this post was submitted on 29 Aug 2023
53 points (98.2% liked)

Technology

37608 readers
202 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
53
A decentralized, blockchain-based messaging network for safer communications (techxplore.com)
submitted 1 year ago by 0x815@feddit.de to c/technology@beehaw.org
92 comments fedilink hide all child comments
 

Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.

you are viewing a single comment's thread
view the rest of the comments
[–] BlueBockser@programming.dev 7 points 1 year ago* (last edited 1 year ago) (1 children)

Publishing everything on a blockchain means that everybody who’s running a node has access to a copy

I'm not sure that's the case, although the article is rather vague. It says:

[...] the user must register with a node of their choice using their public key. Once registered, users can create channels and invite others to join. Each channel has a separate ledger hosted by the nodes. [...] The data in the ledgers are encrypted, and the secret key is managed by the users of the channel.

IIUC, nodes will not have access to private keys, neither those from users nor those from channels. Users could use their keys to exchange the channel's private key without the node getting to know it. I don't quite understand how user's would exchange their public keys without the node being able to play MITM, though...

Edit: Removed an irrelevant sentence from the quote

[–] ricecake@beehaw.org 18 points 1 year ago (1 children)

I believe their point was that even encrypted messages convey data. So if you have a record of all the encrypted messages, you can still tell who was talking, when they were talking, and approximately how much they said, even if you can't read the messages.

If you wait until someone is gone and then loudly raid their house, you don't need to read their messages to guess the content of what they send to people as soon as they find out. Now you know who else you want to target, despite not being able to read a single message.

This type of metadata analysis is able to reveal a lot about what's being communicated. It's why private communication should be ephemeral, so that only what's directly intercepted can be scrutinized.

[–] drwho@beehaw.org 2 points 1 year ago (1 children)

That was exactly why I said "Did they learn nothing from the Obama administration?"

From 2014: "We kill people based on metadata." (Michael Hayden, former DIRNSA, 2014.ev)

There is no "harmless" here.

[–] FlowVoid@midwest.social 1 points 1 year ago (1 children)

But in this case, the metadata is not accessible to outsiders.

[–] drwho@beehaw.org 1 points 1 year ago (1 children)

If you can see it, you can analyze it. Metadata is more than message headers; traffic analysis generates usable metadata, too.

[–] FlowVoid@midwest.social 1 points 1 year ago

Any form of internet communication is potentially susceptible to traffic analysis, so that flaw isn't specific to this particular design.

The goals here are to address some of the other weaknesses of communication protocols, ie lack of auditability and reliance on a central server. They do not claim it's completely impervious to attack.