Group: GNU Social P2P/Privacy

From LibrePlanet
Jump to: navigation, search
(Created page with 'Privacy in P2P GNU Social is guaranteed by strong cryptography. This enables users to allow their actual, binary data to traverse the network and live anywhere, without any loss …')
 
 
(2 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
Every object in GNU Social has a privacy policy, represented in a set of keys. In the case that an object is fully public, the set is the null set. In the case that an object is fully private, the set is the origination point of the object. In most cases, the set will be composed of the origination point of the object plus a number of other keys.
 
Every object in GNU Social has a privacy policy, represented in a set of keys. In the case that an object is fully public, the set is the null set. In the case that an object is fully private, the set is the origination point of the object. In most cases, the set will be composed of the origination point of the object plus a number of other keys.
  
== Data Keys ==
+
== Data Keys and Key Packets ==
  
Every time an object is created, it is encrypted to a symmetric key, the "data key" (abbreviated hereafter as Kd). That key is then encrypted to all keys in the set of user keys who are allowed access to the object. It is to our good fortune that such interactions are already implemented in the OpenPGP protocol.
+
Every time an object is created, it is encrypted to a object specific symmetric key, the "data key" (abbreviated hereafter as Kd). That key is then encrypted to all keys in the set of user keys who are allowed access to the object. The encrypted keys are stored separately in key packets.  It is to our good fortune that such interactions are already implemented in the OpenPGP protocol.  The relevant concept from the OpenPGP standard is ''Public-Key Encrypted Session Key Packet''.
  
 
== Set Operations ==  
 
== Set Operations ==  
Line 15: Line 15:
 
It should be possible to add people to any given privacy policy set.
 
It should be possible to add people to any given privacy policy set.
  
It is not possible to remove people from the privacy policy in the general case, though it may be possible to re-encrypt the data in the datastore before a person has retrieved it. Removing user keys from the set is an expensive and largely symbolic process, since we assume that once published, data exists everywhere, and removing a user entails re-encrypting the object and re-sending the key to all members of the set.
+
It is not possible to remove people from the privacy policy in the general case, though it may be possible to discard the relevant key packets in the datastore before a person has retrieved them. Removing user key packets from the set is a largely symbolic process, since we assume that once published, data exists everywhere.
 
 
  
 
= UI =
 
= UI =
  
 
In the UI, these sets are visible to the user, but can be built up from pre-existing "tags" - sets of keys that organized by the user.  All possible set operations with tags and other users should be possible when composing privacy policies.
 
In the UI, these sets are visible to the user, but can be built up from pre-existing "tags" - sets of keys that organized by the user.  All possible set operations with tags and other users should be possible when composing privacy policies.

Latest revision as of 15:24, 9 August 2010

Privacy in P2P GNU Social is guaranteed by strong cryptography. This enables users to allow their actual, binary data to traverse the network and live anywhere, without any loss of privacy.

Currently, there is a standing challenge for those who believe that strong cryptography does not guarantee privacy.

Overview

Every object in GNU Social has a privacy policy, represented in a set of keys. In the case that an object is fully public, the set is the null set. In the case that an object is fully private, the set is the origination point of the object. In most cases, the set will be composed of the origination point of the object plus a number of other keys.

Data Keys and Key Packets

Every time an object is created, it is encrypted to a object specific symmetric key, the "data key" (abbreviated hereafter as Kd). That key is then encrypted to all keys in the set of user keys who are allowed access to the object. The encrypted keys are stored separately in key packets. It is to our good fortune that such interactions are already implemented in the OpenPGP protocol. The relevant concept from the OpenPGP standard is Public-Key Encrypted Session Key Packet.

Set Operations

It should be possible to add people to any given privacy policy set.

It is not possible to remove people from the privacy policy in the general case, though it may be possible to discard the relevant key packets in the datastore before a person has retrieved them. Removing user key packets from the set is a largely symbolic process, since we assume that once published, data exists everywhere.

UI

In the UI, these sets are visible to the user, but can be built up from pre-existing "tags" - sets of keys that organized by the user. All possible set operations with tags and other users should be possible when composing privacy policies.