stebalien changed the topic of #ipfs to: Heads Up: To talk, you need to register your nick! Announcements: go-ipfs 0.4.18 and js-ipfs 0.34 are out! Get them from dist.ipfs.io and npm respectively! | Also: #libp2p #ipfs-cluster #filecoin #ipfs-dev | IPFS, the InterPlanetary FileSystem: https://github.com/ipfs/ipfs | Logs: https://view.matrix.org/room/!yhqiEdqNjyPbxtUjzm:matrix.org/ | Forums: https://discuss.ipfs.io | Code of Con
akkad is now known as ober
Sean[m]3 has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
ddahl has joined #ipfs
dqx_ has quit [Remote host closed the connection]
dqx_ has joined #ipfs
dimitarvp has quit [Quit: Bye]
dqx_ has quit [Ping timeout: 258 seconds]
kakra has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
hurikhan77 has quit [Ping timeout: 255 seconds]
fiatjaf has joined #ipfs
ddahl has joined #ipfs
hc1^ has quit []
hphs^ has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
renich_ has joined #ipfs
renich has quit [Ping timeout: 245 seconds]
guylepage3 has quit [Quit: Connection closed for inactivity]
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
dqx_ has joined #ipfs
dqx_ has quit [Remote host closed the connection]
peppo[m] has joined #ipfs
peppo[m] has left #ipfs [#ipfs]
jesse22 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
jesse22 has joined #ipfs
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
The_8472 has quit [Ping timeout: 240 seconds]
The_8472 has joined #ipfs
wak-work has joined #ipfs
cygeatwi1 has joined #ipfs
ddahl has joined #ipfs
<iaaaan[m]>
Haha thanks for having my back Kolonka 🙏
<iaaaan[m]>
Recaptcha is certainly not ideal and I'm looking for suggestions in that regard ([issue](https://gitlab.com/deface/deface-dht/issues/11)). It's all _very_ speculative at this point, but things I'm considering include [Privacy Pass](https://privacypass.github.io/), IPFS's identity manager (that's going to be a thing, right?), or even requiring peers to regularly generate new keys as a proxy for proof of work.
ddahl has quit [Ping timeout: 264 seconds]
<postables[m]>
Kolonka: this could be scripted trivially if it was big enough. Especially by any state power which was demonstrated with the disinformation campaigns during the 2016 elections.
<postables[m]>
Also because the limitation is a simple friend request as far as I understand that's basically nothing for any state power or 3 letter agency with a semi intelligent script.
<postables[m]>
Additionally tons of people's Facebook accounts get hacked when they click a link for some dumb quiz that then gets permissions to their Facebook accounts
<wak-work>
is there a way to specify an ipfs relay manually if i have my own, known good relays?
jesse22 has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<postables[m]>
It's not like they have to expend significant computational resources to crack encryption.
<postables[m]>
If there was even a slight amount of work needed beyond a friend request it would become extremely difficult at scale
<postables[m]>
The way Tezos generates accounts would be perfect. Takes like 2-3 minutes on a computer to generate a key of sufficient difficulty. The way STORJ does is even better it took me 3 hours on a 56 core machine to generate an identity of sufficient strength for the STORJ network. Obviously a level of difficulty that high is probably unnecessary but something at the level that Tezos does would be hugely beneficial.
vmx has quit [Remote host closed the connection]
ygrek has joined #ipfs
<iaaaan[m]>
That sounds very promising, I'll look into that tomorrow. I don't have a lot of references in this realm so these suggestions are super helpful
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 268 seconds]
<Kolonka[m]>
I wasn't really referring to his application in particular postables, but it's an interesting problem that I've been following for a little while
<Kolonka[m]>
(look up that quote I posted if you want to go down a real rabbit hole)
<postables[m]1>
oh okay sorry i misunderstood. interesting i'll read about it
<Kolonka[m]>
one example might be, quizzing a suspicious forum user and expecting an answer that requires context to determine whether or not they are scripted
<Kolonka[m]>
e.g. an inside joke
cygeatwi1 has quit [Ping timeout: 240 seconds]
<Kolonka[m]>
and the simple act of needing to place a man in front of that question in order to answer it pulls away a lot of potential effort elsewhere, especially, as we've said, as things begin to scale
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
mowcat has joined #ipfs
Xenguy has quit [Ping timeout: 255 seconds]
<postables[m]1>
thats very true, forum based verification would be pretty neat
<postables[m]1>
or something that uses a decentralized identity sytem (did is what some of the protocol lab folks are working on?)
Xenguy has joined #ipfs
<frislie[m]>
why would you ever use a centralized authority (Google reCaptcha) to create a decentralized application (DHT)?
<frislie[m]>
that entirely defeats the point
<postables[m]1>
i think reCAPTCHA was just being used as an example
<frislie[m]>
it's a terrible solution
<frislie[m]>
reCaptcha relies on proprietary code and secrets basically
<postables[m]1>
Kolonka: do you have a link to the person who you got that quote from? can't seem to find anything on google
<postables[m]1>
frislie: i dont think the intention/suggestion was to actually use recaptcha, although i could be wrong
renich has joined #ipfs
<frislie[m]>
on the gitlab page, they don't specify centralization as being a problem, which worries me
<postables[m]1>
tezos/storj style node id generation seems like your perfect solution :D
<frislie[m]>
Proof-of-Work
<frislie[m]>
there's other solution to ruling out (rendering cost ineffective / infeasible) malicious behavior
Belkaar has quit [Ping timeout: 250 seconds]
<frislie[m]>
there's no*
<iaaaan[m]>
Right
<frislie[m]>
or it requires a centralized authority
<frislie[m]>
that says yes or no
<frislie[m]>
based on the secrecy of backend operations
<iaaaan[m]>
So, in a nutshell that would mean: users need to generate a node id to access the network, which gives them access to a number of messages. Once that threshold is passed, they need to generate a new id? Do I get this right?
<frislie[m]>
if you have humans in your app
Belkaar has joined #ipfs
Belkaar has joined #ipfs
<frislie[m]>
you can try creating a social aspect
<frislie[m]>
where people can give reputation to each others
<frislie[m]>
and use that to rule out malicious behavior
<frislie[m]>
iaaaan: what is your application doing exactly
<iaaaan[m]>
As a user posts a message, Deface encrypts it symmetrically, sends the ciphertext to Facebook and the encryption key to deface-dht. The dht is ran by all the nodes collectively. Whenever this user's friends see a Deface message in their feed, their extension queries the DHT for the corresponding encryption key. The verification/proof-of-work on top of it aims to prevent Facebook from sweeping through the DHT.
<frislie[m]>
I don't think it's the right way to go to achieve that goal
<iaaaan[m]>
I like that option postables
<frislie[m]>
If you want to prevent Facebook from reading people's messages then don't use Facebook, as much as people will be required to install your application they can very well install another application that respects their privacy
qtfy has joined #ipfs
<iaaaan[m]>
Haha
<iaaaan[m]>
I'd say the reality is a bit more complex. Many communities use facebook not because they agree with the company's values, but because that's where their people are.
<postables[m]1>
frislie: the unfortunate reality is most people are too ingrained with facebook to either want to leave it, or even be able to leave it
<frislie[m]>
"Facebook account friendship" serves no purpose to protect from Facebook, Facebook can manipulate friendship @ postables
<postables[m]1>
so i think a compromise by making it more easy to respect privacy while using facebook without being dependent on the company behidn facebook is a pretty good idea
<iaaaan[m]>
I agree we need alternatives, but there's also value in making tradeoffs for those who can't leave.
<frislie[m]>
Everyone can leave
<postables[m]1>
frislie: most people just dont care, or don't care enough. if that was the case facebook would've sunk after the data scandals
<frislie[m]>
If they don't care, they wont care about the "deface" application
<postables[m]1>
i would disagree, deface caters to the fact that people don't have to leave facebook they just need to install a browser extension
<postables[m]1>
and as far I know, everyone of the people i had as friends on my facebook account before i deactivated it had a ton of extensions
<postables[m]1>
so you're not really asking them to do much different in their day to day lives
<frislie[m]>
It's lots of levels of software bloat to achieve that goal
null1337 has quit [Ping timeout: 268 seconds]
<frislie[m]>
Let's use Facebook as an object store and implement a whole another platform on top of it!
<frislie[m]>
That's unmaintainable
<frislie[m]>
And silly
null1337 has joined #ipfs
<frislie[m]>
In the context of Facebook, if you inject JavaScript on their website, they can interfere with that JavaScript with JavaScript of their own and subvert the privacy guarantees of Deface
<iaaaan[m]>
That's ok I'm not going to force you to use it haha
<iaaaan[m]>
hmmm content scripts are sandboxed I think.
<frislie[m]>
The user must input the messages somewhere
<iaaaan[m]>
yeah it's in a modal, so that can't be interfered with. Mailvelope developed that solution a while ago
<iaaaan[m]>
the received cleartext is displayed in a sandboxed iframe, same deal
<frislie[m]>
okay, if you're confident about it
<iaaaan[m]>
Of all things that I'm anxious about, it's pretty low on the list
<iaaaan[m]>
I'm more anxious about verification (which postables made some great observations about) and DHT scalability?
<frislie[m]>
I'm not sure how you can do to prevent Facebook itself from snooping in, they have the compute power to retrieve the messages, and you can't raise difficulty high enough else users wont be able to have the messages themselves, on their low power devices
<frislie[m]>
There's no secure authentified channel through which you could transfer data such as keys either
<frislie[m]>
I think you will need to create another centralized authority here
renich has quit [Ping timeout: 255 seconds]
ddahl has joined #ipfs
qtfy has quit [Quit: qtfy]
martinBrown has quit [Remote host closed the connection]
<frislie[m]>
what are some projects that run on top of js-ipfs?
ddahl has quit [Ping timeout: 250 seconds]
null1337 has quit [Ping timeout: 272 seconds]
null1337 has joined #ipfs
<iaaaan[m]>
Super dumb question: can proof-of-work happen during the decryption process? At the end of the day this is not about key exchange or peer-to-peer, so I could ditch the entire DHT system if users could simply post encrypted messages next to their encryption keys and make sure the amount of work necessary to decrypt said message is low enough that a user can access under 10 seconds but high enough that it's economically
<iaaaan[m]>
impractical for Facebook (i.e the amount of resources needed to decrypt is higher than revenue generated with one message).
<iaaaan[m]>
Sorry I'm sure some of my questions are phrased weirdly. This is not my domain of expertise in the first place.
<frislie[m]>
You could encrypt the messages with weak encryption
<frislie[m]>
Bruteforcing the key to weak encryption being the Proof-of-Work
<frislie[m]>
does not really prevent Facebook from doing so as well, but it would at least cost them more money to do so
<Kolonka[m]>
good idea
<iaaaan[m]>
I like that
ddahl has joined #ipfs
<postables[m]>
That's a pretty good idea
<frislie[m]>
I disagree on it being any useful really...... better spend resources on advocating for other social networks such as Matrix, Mastodon or GNUSocial
<frislie[m]>
I understand you're trying to create a solution
<iaaaan[m]>
I understand but I don't think these things are exclusive to each other
<frislie[m]>
But I'd rather not give Facebook users a reason to stay
<frislie[m]>
"oh look we don't need to leave, someone created a solution!"
<frislie[m]>
Just like the guy who's going to collect the plastic island
<frislie[m]>
And people wasting plastic in the street
<frislie[m]>
We need to change our habits with plastic not rely on someone to clean the sea
<iaaaan[m]>
All very good points.
<frislie[m]>
I cut ties with people who require Facebook
<iaaaan[m]>
I think I can do my best advocating for these other platforms while also doing this work of protecting vulnerable communities who benefit from being there. I'll give you two examples: sex workers, and immigrants in precarious visa situations
<frislie[m]>
I require Free/Libre and Open Source Software E2E encrypted application else people can't talk with me
<frislie[m]>
Most people install the apps
<iaaaan[m]>
their networks and often livelihood relies on those mainstream platforms, but they're also targeted by law enforcement in ways that make them vulnerables
<frislie[m]>
Law enforcment using Facebook to prosecute?
<iaaaan[m]>
Alternatives to Facebook are great, I'm honestly a big fan. But you can't deny there's a billion people still using Facebook and I personally feel inclined to help out. I'm an immigrant myself
<postables[m]1>
mastodon and stuff like that are great but lets be realistic, average facebook user is going to install mastodon
<iaaaan[m]>
That doesn't prevent me from also using Mastodon and advocating for it when I can.
ygrek has quit [Ping timeout: 268 seconds]
ctOS has joined #ipfs
user_51 has joined #ipfs
ddahl has quit [Ping timeout: 268 seconds]
<shoku[m]>
postables you mean isn't?
<postables[m]1>
err yes isn't
<shoku[m]>
People use whatever's most convenient for them. It'll take a lot for an average person to not find FB convenient, or to find it less convenient than a federated self-hosted social network
<postables[m]1>
if cambridge analytica, and the other data leaks haven't moved them, i honestly can't think of anything other than something like a new facebook coming out that made people move from myspace
<iaaaan[m]>
which is... Instagram
<postables[m]1>
the irony is that instagram is owned by facebook 😂 pretty sure instagram also suffered a data leak, albeit less significant than cambridge
cygeatwi1 has joined #ipfs
}ls{ has quit [Ping timeout: 250 seconds]
mowcat has quit [Remote host closed the connection]
ddahl has joined #ipfs
}ls{ has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
cygeatwi1 has quit [Ping timeout: 255 seconds]
thomasan_ has joined #ipfs
thomasan_ has quit [Ping timeout: 245 seconds]
ddahl has joined #ipfs
gts has joined #ipfs
grabadax[m] has joined #ipfs
lordcirth has joined #ipfs
gts has quit [Ping timeout: 255 seconds]
ddahl has quit [Ping timeout: 264 seconds]
xcm has quit [Read error: Connection reset by peer]
The_8472 has quit [Ping timeout: 252 seconds]
xcm has joined #ipfs
ddahl has joined #ipfs
psyklax[m] has joined #ipfs
The_8472 has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
psyklax[m] has left #ipfs ["User left"]
BeerHall has joined #ipfs
ddahl has joined #ipfs
thomasan_ has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
thomasan_ has quit [Ping timeout: 264 seconds]
placer14 has quit [Quit: placer14]
ddahl has joined #ipfs
aksuca[m] has joined #ipfs
gts has joined #ipfs
cygeatwi1 has joined #ipfs
The_8472 has quit [Ping timeout: 240 seconds]
ddahl has quit [Ping timeout: 264 seconds]
The_8472 has joined #ipfs
deltab has quit [Ping timeout: 250 seconds]
thomasan_ has joined #ipfs
deltab has joined #ipfs
ddahl has joined #ipfs
thomasan_ has quit [Ping timeout: 268 seconds]
fridim has quit [Ping timeout: 252 seconds]
fridim has joined #ipfs
ddahl has quit [Ping timeout: 268 seconds]
gts has quit [Remote host closed the connection]
gts_ has joined #ipfs
gts__ has joined #ipfs
MrSparkle has quit [Quit: Crono dies]
gts_ has quit [Ping timeout: 246 seconds]
gts__ has quit [Ping timeout: 255 seconds]
ddahl has joined #ipfs
TravisNewman[m] has left #ipfs ["User left"]
ddahl has quit [Ping timeout: 264 seconds]
ctOS has quit [Quit: Connection closed for inactivity]
{zzz}cubemonkey has joined #ipfs
ddahl has joined #ipfs
gts has joined #ipfs
gts_ has joined #ipfs
gts__ has joined #ipfs
gts__ has quit [Remote host closed the connection]
gts has quit [Ping timeout: 250 seconds]
gts has joined #ipfs
gts has quit [Read error: Connection reset by peer]
gts has joined #ipfs
gts__ has joined #ipfs
gts_ has quit [Ping timeout: 250 seconds]
zane has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
gts_ has joined #ipfs
gts___ has joined #ipfs
gts____ has joined #ipfs
gts has quit [Ping timeout: 250 seconds]
ddahl has quit [Ping timeout: 250 seconds]
gts__ has quit [Ping timeout: 246 seconds]
gts_ has quit [Ping timeout: 246 seconds]
gts___ has quit [Ping timeout: 246 seconds]
spinza has quit [Quit: Coyote finally caught up with me...]
plexigras has joined #ipfs
spinza has joined #ipfs
ddahl has joined #ipfs
Pulse2496 has joined #ipfs
Xenguy has quit [Ping timeout: 258 seconds]
Xenguy has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
The_8472 has quit [Ping timeout: 252 seconds]
lordcirth has quit [Ping timeout: 250 seconds]
lordcirth has joined #ipfs
ddahl has joined #ipfs
mischat has joined #ipfs
{zzz}cubemonkey has quit [Read error: Connection reset by peer]
The_8472 has joined #ipfs
cygeatwi1 has quit [Ping timeout: 244 seconds]
ddahl has quit [Ping timeout: 250 seconds]
nighty- has joined #ipfs
mikro2nd has joined #ipfs
ddahl has joined #ipfs
ibornstupid[m] has joined #ipfs
corvinux has joined #ipfs
ddahl has quit [Ping timeout: 252 seconds]
xcm has quit [Remote host closed the connection]
mischat has quit [Remote host closed the connection]
ddahl has joined #ipfs
cygeatwi1 has joined #ipfs
xcm has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
ylp has joined #ipfs
cygeatwi1 has quit [Ping timeout: 258 seconds]
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
vyzo has quit [Quit: Leaving.]
vyzo has joined #ipfs
permalac has quit [Ping timeout: 240 seconds]
ddahl has joined #ipfs
Hory has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
Mateon3 has joined #ipfs
ddahl has joined #ipfs
Mateon1 has quit [Ping timeout: 244 seconds]
Mateon3 is now known as Mateon1
pprok[m] has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
corvinux has quit [Remote host closed the connection]
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
ErikI[m] has joined #ipfs
alphazb has joined #ipfs
mischat has joined #ipfs
yason[m] has joined #ipfs
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
hphs^ has quit [Ping timeout: 245 seconds]
joocain2 has quit [Remote host closed the connection]
chiui has joined #ipfs
joocain2 has joined #ipfs
hphs^ has joined #ipfs
hphs^ has quit [Max SendQ exceeded]
hphs^ has joined #ipfs
hphs^ has quit [Max SendQ exceeded]
hphs^ has joined #ipfs
hphs^ has quit [Max SendQ exceeded]
hphs^ has joined #ipfs
hphs^ has quit [Max SendQ exceeded]
hphs^ has joined #ipfs
hphs^ has quit [Max SendQ exceeded]
alexgr has joined #ipfs
mischat has quit [Ping timeout: 258 seconds]
ddahl has joined #ipfs
matshenricson[m] has joined #ipfs
mischat has joined #ipfs
ddahl has quit [Ping timeout: 268 seconds]
captain_morgan has quit [Remote host closed the connection]
mischat has quit [Ping timeout: 264 seconds]
captain_morgan has joined #ipfs
arader has quit [Read error: Connection reset by peer]
yosafbridge has quit [Quit: Leaving]
spinza has quit [Quit: Coyote finally caught up with me...]
ygrek has joined #ipfs
}ls{ has quit [Quit: real life interrupt]
arader has joined #ipfs
ddahl has joined #ipfs
The_8472 has quit [Ping timeout: 240 seconds]
yosafbridge has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
The_8472 has joined #ipfs
spinza has joined #ipfs
mischat has joined #ipfs
ddahl has joined #ipfs
<Mikaela>
Have you heard of Pixelfed?
spinza has quit [Quit: Coyote finally caught up with me...]
dimitarvp has joined #ipfs
Jay[m]1 has joined #ipfs
pecastro has joined #ipfs
patrl has joined #ipfs
gts____ has quit [Remote host closed the connection]
tombusby has quit [Remote host closed the connection]
fazo has joined #ipfs
tombusby has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
spinza has joined #ipfs
ddahl has joined #ipfs
gts has joined #ipfs
mowcat has joined #ipfs
vmx has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
gts has quit [Ping timeout: 250 seconds]
patrl has quit [Quit: WeeChat 2.3]
The_8472 has quit [Ping timeout: 240 seconds]
The_8472 has joined #ipfs
ddahl has joined #ipfs
nixotron[m] has joined #ipfs
woss_io has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
Pulse2496 has quit [Ping timeout: 258 seconds]
ygrek has quit [Ping timeout: 255 seconds]
ddahl has joined #ipfs
mischat has quit []
nixotron[m] is now known as nuxotron[m]
nuxotron[m] is now known as nixotron[m]
mischat has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
botto[m] has joined #ipfs
thoughtfulonion[ has joined #ipfs
malaclyps has quit [Read error: Connection reset by peer]
placer14 has joined #ipfs
lordcirth has quit [Remote host closed the connection]
malaclyps has joined #ipfs
lordcirth has joined #ipfs
woss_io has quit [Read error: Connection reset by peer]
ddahl has joined #ipfs
henriquev has quit [Quit: Connection closed for inactivity]
ddahl has quit [Ping timeout: 250 seconds]
lidel` has joined #ipfs
lidel has quit [Ping timeout: 246 seconds]
lidel` is now known as lidel
bazeenvitameen is now known as shamb0t
ddahl has joined #ipfs
Pulse2496 has joined #ipfs
lordcirth has quit [Ping timeout: 245 seconds]
ddahl has quit [Ping timeout: 264 seconds]
zeden has joined #ipfs
ddahl has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
patrl has joined #ipfs
mowcat has quit [Remote host closed the connection]
aaleekseej[m] has left #ipfs ["User left"]
xcm has quit [Remote host closed the connection]
ygrek has joined #ipfs
ddahl has joined #ipfs
xcm has joined #ipfs
zeden has quit [Quit: WeeChat 2.3]
zeden has joined #ipfs
mischat_ has joined #ipfs
mischat has quit [Ping timeout: 240 seconds]
mischat_ has quit [Ping timeout: 246 seconds]
gniux has joined #ipfs
gts has joined #ipfs
xcm has quit [Read error: Connection reset by peer]
gts has quit [Ping timeout: 246 seconds]
xcm has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
<Kolonka[m]>
no, but I've heard of the high elves
patrl has quit [Quit: WeeChat 2.3]
fazo has quit [Read error: Connection reset by peer]
fazo_ has joined #ipfs
ddahl has joined #ipfs
gniux has quit [Ping timeout: 255 seconds]
gniux has joined #ipfs
ddahl has quit [Ping timeout: 264 seconds]
ekardnam has quit [Remote host closed the connection]
BeerHall has quit [Quit: BeerHall]
ddahl has joined #ipfs
fazo_ has quit [Quit: fazo_]
fazo has joined #ipfs
xcm has quit [Read error: Connection reset by peer]
mischat has joined #ipfs
xcm has joined #ipfs
ddahl has quit [Ping timeout: 250 seconds]
ddahl has joined #ipfs
mischat_ has joined #ipfs
mischat has quit [Ping timeout: 272 seconds]
mischat_ has quit [Ping timeout: 244 seconds]
ddahl has quit [Ping timeout: 268 seconds]
gniux has quit [Ping timeout: 240 seconds]
mischat has joined #ipfs
mischat has quit [Remote host closed the connection]
mischat has joined #ipfs
mischat_ has joined #ipfs
xdrixxyz[m] has joined #ipfs
Pulse2496 has quit [Ping timeout: 244 seconds]
mischat has quit [Ping timeout: 259 seconds]
ctOS has joined #ipfs
Ai9zO5AP has joined #ipfs
wxd[m] has joined #ipfs
wxd[m] has left #ipfs [#ipfs]
Caterpillar has quit [Quit: You were not made to live as brutes, but to follow virtue and knowledge.]
Caterpillar has joined #ipfs
ylp has quit [Quit: Leaving.]
obensource has quit [Ping timeout: 244 seconds]
<whyrusleeping>
cjd: <3
test215626156278 has joined #ipfs
hello has joined #ipfs
hello has quit [Ping timeout: 256 seconds]
maxzor has joined #ipfs
test215626156278 has left #ipfs ["User left"]
obensource has joined #ipfs
}ls{ has joined #ipfs
cris has quit []
PorcoRosso70 has left #ipfs [#ipfs]
gts has joined #ipfs
Jesin has quit [Quit: Leaving]
Encrypt has quit [Ping timeout: 250 seconds]
gts has quit [Ping timeout: 255 seconds]
mowcat has joined #ipfs
Jesin has joined #ipfs
gts has joined #ipfs
gts has quit [Remote host closed the connection]
geduo[m] has joined #ipfs
mischat_ has quit [Remote host closed the connection]
mischat has joined #ipfs
pprok[m] has left #ipfs ["User left"]
mischat has quit [Ping timeout: 250 seconds]
geduo[m] has left #ipfs ["User left"]
cris_thor has joined #ipfs
cris_thor has quit [Client Quit]
maxzor has quit [Remote host closed the connection]
a186r[m] has joined #ipfs
Hory has quit [Quit: Leaving]
a186r[m] has left #ipfs [#ipfs]
mauz555 has joined #ipfs
ygrek has quit [Ping timeout: 246 seconds]
azrael83[m] has joined #ipfs
johannesch[m] has joined #ipfs
zane has joined #ipfs
cris_thor has joined #ipfs
cris_thor has quit [Client Quit]
cris has joined #ipfs
mauz555 has quit []
thomasan_ has joined #ipfs
nighty- has quit [Quit: Disappears in a puff of smoke]
nighty- has joined #ipfs
mowcat has quit [Remote host closed the connection]
chiui has quit [Ping timeout: 246 seconds]
dqx has quit [Ping timeout: 244 seconds]
vmx has quit [Remote host closed the connection]
mischat has joined #ipfs
fazo has quit [Quit: fazo]
gts has joined #ipfs
mischat has quit [Ping timeout: 264 seconds]
maxzor has joined #ipfs
dqx has joined #ipfs
gts has quit [Ping timeout: 240 seconds]
kuxhiduv[m] has joined #ipfs
gts has joined #ipfs
dqx has quit [Remote host closed the connection]
dqx has joined #ipfs
ygrek has joined #ipfs
dqx has quit [Ping timeout: 246 seconds]
dqx has joined #ipfs
Sisyphe[m] has joined #ipfs
nonono has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
thomasan_ has joined #ipfs
MikeFair has joined #ipfs
mischat has joined #ipfs
Fessus has quit [Quit: Leaving]
<MikeFair>
Has anyone explored the idea of creating an IPFS user id concept yet? I'm looking to store some concept of a user id/profile as an IPFS CID and wondering if anyone has thought about the requirements/implications yet?
mischat has quit [Ping timeout: 245 seconds]
mikro2nd has quit [Ping timeout: 268 seconds]
<MikeFair>
Some kind of IPNS pointer is the closest thing I can come up with that is within what IPFS already can do; but it seems like that isn't enough because there's no way to change out the secret key without changing the public IPNS key id
<MikeFair>
aschmahmann[m]: Yeah, this is wher ethe break down happens: "Updating the DDO could be done manually by updating the DDO/DID Document and re-publishing to the IPNS namespace controlled by the public key."
<aschmahmann[m]>
However, the problem of key compromise is at a high level kind of inevitable since there's no other way to prove that a user A owns their profile P_A other than with some authentication mechanism. If that authentication mechanism is cryptographic and gets compromised you're going to have a bad time
<MikeFair>
aschmahmann[m]: I have a decent solution (or at least inspiration for a solution) but it requires an upgrade to IPNS
<aschmahmann[m]>
MikeFair: There are a number of issues in that repo addressing those concerns, but mostly they boil down to having a tiered approach to your keys some of which will have better protection then others (e.g. threshold signature schemes). But they do require an upgrade to IPNS. See https://github.com/ipfs-shipyard/pm-idm/issues/2#issuecomment-451032749
<aschmahmann[m]>
MikeFair: Would be happy to hear your suggestion, either over IRC or as an issue posted in the IDM repo
<MikeFair>
Essentially we need to be able to change out the secret key that can be used to update an IPNS address (and ideally support an N of M change authorization mechanism)
<MikeFair>
My experiment at the moment is to use a blockchain to handle the identity/profile management; and metadata in that blockchain to point at dat inside IPFS
<MikeFair>
Currently I use the "Stellar" network; mostly because it's the one I know, and I like consensus algorithms
<aschmahmann[m]>
sure, but that's only part of the problem. If you use a threshold signature scheme (as opposed to Shamir secret sharing which would be less secure) then you can't update your own profile. If you have a tiered approach as mentioned in that issue you can get the best of both worlds (you can update your own keys, but recover them if your key is compromised).
<MikeFair>
So in Stellar you create a keypair much like IPNS; but there is a concept of a set of signers on the new account object that can be changed and scored
<aschmahmann[m]>
That's not a bad solution and you might want to check out uPort
<aschmahmann[m]>
or Sovrin
<MikeFair>
I haven't read the tiered approach scheme yet; but the problem I'd see is that identity proofs can't boil down to ownership of a private key; it needs to be more human based than that
<MikeFair>
Obviously everything has its problems; but I think Web of trust based consesnsus is likely the most viable technique
<MikeFair>
The attack situation I'm looking at is my private key has been compromised, and the attacker used the private key to change out the signing key; effectively locking me out of the account
<aschmahmann[m]>
Sure, but it's much more painful to use then a private key when everything is going right. If you use your Web of trust, threshold signatures, etc. to certify your private key then you can revoke it whenever it's been compromised
<MikeFair>
We both are attempting to claim usage "SomeNetworkID"
<MikeFair>
aschmahmann[m]: well the revocation process is the question; how do you get permissoin to revoke a key?
<MikeFair>
err authorization
<MikeFair>
Part of me is thinking we ought to use some kind of "Peer Conensus" mechanism; Like I tell a bunch of folks my key has been compromised; they post a "Lack of trust" message to the network and post a new replacement key; when the "Lack of trust" score crosses some threshhold, hte new key wins
<MikeFair>
I have to prove my identity to these people; which might include a video conference, fingerprinting, retina scan, voice authorization... something really hard that focuses on who/what I am
<aschmahmann[m]>
for example your DID has a network ID that is only updateable by a group of your peers (like the schemes mentioned above). However, it also contains a pointer that says check out this public key for more info. Under regular use you use your private key to update that secondary profile. If it gets compromised then I go ask my friends to certify an update to the primary profile saying the secondary profile now has a fresh
<aschmahmann[m]>
new key.
<MikeFair>
right, something like thta
azrael83[m] has left #ipfs ["User left"]
<MikeFair>
though I personally think my friends are too busy/lazy/ignorant for the scheme to work "as described"; but there's a good core concept in there somewhere
<MikeFair>
the distributed set of friends are using a Shamir strategy to protect that secre t key
<aschmahmann[m]>
That's why you don't use your friends unless you've been compromised. Facebook btw has an M of N scheme implemented
<MikeFair>
no, what I mean is my friends won't be reliable enough to help me recover the account
grumble is now known as `-_-`grumble
<aschmahmann[m]>
Shamir is ok for encryption keys, not as good as threshold signatures for signature keys
<aschmahmann[m]>
since with secret sharing you have to assemble the full key on your device which can lead to compromise
* MikeFair
nods. "Agreed"
<MikeFair>
Right, I forgot we're "upgrading" the system to enable N of M processing
<MikeFair>
In IPNS pointer land, there is only a single solitary key atm
<MikeFair>
I think I could see some kind of atuomated bot network doing voice authorization and facial recognition via video conferencing with an echo service
<aschmahmann[m]>
The single entry is not inherently the problem, you could use a threshold signature scheme that is designed to correspond to a single public key.
gts has quit [Remote host closed the connection]
<MikeFair>
I wonder how dangerous it is if the neural recognition network was stored in IPFS/IPLD
<MikeFair>
aschmahmann[m]: But not if you intend to use validate the signing using the private key paired to that key..... otherwise that public key is really just an opaque identifier and any value can be used (which is great it's just no longer a "key" at that point)
Adbray has quit [Read error: Connection reset by peer]
<aschmahmann[m]>
MikeFair: imagine that you have 5 friends who when they all sign the same message results in a message that is verified by a single public key.
<MikeFair>
aschmahmann[m]: To make sure we're talking about the same problem with the single key approach; the issue is the private key has to be assembled in one place to sign the IPNS update record
<MikeFair>
aschmahmann[m]: I'm not sure how you can do that
<MikeFair>
aschmahmann[m]: You can test 5 signatures, and validate each of those independently; but how to combine something signed 5 times to validate against some other arbitrary keypair I can't see
<MikeFair>
Sin't this what we're looking to avoid: "the corresponding private key is shared among the participating parties"
<aschmahmann[m]>
the private key can be "fragmented" among people as long as it's not required to be assembled on one node to do the signature.
<aschmahmann[m]>
anyhow, I think we've clogged up #ipfs long enough. feel free to DM me
ctOS has quit [Quit: Connection closed for inactivity]
<MikeFair>
postables[m]: Is IPFS daemon running?
<postables[m]1>
yep
<postables[m]1>
probably somethign to do with corrupted data from this datastore plugin
anzaika[m] has joined #ipfs
<postables[m]1>
scrapped `$IPFS_PATH/blocks` and `$IPFS_PATH/datastore` and its working now
<postables[m]1>
will need to figure out how the data became corrupted in the first place though
azy_ has joined #ipfs
mateusbs17 is now known as mateusbs17|afk
<shoku[m]>
Kind of off topic, but we're trying to pick a good open source javascript editor we can use inside a page, fully offline
<shoku[m]>
The use case is to write something in this editor (embedded in the page) and then save it to html
<shoku[m]>
Any recommendations?
thomasan_ has quit [Remote host closed the connection]
Encrypt has joined #ipfs
thomasan_ has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
thomasan_ has joined #ipfs
TravisJames[m] has joined #ipfs
<MikeFair>
shoku: I don't know if I follow; "completely offline" -- do mean "stays local in the browser"?
xcm has quit [Remote host closed the connection]
xcm has joined #ipfs
ctOS has joined #ipfs
easyKL has joined #ipfs
thomasan_ has quit [Remote host closed the connection]
<postables[m]1>
I've decided to become the scape goat, anyone know where i can acquire malware/ransomware to test if ipfs will shit bricks when adding them?
markg85 has joined #ipfs
Taoki has quit [Ping timeout: 246 seconds]
<aschmahmann[m]>
real malware or things that random AVs will flag (like metasploit)
<postables[m]1>
ideally something that would attempt to compromise my entire system
<aschmahmann[m]>
well uploading a binary isn't going to do anything malicious itself, something needs to execute code no?
<shoku>
MikeFair Yeah I meant completely local in the browser
<aschmahmann[m]>
it might trigger firewalls, AVs, etc. but it won't brick you or anything unless it can exploit something into executing it (like malware that uses AV exploits to autolaunch itself)
<TimMc>
postables[m]1: As a start, you can grad the EICAR test string, which may or may not trigger something.
<TimMc>
You can probably find some viruses in your spam folder, too. :-)
<MikeFair>
postables[m]: when you add them to what? I see no reason IPFS is going to even care/notice what you upload
<postables[m]1>
well im mostly worried about someone giving a malicious zip file, and during the unzipping of it, whether or not something happens, and then subsequently adding to IPFS if something happens
<postables[m]1>
MikeFair: adding to IPFS could maybe introduce an unexpected result
<MikeFair>
postables[m]: What are you attempting to test? IPFS will happily let you distribute whatever evil malware or skynet apocalypse causing binary content you wish
<postables[m]1>
MikeFair: whether or not inadvertently processing a malicious file with IPFS would lead to some unexpected code execution
<MikeFair>
postables[m]: IPFS is content agnostic; it doesn't inspect the content
gts has quit [Ping timeout: 255 seconds]
<MikeFair>
postables[m]: You may get some unexpected behavior; but it won't come from IPFS proper
<postables[m]1>
MikeFair: again, unless someone has actually tried it and made public the results there could be unexpected results
thomasan_ has joined #ipfs
<postables[m]1>
so rather than just waiting for someone to upload malicious content to my node, i'd rather preempt that by trying it myself and seeing if anyhting happens
<MikeFair>
postables[m]: What you're asking is kind of the equivalent "I want to see if my web server blows if I use it to transfer a virus file"
<postables[m]1>
MikeFair: i would disagree. transferring a file to a web server does not equate to the processing done by IPFS
<DarkDrgn2k[m]>
<freenode_Mik "postables#1337: What you're aski"> some virus...
<MikeFair>
postables[m]: Umm, how is it different? IPFS chunks up the data, hashes it, and stores the chunks
<MikeFair>
postables[m]: Web Server chunks up the data, doesn't hash it, and transfers the chunks
<MikeFair>
neither "inspect" the data
<MikeFair>
they don't care what it is
<postables[m]1>
im not saying it cares what it is, i'm saying that the processing of a file with IPFS is largely different than the processing of a file by a web server. Processing this file could have bugs in the workflow, or something unintended that might lead to unexpected code execution. I don't see why that's a bad thng to be concerned about 🤷
<MikeFair>
Maybe in IPLD I could see some kind of bug; because that does actually read the data
<MikeFair>
postables[m]: I'm not seeing how the two are any different other than running the hash algo on the data
<postables[m]1>
i mean adding a file generates a merkle-dag so that would effectively be the same thing no?
<postables[m]1>
especially adding a directory
<MikeFair>
no
<MikeFair>
the merkle-dag is built on chunk size
thomasan_ has quit [Ping timeout: 250 seconds]
<MikeFair>
same as splitting the file data up into packets
<MikeFair>
at no point in time is the content "intepretted"
<MikeFair>
that's the distinction
<aschmahmann[m]>
I'm not thinking off the top of my head of any good stuff to play with, but there are plenty of tools out there with some googling. AVs on Windows throw a hissy fit if you put cain+able or mimikatz anywhere near them,
<MikeFair>
Like I was saying; you can make a machine throw a hissy fit; the hissy fit just won't come from IPFS
<MikeFair>
expect perhaps in IPLD land
<postables[m]1>
aschmahmann: hmm i suppose i could find some kind of experimental code on github and infect a file myself
<MikeFair>
or trying to use some random as an IPNS key or something else really odd; but not simply adding data to the DAG
<MikeFair>
postables[m]: The content you add doesn't even need to be valid code or follow any kind of structure
<MikeFair>
it doesn't actually process the file by looking at its content; it simply counts bytes and breaks it up
<TimMc>
postables[m]1: I don't think you're likely to find any kind of code execution issues, per se, but you might find that the AV software does something nasty to your IPFS daemon. :-)
<aschmahmann[m]>
Norton Antivirus, the worst virus to plague PC-kind
<TimMc>
The much bigger risk in this space, honestly, is *having* AV software. The internal attack surface in an AV engine is massive.
<TimMc>
I'm not ready to say "don't use AV" but they're kind of notorious for being exploitable.
<TimMc>
So one question is: In normal operation, does IPFS end up writing arbitrary chunks to disk that an AV might stumble across and self-own on?
xcm has quit [Ping timeout: 240 seconds]
<TimMc>
(I don't think so? But that's what I would look for.)
xcm has joined #ipfs
<MikeFair>
TimMc: Agreed, but that's an entirely different question that what postables[m] was testing for
<MikeFair>
and very AV system specific
<MikeFair>
I see no reason CID blocks being written to the local storage cache wouldn't be scanned by a real-time AV system
<MikeFair>
I can't recall if IPFS is encrypting those files or not
<MikeFair>
(the encryption would obscure the AV analysis)
<MikeFair>
And certainly any file you requested from IPFS would be scanned and "detected"
<aschmahmann[m]>
postables: here's a whole bunch of malware for you. don't run it all at once 😃 https://github.com/ytisf/theZoo
<TimMc>
oh nice
thomasan_ has joined #ipfs
mcgriff has joined #ipfs
<postables[m]1>
MikeFair: no encryption is done i believe
<postables[m]1>
aschmahmann: nice thanks
<aschmahmann[m]>
np
lordcirth has joined #ipfs
<MikeFair>
postables[m]: I didn't think so
xcm has quit [Remote host closed the connection]
xcm has joined #ipfs
mischat has quit []
mischat has joined #ipfs
<Mikaela>
Why IPFS swarm doesn't listen/announce on IPv6 link-local addresses? Are they still used if there are two nodes on same network?
<postables[m]>
it should, unless you've explicitly removed them from your config
<Mikaela>
I have only removed 0.0.0.0 and enabled quic comparing to https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#addresses , but I only see "Swarm announcing" lines for my IPv6 addresses exlucind link-local, Cjdns and Yggdrasil and quics for those, no fe80::...
<postables[m]>
hmm strange
<postables[m]>
oh you mention you see the IPv6 addresses? i think your cjdns yggdrasil and link-local might need to be added
Mikaela- has joined #ipfs
<postables[m]>
oh you mention you see the IPv6 addresses? i think your cjdns yggdrasil and link-local might need to be added explicitly
<postables[m]>
not sure if those are covered by default announce rules
<Mikaela->
markg85: it is accessible from the local network and I think there should be a listener on them in case there are multiple IPFS nodes in the same network
spinza has quit [Quit: Coyote finally caught up with me...]
JR[m] has joined #ipfs
easyKL has quit [Ping timeout: 245 seconds]
lazToum[m] has joined #ipfs
easyKL has joined #ipfs
spinza has joined #ipfs
mischat has quit [Remote host closed the connection]