Networks need to be moving away from this centralized model into a system of routed nodes for a secure, encrypted peer-to-peer system. The whole point of something like BitTorrent is that it is distributed -- there's no "middle-manager" you have to go through. Aether has got the right idea and I love its dark, underground aesthetic. But making another social network that exists based on a centralized model is just the wrong way to go. It's another weak spot, and there's no transparency. It's not open either, which is arguably even worse than having a central system in the first place. You're still faced with the absurd bureaucracy of a ToS and proprietary software, and while the content itself is encrypted, the "metadata" still isn't, which renders everything moot anyway. Timestamped messages are still too much information to be giving away to people, and we don't know if the creators of this service are going to hold their ground.
Hell, for all we know it could be a honeypot (probably not though).
There are many people working on this problem from many different angles. The logical first step for us was to create a zero-knowledge public key infrastructure that decentralizes trust. This system doesn't preclude decentralization of data, which is another problem in itself, and it's something we're working on. The Cryptosphere project (https://github.com/cryptosphere/cryptosphere) has some really neat ideas that need to be discussed more widely.
We have to keep in mind, though, that decentralization of data is not always practical in terms of large-scale adoption and accessibility. It’s one of the reasons why Diaspora didn’t go as far as it could have, IMO.
> It's not open either, which is arguably even worse than having a central system in the first place.
We’re progressively releasing our code on Github and plan on being fully open in the near future. If you haven’t already, you can check out our white paper and some of our repositories at https://github.com/symeapp.
> while the content itself is encrypted, the "metadata" still isn't, which renders everything moot anyway. Timestamped messages are still too much information to be giving away to people
This is the same as what happens when you use PGP. You have a timestamped message and a clear link between sender and recipient. If you need to hide the fact that you are communicating with a person in particular, Syme (or PGP for that matter) may not be the right tools.
There are several very interesting solutions to the problem of metadata that are being discussed currently (https://leap.se/es/docs/tech/hard-problems#Meta-data.problem). We don't think an acceptable solution has been found yet, but auto-alias pairs seem like a promising avenue.
This is the same as what happens when you use PGP. You have a timestamped message and a clear link between sender and recipient. If you need to hide the fact that you are communicating with a person in particular, Syme (or PGP for that matter) may not be the right tools.
You've set your sights much too low, and it's unfortunately going to limit your product's market value.
Hiding metadata is a difficult problem to solve, but it's vital.
Yep that's true, but I'm so sick of projects that shoehorn everything into BitTorrent. The simple fact is that a lot of us don't have epic bandwidth, and BitTorrent is really poorly behaved in terms of how greedily it will saturate your connection.
It's the reason I don't want to run e.g. a Tor node or a CJDNS router.
Call me cheap, but I pay for my bandwidth and I don't want to have to deal with slow video streaming or high ping times just so someone I've never met can buy their drugs on silkroad.
You get a lot of service storage and availability wise from Facebook and Google and the like, and you pay for it by being not anonymous. The fact that so-called anonymous social network services never get any traction is because when you get down to it, no one wants to pay the costs for Facebook level service directly.
A key thing to remember is that each person's social network is relatively small. You don't have to relay traffic for someone you've never met, just for the people you've added as "friends" plus some relatively small amount of overhead for linking into the rest of the "world" in order to do searches for people you want to add as "friends."
If you don't think the price is worth it, don't do it. But there's no way to avoid that trade.
Can't find it. ChatSecure on iOS is a crashy mess and TextSecure is android only. TextSecure oddly requires phone numbers vs some sort of login system too, so I can't even use it with an android tablet for example last time I checked.
That's because it's an SMS app, not an IM app. It probably has the best crypto going though, and the user experience is nice (well, until you move to KitKat where every bloody app wants to eat your text messages and you end up with all your texts across more than one of them).
I just don't understand what the theory is behind a closed source application that purports to be "secure". This is a very bold claim to make. How does the educated user decide whether she wants to trust the developers? She is not permitted to see their work.
Maybe there is something to be said for putting your code out in the open and letting everyone see what you've done. Letting others review your code and submit fixes (e.g. for platform specific issues). And then having numerous very determined people try to find serious flaws, and fail to find any.
Then again, maybe not. But one thing is for sure: Closed source does not allow that vetting process to happen.
Aether is another similar attempt to Syme, although it's more Reddit than Facebook:
