Secure Scuttlebutt

Last updated

Secure Scuttlebutt
Original author(s) Dominic Tarr [1]
Developer(s) Secure Scuttlebutt Consortium [2]
Initial release11 May 2014;10 years ago (2014-05-11)
Repository github.com/ssbc/ssb-server
Written in JavaScript
Operating system macOS, Linux, Windows
Available inEnglish
Type Distributed social network, protocol, secure communication
License MIT license
Website www.scuttlebutt.nz OOjs UI icon edit-ltr-progressive.svg

Secure Scuttlebutt (SSB) is a peer-to peer communication protocol, mesh network, and self-hosted social media ecosystem. [3] [4] Each user hosts their own content and the content of the peers they follow, which provides fault tolerance and eventual consistency. [5] Messages are digitally signed and added to an append-only list of messages published by an author. [6] SSB is primarily used for implementing distributed social networks, and utilizes cryptography to assure that content remains unforged as it is propagated through the network. [7] [8]

Contents

In contrast to the major corporate social media platforms, user data and content on Secure Scuttlebutt is not monetized, there are no software design decisions being made in order to maximize user engagement or boost marketing metrics, and there is no paid advertising. [9] According to Forbes, "Scuttlebutt itself isn't supported by venture capital. Instead ... Scuttlebutt is backed by grants that helped jump-start the process ... [and] there are now hundreds of users who personally donate to the cause and an estimated 30,000 people using one of at least six social networks on the protocol". [10]

History

SSB was created by Dominic Tarr in 2014 as part of experimental development in alternative databases and distributed systems.[ citation needed ] Tarr lived on a sailboat with unreliable internet connection, and became interested in creating an offline-friendly secure gossip protocol for social networking. [6] [11] The word scuttlebutt is slang for "water-cooler gossip" among sailors. SSB gained popularity on the wave of privacy controversies raising against the traditional social media. [12] [13]

Protocol

Secure Scuttlebutt operates as a database of immutable append-only feeds, which allows resilient replication over the Internet, local area networks, and sneakernets. Messages are hashed with SHA256 and verified with an Ed25519 signature; this makes it impossible to forge a message without the private key of the author. [14] Users only download messages from peers that they follow (and optionally friends of friends), which prevents harassment and spam. This makes the network invite-only, meaning that new peers who join the network aren't visible until someone follows them. [15] [16]

User content in SSB is organized as an append-only sequence of immutable messages, where messages cryptographically sign adjacent messages for the purpose of guaranteeing unforgeabilitity of the sequences as they are replicated to other peers. SSB peers exchange asymmetric keys and establish authenticated connections between each other using an Authenticated Key Exchange protocol, Secret Handshake. [17] [12]

Applications and documentation

The reference implementation was written using Node.js, as code that runs on a JavaScript engine. [18] There are active implementation efforts in the Go programming language, as well as in Python, and Rust. [19] [20] [21] Documentation for these implementations can be found at the official SSB development site.

Many independent applications have been implemented on SSB, including a social network, music sharing, chess, a Git subsystem, and an npm registry. [22] [23] [24] [25]

See also

Related Research Articles

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

<span class="mw-page-title-main">GNUnet</span> Framework for decentralized, peer-to-peer networking which is part of the GNU Project

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

IEEE 802.11u-2011 is an amendment to the IEEE 802.11-2007 standard to add features that improve interworking with external networks.

<span class="mw-page-title-main">Tribler</span> Peer-to-peer filesharing software and protocol

Tribler is an open source decentralized BitTorrent client which allows anonymous peer-to-peer by default. Tribler is based on the BitTorrent protocol and uses an overlay network for content searching. Due to this overlay network, Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use instead of diversity of features. Tribler is available for Linux, Windows, and OS X.

<span class="mw-page-title-main">Jami (software)</span> Distributed multimedia communications platform

Jami is a SIP-compatible distributed peer-to-peer softphone and SIP-based instant messenger for Linux, Microsoft Windows, macOS, iOS, and Android. Jami was developed and maintained by the Canadian company Savoir-faire Linux, and with the help of a global community of users and contributors, Jami positions itself as a potential free Skype replacement.

IEEE 802.11s is a wireless local area network (WLAN) standard and an IEEE 802.11 amendment for mesh networking, defining how wireless devices can interconnect to create a wireless LAN mesh network, which may be used for relatively fixed topologies and wireless ad hoc networks. The IEEE 802.11s task group drew upon volunteers from university and industry to provide specifications and possible design solutions for wireless mesh networking. As a standard, the document was iterated and revised many times prior to finalization.

<span class="mw-page-title-main">Retroshare</span> Free software

Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built by GNU Privacy Guard (GPG). Optionally peers may exchange certificates and IP addresses to their friends and vice versa.

Distributed social network projects generally develop software, protocols, or both.

<span class="mw-page-title-main">Twister (software)</span> Decentralized microblogging software

Twister is a decentralized and experimental peer-to-peer microblogging program which uses end-to-end encryption to safeguard communications. Based on BitTorrent and Bitcoin-like protocols, it has been likened to a distributed version of Twitter.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

<span class="mw-page-title-main">Session (software)</span> Encrypted private messenger

Session is a cross-platform end-to-end encrypted instant messaging application emphasizing user confidentiality and anonymity. Developed by The Oxen Project under the non-profit Oxen Privacy Tech Foundation, it employs a blockchain-based decentralized network for transmission. Users can send one-to-one and group messages, including various media types such as files, voice notes, images, and videos.

<span class="mw-page-title-main">Nostr</span> Decentralized social networking protocol

Nostr is an open protocol for decentralized message transmission, with the intention to be able to resist internet censorship while maintaining session integrity. The protocol achieves decentralization through users publishing content via a cryptographic key pair to various "relays", a WebSocket server which produces an activity stream of received content from users that subscribe to it. This allows the network to verify users and achieve account portability on Nostr, as users have to sign all posts using their key pair to utilize its identity. This requires users maintaining personal copies of their keys to have complete control over its identity, however services using Nostr can "remember" a private key for repeated use.

<span class="mw-page-title-main">AT Protocol</span> Decentralized social networking protocol

The AT Protocol is a protocol and open standard for decentralized social networking services. It is under development by Bluesky Social PBC, a public benefit corporation originally created as an independent research group within Twitter to investigate the possibility of decentralizing the service.

References

  1. "Initial commit". GitHub. 11 May 2014. Retrieved 17 January 2019.
  2. "Secure Scuttlebutt Consortium". GitHub. 2019. Retrieved 17 January 2019.
  3. Tarr, Dominic; Lavoie, Erick; Meyer, Aljoscha; Tschudin, Christian (September 2019). "Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications". Proceedings of the 6th ACM Conference on Information-Centric Networking. ICN '19. pp. 1–11. doi: 10.1145/3357150.3357396 . ISBN   9781450369701.
  4. "Dweb: Social Feeds with Secure Scuttlebutt – Mozilla Hacks - the Web developer blog". Mozilla Hacks – the Web developer blog. Retrieved 16 July 2019.
  5. "Scuttlebutt Protocol Guide". ssbc.github.io. Retrieved 16 July 2019.
  6. 1 2 Bogost, Ian (22 May 2017). "The Nomad Who's Exploding the Internet Into Pieces". The Atlantic . Retrieved 16 July 2019.
  7. "Introduction · GitBook". www.scuttlebutt.nz. Retrieved 16 July 2019.
  8. "In The Mesh - Scuttlebutt, A Decentralized Alternative To Facebook". In the Mesh. 19 April 2018. Retrieved 16 July 2019.
  9. Mannell, Kate; Smith, Eden T. (14 September 2022). "It's hard to imagine better social media alternatives, but Scuttlebutt shows change is possible". The Conversation. Archived from the original on 28 September 2022. Retrieved 28 September 2022.
  10. del Castillo, Michael (11 September 2022). "Jack Dorsey's Former Boss Is Building A Decentralized Twitter". Forbes. Archived from the original on 15 October 2022. Retrieved 15 October 2022.
  11. Anadiotis, George. "Manyverse and Scuttlebutt: a human-centric technology stack for social applications". ZDNet. Retrieved 20 January 2019.
  12. 1 2 "Secure Scuttlebutt - Scuttlebot". scuttlebot.io. Retrieved 16 July 2019.
  13. "Open-source alternative to Facebook called Scuttlebutt gaining prominence". Facebook Collapse. Retrieved 16 July 2019.
  14. Tschudin, Christian F. (May 2019). "A Broadcast-Only Communication ModelBased on Replicated Append-Only Logs" (PDF). ACM Computer Communication Review. 49 (2): 37–43. doi:10.1145/3336937.3336943. S2CID   167217579.
  15. "Getting Started with Secure Scuttlebutt (SSB) » Miguel Mota | Software Developer". miguelmota.com. Retrieved 16 July 2019.
  16. Ryabitsev, Konstantin (5 July 2019). "Patches carved into developer sigchains". Konstantin Ryabitsev. Retrieved 16 July 2019.
  17. Tarr, Dominic. "Designing a Secret Handshake: Authenticated Key Exchange as a Capability System" (PDF). GitHub. Retrieved 20 January 2019.
  18. The gossip and replication server for Secure Scuttlebutt: a distributed social network, Secure Scuttlebutt Consortium, 16 July 2019, retrieved 16 July 2019
  19. A full-stack implementation of secure-scuttlebutt using the Go programming language., cryptoscope, 15 July 2019, retrieved 16 July 2019
  20. Ferreira, Pedro (14 June 2019), Secure Scuttlebutt protocol suite implementation in Python: pferreir/pyssb , retrieved 16 July 2019
  21. meta information about the Sunrise Choir, Sunrise Choir, 18 June 2019, retrieved 16 July 2019
  22. "Applications · GitBook". www.scuttlebutt.nz. Retrieved 16 July 2019.
  23. "André Staltz - An off-grid social network". staltz.com. Retrieved 16 July 2019.
  24. noffle (3 July 2019), Installing & using npm with secure scuttlebutt , retrieved 16 July 2019
  25. "Whitepaper In Four Minutes - Secure Scuttlebutt (SSB)". infourminutes.co. Retrieved 16 July 2019.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.