staltz
commented
4 years ago Thanks @mixmix for the careful explanation, I wanted to be sure what's going on, and I know what you're talking about.
TL;DR: this is not ssb-conn's fault, this is actually how secret-stack works, but I agree it shouldn't work like this and we need to fix it, somewhere in the stack.
This just "looks" unexpected or undesired now because of staging. Essentially, in secret-stack and muxrpc, once you start a connection with another peer, that peer by default always accepts connections. This already happened between two (e.g.) patchbay or patchwork users using ssb-local, as soon as Alice starts a muxrpc connection with Bob in the same Wi-Fi, Bob will just by default accept that. With ssb-local, this didn't seem unexpected because there was no concept of staging, instead all Wi-Fi peers were expected to get connected no matter what.
ssb-incoming-guard is supposed to fix that for us, but I tried using that with ssb-conn and ssb-lan, and it didn't do anything. I still need to look into this carefully, because I think it's also possible that ssb-incoming-guard is bugged or needs to consider a new corner case.
Once ssb-incoming-guard is fixed (or we learn something entirely new about this situation), then that's still not the ideal situation. Suppose Alice and Bob are in the same LAN, and both of them have ssb-incoming-guard installed. Alice sees Bob in staging, and vice-versa. Alice is interested in connecting with Bob, so she clicks "connect", and Bob's muxrpc would reject that (because of ssb-incoming-guard), but more importantly Bob as a user would need some kind of visual indication that Alice was/is interesting in connecting. Essentially, connection should happen as a handshake, Alice should get some kind of notification "Bob wants to connect with you, do you allow?" and only after allowing would the connection occur. That's not the goal of ssb-incoming-guard though.
All that said, I think secret-stack already provides us good tools to build that. Essentially it should be some sbot.auth.hook, but this hook causes some UI notification to ask for the user's permission.
This issue affects not only LAN connections, but also Bluetooth and Room peers (whenever there is staging). I actually hinted about this exact same issue in the blog post announcing rooms:
Strangers can initiate connections with you. When in a room, you will see strangers and you can choose to connect with them. This also works the other way around: those strangers can choose to connect with you, and your app will suddenly show an active connection with them. Sometimes this can be undesired, given that they are strangers. So far we don't have a two-way consensual system, and in the future it will make sense to build a handshake system where the stranger requires your explicit permission before connecting to you. That said, you can always block any account to prevent them from connecting with you in the first place.
UPDATE: What happened in your example, and how it would have behaved under ssb-gossip
So, what happened in your example is that patchbay followed the android app, and this caused a connection between patchbay and the android app, allowing patchbay to fetch data from mobile.
Before, with ssb-gossip, mobile would not necessarily see patchbay as a connected peer, (here's the very important bit:) even though the connection actually existed. So in a sense ssb-gossip wasn't honest about all the connections. The gossip table only contained peers you approved or added or something like that, but it sort of ignores peers that connect to you. Specifically, these lines. In other words, with ssb-gossip installed on both sides, Alice can connect with Bob, get Bob's feed, but Bob would not even see Alice in ssb.gossip.peers() or any other gossip API. That to me is a bit worse than what ssb-conn does now.
arj03
ssb-connis connecting to a peer I’ve not followed yet!How to reproduce:
ssb-conn+ssb-lanssb-localpeers()stream, even though I don't follow them, and didn't move them up from staged peer status.cc @luandro who I think saw the same problem between 2 android phones both running
ssb-conn+ssb-lan- when one peer follows the other, a connection instantly happens... and they might even start replicating both ways (Please add detail Luandro)