search

numbersprotocol / capture-lite

A photo-sharing app with only verifiable photos and videos.
https://numbersprotocol.github.io/
GNU General Public License v3.0
25 stars 6 forks source link

Create a stable and reviewed version of signed message #779

Open shc261392 opened 3 years ago

shc261392 commented 3 years ago

Concept

Currently, there are two version of signed messages created from Capture App.

Pre 0.34.2 example:

{
  "indexedAssets":{
    "<the-file-content-encoded-as-base64>":{
      "mimeType":"video/mp4"
    }
  },
  "truth":{
    "providers":{
      "CapacitorFactsProvider":{
        "APP_BUILD":"152",
        "APP_ID":"io.numbersprotocol.capturelite",
        "APP_NAME":"Capture",
        "APP_VERSION":"0.32.2",
        "BATTERY_LEVEL":0.9599999785423279,
        "DEVICE_NAME":"EXODUS 1",
        "DISK_FREE":412057600,
        "DISK_TOTAL":4225581056,
        "GEOLOCATION_LATITUDE":25.005851,
        "GEOLOCATION_LONGITUDE":121.4586974,
        "IS_CHARGING":true,
        "IS_VIRTUAL":false,
        "MANUFACTURER":"HTC",
        "MEM_USED":5414752,
        "OPERATING_SYSTEM":"android",
        "OS_VERSION":"9",
        "PLATFORM":"android",
        "UUID":"16eb24e0fa1f8a28"
      }
    },
    "timestamp":1625213302097
  }
}

0.34.2 or later example:

{
  "indexedAssets":{
    "47af037408a25364f8d18b133fa96ba4afb2b60e53d5329ee629e2a28a8e2bcd":{
      "mimeType":"video/mp4"
    }
  },
  "truth":{
    "providers":{
      "CapacitorFactsProvider":{
        "APP_BUILD":"152",
        "APP_ID":"io.numbersprotocol.capturelite",
        "APP_NAME":"Capture",
        "APP_VERSION":"0.32.2",
        "BATTERY_LEVEL":0.9599999785423279,
        "DEVICE_NAME":"EXODUS 1",
        "DISK_FREE":412057600,
        "DISK_TOTAL":4225581056,
        "GEOLOCATION_LATITUDE":25.005851,
        "GEOLOCATION_LONGITUDE":121.4586974,
        "IS_CHARGING":true,
        "IS_VIRTUAL":false,
        "MANUFACTURER":"HTC",
        "MEM_USED":5414752,
        "OPERATING_SYSTEM":"android",
        "OS_VERSION":"9",
        "PLATFORM":"android",
        "UUID":"16eb24e0fa1f8a28"
      }
    },
    "timestamp":1625213302097
  }
}

Reason/Hypothesis

Signature is not something that we'd like to see it changes from time to time. We should make sure the current signature contains all the information we want, and make it stable and lasting.

┆Issue is synchronized with this Asana task by Unito

shc261392 commented 3 years ago

Proposal based on https://dbdiagram.io/d/60decc3d0b1d8a6d3963df6f

{
  "specVersion": "1.0.0",
  "createdAt": 1625213302097,
  "locationLatitude": "25.005851",
  "locationLongitude": "121.4586974",
  "deviceName": "EXODUS 1",
  "proofHash": "47af037408a25364f8d18b133fa96ba4afb2b60e53d5329ee629e2a28a8e2bcd",
  "assetMimeType": "video/mp4",
  "caption": "",
  "information": [
    {
      "name": "device.brand",
      "recorder": "capacitor.deviceInfo",
      "value": "HTC"
    },
    {
      "name": "device.osVersion",
      "recorder": "capacitor.deviceInfo",
      "value": "9"
    },
    {
      "name": "device.brand",
      "recorder": "capacitor.deviceInfo",
      "value": "HTC"
    },
    {
      "name": "location.currentGpsLatitude",
      "recorder": "capacitor.geolocation",
      "value": "25.005851"
    },
    {
      "name": "location.currentGpsLongitude",
      "recorder": "capacitor.geolocation",
      "value": "121.4586974"
    },
    {
      "name": "rights.creatorName",
      "recorder": "capture",
      "value": "Example User"
    },
    {
      "name": "rights.creatorEmail",
      "recorder": "capture",
      "value": "example@nbs.io"
    }
  ]
}

Questions

  1. Should we include capacitor in the recorder field? Capacitor is a library and a application layer on top of native Android/iOS platform, but it doesn't generate these information, It just get these information from the native platform. It seems to me that capacitor is more like an implementation detail than a trusted information provider/recorder.
  2. Need to think about what to put in the recorder field. What kind of information we would like the recorder to carry? What do we use it for?
  3. Camel case or snake case?
  4. Not sure what is location.gps_version (we don't get this information from the Geolocation Capacitor plugin), so I put device.osVersion instead.
  5. What do we want to put inside rights.license?
  6. How about another information format? (Less extensible, but guarantee uniqueness of key/name by data structure)
"information": {
    "deviceBrand": {
      "recorder": "capacitor.deviceInfo",
      "value": "HTC"
    },
    "deviceOsVersion": {
      "recorder": "capacitor.deviceInfo",
      "value": "9"
    }
}
bafu commented 3 years ago

  1. Agree with you that capacitor is not the proper value in the recorder field.

  2. In CAI spec, recorder means that "The value of recorder represents a human-readable string that will let a user know what software/hardware/system produced this Claim."

"Capture App" might be a candidate, and let's discuss it in the product channel.

I also suggest moving recorder to level-1 in a schema instead of appearing in every item.

  1. snake_case might be good because it might be easier to convert Capture metadata to CAI metadata.

  2. You can double check this field with Tammy.

  3. the URL of the target license should be good. The idea is from the license property in https://schema.org/CreativeWork

  4. It's because CAI uses the a.b.c style. Similar to 3: it might be easier to convert Capture metadata to CAI metadata.

tammyyang commented 3 years ago

I got location.gps_version from CAI spec https://drive.google.com/file/d/1aB_GjD6cRg3-vSk2jo2jgvO3IDZzzMpK/view?usp=sharing I think we do not need to fill it for Capture app and can add a new device.os_version to our spec

shc261392 commented 3 years ago

Updated example

{
  "spec_version": "1.0.0",
  "recorder": "Capture App",
  "created_at": 1625213302097,
  "location_latitude": "25.005851",
  "location_longitude": "121.4586974",
  "device_name": "EXODUS 1",
  "proof_hash": "47af037408a25364f8d18b133fa96ba4afb2b60e53d5329ee629e2a28a8e2bcd",
  "asset_mimeType": "video/mp4",
  "caption": "",
  "information": [
    {
      "name": "device.brand",
      "value": "HTC"
    },
    {
      "name": "device.os_version",
      "value": "9"
    },
    {
      "name": "device.brand",
      "value": "HTC"
    },
    {
      "name": "location.current_gps_latitude",
      "value": "25.005851"
    },
    {
      "name": "location.current_gps_longitude",
      "value": "121.4586974"
    },
    {
      "name": "rights.creator_name",
      "value": "Example User"
    },
    {
      "name": "rights.creator_email",
      "value": "example@nbs.io"
    },
    {
      "name": "rights.license",
      "value": "https://www.gnu.org/licenses/gpl-3.0.en.html"
    }
  ]
}
bafu commented 3 years ago

@shc261392 One small question: Do you know what is Sean's design concept to use

{
    "name": "device.brand",
    "value": "HTC"
}

instead of

{
    "device.brand": "HTC"
}
shc261392 commented 3 years ago

No idea, I guess it's just that key with dots are not accessible with JavaScript dot notation so it makes the syntax of handling these objects messier. Have to use bracket to access the property instead.

shc261392 commented 3 years ago

Signature example

Android (Exodus 1, Android 9)

Signed Message (string)

{\"asset_mime_type\":\"image/jpeg\",\"caption\":\"\",\"created_at\":1626747707352,\"device_name\":\"EXODUS 1\",\"information\":{\"device.app_build\":\"180\",\"device.app_id\":\"io.numbersprotocol.capturelite\",\"device.app_name\":\"Capture\",\"device.app_version\":\"0.35.0\",\"device.battery_level\":0.4699999988079071,\"device.device_name\":\"EXODUS 1\",\"device.disk_free\":412057600,\"device.disk_total\":4225581056,\"device.is_charging\":true,\"device.is_virtual\":false,\"device.manufacturer\":\"HTC\",\"device.mem_used\":41826536,\"device.operating_system\":\"android\",\"device.os_version\":\"9\",\"device.platform\":\"android\",\"device.uuid\":\"16eb24e0fa1f8a28\",\"geolocation.geolocation_latitude\":25.0058495,\"geolocation.geolocation_longitude\":121.4586813},\"location_latitude\":25.0058495,\"location_longitude\":121.4586813,\"proof_hash\":\"085c211dc33dd5a2efaa98776e4523267e0bb4ef90e785becca59523721d0120\",\"recorder\":\"Capture\",\"spec_version\":\"2.0.0\"}

Signed Message (parsed)

{
  "asset_mime_type":"image/jpeg",
  "caption":"",
  "created_at":1626747707352,
  "device_name":"EXODUS 1",
  "information":{
    "device.app_build":"180",
    "device.app_id":"io.numbersprotocol.capturelite",
    "device.app_name":"Capture",
    "device.app_version":"0.35.0",
    "device.battery_level":0.4699999988079071,
    "device.device_name":"EXODUS 1",
    "device.disk_free":412057600,
    "device.disk_total":4225581056,
    "device.is_charging":true,
    "device.is_virtual":false,
    "device.manufacturer":"HTC",
    "device.mem_used":41826536,
    "device.operating_system":"android",
    "device.os_version":"9",
    "device.platform":"android",
    "device.uuid":"16eb24e0fa1f8a28",
    "geolocation.geolocation_latitude":25.0058495,
    "geolocation.geolocation_longitude":121.4586813
  },
  "location_latitude":25.0058495,
  "location_longitude":121.4586813,
  "proof_hash":"085c211dc33dd5a2efaa98776e4523267e0bb4ef90e785becca59523721d0120",
  "recorder":"Capture",
  "spec_version":"2.0.0"
}

Signature

0x2390fc8b0fa9ce2d9ad114d9563f19a9e6d2bb34916f07f051f40ba8895ada9c67bcc92c4d242a2dd548cbed1f6b637039b08e877896f9f1b9439710f6ab9ddf1b

Wallet address

0xec2A40c8cCe697676916472835F2c6D00E7a6d98

iOS (iPhone 7 Plus, iOS 14)

Signed Message (string)

{\"asset_mime_type\":\"image/jpeg\",\"caption\":\"\",\"created_at\":1626747717403,\"device_name\":\"iPhone\",\"information\":{\"device.app_build\":\"2\",\"device.app_id\":\"io.numbersprotocol.capturelite\",\"device.app_name\":\"Capture\",\"device.app_version\":\"0.17.0\",\"device.battery_level\":0.20000000298023224,\"device.device_name\":\"iPhone\",\"device.disk_free\":115447123968,\"device.disk_total\":127979008000,\"device.is_charging\":true,\"device.is_virtual\":false,\"device.manufacturer\":\"Apple\",\"device.mem_used\":134283264,\"device.operating_system\":\"ios\",\"device.os_version\":\"14.4.2\",\"device.platform\":\"ios\",\"device.user_device_name\":\"Numbers Test iPhone\",\"device.uuid\":\"AE8B317D-2F0C-4419-9DB7-B7219F0C134D\",\"geolocation.geolocation_latitude\":25.005839429655403,\"geolocation.geolocation_longitude\":121.45856086421041},\"location_latitude\":25.005839429655403,\"location_longitude\":121.45856086421041,\"proof_hash\":\"421aec0bc7db2a8c2f4c13d40eeaae76ccdecbc9397e62e0361450d4be142aca\",\"recorder\":\"Capture\",\"spec_version\":\"2.0.0\"}

Signed Message (parsed)

{
  "asset_mime_type":"image/jpeg",
  "caption":"",
  "created_at":1626747717403,
  "device_name":"iPhone",
  "information":{
    "device.app_build":"2",
    "device.app_id":"io.numbersprotocol.capturelite",
    "device.app_name":"Capture",
    "device.app_version":"0.17.0",
    "device.battery_level":0.20000000298023224,
    "device.device_name":"iPhone",
    "device.disk_free":115447123968,
    "device.disk_total":127979008000,
    "device.is_charging":true,
    "device.is_virtual":false,
    "device.manufacturer":"Apple",
    "device.mem_used":134283264,
    "device.operating_system":"ios",
    "device.os_version":"14.4.2",
    "device.platform":"ios",
    "device.user_device_name":"Numbers Test iPhone",
    "device.uuid":"AE8B317D-2F0C-4419-9DB7-B7219F0C134D",
    "geolocation.geolocation_latitude":25.005839429655403,
    "geolocation.geolocation_longitude":121.45856086421041
  },
  "location_latitude":25.005839429655403,
  "location_longitude":121.45856086421041,
  "proof_hash":"421aec0bc7db2a8c2f4c13d40eeaae76ccdecbc9397e62e0361450d4be142aca",
  "recorder":"Capture",
  "spec_version":"2.0.0"
}

Signature

0x88d9e2d1b56b74c430a3c95024ba1071e9ef09b1730ae65aaf9d13cfc01fd0d51969f8a0e1a6f77a75163bd38b2cb7e69de5e3e0a4f1a63a12351b21388fcf2b1b

Wallet address

0xf5aC64F4cCe28306E3E2841850C6fA6F56c5A967