search

ricochet-im / ricochet

Anonymous peer-to-peer instant messaging
https://ricochet.im/
Other
3.69k stars 401 forks source link

Feature Proposal: Ricochet Namecoin registry lookup #332

Open Cannon-Ciota opened 8 years ago

Cannon-Ciota commented 8 years ago

I propose that future Ricochet releases have functionality to do namecoin id/ namespace lookups like bitmessage currently can. So I can have both my bitmessage and ricochet ID attached to my namecoin ID.

Example for the JSON format for proposed Namecoin registry for id/ namespace using my current ricochet address:

{ "ricochet":"ricochet:hfddt2csxnsb2mdq" }

JeremyRand commented 8 years ago

Hello, Namecoin developer here. @Cannon-Ciota was kind enough to point me to this issue.

I'm definitely in favor of this (with a caveat, see below), and I'd be happy to help on the Namecoin end of things as needed (as I'm sure the other Namecoin developers would).

And now, the caveat: Namecoin uses a Nakamoto blockchain, and the anonymity properties of Nakamoto blockchains are an active research field, with the research so far suggesting that there are a lot of ways that things can go wrong. I won't attempt to fully summarize this research in this thread, but generally speaking, the transaction graph can, in many cases, link together multiple identities that use the same wallet, as well as link identities that transact with each other. So, you could end up with a situation where a user buys namecoins from an exchange that collects government-issued ID, then buys a Namecoin id/ name, and then uses that id/ name with Ricochet. If that user intended for their Ricochet usage to not be traceable to that government-issued ID (assuming that the exchange is an adversary), then the user is in trouble.

I don't think that the above disqualifies Namecoin from being used with Ricochet. I personally use Ricochet because it prevents third parties from collecting my social graph (my contacts know who I am), and this use case works perfectly fine with Namecoin. (Indeed, Namecoin improves my security in this case since it's easier to check an id/ name for an exact match than it is to check an .onion hash.) Similarly, Namecoin works just fine at providing location-anonymity (assuming you route the Namecoin client via Tor), so users who don't want their contacts to know where they're traveling will be fine with Namecoin. Finally, people who look up other people's names in Namecoin are about as anonymous as you can get if using a full node (no network traffic generated by the lookup), and have Tor-like anonymity if using an SPV-based client. So people won't be harmed if their friends use a Namecoin Ricochet ID.

However, I do think that if this is added, the UI needs to be done carefully so that end users understand whether it's something that they want to do. Namecoin's human-meaningful names can benefit security for some users, but I don't want other users to get burned. I'd be happy to advise on accuracy of warnings, etc., but I'm not a UX expert myself.

As a side note, it's worth pointing out that a majority of Bitcoin's hashrate is represented by mining pools within Chinese jurisdiction, and this issue also affects Namecoin. This isn't a huge deal IMO, because any attack that utilized that hashpower would be easily detectable; if such an attack were detected, then users could stop trusting new Namecoin data, but their pre-existing friends list would be safe (with the caveat that their friends who use Namecoin wouldn't be able to use Namecoin to revoke Ricochet addresses... but that's already the case without Namecoin).