1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<!DOCTYPE html>
<html>
<head>
<title>
The Codex »
Design Mistakes
</title>
<link
rel='stylesheet'
type='text/css'
href='http://fonts.googleapis.com/css?family=Buenard:400,700&subset=latin,latin-ext'>
<link
rel="stylesheet"
type="text/css"
href="../media/css/reset.css">
<link
rel="stylesheet"
type="text/css"
href="../media/css/grimoire.css">
</head>
<body>
<div id="shell">
<ol id="breadcrumbs">
<li class="crumb-0 not-last">
<a href="../">index</a>
</li>
<li class="crumb-1 not-last">
<a href="./">gossamer</a>
</li>
<li class="crumb-2 last">
mistakes
</li>
</ol>
<div id="article">
<h1 id="design-mistakes">Design Mistakes</h1>
<h2 id="is-gossamer-up">Is Gossamer Up?</h2>
<p><a href="https://twitter.com/megtastique">@megtastique</a> points out that two factors
doom the whole design:</p>
<ol>
<li>
<p>There's no way to remove content from Gossamer once it's published, and</p>
</li>
<li>
<p>Gossamer can anonymously share images.</p>
</li>
</ol>
<p>Combined, these make Gossamer the <em>perfect</em> vehicle for revenge porn and
other gendered, sexually-loaded network abuse.</p>
<p>This alone is enough to doom the design, as written: even restricting the
size of messages to the single kilobyte range still makes it trivial to
irrevocably disseminate <em>links</em> to similar content.</p>
<h2 id="protected-feeds-who-needs-those">Protected Feeds? Who Needs Those?</h2>
<p>Gossamer's design does not carry forward an important Twitter feature: the
protected feed. In brief, protected feeds allow people to be choosy about who
reads their status updates, without necessarily having to pick and choose who
gets to read them on a message by message basis.</p>
<p>This is an important privacy control for people who wish to engage with
people they know without necessarily disclosing their whereabouts and
activities to the world at large. In particular, it's important to vulnerable
people because it allows them to create their own safe spaces.</p>
<p>Protected feeds are not mere technology, either. Protected feeds carry with
them social expectations: Twitter clients often either refuse to copy text
from a protected feed, or present a warning when the user tries to copy text,
which acts as a very cheap and, apparently, quite effective brake on the
casual re-sharing that Twitter encourages for public feeds.</p>
<h2 id="ddos-as-a-service">DDOS As A Service</h2>
<p>Gossamer's network protocol converges towards a total graph, where every node
knows how to connect to every other node, and new information (new posts)
rapidly push out to every single node.</p>
<p>If you've ever been privy to the Twitter “firehose” feed, you'll understand
why this is a drastic mistake. Even a moderately successful social network
sees on the order of millions of messages a day. Delivering <em>all</em> of this
directly to <em>every</em> node <em>all</em> of the time would rapidly drown users in
bandwidth charges and render their internet connections completely unusable.</p>
<p>Gossamer's design also has no concept of “quiet” periods: every fifteen to
thirty seconds, rain or shine, every node is supposed to wake up and exchange
data with some other node, regardless of how long it's been since either node
in the exchange has seen new data. This very effectively ensures that
Gossamer will continue to flood nodes with traffic at all times; the only way
to halt the flood is to shut off the Gossamer client.</p>
<h2 id="passive-nodes-matter">Passive Nodes Matter</h2>
<p>It's impractical to run an inbound data service on a mobile device. Mobile
devices are, by and large, not addressable or reachable by the internet at
large.</p>
<p>Mobile devices also provide a huge proportion of Twitter's content: the
ability to rapidly post photos, location tags, and short text while away from
desks, laptops, and formal internet connections is a huge boon for ad-hoc
social organization. You can invite someone to the pub from your phone, from
in front of the pub.</p>
<p>(This interacts ... poorly with the DDOS point, above.)</p>
<h2 id="traffic-analysis">Traffic Analysis</h2>
<p>When a user enters a new status update or sends a new private message, their
Gossamer node immediately forwards it to at least one other node to inject it
into the network. This makes unencrypted Gossamer relatively vulnerable to
traffic analysis for correlating Gossamer identities with human beings.</p>
<p>Someone at a network “pinch point” -- an ISP, or a coffee shop wifi router --
can monitor Gossamer traffic entering and exiting nodes on their network and
easily identify which nodes originated which messages, and thus which nodes
have access to which identities. This seriously compromises the effectiveness
of Gossamer's decentralized, self-certifying identities.</p>
</div>
<div id="comments">
<div id="disqus_thread"></div>
<script type="text/javascript">
/* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
/* * * DON'T EDIT BELOW THIS LINE * * */
(function() {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<div id="footer">
<p>
The Codex —
Powered by <a href="http://markdoc.org/">Markdoc</a>.
<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/gossamer/mistakes.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/gossamer/mistakes.md">history</a>).
</p>
</div>
</div>
</body>
</html>
|
