Group: GNU Social P2P/Privacy

From LibrePlanet
Jump to: navigation, search

Privacy in P2P GNU Social is guaranteed by strong cryptography. This enables users to allow their actual, binary data to traverse the network and live anywhere, without any loss of privacy.

Currently, there is a standing challenge for those who believe that strong cryptography does not guarantee privacy.

Overview

Every object in GNU Social has a privacy policy, represented in a set of keys. In the case that an object is fully public, the set is the null set. In the case that an object is fully private, the set is the origination point of the object. In most cases, the set will be composed of the origination point of the object plus a number of other keys.

Data Keys and Key Packets

Every time an object is created, it is encrypted to a object specific symmetric key, the "data key" (abbreviated hereafter as Kd). That key is then encrypted to all keys in the set of user keys who are allowed access to the object. The encrypted keys are stored separately in key packets. It is to our good fortune that such interactions are already implemented in the OpenPGP protocol. The relevant concept from the OpenPGP standard is Public-Key Encrypted Session Key Packet.

Set Operations

It should be possible to add people to any given privacy policy set.

It is not possible to remove people from the privacy policy in the general case, though it may be possible to discard the relevant key packets in the datastore before a person has retrieved them. Removing user key packets from the set is a largely symbolic process, since we assume that once published, data exists everywhere.

UI

In the UI, these sets are visible to the user, but can be built up from pre-existing "tags" - sets of keys that organized by the user. All possible set operations with tags and other users should be possible when composing privacy policies.