James M.
@jamesmarshall@sfba.social  ·  activity timestamp 7 days ago

🧵

The world needs a secure, open source alternative to Facebook private posting (i.e. to friends only), but nothing on the fediverse really fills the need today, alas. At the Fediforum in June, I gave a short presentation on FriendSafe, a social media system I've written that supports private posting. It's a proof of concept that works today, but it would need major UX work and a security review before it's really ready for widespread use. It has a few other features I haven't seen in other social media yet, and which I'd love to see added to other projects.

In this thread is that 10-slide presentation, one slide per post. The text in the slides is the same as the text in the posts. The presentation is focused on FriendSafe, but I'm also just trying to get these ideas out there.

Let's start a conversation. Specifically, how can we move forward to get secure private posting ASAP, with full mobile support, etc.? I think this is critical to let people exit FB.

@fediforum

#fediforum#SocialMedia #privacy
James M.
@jamesmarshall@sfba.social  ·  activity timestamp 7 days ago
  1. SECURE, FEDERATED PRIVATE POSTING WITH FRIENDSAFE

    Q: Why yet another federated system?!

    A: None exist with needed privacy features, alas:

    - Posting to friends only, à la FB
    - E2ee with (some) metadata protection
    - Full mobile support
    - Reply controls

    So, I dusted off this project from a few years ago.

    *** Note that I would much rather another more fully-developed project add these features, but I haven’t seen any with them.
James M.
@jamesmarshall@sfba.social  ·  activity timestamp 7 days ago
  1. LIMITS OF EXISTING PRIVATE-POSTING SOLUTIONS

    - Friendica, Hubzilla: closest, but limited mobile support, limited e2ee
    - ActivityPub: no e2ee yet, no reply controls, very public*
    - Veilid, SimpleX: possibly, but not much development yet
    - Matrix: more chat than posting, no reply controls, no metadata protection

    Please tell me if I missed any!

    *E2ee in ActivityPub has recently been roughly specified, uses MLS, ready for implementors
James M.
@jamesmarshall@sfba.social  ·  activity timestamp 7 days ago
  1. FEATURES UNIQUE (?) TO FRIENDSAFE AMONG FEDERATED SOCIAL MEDIA SYSTEMS

    - E2ee and (some) metadata protection to allow use of untrusted servers
    - Very flexible theme support, allowing third-party themes and full layout control
    - Reply controls, potentially
    - “Anonymous” replies (still seen by original poster)
    - Long-press emoji to magnify-- every app should have this!
    - Tracks read vs. unread posts and replies, can view e.g. only unread posts, or only posts with unread replies
James M.
@jamesmarshall@sfba.social  ·  activity timestamp 7 days ago
  1. E2EE AND (SOME) METADATA PROTECTION IN FRIENDSAFE

    - Uses custom protocol, working title: Private Group Message Protocol (PGMP)

    - PGMP is fairly simple and is documented

    - Metadata protection is critical for hiding your social graph; this is important for e.g. activists who want to protect their contacts

    - I would much rather use an existing protocol, but none existed yet to do this (I asked around)

    - Metadata protection comes from onion-like routing, but uses one-to-many asynchronous messages rather than one-to-one synchronous connections (like Tor)

    - Efficient delivery-- only need to upload encrypted message once to send to many recipients

    - Metadata protection is imperfect! Metadata is still visible if attacker controls all servers along the delivery path (think large state-sponsored attacks), or potentially from traffic fingerprinting; this could be improved by adding more servers and longer delivery paths, plus random padding/delays/etc. to mitigate fingerprinting