Decentralization?

[taoeffect]

In what ways is Kloak centralized? In what ways is it decentralized?

Decentralization brings both increased security and resilience to the app.

Currently it seems like Kloak is connecting to a single server that's run by SpikerOak. What technologies can be incorporated to make Kloak more decentralized? Do you need assistance with this?

Remember: just because something is decentralized does not mean it's not monetizable. I'd be happy to help with that too if you'd like.

[daviddahl]

I've been thinking about this a bit. Not sure if federalizing is the way to go or build support for bittorrent via webtorrent, etc. regardless, it will be a new crypton backend. Also, this app is licensed as MPL, so anyone can build it and make their own private system. Not ideal I know. We should discuss what you think a decentralized version looks like. I know we touched on this previously...

[daviddahl]

OBTW: in one way it is "decentralized" is that you invite people completely out-of-band. This is the only thing, however.

[daviddahl]

I should also say that I would absolutely be in favor of a completely decentralized system. This is the higher goal. The more immediate goal is making Crypto apps and privacy apps have easy and intuitive UX.

[daviddahl]

I would love nothing more than have Kloak inter-operate with other systems like @aralbalkan's Hearbeat: https://source.ind.ie/project/heartbeat-cocoa (not sure if they do e2e crypto)

[taoeffect]

You may want to think in terms of protocols. Notice that even though Apple does a decent job in terms of iMessages, their usefulness will always be hampered because of their centralization. You cannot use iMessages to send a message to someone on an Android or Windows or Whatever phone.

Systems that are designed from the beginning with decentralization in mind tend to gain wider adoption online. Email is still such an incumbent system precisely because of that property.

[taoeffect]

*protocols and standards. Speaking of high quality standards and protocols, does Kloak use Axolotl?

[taoeffect]

Useful reading on this topic:

• https://whispersystems.org/blog/private-groups/
• https://equalit.ie/portfolio/np1sec/

[daviddahl]

No, Kloak is much more like PGP, but with ECC and El Gamal. The main work here is UX. I would like to move to NaCl, but I am sure others would be much better designers for the crypto layer. I like Crypton's APIs: "Items" - basically a JSON store and "History/Timeline" APIs which mimic social feeds. Not sure how / if Axolotl handles large groups of users.

[taoeffect]

Ah I see. That might make sense for the "public" feeds, but for DMs, something like Axolotl seems more appropriate.

[daviddahl]

interesting