Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.

  • The Doctor@beehaw.org
    link
    fedilink
    arrow-up
    43
    ·
    1 year ago

    Publishing everything on a blockchain means that everybody who’s running a node has access to a copy. If confidentiality of communications is an issue, this may as well be a data breach with a few more steps. Also, how does giving everybody running a part of or monitoring the blockchain equate with “control over personal data?”

    Centralized control: Only one entity can see it. Blockchain: Lots of third parties run a node, so every node can see it.

    Each channel has a separate ledger: That makes surveillance of a particular communications channel much easier. Thanks. Also, each user has to have a keypair; great for pseudnonymity, lousy for repudiability.

    Messages cannot be altered but they can be audited to prove their metadata. Did they learn nothing from the Obama administration? At this point in the paper I can’t shake the feeling that this is a deliberate effort to invert all of the properties of privacy.

    Smart contract: Yay, more deliberately memory unsafe programming. I guess they never played with Core Wars as kids, either.

    An attacker would be unable to breach the network: An attacker would just have to stand up a node. If channels are side ledgers on a blockchain, and the network assumes that nodes can come and go (which they all do, as far back as bitcoind), any node can join, say “Hey, I’d like to join this channel,” and get at the very least a pointer to the side ledger for that channel.

    Long-term storage of communications is dangerous, mm’kay?

    • BlueBockser@programming.dev
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      Publishing everything on a blockchain means that everybody who’s running a node has access to a copy

      I’m not sure that’s the case, although the article is rather vague. It says:

      […] the user must register with a node of their choice using their public key. Once registered, users can create channels and invite others to join. Each channel has a separate ledger hosted by the nodes. […] The data in the ledgers are encrypted, and the secret key is managed by the users of the channel.

      IIUC, nodes will not have access to private keys, neither those from users nor those from channels. Users could use their keys to exchange the channel’s private key without the node getting to know it. I don’t quite understand how user’s would exchange their public keys without the node being able to play MITM, though…

      Edit: Removed an irrelevant sentence from the quote

      • ricecake@beehaw.org
        link
        fedilink
        arrow-up
        18
        ·
        1 year ago

        I believe their point was that even encrypted messages convey data. So if you have a record of all the encrypted messages, you can still tell who was talking, when they were talking, and approximately how much they said, even if you can’t read the messages.

        If you wait until someone is gone and then loudly raid their house, you don’t need to read their messages to guess the content of what they send to people as soon as they find out. Now you know who else you want to target, despite not being able to read a single message.

        This type of metadata analysis is able to reveal a lot about what’s being communicated. It’s why private communication should be ephemeral, so that only what’s directly intercepted can be scrutinized.

        • The Doctor@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          That was exactly why I said “Did they learn nothing from the Obama administration?”

          From 2014: “We kill people based on metadata.” (Michael Hayden, former DIRNSA, 2014.ev)

          There is no “harmless” here.

            • The Doctor@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              If you can see it, you can analyze it. Metadata is more than message headers; traffic analysis generates usable metadata, too.

              • FlowVoid@midwest.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Any form of internet communication is potentially susceptible to traffic analysis, so that flaw isn’t specific to this particular design.

                The goals here are to address some of the other weaknesses of communication protocols, ie lack of auditability and reliance on a central server. They do not claim it’s completely impervious to attack.

    • n3m37h@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Yeah, I never understood how the blockchain equates to privacy since everyone has a ledger…

      It’s the most ass backwards thinking I’ve ever seen. I’m not smart by any means but this shit is full retard

      (Please don’t bother hastling me over a fucking word I’m not directing it towards you)