Secure Scuttlebutt
Secure Scuttlebutt
-
Scuttlebutt social network - a decentralised platform
- Secure Scuttlebutt is a database protocol for unforgeable append-only message feeds.
“Unforgeable” means that only the owner of a feed can update that feed, as enforced by digital signing (see Security properties). This property makes Secure Scuttlebutt useful for peer-to-peer applications. Secure Scuttlebutt also makes it easy to encrypt messages.
Scuttlebot forms a global cryptographic social network with its peers. Each user is identified by a public key, and publishes a log of signed messages, which other users follow socially.
Scuttlebot searches the P2P mesh for new messages and files from followed users and from FoaFs (friend of a friend’s). The messages and files are stored locally, indefinitely, for applications to read.
Identity Users are identified by confirmations and signals in the social graph. This is known as a Web-of-Trust. There is no global registry of usernames. Instead, users name themselves, and share petnames for each other.
Discovery occurs by examining the social graph, or by out-of-band sharing. Applications can analyze the follow-graph, and look for “flag” messages, to determine who is trust-worthy in the network.
- Scuttlebot - a peer-to-peer log store
Scuttlebot is an open source peer-to-peer log store used as a database, identity provider, and messaging system. It features global replication, file-syncronization, and end-to-end encryption.
- ssbc.github.io/docs/ - Get started with Scuttlebot and the Secure Scuttlebutt protocol
Scuttlebot implemented by ssb-server: a p2p log store Secure Scuttlebutt implemented by ssb-db: a global database protocol Patchwork: a social messaging app built on ssb-server and ssb-db
- Secure-scuttlebutt vs scuttlebutt vs scuttlebot vs sbot? - Explanation of terms, repos and project history
- scuttlebutt: a gossip protocol that synchronises messages via a vector clock of per-node timestamps or sequences. Dominic got this name from an amazon paper “Efficient Reconciliation and Flow Control for Anti-Entropy Protocols”. This is the original scuttlebutt module which should now be known as “insecure scuttlebutt”. This repo is generally no longer used by the ssb community.
- ssb-db: this is the database part of ssb. Previously this term referred to the protocol/database as a whole.
- ssb-server: this repo adds networking behaviour to the database (secure-scuttlebutt).
- sbot: short for scuttlebot, previously the CLI command name to control ssb-server. Now also named ssb-server.
- Manyverse - Mobile App
Manyverse is a social network mobile app with features you would expect: posts, threads, likes, profiles, etc. But it’s not running in the cloud owned by a company, instead, your friends’ posts and all your social data live entirely in your phone. This way, even when you’re offline, you can scroll, read anything, and even write posts and like content! When your phone is back online, it syncs the latest updates directly with your friends’ phones, through a shared local Wi-Fi or on the internet.
Literature
- A collection of news articles and blogs about Scuttlebutt
- Design Challenge: Avoid Centralization and Singletons
The danger of centralization is obvious: it creates a single point of failure that can easily be attacked, or act as an attacker. And, it creates a monoculture of information, as the central point starts to control what information is trusted, or ranked highly.
- Design Challenge: Sybil Attacks
If it is possible for an anyone to connect to a computer system then it may be possible to interfere with the operation of that system, and defenses against interference must be designed in.
- Efficient Reconciliation and Flow Control for Anti-Entropy Protocols
The paper shows that anti-entropy protocols can process only a limited rate of updates, and proposes and evaluates a new state reconciliation mechanism as well as a flow control scheme for anti-entropy protocols.
- Announcing: SSB Rooms - news.ycombinator.com
Today I’m launching something I’ve been working on since May to help improve the Secure Scuttlebutt (SSB) ecosystem with a new type of server: SSB Rooms. As an alternative or complement to pub servers, rooms are servers intended as meeting places where peers come to discover others and establish network connections with each other.
- Scuttlebutt - P2PFR
Scuttlebutt est un logiciel libre, développé pour assurer des fonctions utiles à un réseau social (type Facebook, Mastodon, Diaspora…). Nous n’en parlerions pas autrement, la communication entre chaque participant(e) au réseau se fait en pair-à-pair. rec
- Counter-Anti-Disintermediation
- The Nomad Who’s Exploding the Internet Into Pieces - Could decentralizing online life make it more compatible with human life?
- Scuttlebutt: an “off-grid” P2P social network that runs without servers and can fall back to sneakernet
- [Efficient Reconciliation and Flow Control for Anti-Entropy Protocols]
The paper shows that anti-entropy protocols can process only a limited rate of updates, and proposes and evaluates a new state reconciliation mechanism as well as a flow control scheme for anti-entropy protocols.
- Designing a Secret Handshake: Authenticated Key Exchange as a Capability System
Capability Based Security is a conceptual framework for designing decentralized access control systems, yet there is no widely implemented protocol for establishing secure two-way communication that also forms a capability system. We examine the ways various key exchange protocols arn’t capability systems, and then present a secure key exchange protocol designed with capability systems in mind. In this protocol, the server’s public key forms an access capability. Using a preauthentication step, we authenticate the client before the server, but still accomplish mutual authentication within 4 passes. All long term keys are kept secret from any unauthenticated actors.
Podcasts
- Show Zero Knowledge, Ep Episode 81: P2P Messaging & Scuttlebutt with Dominic Tarr - Jun 12, 2019
In this week’s episode, we meet with Dominic Tarr, a protocol designer and security auditor at Least Authority who works on Scuttlebutt - a decentralized secure gossip platform. We discuss P2P messaging and the challenges of sending messages within a p2p network in a truly decentralised manner.
- Libre Lounge - Episode 14: Secure Scuttlebutt with Joey Hess
Libre Lounge comes to you with an interview from Libre Planet with Joey Hess discussing the Secure Scuttbutt project, a secure social network. The interview goes into detail about the protocol, differences between SSB and ActivityPub, and how Secure Scuttlebutt is a bit like Git.
- Epicenter - Secure Scuttlebutt – The “Localized” but Distributed Social Network Dominic Tarr
We’re joined by Dominic Tarr, a sailor, and the Founder of Secure Scuttlebutt. This curiously named project has a fascinating approach to creating a truly distributed social network. One might even say that Secure Scuttlebutt is “localized” as it gracefully degrades to Sneakernet, something few blockchain projects can claim. In actuality, the SSB protocol isn’t a blockchain in the traditional sense – each user’s feed acts as a sort of localized chain of posts, signed by their public key, and possibly encrypted for a friend’s key to decrypt. When users meet, the system syncs their local databases using a gossip protocol and replicates the data. Encrypted data is transported from peer, to peer, to peer (or friends of friends) until it reaches its intended recipient. User may also optionally rely on public servers to sync data over the internet.
- The Third Web #11 - Scuttlebutt & Cypherspace
The first application has been a multi-client decentralized social media platform that is an absolute joy to use, and I encourage everyone to download my favourite desktop client, Patchwork, or Manyverse for Android. As an autonomous software system, like Bitcoin, Scuttlebutt rewards the provisioning of resources to support the network, only rather than a point system and money myth, Scuttlebutt offers something far more valuable, conversation. This mostly covers the origin of the protocol but I will definitely conduct more interviews with Dom and others close to the project, which is today one of the most impressive, and well used decentralized applications in existence.
Secure Scuttlebutt Consortium - GitHub Repos
- Secure Scuttlebutt Consortium - A distributed and secure peer to peer social network
- ssbc/somebodyshould - A repo of suggestions / issues / bugs / ideas / feedback for ssb
- ssbc/.github Settings for the SSBC GitHub organization.
- ssbc/scuttlebot.io - Source repo for https://scuttlebot.io
Nearly all of these repositories have seen activity within the past year!
Info
- ssbc/docs
Scuttlebot implemented by ssb-server: a p2p log store Secure Scuttlebutt implemented by ssb-db: a global database protocol Patchwork: a social messaging app built on ssb-server and ssb-db
- ssbc/handbook.scuttlebutt.nz
ssb handbook: A guide to the Secure Scuttlebutt key concepts and influences (see also, new website: ssbc/scuttlebutt.nz)
- ssbc/modules.scuttlebutt.nz - Documentation for the Scuttlebutt module ecosystem
This is an aggregation of commonly used scuttlebutt modules grouped for your convenience into several sections.
- ssbc/ssb-spec-drafts - protocol specifications for Secure Scuttlebutt
SSB-Drafts are working documents of the Secure Scuttlebutt community. Note that other groups may also distribute working documents as SSB-Drafts.
SSB-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use SSB-Drafts as reference material or to cite them other than as “work in progress.”
This wording aligns with the IRTF’s document track for Internet-Drafts.
- ssbc/scuttlebutt-protocol-guide - Protocol documentation for Secure Scuttlebutt
- ssbc/scuttlebutt-guide
Looking to learn how to build in Scuttlebutt? There’s currently no canonical resource, but here’s a map of the known archipelago!
Server
- ssbc/ssb-server The gossip and replication server for Secure Scuttlebutt - a distributed social network
- ssbc/ssb-minimal-pub-server - A minimal version of ssb-server aimed at pubs
- ssbc/multiserver A single interface that can work with multiple protocols, and multiple transforms of those protocols (eg, security layer)
- ssbc/ssb-config standard configuration for ssb
Client
- ssbc/react-native-ssb-client-keys
- ssbc/ssb-client - client library to scuttlebot
- ssbc/ssb-hello-ws - simplest example to get a ssb-client working over websockets
- ssbc/chocolatey-packages - Chocolatey packages for SSB clients
- ssbc/scoop-bucket - A bucket for scoop package manager with app manifests for SSB clients.
Patchwork
- ssbc/patchwork - A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB).
- ssbc/patchbay - An alternative Secure Scuttlebutt client interface that is fully compatible with Patchwork
- ssbc/patchlite - [WIP] A browser lite client for the Scuttlebutt network
- ssbc/patchgit - Add git-ssb related functionality to patchcore related apps
- ssbc/patchbay-book - The patchbay part of scuttle-book, a book rating system
- ssbc/patchcore - A shared library of depject modules to build Secure Scuttlebutt social network apps
- ssbc/patchbay-gatherings
- ssbc/ssb-markdown
patchwork’s markdown parser
- ssbc/patchbay-scry
- ssbc/patchwork-threads - library of patchwork’s thread data-structures
- ssbc/patchwork-icons
- ssbc/patchbay-thread
- ssbc/patch-drafts
Schema
- ssbc/ssb-gathering-schema
- ssbc/ssb-invite-schema - schema for scuttle-invite message types
- ssbc/ssb-audio-schema
- ssbc/ssb-thread-schema
- ssbc/ssb-schema-definitions - Standardised schema definitions for ssb message types using is-my-json-valid
- ssbc/ssb-contact-schema
- ssbc/ssb-schema-validation
Build a set of validators using JSON schema with multiple schema versions
Crypto
- ssbc/ssb-keys - keyfile operations for ssb
- ssbc/ssb-caps - The default “Caps” keys for accessing the SSB protocol using secret handshake
- ssbc/box2-spec
This is a spec for encrypting messages to groups of people. Initially it will support communication for large groups which share a public key (secret key cryptography / symmetric keys), but it has also been designed to support forward-secure secret-key cryptography (a little like Signal’s double-ratchet).
- ssbc/ssb-ephemeral-keys - Methods for encrypting messages with ephemeral keys over Secure Scuttlebutt
- ssbc/secret-stack - connect peers to each other using secret-handshakes
- ssbc/ssb-secret-blob - encrypted blobs over ssb protocol
- ssbc/private-box2 - new message encryption for ssb
MuxRPC
- ssbc/muxrpc - lightweight multiplexed rpc
- ssbc/muxrpc-validation- Forked from pfrazee/muxrpc-validation Validation library for muxrpc apis
- ssbc/ssb-plugins
ssb-plugins is a plugin that provides additional plugin related functionality to a secret-stack instance.
Without ssb-plugins, plugins can only be loaded explicitly by an ssb-server with the .use() method.
Generally speaking, this plugin provides the abilility for plugins to be loaded and run as a separate process, with communication over muxrpc.
- ssbc/muxrpcli - command-line interface to muxrpc servers
muxrpc aims to provide remote access to any reasonable node.js api remotely. this means it supports both streaming and async operations. pull-streams are used.
It may seem at first that it would be logically cleaner to separate this into two concerns, multiplexing and request-response. Indeed, we did just that in multilevel combining mux-demux and rpc-stream however, I realized that multiplexing depends on adding framing to incoming messages, and so does rpc. If rpc is implemented as another layer on top of multiplexing, then the rpc messages end up with a second layer of framing too. By implementing one protocol that supports both streams and rpc, we were able to have both features with only a single layer of framing.
Plugins
- ssbc/ssb-search fulltext search as scuttlebot plugin
- ssbc/ssb-links ssb-plugin that indexes all the links!
- ssbc/ssb-backlinks scuttlebot plugin for indexing all link mentions of messages
- ssbc/ssb-identities manage multiple identities as sbot plugin
- ssbc/ssb-serve-blobs
Sbot plugin to serve blobs from a local http server
- ssbc/ssb-threads
Scuttlebot plugin for fetching messages as threads announce a public address for yourself
- ssbc/ssb-about scuttlebot plugin for getting reduced ‘about’ state
- ssbc/ssb-social-index scuttlebutt plugin for getting reduced state based on the author’s social graph
- ssbc/gitbook-plugin-ssb GitBook plugin for Secure Scuttlebutt markdown formatting
- ssbc/ssb-private scuttlebot plugin for indexed private messages
Invites
- ssbc/ssb-peer-invites
A new ssb invite system to create invites without having a pub
- ssbc/ssb-invite - “followbot” style invite codes for ssb
- ssbc/scuttle-invite-db - fluemview-reduce of invites and replies for scuttle invite
- ssbc/scuttle-invite - polymorphic invite and reply logic for secure scuttlebutt
- ssbc/ssb-invite-schema - schema for scuttle-invite message types
Testing
- ssbc/scuttle-testbot
- ssbc/compatibility tool to run tests of your dependencies, to check they are compatible
- ssbc/ssb-integration-tests integration-tests for sbot
- ssbc/ssb-testing-guide
This is the start of a collection of patterns we’ve found useful for doing testing in the Scuttlebutt ecosystem
Assorted
- ssbc/ssb-bin - ssb cli commands
- ssbc/ssb-first-aid-kit - A user-friendly app for diagnosing and fixing problems with your Scuttlebutt installation
- ssbc/ssb-msgs - message-processing for ssb
- ssbc/ssb-validate - better ssb validator
- ssbc/scuttle-shell - A system tray app for running Secure Scuttlebutt and providing sbot features to your local system
- ssbc/ssb-local
- ssbc/ssb-suggest
- ssbc/layered-graph
- ssbc/ssb-db A database of unforgeable append-only feeds, optimized for efficient replication for peer to peer protocols
- ssbc/ssb-backup-tool - A backup tool for the Scuttleverse
- ssbc/ssb-ebt
secure scuttlebutt replication with epidemic-broadcast-trees
- ssbc/ssb-blob-files
Channel a bunch of files from a dom event into the blob store. Get some tweaks and checks made along the way.
- ssbc/ssb-ooo - retrive ssb messages Out Of Order
- ssbc/multiblob - A content-addressable-store that supports multiple hashing algorithms, and pull-streams
- ssbc/ssb-ahoy - An onboarding mini-app - gets you all set up, and caught up on the gossip before you set out on your adventure
- ssbc/react-native-ssb-shims - Node.js-related shims necessary for the SSB ecosystem to run on React Native apps
- ssbc/ssb-mentions - extract the mentions in a ssb message, just using the markdown.
- ssbc/ssb-replicate - ssb legacy replication, previously built into ssb-server
- ssbc/ssbc-sitegen - Tool to generate the GH pages for ssbc repos
- ssbc/ssb-friend-pub
- ssbc/ssb-unread
- ssbc/ssb-blobs - blob gossiping ssb-subprotocol
- ssbc/ssb-lists
This implements block/follow lists. (the main use-case was block lists) but a system that could both block and follow was not more complicated.
- ssbc/ssb-tangle
- ssbc/ssb-friends the logic around who to replicate or not
- ssbc/two.camp.scuttlebutt.nz
- ssbc/ssb-ref check if a string is a valid ssb-reference
- ssbc/ssb-gossip Schedule connections randomly with a peerlist constructed from config, multicast UDP announcements, feed announcements, and API-calls
- ssbc/ssb-contact-msg
- ssbc/ssb-ws - ssb-ws & http server for ssb
- ssbc/multiserver-scopes
- ssbc/ssb-tunnel create a p2p link tunneled through a pub server
- ssbc/bench-ssb benchmarks for all the parts of ssb
- ssbc/chloride- Forked from dominictarr/chloride
- ssbc/ssb-query
- ssbc/ssb-device-address
- ssbc/village-tracker village-tracker community volunteer coordination project
- ssbc/ssb-master
- ssbc/noto-color-emoji
- ssbc/open-dyslexic- Forked from antijingoist/open-dyslexic - What I intend to be an opensource font for dyslexics and for high readability
- ssbc/ssbc-owners - set org owners as npm owners
- ssbc/scuttle-thread
- ssbc/ssb-incoming-guard
- ssbc/ssb-graphviz - visualize your ssb network graph
- ssbc/scuttlebutt-mars-workshop
- ssbc/scuttle-tag- Forked from wittjosiah/scuttle-tag
- ssbc/scuttle-poll
- ssbc/scuttle-inject
- ssbc/scuttle-gathering
- ssbc/scuttle-blog
- ssbc/scuttle-blob
- ssbc/pull-next-query
- ssbc/paulcbetts-spellchecker-prebuilt- Forked from anaisbetts/node-spellchecker
- Forked from @paulcbetts/spellchecker to add automated prebuilds
- ssbc/opencollective_page
- ssbc/nicedate nicely formatted dates since 7d ago
- ssbc/marked- Forked from clehner/marked A markdown parser and compiler. This fork adds SSB-specific features, such as mentions and emojis.
- ssbc/keyboard-layout-prebuilt- Forked from atom/keyboard-layout Fork of keyboard-layout that adds automated prebuilds
- ssbc/grants-process grants-process
- ssbc/forked-systray/systrayhelper - Forked from zaaack/systray-portable - A portable version of go systray, using stdin/stdout to communicate with other language
- ssbc/emoji-server emoji middleware/server
- ssbc/ssb-viewer
- ssbc/ssb-sort
- ssbc/ssb-names
- ssbc/packet-stream
- ssbc/ssb-webexthost
- ssbc/ssb-typescript - Contains type definitions for common SSB concepts
- ssbc/multiserver-address
- ssbc/level-sublevel- Forked from dominictarr/level-sublevel - no longer maintained, sorry!
- ssbc/packet-stream-codec
