[liberationtech] Have any of you ever used Scuttlebot?

[John Ohno]

I have used scuttlebutt for a few years. Unfortunately, in the past month
or two, I've found the clients a lot less reliable, so I haven't been on
very much.

SSB has an interesting culture. The developers are very concerned with the
social ramifications of offline-first & truly-peer-to-peer communication,
and are seriously discussing (and making technical decisions about) the
kinds of media theory issues that get only idly discussed on the fediverse
(and almost not at all in centralized social networks). For instance, SSB
functionally has transitive blocking, & this lowers the moderation load on
individuals, who are simply inaccessible if the number of hops between
connections is too high.

I don't know how good SSB's *privacy* features are. From what I can tell,
they aren't very concerned with that, as compared to anti-falsification
(which is functionally just necessarily for good p2p in an offline-first
setting). There are private message systems, but I haven't used them (let
alone security-audited them).

Fully independent implementations are under development, but they're
difficult because the protocol as defined involves cryptographically
signing sections of regular JSON -- which, of course, has no defined order
for objects. This means that in practice, the SSB protocol is not standard
JSON plus signatures, but the entire set of nodejs JSON serialization
quirks. In order to implement it in another language, you have to duplicate
exactly the ordering produced by nodejs, or else old messages will not be
interpreted as valid by your implementation and the messages produced by
your implementation will not be interpreted as valid by competing
implementations. Ultimately, this means that if you want a full-featured
SSB client, you're stuck with an electron app (with all the attendant bloat
and memory leaks).

On Mon, Apr 20, 2020 at 2:52 AM Daniel Bosk <dbosk at kth.se> wrote:

> No:
>
>   https://ieeexplore.ieee.org/abstract/document/6197506
>
> One must design it carefully. But if done right, it's really nice.
>
>         Daniel
>
> On Sun 19 Apr 2020 01:24:02 GMT, Yosem Companys wrote:
> > P.S. Is P2P inherently more or less secure than the alternative?
> --
> Liberationtech is public & archives are searchable from any major
> commercial search engine. Violations of list guidelines will get you
> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> change to digest mode, or change password by emailing
> lt-owner at lists.liberationtech.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200420/fc9fe224/attachment.html>