diff options
Diffstat (limited to 'site/gossamer/mistakes/index.html')
| -rw-r--r-- | site/gossamer/mistakes/index.html | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/site/gossamer/mistakes/index.html b/site/gossamer/mistakes/index.html new file mode 100644 index 0000000..7bff282 --- /dev/null +++ b/site/gossamer/mistakes/index.html @@ -0,0 +1,231 @@ +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + + + <link rel="shortcut icon" href="../../img/favicon.ico"> + <title>Design Mistakes - The Grimoire</title> + <link href="../../css/bootstrap-custom.min.css" rel="stylesheet"> + <link href="../../css/font-awesome.min.css" rel="stylesheet"> + <link href="../../css/base.css" rel="stylesheet"> + <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css"> + <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> + <!--[if lt IE 9]> + <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> + <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> + <![endif]--> + + <script src="../../js/jquery-1.10.2.min.js" defer></script> + <script src="../../js/bootstrap-3.0.3.min.js" defer></script> + <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script> + <script>hljs.initHighlightingOnLoad();</script> + </head> + + <body> + + <div class="navbar navbar-default navbar-fixed-top" role="navigation"> + <div class="container"> + + <!-- Collapsed navigation --> + <div class="navbar-header"> + <!-- Expander button --> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="../..">The Grimoire</a> + </div> + + <!-- Expanded navigation --> + <div class="navbar-collapse collapse"> + <!-- Main navigation --> + <ul class="nav navbar-nav"> + <li > + <a href="../..">Owen Jacobson</a> + </li> + <li > + <a href="../../code/">Code</a> + </li> + <li > + <a href="../../nomic/">Nomic</a> + </li> + </ul> + + <ul class="nav navbar-nav navbar-right"> + <li> + <a href="#" data-toggle="modal" data-target="#mkdocs_search_modal"> + <i class="fa fa-search"></i> Search + </a> + </li> + <li> + <a href="https://github.com/grimoire-ca/bliki/edit/master/docs/gossamer/mistakes.md"><i class="fa fa-github"></i> Edit on GitHub</a> + </li> + </ul> + </div> + </div> + </div> + + <div class="container"> + <div class="col-md-3"><div class="bs-sidebar hidden-print affix well" role="complementary"> + <ul class="nav bs-sidenav"> + <li class="main active"><a href="#design-mistakes">Design Mistakes</a></li> + <li><a href="#is-gossamer-up">Is Gossamer Up?</a></li> + <li><a href="#protected-feeds-who-needs-those">Protected Feeds? Who Needs Those?</a></li> + <li><a href="#ddos-as-a-service">DDOS As A Service</a></li> + <li><a href="#passive-nodes-matter">Passive Nodes Matter</a></li> + <li><a href="#traffic-analysis">Traffic Analysis</a></li> + </ul> +</div></div> + <div class="col-md-9" role="main"> + +<h1 id="design-mistakes">Design Mistakes<a class="headerlink" href="#design-mistakes" title="Permanent link">¶</a></h1> +<h2 id="is-gossamer-up">Is Gossamer Up?<a class="headerlink" href="#is-gossamer-up" title="Permanent link">¶</a></h2> +<p><a href="https://twitter.com/megtastique">@megtastique</a> points out that two factors +doom the whole design:</p> +<ol> +<li> +<p>There's no way to remove content from Gossamer once it's published, and</p> +</li> +<li> +<p>Gossamer can anonymously share images.</p> +</li> +</ol> +<p>Combined, these make Gossamer the <em>perfect</em> vehicle for revenge porn and +other gendered, sexually-loaded network abuse.</p> +<p>This alone is enough to doom the design, as written: even restricting the +size of messages to the single kilobyte range still makes it trivial to +irrevocably disseminate <em>links</em> to similar content.</p> +<h2 id="protected-feeds-who-needs-those">Protected Feeds? Who Needs Those?<a class="headerlink" href="#protected-feeds-who-needs-those" title="Permanent link">¶</a></h2> +<p>Gossamer's design does not carry forward an important Twitter feature: the +protected feed. In brief, protected feeds allow people to be choosy about who +reads their status updates, without necessarily having to pick and choose who +gets to read them on a message by message basis.</p> +<p>This is an important privacy control for people who wish to engage with +people they know without necessarily disclosing their whereabouts and +activities to the world at large. In particular, it's important to vulnerable +people because it allows them to create their own safe spaces.</p> +<p>Protected feeds are not mere technology, either. Protected feeds carry with +them social expectations: Twitter clients often either refuse to copy text +from a protected feed, or present a warning when the user tries to copy text, +which acts as a very cheap and, apparently, quite effective brake on the +casual re-sharing that Twitter encourages for public feeds.</p> +<h2 id="ddos-as-a-service">DDOS As A Service<a class="headerlink" href="#ddos-as-a-service" title="Permanent link">¶</a></h2> +<p>Gossamer's network protocol converges towards a total graph, where every node +knows how to connect to every other node, and new information (new posts) +rapidly push out to every single node.</p> +<p>If you've ever been privy to the Twitter “firehose” feed, you'll understand +why this is a drastic mistake. Even a moderately successful social network +sees on the order of millions of messages a day. Delivering <em>all</em> of this +directly to <em>every</em> node <em>all</em> of the time would rapidly drown users in +bandwidth charges and render their internet connections completely unusable.</p> +<p>Gossamer's design also has no concept of “quiet” periods: every fifteen to +thirty seconds, rain or shine, every node is supposed to wake up and exchange +data with some other node, regardless of how long it's been since either node +in the exchange has seen new data. This very effectively ensures that +Gossamer will continue to flood nodes with traffic at all times; the only way +to halt the flood is to shut off the Gossamer client.</p> +<h2 id="passive-nodes-matter">Passive Nodes Matter<a class="headerlink" href="#passive-nodes-matter" title="Permanent link">¶</a></h2> +<p>It's impractical to run an inbound data service on a mobile device. Mobile +devices are, by and large, not addressable or reachable by the internet at +large.</p> +<p>Mobile devices also provide a huge proportion of Twitter's content: the +ability to rapidly post photos, location tags, and short text while away from +desks, laptops, and formal internet connections is a huge boon for ad-hoc +social organization. You can invite someone to the pub from your phone, from +in front of the pub.</p> +<p>(This interacts ... poorly with the DDOS point, above.)</p> +<h2 id="traffic-analysis">Traffic Analysis<a class="headerlink" href="#traffic-analysis" title="Permanent link">¶</a></h2> +<p>When a user enters a new status update or sends a new private message, their +Gossamer node immediately forwards it to at least one other node to inject it +into the network. This makes unencrypted Gossamer relatively vulnerable to +traffic analysis for correlating Gossamer identities with human beings.</p> +<p>Someone at a network “pinch point” -- an ISP, or a coffee shop wifi router -- +can monitor Gossamer traffic entering and exiting nodes on their network and +easily identify which nodes originated which messages, and thus which nodes +have access to which identities. This seriously compromises the effectiveness +of Gossamer's decentralized, self-certifying identities.</p></div> + </div> + + <footer class="col-md-12"> + <hr> + <p>Documentation built with <a href="https://www.mkdocs.org/">MkDocs</a>.</p> + </footer> + <script> + var base_url = "../..", + shortcuts = {"help": 191, "next": 78, "previous": 80, "search": 83}; + </script> + <script src="../../js/base.js" defer></script> + <script src="../../search/main.js" defer></script> + + <div class="modal" id="mkdocs_search_modal" tabindex="-1" role="dialog" aria-labelledby="Search Modal" aria-hidden="true"> + <div class="modal-dialog"> + <div class="modal-content"> + <div class="modal-header"> + <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> + <h4 class="modal-title" id="exampleModalLabel">Search</h4> + </div> + <div class="modal-body"> + <p> + From here you can search these documents. Enter + your search terms below. + </p> + <form role="form"> + <div class="form-group"> + <input type="text" class="form-control" placeholder="Search..." id="mkdocs-search-query" title="Type search term here"> + </div> + </form> + <div id="mkdocs-search-results"></div> + </div> + <div class="modal-footer"> + </div> + </div> + </div> +</div><div class="modal" id="mkdocs_keyboard_modal" tabindex="-1" role="dialog" aria-labelledby="Keyboard Shortcuts Modal" aria-hidden="true"> + <div class="modal-dialog"> + <div class="modal-content"> + <div class="modal-header"> + <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> + <h4 class="modal-title" id="exampleModalLabel">Keyboard Shortcuts</h4> + </div> + <div class="modal-body"> + <table class="table"> + <thead> + <tr> + <th style="width: 20%;">Keys</th> + <th>Action</th> + </tr> + </thead> + <tbody> + <tr> + <td class="help shortcut"><kbd>?</kbd></td> + <td>Open this help</td> + </tr> + <tr> + <td class="next shortcut"><kbd>n</kbd></td> + <td>Next page</td> + </tr> + <tr> + <td class="prev shortcut"><kbd>p</kbd></td> + <td>Previous page</td> + </tr> + <tr> + <td class="search shortcut"><kbd>s</kbd></td> + <td>Search</td> + </tr> + </tbody> + </table> + </div> + <div class="modal-footer"> + </div> + </div> + </div> +</div> + + </body> +</html> |