Open Problem: Preserve full users' privacy when providing and fetching Content#5
Open Problem: Preserve full users' privacy when providing and fetching Content#5
Conversation
daviddias
changed the title
|
Do not forget to link to: |
|
@yiannisbot, @jsoares, @miyazono Can I ask you to review this Open Problem statement for me? Please check for: language, completeness (missing conversations that should be linked, requirements/constraints and anything else that you see fit). Thank you! |
jsoares
left a comment
jsoares
left a comment
There was a problem hiding this comment.
Mostly language fixes but beware some content questions.
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
|
|
||
| Creating a separate IPFS Network will ensure that only member nodes can access the content within that network. | ||
|
|
||
| - [libp2p-pnet](https://github.com/libp2p/specs/blob/master/pnet/Private-Networks-PSK-V1.md) takes that one step forward and creates a protection using a pre-shared key. This means that only the owners of that key can join this network (to prevent from mistakenly joining two networks and making all data accessible). |
There was a problem hiding this comment.
@jacobheun I'm a terrible person and somehow I forgot to add the url when you sent it to me and now I can't find it again :( Could you send it to me again 🙏🏽 thank you!
|
|
||
| ##### Capability Systems / Cryptographic ACLs | ||
|
|
||
| - [peer-base cryptographic ACLs](https://github.com/peer-base/peer-base) - These are used by [PeerPad](https://peerpad.net). For each user, a Public/Private key pair is generated. Every time a user wants to make a modification, the user signs that modification and encrypts it with a symmetric room key so that only owners of the symmetric key can change and only changes from valid peers are accepted. |
There was a problem hiding this comment.
- link to video Demo from @pgte in showcasing PeerPad ACL
There was a problem hiding this comment.
Also related, include https://www.youtube.com/watch?v=yc10xRifTmQ&feature=youtu.be
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
|
@gpestana you are deeply passionate about this topic. Would you mind giving a review to this Open Problem statement and advise in case there is: literature missing that you know about, other conversations, good articles/talks that introduce the problem and a review to what we should be looking for when it comes to a sound solution? Thank you so much in advance! |
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
gpestana
left a comment
gpestana
left a comment
There was a problem hiding this comment.
Great work, I'm excited to see this going forward!
| - [SoK: Secure Messaging](https://ieeexplore.ieee.org/document/7163029) | ||
| - [Talek: a Private Publish-Subscribe Protocol](https://raymondcheng.net/download/papers/talek-tr.pdf) | ||
| - [Ricochet](https://github.com/ricochet-im/ricochet/blob/master/doc/protocol.md) | ||
| - Content Routing |
There was a problem hiding this comment.
- ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies (https://dl.acm.org/citation.cfm?id=1653683)
| - Solutions that are more resistant (not fully resistent) typically trade off bandwidth + memory for creating that protection (e.g. creating noise in the network to make it hard to distinguish valid from dummy traffic) | ||
| - Lack of data encryption at rest | ||
| - Lack of complete authorization + revocation | ||
|
|
There was a problem hiding this comment.
-
Some of the solutions (e.g. OctopusDHT) rely on centralised certificate authorities for reputation management
-
How to measure privacy? (old but gold)
* Initial input * Background Update * Related works update. * Update PRESERVE_USER_PRIVACY.md * Update PRESERVE_USER_PRIVACY.md
Co-Authored-By: Jorge Soares <mail@jorgesoares.org>
daviddias
changed the title
|
I went through each comment and incorporated them into the main document. Thank you all so much for your reviews and contributions. I'll take this opportunity to merge this PR and declare. it as the first documented Open Problem for IPFS (and also one of the most important to solve!) Research RFPs to follow soon :) |
4 participants
No description provided.