Secure Scuttlebutt

Last updated

Secure Scuttlebutt
Original author(s) Dominic Tarr [1]
Developer(s) Secure Scuttlebutt Consortium [2]
Initial release11 May 2014;9 years ago (2014-05-11)
Repository github.com/ssbc/ssb-server
Written in JavaScript
Operating system macOS, Linux, Windows
Available inEnglish
Type Distributed social network, protocol, secure communication
License MIT license
Website www.scuttlebutt.nz OOjs UI icon edit-ltr-progressive.svg

Secure Scuttlebutt (SSB) is a peer-to peer communication protocol, mesh network, and self-hosted social media ecosystem. [3] [4] Each user hosts their own content and the content of the peers they follow, which provides fault tolerance and eventual consistency. [5] Messages are digitally signed and added to an append-only list of messages published by an author. [6] SSB is primarily used for implementing distributed social networks, and utilizes cryptography to assure that content remains unforged as it is propagated through the network. [7] [8]

Contents

In contrast to the major corporate social media platforms, user data and content on Secure Scuttlebutt is not monetized, there are no software design decisions being made in order to maximize user engagement or boost marketing metrics, and there is no paid advertising. [9] According to Forbes, "Scuttlebutt itself isn't supported by venture capital. Instead ... Scuttlebutt is backed by grants that helped jump-start the process ... [and] there are now hundreds of users who personally donate to the cause and an estimated 30,000 people using one of at least six social networks on the protocol". [10]

History

SSB was created by Dominic Tarr in 2014 as part of experimental development in alternative databases and distributed systems.[ citation needed ] Tarr lived on a sailboat with unreliable internet connection, and became interested in creating an offline-friendly secure gossip protocol for social networking. [6] [11] The word scuttlebutt is slang for "water-cooler gossip" among sailors. SSB gained popularity on the wave of privacy controversies raising against the traditional social media. [12] [13]

Protocol

Secure Scuttlebutt operates as a database of immutable append-only feeds, which allows resilient replication over the Internet, local area networks, and sneakernets. Messages are hashed with SHA256 and verified with an Ed25519 signature; this makes it impossible to forge a message without the private key of the author. [14] Users only download messages from peers that they follow (and optionally friends of friends), which prevents harassment and spam. This makes the network invite-only, meaning that new peers who join the network aren't visible until someone follows them. [15] [16]

User content in SSB is organized as an append-only sequence of immutable messages, where messages cryptographically sign adjacent messages for the purpose of guaranteeing unforgeabilitity of the sequences as they are replicated to other peers. SSB peers exchange asymmetric keys and establish authenticated connections between each other using an Authenticated Key Exchange protocol, Secret Handshake. [17] [12]

Applications and documentation

The reference implementation was written using Node.js, as code that runs on a JavaScript engine. [18] There are active implementation efforts in the Go programming language, as well as in Python, and Rust. [19] [20] [21] Documentation for these implementations can be found at the official SSB development site.

Many independent applications have been implemented on SSB, including a social network, music sharing, chess, a Git subsystem, and an npm registry. [22] [23] [24] [25]

See also

Related Research Articles

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

<span class="mw-page-title-main">GNUnet</span> Framework for decentralized, peer-to-peer networking which is part of the GNU Project

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

IEEE 802.11u-2011 is an amendment to the IEEE 802.11-2007 standard to add features that improve interworking with external networks.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

<span class="mw-page-title-main">Open Cobalt</span> Software for creating virtual worlds

Open Cobalt is a free and open-source software platform for constructing, accessing, and sharing virtual worlds both on local area networks or across the Internet, with no need for centralized servers.

<span class="mw-page-title-main">Retroshare</span> Free software

Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built by GNU Privacy Guard (GPG). Optionally, peers may exchange certificates and IP addresses to their friends and vice versa.

Distributed social network projects generally develop software, protocols, or both.

<span class="mw-page-title-main">Twister (software)</span> Blog software

Twister is a decentralised, experimental peer-to-peer microblogging program. The system uses end-to-end encryption to safeguard communications. It is based on both BitTorrent- and Bitcoin-like protocols and has been likened to a distributed version of Twitter.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

<span class="mw-page-title-main">InterPlanetary File System</span> Content-addressable, peer-to-peer hypermedia distribution protocol

The InterPlanetary File System (IPFS) is a protocol, hypermedia and file sharing peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting IPFS hosts.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

<span class="mw-page-title-main">Element (software)</span> Decentralized encrypted chat and collaboration software powered by the Matrix protocol

Element is a free and open-source software instant messaging client implementing the Matrix protocol.

<span class="mw-page-title-main">ZeroTier</span> Software company based in California

ZeroTier Inc. is a software company with a freemium business model based in Irvine, California. ZeroTier provides proprietary software, SDKs and commercial products and services to create and manage virtual software-defined networks. The company's flagship end-user product ZeroTier One is a client application that enables devices such as PCs, phones, servers and embedded devices to securely connect to peer-to-peer virtual networks.

<span class="mw-page-title-main">Pixelfed</span> Open source photo-sharing platform newcomer

Pixelfed is a free and open-source image sharing social network service. It is decentralized, therefore user data is not stored on a central server, unlike other platforms. Pixelfed uses the ActivityPub protocol which allows users to interact with other social networks within the protocol, such as Mastodon, PeerTube, and Friendica. Using this protocol makes Pixelfed a part of the Fediverse. The network is made up of several independent sites that communicate with one another, which is roughly comparable to e-mail providers. The parties involved do not all have to be registered with the same provider, but can still communicate with each other. Thus, users are able to sign up on any server and follow others on the other instances.

<span class="mw-page-title-main">Bluesky Social</span> Decentalized social network

Bluesky is an initiative to develop a decentralized social network protocol, and an associated social networking service.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. "Initial commit". GitHub. 11 May 2014. Retrieved 17 January 2019.
  2. "Secure Scuttlebutt Consortium". GitHub. 2019. Retrieved 17 January 2019.
  3. Tarr, Dominic; Lavoie, Erick; Meyer, Aljoscha; Tschudin, Christian (September 2019). "Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications". Proceedings of the 6th ACM Conference on Information-Centric Networking. ICN '19: 1–11. doi: 10.1145/3357150.3357396 .
  4. "Dweb: Social Feeds with Secure Scuttlebutt – Mozilla Hacks - the Web developer blog". Mozilla Hacks – the Web developer blog. Retrieved 16 July 2019.
  5. "Scuttlebutt Protocol Guide". ssbc.github.io. Retrieved 16 July 2019.
  6. 1 2 Bogost, Ian (22 May 2017). "The Nomad Who's Exploding the Internet Into Pieces". The Atlantic . Retrieved 16 July 2019.
  7. "Introduction · GitBook". www.scuttlebutt.nz. Retrieved 16 July 2019.
  8. "In The Mesh - Scuttlebutt, A Decentralized Alternative To Facebook". In the Mesh. 19 April 2018. Retrieved 16 July 2019.
  9. Mannell, Kate; Smith, Eden T. (14 September 2022). "It's hard to imagine better social media alternatives, but Scuttlebutt shows change is possible". The Conversation. Archived from the original on 28 September 2022. Retrieved 28 September 2022.
  10. del Castillo, Michael (11 September 2022). "Jack Dorsey's Former Boss Is Building A Decentralized Twitter". Forbes. Archived from the original on 15 October 2022. Retrieved 15 October 2022.
  11. Anadiotis, George. "Manyverse and Scuttlebutt: a human-centric technology stack for social applications". ZDNet. Retrieved 20 January 2019.
  12. 1 2 "Secure Scuttlebutt - Scuttlebot". scuttlebot.io. Retrieved 16 July 2019.
  13. "Open-source alternative to Facebook called Scuttlebutt gaining prominence". Facebook Collapse. Retrieved 16 July 2019.
  14. Tschudin, Christian F. (May 2019). "A Broadcast-Only Communication ModelBased on Replicated Append-Only Logs" (PDF). ACM Computer Communication Review. 49 (2): 37–43. doi:10.1145/3336937.3336943. S2CID   167217579.
  15. "Getting Started with Secure Scuttlebutt (SSB) » Miguel Mota | Software Developer". miguelmota.com. Retrieved 16 July 2019.
  16. Ryabitsev, Konstantin (5 July 2019). "Patches carved into developer sigchains". Konstantin Ryabitsev. Retrieved 16 July 2019.
  17. Tarr, Dominic. "Designing a Secret Handshake: Authenticated Key Exchange as a Capability System" (PDF). GitHub. Retrieved 20 January 2019.
  18. The gossip and replication server for Secure Scuttlebutt: a distributed social network, Secure Scuttlebutt Consortium, 16 July 2019, retrieved 16 July 2019
  19. A full-stack implementation of secure-scuttlebutt using the Go programming language., cryptoscope, 15 July 2019, retrieved 16 July 2019
  20. Ferreira, Pedro (14 June 2019), Secure Scuttlebutt protocol suite implementation in Python: pferreir/pyssb , retrieved 16 July 2019
  21. meta information about the Sunrise Choir, Sunrise Choir, 18 June 2019, retrieved 16 July 2019
  22. "Applications · GitBook". www.scuttlebutt.nz. Retrieved 16 July 2019.
  23. "André Staltz - An off-grid social network". staltz.com. Retrieved 16 July 2019.
  24. noffle (3 July 2019), Installing & using npm with secure scuttlebutt , retrieved 16 July 2019
  25. "Whitepaper In Four Minutes - Secure Scuttlebutt (SSB)". infourminutes.co. Retrieved 16 July 2019.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.