Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Scuttlebutt or how to exit facebook and start coding your first web 3.0 social network

18 views

Published on

SSB (aka SecureScuttleButt) it's a gossip-based web 3.0 protocol that allows developers to write off-grid/serverless P2P social networks that can even fall back to sneakernet and be useful in places where your Facebook profile is just a 404 page. In this talk, we will go through the basics of creating a basic SSB-based application and start sharing our posts without feeding the data-silos of the social giant.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Scuttlebutt or how to exit facebook and start coding your first web 3.0 social network

  1. 1. SSB - SECURE Scuttlebutt how to exit Facebook and start coding your first web 3.0 social network Alessandro Confetti November 13th, 2019
  2. 2. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 2 Are you often off-line? (no internet) Are your friend as “eccentric” as you? Are you a fan of Decentralized Web? Do you live on a self-steering sailboat? Dominic Tarr antipodean wandering albatross a Node.js developer with more than 600 modules published on npm
  3. 3. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 3
  4. 4. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 4Courtesy of https://www.scuttlebutt.nz SSBTechStack&GitHubrepositories • apps • ssbc/Patchwork • Manyverse • git-ssb • dnssb • […] • ssbc/ssb-server • ssbc/secret-stack • ssbc/muxrpc • packet-stream-codec • ssbc/multiserver • net • simple-http-server (shs) • websockets (ws) • buffer-type (bt) • ssbc/ssb-keys (asymmetric crypto keypair) • ssbc/ssb-db • flumedb • flumelog-offset • flumelog-memory • flumeview-query • flumeview-level • flumeview-reduce • flumeview-hashtable • flumeview-search
  5. 5. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 5 Patchw ork
  6. 6. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 6 M anyverse
  7. 7. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 7 M ithril
  8. 8. HOW TO INSTALL SSB-SERVER 8 # install nvm & node 10 $ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.1/install.sh | bash $ nvm install lts/dubnium $ nvm use lts/dubnium # install ssb-server $ npm install -g ssb-server # start server $ ssb-server start # show user id $ sbot whoami Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  9. 9. 9 Alessandro Confetti - November 13th 2019 – Codemotion, Berlin Credit - Robert Ng
  10. 10. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 10
  11. 11. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin The Guardian - Sat 19 Oct 2019 05.48 BST The Guardian - Sat 19 Oct 2019 05.48 BST 11
  12. 12. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 12
  13. 13. 13 Alessandro Confetti - November 13th 2019 – Codemotion, Berlin Credit - Getty Images / Sandra Montanez / Staff
  14. 14. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 14
  15. 15. 15 Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  16. 16. 16 Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  17. 17. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 17 • PRISM = Faceboogle = Most web- based social network services including Facebook, Human Connection, Google+ etc • Jab = XMPP-based open source federation projects such as BuddyCloud, movim • SVPN = SocialVPN, an XMPP-based tool that establishes virtual private networks among friends • FSW = Federated Social Web projects like Diaspora, Friendica and several more • S@T = isolated server-based installations operated in trustworthy manner using a Tor hidden service • SSB = Secure Scuttlebutt over Tor • RS = RetroShare • RS@T = RetroShare over Tor • NW = Nightweb over I2P. S = stands for secushare's current status. Courtesy of secushare.org • ✓ • ⊕ • ⊝ • ✗ • ✖ • ⊙ • –– provided likely, possibly, planned, optional partial, provided in a suboptimal way or planned for later unlikely, optional but underused, feasible but not available requires special trust in the provider of the service¹ we don't know not provided
  18. 18. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin 18Courtesy of secushare.org • Link Encryption: Without it, anyone operating your DSL router, local network, your Internet connection, the Internet backbone or anyone hacking into any of the involved machines can read in on your activity. • Forward Secrecy: Traffic between endpoints cannot be decrypted at some later point in time if access to the private key was gained […]. • E2E Encryption goes seamlessly from one person to the other person, end-to-end […]. • No Strangers: Most offerings require you to trust a company and the jurisdictions it operates in and to give it most or all of your data exchanged with friends […]. • Secret Friends: The additional privacy of keeping the information of who is your friend secret from companies and other complete strangers. You only want your friends to know, and maybe isolate some groups of friends from each other […]. • Unobservability: Traffic does not allow an observer to understand what kind of content is being sent. • Untraceability: Traffic does not allow an observer to understand who is talking to whom (also known as metadata protection). Untraceability and Unobservability may be considered pointless if you are trusting strangers in the first place […]. • Post Deniability: Do we like that things we said in a comment or status update can be used against us? […]. • Lightweight: To be of maximum use the technology implementing such essential jobs should be a part of the operating system or close to it, not require large language engines […] and also not require an entire web browser to be running all the time. […]. By lightweight we also mean not having heavy duty obligations towards the network like needing to operate a DHT instead of using it remotely. […]. • Group Encryption: The strategy of sharing a group encryption key with all participants of a distribution context and occasionally refresh it, especially when a person leaves the group (or unfriends a person). […]. • Distribution: Efficient delivery to a large number of recipients. […]. • Relay Backbone: Servers are nasty if they know everything about you, but relays are nice when they know nothing, but do everything for you. […]. • Usability: Web-based offerings require users to maintain a password safely. Federation-based systems additionally require you to deal with domain names and server addresses. XMPP has the additional problem of not supporting encrypted contents and cryptographic authentication by default. […]. • Features: Does the offering actually provide social network services or is it just primarily a social framework that needs further work? SSBfeatures
  19. 19. …The original idea was to make the internet just super bare bones. So the initial internet had no representation of people. There was no membership concept. There was no identity concept. There was no sense of authentication. There was certainly no implementation of commerce solutions. There was nothing. It was just very, very raw… 19 Jaron Lanier - We need to have an honest talk about our data [Wired 2018] Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  20. 20. The5ParadoxesoftheInternet 20 1 Available everywhere but stored in very few places 2 Easy to find only if they remain in the same place 3 Easy to search but hard to catalog 4 Cheap to duplicate but costly to attribute 5 Both storage and access are encoded Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  21. 21. Are we building the internet for future generations? 21 Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
  22. 22. $ tail -f questions 22 Alessandro Confetti aconfet@thoughtworks.com twitter @zigolab blog http://blog.zigolab.it

×