decentralized, encrypted, peer-to-peer, trustless communications protocol '''[wiki:PromisingProjects/BitMessage Status Quo]''', written in Python.
* ''' Bitmessage ''' (https://www.bitmessage.org/wiki/Main_Page): decentralized, encrypted, peer-to-peer, trust-less communications protocol '''[wiki:PromisingProjects/BitMessage Status Quo]''', written in Python.
* ''' Tox ''' (https://www.tox.im/): Skype replacement: encrypted peer-to-peer messenger/phone and video.
* '''Pond''' (https://pond.imperialviolet.org/): forward secure, asynchronous messaging. Server-based.
* '''Timberdoodle''' (https://github.com/timberdoodle/TimberdoodleApp): "device-to-device anonymous communication application for the Android platform."
@ -221,7 +221,7 @@ Feel free to add other fitting projects or missing information as well. Thank yo
=== Social Networking ===
Social Networking usually implies Distributed Storage (see below). If not limited to a public-to-all Twitter use case, it also implies Messaging (see above). Would be useful to distinguish simple Twitter clones (official terminology: microblogging) that may not be very helpful from a privacy perspective from real attempts to address the Facebook use case.
Social Networking usually implies Distributed Storage (see below). If not limited to a public-to-all Twitter use case, it also implies Messaging (see above). Would be useful to distinguish simple Twitter clones (official terminology: micro-blogging) that may not be very helpful from a privacy perspective from real attempts to address the Facebook use case.
* ''' Secushare ''' (http://www.secushare.org/): Distributed pubsub and multicast architecture on top of GNUnet intended to provide advanced communication capabilities and distributed social networking
* '''Phoenix''' (https://github.com/pfraze/phoenix): "distributed social network. It uses cryptographic key pairs to create feeds and publish unforgeable entries which can spread across the network. Relay servers optionally aggregate and redistribute the feeds." Written in C++. The "distributed" claim has not been checked yet.
@ -232,10 +232,10 @@ Social Networking usually implies Distributed Storage (see below). If not limite
=== Distributed Data (File Storage) ===
* '''BitTorrent''' (https://en.wikipedia.org/wiki/BitTorrent): " BitTorrent Open Source Licence: The Free Software Foundation considers it to be a free software license, albeit one incompatible with the GNU General Public License."
* '''BitTorrent''' (https://en.wikipedia.org/wiki/BitTorrent): " BitTorrent Open Source License: The Free Software Foundation considers it to be a free software license, albeit one incompatible with the GNU General Public License."
* '''Gittorrent''' (): ""
* '''WebTorrent/Instant.io''' (): ""
* '''Camlistore (Content-Addressable Multi-Layer Indexed Storage)''' (http://camlistore.org/): "set of open source formats, protocols, and software for modeling, storing, searching, sharing and synchronizing data in the post-PC era. Data may be files or objects, tweets or 5TB videos, and you can access it via a phone, browser or FUSE filesystem. Private by default. No SPOF (Single Point of Failure)", Written in Go.
* '''Camlistore (Content-Addressable Multi-Layer Indexed Storage)''' (http://camlistore.org/): "set of open source formats, protocols, and software for modeling, storing, searching, sharing and synchronizing data in the post-PC era. Data may be files or objects, tweets or 5TB videos, and you can access it via a phone, browser or FUSE file-system. Private by default. No SPOF (Single Point of Failure)", Written in Go.
* ''' Tahoe-LAFS ''' (https://tahoe-lafs.org/trac/tahoe-lafs) high latency tool: decentralized cloud storage system. It distributes data across multiple servers. If some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly
* '''Storj''' (http://storj.io/): "decentralized, secure and efficient cloud storage service that integrates peer-to-peer protocols based on Bitcoin." Written in Python.
* '''Siacoin''' (http://sia.tech/): "shared economy, (...) data is stored across multiple nodes and tracked by automated smart contracts. There is no central point of failure. Files are automatically and securely encrypted with industrial-grade algorithms. Sia uses a blockchain to track and ensure their full integrity. No host can view the files that it is hosting, and files can withstand large network outages without corrupting."
@ -246,8 +246,8 @@ Social Networking usually implies Distributed Storage (see below). If not limite
* '''ZeroNet''' (http://zeronet.io/), (https://github.com/HelloZeroNet/ZeroNet): "Decentralized websites using Bitcoin crypto and the BitTorrent network. Real-time updated sites, Namecoin .bit domains support, easy to setup: unpack & run, password-less BIP32 based authorization: the user account is protected by same cryptography as her/his Bitcoin wallet, built-in SQL server with P2P data synchronization: allows easier site development and faster page load times, Tor network support, automatic, uPnP port opening, plugin for multiuser (openproxy) support"
* '''ClearSkies''' (https://github.com/jewel/clearskies): "peer-to-peer file sync program. It is inspired by BitTorrent Sync, but has an open and fully-documented protocol." Written in C.
* '''Cryptosphere''' (http://cryptosphere.org/): "global peer-to-peer cryptosystem for publishing and securely distributing both data and HTML5/JS applications pseudonymously with no central point of failure. Its built on top of the next-generation Networking and Cryptography (NaCl) library and the Git data model."
* '''Drogulus''' (http://drogul.us/): "programmable peer-to-peer data store. Its an open, federated and decentralised system where the identity of users and provenance of data is ensured by cryptographically signing digital assets."
* '''StreamRoot''' (http://www.streamroot.io/): "JavaScript in-browser video player using WebRTC. It creates a real-time peer-to-peer sharing network of users watching the same videos simultaniously, and reduces the origin servers bandwidth usage."
* '''Drogulus''' (http://drogul.us/): "programmable peer-to-peer data store. Its an open, federated and decentralized system where the identity of users and provenance of data is ensured by cryptographically signing digital assets."
* '''StreamRoot''' (http://www.streamroot.io/): "JavaScript in-browser video player using WebRTC. It creates a real-time peer-to-peer sharing network of users watching the same videos simultaneously, and reduces the origin servers bandwidth usage."
* '''PeerCDN''' (https://peercdn.com/): "automatically serves a sites static resources (images, videos, and file downloads) over a peer-to-peer network made up of the visitors currently on the site."
* '''Kademlia''' (http://en.wikipedia.org/wiki/Kademlia): "distributed hash table for decentralized peer-to-peer computer networks". '''Unfortunately''' prone to sybil attacks.
* '''Bitcloud''' (http://bitcloudproject.org): "distributed cloud storage system and escrow agent based on Tahoe-LAFS that allows publishers to pay storage nodes for storing encrypted data and sharing that data with others. The decentralized nature of Bitcloud allows anyone to publish large amounts of data in a way that is free from censorship, high costs, and proprietary software. The first application for bitcloud will be WeTube, a platform for viewing and publishing videos, podcasts, ebooks, music, and other forms of media."
@ -265,7 +265,7 @@ Social Networking usually implies Distributed Storage (see below). If not limite
=== Other ===
* '''Tau-Chain''' (http://www.idni.org/tauchain), (http://tauchain.org/tauchain.pdf), (https://github.com/naturalog/tauchain), (http://www.idni.org/blog): "Programmable decentralized P2P network based on ontologies and reasoning.(...) being a generalization of many centralized and decentralized P2P networks, including the Blockchain." Written in C++.
* '''BaseParadigm''' (http://baseparadigm.org/), contact (http://www.wavis.org/): A distributed graph where every edge has seven fields and answers a question. It is the foundation of the rest of the work being done in the Spaciousness project. library for managing a content addressable binarysemantic graph. Content addressability means enabling a number of dataexchange protocols (including p2p) for a developer using BaseParadigm. Content addressable data is immutable, and so a semanticgraph is necessary for managing updates, annotations, reputation, and navigational links. It lays the basis for a new paradigm for data management that can be done offline as much as is desirable, and puts control over data storage, transmission, and processing back in the hands of the user. Identity management becomes data management rather than what it is today: contract management with third party webservices. Application interop is simplified from web API support to simple graph queries. The users experience is that all their data is available all the time in the places they expect.
* '''BaseParadigm''' (http://baseparadigm.org/), contact (http://www.wavis.org/): A distributed graph where every edge has seven fields and answers a question. It is the foundation of the rest of the work being done in the Spaciousness project. library for managing a content addressable binary-semantic graph. Content address-ability means enabling a number of data-exchange protocols (including p2p) for a developer using BaseParadigm. Content addressable data is immutable, and so a semantic-graph is necessary for managing updates, annotations, reputation, and navigational links. It lays the basis for a new paradigm for data management that can be done offline as much as is desirable, and puts control over data storage, transmission, and processing back in the hands of the user. Identity management becomes data management rather than what it is today: contract management with third party webservices. Application interop is simplified from web API support to simple graph queries. The users experience is that all their data is available all the time in the places they expect.
* '''SocietyOfMind''' (http://github.com/theProphet/SocietyOfMind): complete information model to make a p2p network and 3-d visualization layer that can scale to billions, re-make the Internet, and form a meta-mind for the planet.
* '''Wave/Apache Wave''' (http://incubator.apache.org/wave/): "distributed, near-real-time, rich collaboration platform that allows users to work together in new and exciting ways. allows for flexible modes of communication, blending chat, email and collaborative document editing in to one seamless environment." Written in Java.
* '''Shark''' (http://sharksystem.net/): framework for building semantic P2P applications in Java. It facilitates building decentralized application based on the notion of ontologies. The name is an acronym for Shared Knowledge.
@ -289,8 +289,8 @@ However the following projects are not distributed in our understanding - they r
== Approach ==
We hope to '''unite''' the different '''forces''' and ressources that aim for more privacy and security such as the older and upcoming software projects, scientists, activists and others<br>
and therefore achieve what none of them could do alone: Reach a significant part of the worldpopulation and provide free confidental and integer communication means to them that backup their civil rights and even functions on local infrastructure.<br> We start by doing a thorough documentation of 72 [[EDN#Privacy_Projects | projects]] - a '''Software Documentation Marathon''':
We hope to '''unite''' the different '''forces''' and resources that aim for more privacy and security such as the older and upcoming software projects, scientists, activists and others<br>
and therefore achieve what none of them could do alone: Reach a significant part of the world-population and provide free confidential and integer communication means to them that backup their civil rights and even functions on local infrastructure.<br> We start by doing a thorough documentation of 72 [[EDN#Privacy_Projects | projects]] - a '''Software Documentation Marathon''':
# Software Documentation Marathon (Evaluation)
# Project Integration and Testbed Testing (Evaluation)
@ -303,7 +303,7 @@ and therefore achieve what none of them could do alone: Reach a significant part
''Who benefits from the Software Documentation Marathon and the following Evaluation?''
* The '''projects''' themselves. Eventually the projects that provide the highest standard of confidentiality and integrity will '''get funded''', become not only available but also conveniant.
* The '''projects''' themselves. Eventually the projects that provide the highest standard of confidentiality and integrity will '''get funded''', become not only available but also convenient.
* The '''foundations''', They get to know which level of confidentiality and integrity the projects provide on the resulting '''knowledge base'''. They gain this as a '''help to decide''' which projects they want to fund.
* The '''users''', because as for the foundations we provide a knowledge basis on which they can decide which projects they want to support and put their '''trust''' upon.
* Potential '''developers and researchers''': The '''standardized interconnected project documentation''' will help them to gain a good overview and learn about the different architectures and privacy assertions.
@ -331,8 +331,8 @@ There we provide:
* Double implementations of similar functionality
* Top three features the projects would like to implement/integrate
* Visualization of the projects' architecture, description of its components, their functionality, its interaction (communication), link to its code base
* Interoperability: intersections where projects could be connected and therefore collaborate, share code and therefore features and ressources.
* Known vulnerablities and resistance to a list of attacks and more (+ concluded vulnerabilities?)
* Interoperability: intersections where projects could be connected and therefore collaborate, share code and therefore features and resources.
* Known vulnerabilities and resistance to a list of attacks and more (+ concluded vulnerabilities?)
and furthermore the following properties:
* Claims to (provide list of criteria)
@ -343,14 +343,14 @@ and furthermore the following properties:
* Interconnects with (list of OSI-layers, list of software projects, list of modules)
* Implements (list of modules)
* Is component or standalone (full app) or runs on bare metal
* Runs on unix like operating systems
* Runs on Unix like operating systems
For every project may be offered four different perspectives that display different properties of the project:
* User
* Development
* Management/admin
* Networking (position in osi-layer)
* Networking (position in OSI-layer)
==== Testing ====
@ -358,7 +358,7 @@ For every project may be offered four different perspectives that display differ
* Deployability
* Configurability
* Reliability: Under normal condidtions, hard conditions, attacks: Percentage of completed/sucessful processes.
* Reliability: Under normal conditions, hard conditions, attacks: Percentage of completed/successful processes.
* Performance: How does a complete process take in worst case?
* Lightweight: How much overhead in the payload?
* Security and Privacy : Resists a list of attacks in percentage.
@ -387,11 +387,11 @@ Building bridges between proven code and an adequate Graphical User Interface (G
In long term Everyone will benefit from the new internet stack. Since it is censorship resistant and provides confidentiality and integrity preserving services, it results in:
* '''Average citizens''' regaining parts of their privacy, informational self determination, freedom of assembly, secrecy of correspondence and free speech- basic civil rights that ensure and back up our democracies.
* '''Safer government institutions and companies''' from espionage and "cyber" attacks.
<br>Use cases are for example online banking, government communication with citizens includings tax returns, diplomatic, military and business communication and journalism.
<br>Use cases are for example online banking, government communication with citizens including tax returns, diplomatic, military and business communication and journalism.
== Contact ==
Write us in [https://www.bitmessage.org/wiki/Main_Page Bitmessage]
BM-NBqqoMzajZNXQru2Kz4JXqq6RbsEmeuL
BM-NBqqoMzajZNXQru2Kz4JXqq6RbsEmeuL
[[Datei:FirstContact.png]]
[[Kategorie:Projekt]]
[[Kategorie:EDN]]