SSB (aka SecureScuttleButt) it's a gossip-based web 3.0 protocol that allows developers to write off-grid/serverless P2P social networks that can even fall back to sneakernet and be useful in places where your Facebook profile is just a 404 page. In this talk, we will go through the basics of creating a basic SSB-based application and start sharing our posts without feeding the data-silos of the social giant.

1. SSB - SECURE Scuttlebutt
how to exit Facebook and start coding your first web 3.0 social network
Alessandro Confetti
November 13th, 2019

2. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
2
Are you often off-line? (no internet)
Are your friend as “eccentric” as you?
Are you a fan of Decentralized Web?
Do you live on a self-steering sailboat?
Dominic Tarr
antipodean wandering albatross
a Node.js developer with more than
600 modules published on npm

3. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
3

4. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
4Courtesy of https://www.scuttlebutt.nz
SSBTechStack&GitHubrepositories
• apps
• ssbc/Patchwork
• Manyverse
• git-ssb
• dnssb
• […]
• ssbc/ssb-server
• ssbc/secret-stack
• ssbc/muxrpc
• packet-stream-codec
• ssbc/multiserver
• net
• simple-http-server (shs)
• websockets (ws)
• buffer-type (bt)
• ssbc/ssb-keys (asymmetric crypto keypair)
• ssbc/ssb-db
• flumedb
• flumelog-offset
• flumelog-memory
• flumeview-query
• flumeview-level
• flumeview-reduce
• flumeview-hashtable
• flumeview-search

5. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
5
Patchw
ork

6. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
6
M
anyverse

7. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
7
M
ithril

8. HOW TO INSTALL SSB-SERVER
8
# install nvm & node 10
$ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.1/install.sh
| bash
$ nvm install lts/dubnium
$ nvm use lts/dubnium
# install ssb-server
$ npm install -g ssb-server
# start server
$ ssb-server start
# show user id
$ sbot whoami
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

9. 9
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin Credit - Robert Ng

10. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
10

11. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
The Guardian - Sat 19 Oct 2019 05.48 BST
The Guardian - Sat 19 Oct 2019 05.48 BST
11

12. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
12

13. 13
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin Credit - Getty Images / Sandra Montanez / Staff

14. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
14

15. 15
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

16. 16
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

17. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
17
• PRISM = Faceboogle = Most web-
based social network services
including Facebook, Human
Connection, Google+ etc
• Jab = XMPP-based open source
federation projects such as
BuddyCloud, movim
• SVPN = SocialVPN, an XMPP-based
tool that establishes virtual private
networks among friends
• FSW = Federated Social Web projects
like Diaspora, Friendica and several
more
• S@T = isolated server-based
installations operated in trustworthy
manner using a Tor hidden service
• SSB = Secure Scuttlebutt over Tor
• RS = RetroShare
• RS@T = RetroShare over Tor
• NW = Nightweb over I2P. S = stands
for secushare's current status.
Courtesy of secushare.org
• ✓
• ⊕
• ⊝
• ✗
• ✖
• ⊙
• ––
provided
likely, possibly, planned, optional
partial, provided in a suboptimal
way or planned for later
unlikely, optional but underused,
feasible but not available
requires special trust in the
provider of the service¹
we don't know
not provided

18. Alessandro Confetti - November 13th 2019 – Codemotion, Berlin
18Courtesy of secushare.org
• Link Encryption: Without it, anyone operating your
DSL router, local network, your Internet connection, the
Internet backbone or anyone hacking into any of the
involved machines can read in on your activity.
• Forward Secrecy: Traffic between endpoints cannot be
decrypted at some later point in time if access to the
private key was gained […].
• E2E Encryption goes seamlessly from one person to
the other person, end-to-end […].
• No Strangers: Most offerings require you to trust a
company and the jurisdictions it operates in and to give
it most or all of your data exchanged with friends […].
• Secret Friends: The additional privacy of keeping the
information of who is your friend secret from
companies and other complete strangers. You only
want your friends to know, and maybe isolate some
groups of friends from each other […].
• Unobservability: Traffic does not allow an observer to
understand what kind of content is being sent.
• Untraceability: Traffic does not allow an observer to
understand who is talking to whom (also known as
metadata protection). Untraceability and
Unobservability may be considered pointless if you are
trusting strangers in the first place […].
• Post Deniability: Do we like that things we said in a
comment or status update can be used against us? […].
• Lightweight: To be of maximum use the technology
implementing such essential jobs should be a part of
the operating system or close to it, not require large
language engines […] and also not require an entire web
browser to be running all the time. […]. By lightweight
we also mean not having heavy duty obligations
towards the network like needing to operate a DHT
instead of using it remotely. […].
• Group Encryption: The strategy of sharing a group
encryption key with all participants of a distribution
context and occasionally refresh it, especially when a
person leaves the group (or unfriends a person). […].
• Distribution: Efficient delivery to a large number of
recipients. […].
• Relay Backbone: Servers are nasty if they know
everything about you, but relays are nice when they
know nothing, but do everything for you. […].
• Usability: Web-based offerings require users to
maintain a password safely. Federation-based systems
additionally require you to deal with domain names and
server addresses. XMPP has the additional problem of
not supporting encrypted contents and cryptographic
authentication by default. […].
• Features: Does the offering actually provide social
network services or is it just primarily a social
framework that needs further work?
SSBfeatures

19. …The original idea was to make the internet just super
bare bones. So the initial internet had no representation
of people. There was no membership concept. There was
no identity concept. There was no sense of authentication.
There was certainly no implementation of commerce
solutions. There was nothing. It was just very, very raw…
19
Jaron Lanier - We need to have an honest talk about our data [Wired 2018]
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

20. The5ParadoxesoftheInternet
20
1
Available
everywhere
but stored in
very few
places
2
Easy to find
only if
they remain
in the same
place
3
Easy to
search
but hard
to catalog
4
Cheap to
duplicate
but costly to
attribute
5
Both storage
and access
are encoded
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

21. Are we building the internet
for future generations?
21
Alessandro Confetti - November 13th 2019 – Codemotion, Berlin

22. $ tail -f questions
22
Alessandro Confetti
aconfet@thoughtworks.com
twitter @zigolab
blog http://blog.zigolab.it