Introduction
Introduction
Imagine you have a file on your desktop. You click its context menu and select a function called "Secure Share…" A group of people you chose will quietly receive a copy of that file from you. Without anyone else ever being able to see what you are doing with what and with whom. Without anyone else ever knowing it happened. That's one of the things secushare is for.
Why are most of us still communicating between each other using e-mail that anyone can look into, or confide our private communications to corporations that, instead of respecting constitutional principles, make profit on it or stand tall to PRISM obligations from spook agencies.
Encrypted communications are still too complicated, never fully re-assuring and not exciting either. Even if you use them right, you still have little chance of hiding who you are talking to, who your social network is.
With secushare we're trying to provide something fun, useful and maybe even exciting, which as a side effect addresses many issues in privacy.
Most applications have become dependent on Internet servers, but it doesn't have to be in a way that the servers know everything about us. If we enable our laptops and phones to interact securely between each other, we can let servers be of help speeding things up, but without exposing our privacy to them.
secushare is a framework for social interaction over the Internet in a way as safe as currently feasible, or at least empowering you to choose a trade-off between safety and convenience yourself. We imagine a social platform equivalent to Facebook, but distributed and encrypted straight from your phone or desktop.
But our framework actually allows any software to make safe communications with people in your social circles, so we'll start with something simple like end-to-end encrypted chat, mail and maybe file exchange. But once that part works, we can create half a new Internet experience on top of such a protocol stack.
The reasons why something like secushare hasn't been done before are manyfold. It requires a profound understanding not only of the design of anonymous systems, but also on how to bring the scalability of cloud technology into non-commercial distributed networks. You still can do business over secushare, but neither secushare nor its users are the product.
- While federated social systems host people's unencrypted data on each server (or pod), our approach ensures data is encrypted and unencrypted directly and only on the devices of the intended people. Here's a comic strip explaining why we are worried by servers and want to do it differently.
- Our solution is as lightweight as can be to achieve our goals, so it doesn't disturb everyday computing and works fine on small devices. We disable those services of GNUnet, that consume power and bandwidth. Performance counts.
- You do have to install something. A web browser by itself is never a safe place for private communications. If you're going to install something that is supposed to bring you some electronic intimacy, try a comprehensive new approach rather than an add-on here and a plug-in there, like for example PGP that cannot fix the problems of the underlying e-mail system.
- Our modeling of the social network is more advanced than what you would usually expect from a social website service. If you do not trust certain people to keep their computers sufficiently secure from eavesdropping, you can partition your social graph into separate groups and stay in control of who sees what.
- Application developers will enjoy a comparitatively simple programming interface that hides the complexity of social interaction and digital privacy from their work and their users.
- Even existing Internet applications can be used with secushare and GNUnet's GNS by using <nickname>.gnu hostnames, so you never need to know how a friend is currently connected to the Internet - just start doing things with them.
- Nonetheless we consider easy usability very important. We want to reach out for those users that do not even know how to navigate the file system of their own computers. Accessing your daughter's pictures must be easier than finding her Facebook profile. We are explaining complicated things on this website, but the main application of this should be as simple as slapping your forehead for not having thought about it yourself. Or maybe you did.
As we researched in the 2011 paper and in further detail in the comparison, only some advanced anonymization and P2P file sharing applications have explored these levels of privacy. We examined several of them closely, and ultimately went with GNUnet.
Buzzwords to Dig Into
- Anonymity - How to keep things for the intended people.
- Answers - Some FAQs asked and answered.
- Architecture - How does it stand tall?
- Aspects - How different views of your profile are created.
- Business - An authenticated Internet helps business.
- Comparison - How do other tools compare.
- Features - How many social networking services can we replace?
- Introduction - What has led us here?
- Literature - Research Papers and more.
- Protocol - Ingredients: efficiency and extensibility.
- PubSub - The publish and subscribe paradigm revamped.
- Rendezvous - How to get started when you know nobody.
- Scalability - How to make applications work for billions.
- Security - People be the gatekeepers to their devices.
- Society - How secushare is not a threat to society.
- Storage - How to keep devices in sync.
- Threats - What if malware messes up your secushare identity?
- Transparency - Should everything always be open for everyone to see?
How can you help?
- You can express your support for us. (example)
- You can help us get funding, help us with our communications, work out alliances or simply give us more visibility.
- You can give us feedback if you think we are designing the perfect tool everyone has been waiting for, or if there's anything we overlooked.
- If you're a web designer, you can help us get a cross-device user interface going as described in architecture.
- If you're a graphics artist, you can spice us up.
- If you're a lawyer.
- If you're a C developer, talk to us to help us with the core service.
- If you're a developer in whatever other technology you like, you can design or translate a wide choice of tools (see 'Native User Interfaces' in architecture for examples) to work on top of secushare.
- If you're a political person, you can take to the streets demanding a secure Internet or whichever activism it takes to get thousands of people on the streets with us and pressure politics to regulate the broken Internet in an actually meaningful way, not just introducing bills of rights and costy punishments for crimes that produce no evidence. Better make those crimes impossible by design.
P2P Compliance
secushare is supposed to fulfil the following requirements for true P2P:
- Ten Principles for an Autonomous Internet
- Four Design Principles for True P2P Networks by Mark Pesce
- What Digital Commoners Need To Do by Michel Bauwens
- Establishing a Communication Commons by Aaron Peters
Further Rambling
- Censorship - We like ad-hoc mesh networks, too.
- Centralization - Its advantages and how (not) to compete.
- Channels - Structuring the flow of information.
- Conspiracy - What if everyone is out to get you.
- DSNP – not that interesting
- Federation - Why the decentralized social web thing doesn't work.
- HTTP – criticizing wrong protocol
- Identity - How many can I be on secushare?
- Like - How about a distributed Like button?
- PGP - Reasons why you may want to use something else.
- Privacy - If you have no secrets, you have no life.
- Prototype - Current status of the prototype version.
- Rights - You don't need a Bill Of Rights from us. You own us.