MyZone social network

[Alireza Mahdian]

Hi,

With all the recent news on NSA spying on social network users the concern over the user privacy has increased even more. I am not arguing whether it is ethical or not and whether it is needed for the safety of citizens and how effective it would be. even before this, social network providers like Facebook and Google were violating user privacy in so many ways and only a small fraction of it were revealed. 

A need for a more secure and private social network has always been there and was never adequately addressed. I have been working on this issue for a long time and I have been able to design and implement a social network that is inherently user privacy preserving. it uses military grade encryption and no authority can have any control over it. one design goal behind it was actually to make it resilient towards government imposed censorship and filtering. I have implemented a prototype and you can check it out on joinmyzone dot com. It is a complex piece of software but to summarize how it works you can think of it as implementing a social network over bittorrent. Feel free to send me your feedbacks. thanks.

Ali

[Melvin Carvalho]

You may be interested in

http://retroshare.sourceforge.net/

 

Ali

--
You received this message because you are subscribed to the Google Groups "The Next Net" group.
To unsubscribe from this group and stop receiving emails from it, send an email to building-a-distributed-decen...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Alireza Mahdian]

I've seen this before but myzone is Facebook but decentralized. There are some huge challenges when you want to achieve such a goal.

Sent from my iPhone

You received this message because you are subscribed to a topic in the Google Groups "The Next Net" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/building-a-distributed-decentralized-internet/nfrWbVmMicU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to building-a-distributed-decen...@googlegroups.com.

[Nathan Rixham]

The only real way to tackle this, is to tackle it from the ground up.

Once you have private, encrypted, ACL controlled personal data storage,
then you can mount anything on top of that in the same way we do with
the web. It simply makes a private, encrypted, ACL controlled web. Then
everything built on it, social or not, is built the right way.

retroshare is worth looking at.

[Alireza Mahdian]

Well myzone has a service layer that works pretty much the same way.

Sent from my iPhone

[Nathan Rixham]

will read the Thesis http://joinmyzone.com/Thesis.pdf and then take a look.

n

[Alireza Mahdian]

Ok

Sent from my iPhone

[Melvin Carvalho]

On 27 June 2013 21:46, Alireza Mahdian <alireza...@gmail.com> wrote:

I've seen this before but myzone is Facebook but decentralized. There are some huge challenges when you want to achieve such a goal.

Facebook but decentralized sounds intriguing.  So the first question I normally ask is how you identify a user.  In facebook it would be graph.facebook.com/bob

The retroshare people say the hardest part in this is getting through firewalls.  How well tested is your system in terms of real world NAT busting etc.  ISPs often make it hard to break through.

[Alireza Mahdian]

It does Nat traversal and uses relay servers for firewalls that are not traversable and the user is not even aware of all the things that are happening underneath. As for identities we link each person to a certificate and a verified email address.

Sent from my iPhone

[Melvin Carvalho]

On 28 June 2013 00:16, Alireza Mahdian <alireza...@gmail.com> wrote:

It does Nat traversal and uses relay servers for firewalls that are not traversable and the user is not even aware of all the things that are happening underneath. As for identities we link each person to a certificate and a verified email address.

Thanks for the reply.  Would it be possible to give an example of an identity string in your system.  How can you ensure that an identity in your system does not clash with an identity in another system.

The example I gave with facebook I can do a few things e.g. I can add that to my roster of friends (decentralized friending), I can find out more information about the user (standards based discovery), I can rate and create reputational data about that entity (distributed claims) as well as use the provided APIs for messaging, requests, chat, payments etc.

Does the identity in your system have any of these properties.

Sorry, lots of questions, but this will give an idea of how easy it would be to interact with your proposal...

[Alireza Mahdian]

each user has his own pair of keys (we use RSA) the username is a unique email address that the user provides upon sign up they send us their public keys and we issue a certificate and only send them the certificate if they verify their email address. all the other interactions on the system uses this certificate infrastructure for authentication and security. I am not sure if I could answer your question or not. as for your friends they probably know your email address so if anybody wants to spoof your identity they can probably figure it out based on the fact that the invite came from a user with an unknown email address. 

--

Alireza Mahdian
Department of Computer Science
University of Colorado at Boulder
Email: alireza...@gmail.com

[Melvin Carvalho]

On 28 June 2013 00:32, Alireza Mahdian <alireza...@gmail.com> wrote:

each user has his own pair of keys (we use RSA) the username is a unique email address that the user provides upon sign up they send us their public keys and we issue a certificate and only send them the certificate if they verify their email address. all the other interactions on the system uses this certificate infrastructure for authentication and security. I am not sure if I could answer your question or not. as for your friends they probably know your email address so if anybody wants to spoof your identity they can probably figure it out based on the fact that the invite came from a user with an unknown email address. 

Thanks for the details.  I'm less concerned with authentication, initially, more interested about identity.  I'm unsure that you gave an example of an identity string used in your system.

So I would be unsure of what to put in my existing roster, say, wanted to add someone from your network you as a friend.

Or is the idea that everyone should join MyZone. a bit like skype or facebook?

[Alireza Mahdian]

Oh now I think I get what you are saying. so you have add their email addresses and whenever they join myzone and by joining I mean getting a certificate from us they will receive the friendship requests that are pending for their email addresses. upon accepting the friendship request a friendship is established between the two identities. you can also add a friend of  friend by for example clicking on a comment they made on a friend's post and the system will automatically take you to a page where you can send the friendship request. either way uses the email address as the identifier if that is what you are asking about. 

[Bernd]

Thank you so much for this. Fits in with Doc Searls #VRM initiative http://cyber.law.harvard.edu/projectvrm/Main_Page
Does it help understanding  to compare MyZone with Diaspora ?
Http://techcrunch.com/2012/08/27/diaspora-founders-hand-project-to-community/

[Alireza Mahdian]

Diaspora is not a peer to peer social network and has a distributed client server architecture. users need to maintain an actual server which is not something everyone is capable of. it does not have nat traversal or mirroring features. MyZone is a completely peer to peer application and provides all the common features of Facebook and Google+. it is much more safer than them since it is using a key infrastructure with military grade encryption for all connections. you can also share theoretically unlimited files (mp3 and mp4 etc. with your friends and no authority can know what you are sharing by monitoring your connection. in its full implementation it is resilient towards DDoS attacks and government imposed black outs.  

On Jun 27, 2013, at 10:30 PM, Bernd <b...@gol.com> wrote:

Thank you so much for this. Fits in with Doc Searls #VRM initiative http://cyber.law.harvard.edu/projectvrm/Main_Page

Dies it help understanding  to compare MyZone with Diaspora ?
Http://techcrunch.com/2012/08/27/diaspora-founders-hand-project-to-community/

--

You received this message because you are subscribed to a topic in the Google Groups "The Next Net" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/building-a-distributed-decentralized-internet/nfrWbVmMicU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to building-a-distributed-decen...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Melvin Carvalho]

On 28 June 2013 00:59, Alireza Mahdian <alireza...@gmail.com> wrote:

Oh now I think I get what you are saying. so you have add their email addresses and whenever they join myzone and by joining I mean getting a certificate from us they will receive the friendship requests that are pending for their email addresses. upon accepting the friendship request a friendship is established between the two identities. you can also add a friend of  friend by for example clicking on a comment they made on a friend's post and the system will automatically take you to a page where you can send the friendship request. either way uses the email address as the identifier if that is what you are asking about. 

Thanks again for the details.  My question was whether you could give me an example of a string that your system uses for identity.  Im unsure you have done that, but most projects struggle to answer this question, so you're not alone.

Some general comments on using 'email style' identifiers (that term is often interpreted differently to).  I think these identifiers tend to be overloaded in THREE ways:

i) as the primary key to an identity system

ii) as an address for mail delivery

iii) a memorable identifier

This overloading has some possible consequences.  Firstly, anyone wishing to partake in such an identity system, needs to be able to run an email system, or delegate that out to a third party.  This is a relatively high overhead, meaning that large email providers are positive differentiated at the expense of the long tail.  Architecturally, this exacerbates centralization of the web, which can lead to single points of failure, or perhaps in some cases a loss of privacy.

Additionally, systems tend to be architected in such as way as there is a one-to-one correspondence between your email address and your identity.  This means that it's problematic to change your email address, say, if you get married.  You have to start your identity all over again.  One exception to this rule is facebook, which uses graph.facebook.com ie a HTTP URI as its primary key, and, email as your foreign key.  This means you can change your email, name, or other data, while leaving your main profile record intact.  Indeed, you could add more than one email, in theory. 

At this point is seems unlikely that your system could easily interoperate with a differently designed system.  I still could not be able to answer the question of how to friend someone on your system.  But maybe this could be worked out.

The consequence is that your system, at least at first, will rely on getting a relatively large critical mass of users.  This is perhaps as challenging, if not more challenging, than the technology itself.  It tends to take time to build up a user base, and often a bump from mainstream blogs helps. 

Looking forward to seeing how your project progresses, and maybe learning some ideas.  You might think about combining forces with the networking technology in retroshare, called "libretroshare" as they have done a few years field testing in NAT busting, which seems to be the hardest part.

[Sepp Hasslberger]

A question about MyZone to Alireza.

I have downloaded the app today, my system is a MacBookPro, fairly recent (some 2 years) and I run OS X (10.6.8).

On startup, MyZone tells me that in order to use the program, I must upgrade to OS X 10.8

Now my understanding is that the program is written in Java and needs Java Runtime to work.

Question: Why do I need to go through a major system upgrade to use a Java-based program such as MyZone?

I think others might come to this point as well, if they try MyZone.

Sepp

> You received this message because you are subscribed to the Google Groups "The Next Net" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to building-a-distributed-decen...@googlegroups.com.

[Alireza Mahdian]

Do u have the latest version of java if u do just browse to myzone's directory and run Mac_linux bash script then u need to open your browser and load localhost:8080 u can read the how to run file in the directory for more info the problem is the launcher is compatible with 10.8 and later versions

Sent from my iPhone

[Sepp Hasslberger]

I have the latest version of Java, but when I try to start up MyZone, I get the following message:

"You can't use this version of the appication MyZone with this version of Mac OS X.
You have Mac OS X 10.6.8. The application requires Mac OS X 10.8 or later."

Also, even if I could get into MyZone, I wouldn't know what a Mac_linux bash script is or how to run it.

Couldn't backward compatibility with fairly recent Mac operating system versions be achieved? It seems you might be losing willing clients on the way...

Sepp

[Alireza Mahdian]

I will work on it. U just need to double click on the bash file and it runs it for u.

Sent from my iPhone