DSNP: Distributed Social Networking Protocol

Eugen Leitl eugen at leitl.org
Fri Jun 19 07:22:45 PDT 2009 

http://www.complang.org/dsnp/

DSNP: Distributed Social Networking Protocol
building private, decentralized and scalable social networks

We don't all use the same email provider.
Why do we all use the same social networking provider?
What is DSNP?

DSNP is a protocol for distributed social networking. The goal is to allow you to host your identity in a place of your choosing, maintain ultimate control over your personal information, and interact with your friends and family in a secure manner.
The Vision

   1. Create an Identity -- Start by creating an identity for yourself. You choose what name you use, where you host it, and what content you make public. Everyone is free to host their own identity on their own server.
   2. Find your Friends -- Find others that are using DSNP and request a connection to them.
   3. Share -- Upload content to your identity and your friends will learn about your activity. The internet-at-large is left out of the loop.
   4. Explore -- Browse your friend's identities using your own identity to log in. Your friends don't need to give you yet another password in order to let you in.

Security
DSNP leverages RSA public key cryptography for identity, the sharing of secrets and the declaration of relationships. It can be likened to PGP for web-based identities, though it does not use PGP directly.

    * Each identity gets a public/private key pair. The public portion of the key is made available over SSL to be fetched by anyone. This guarantees that when someone gets your public key, they have your key and no one else's.
    * When you pass information to your friends it is encrypted using their public key. This guarantees to you that the information can be decoded only by them. In RSA public key cryptography,, information encrypted with a public key can only be decrypted with the corresponding private key.
    * When you pass information to your friends it is also digitally signed with your private key. Your friends can then use your public key to verify that you wrote the message, uploaded the photo, commented on someone else's post, etc. Digital signatures are also a feature provided by RSA public key cryptography.
    *
    * When you become someone's friend you give them a digitally signed message that says so. They can then use this digital signature to prove to a third person (likely a trusted common friend) that you are indeed friends. False friendships can be claimed easily but they can also be discredited easily.
    * Your list of friends can be treated as private information. It is impossible for someone to probe your list of friends if you don't want to publish it. The list must be explictly granted, even to current friends (see next point for a minor exception). This makes it possible to partition your relationships into differnet groups, such as family, close friends, co-workers, and people you hardly know but might like to get to know better.
    * Your network of friends is leveraged for the distribution of messages. Each of your friends forwards the messages they receive to a few of your other friends. This rapidly improves the speed at which your messages get to all your friends. Doing this means that each of your friends must know the server at which a couple of your other friends have their identity hosted. This revelation does not cross friend-partition boundaries, however. It is a minor weakening of the claim that your friend list is private.
    * The user must trust the server that is hosting their identity. But like email, blogs, and other forms of internet identity, we are free to choose our service providers and the truely paranoid and technically inclined are free to host their own identity on their own server. Perhaps a more difficult problem is that the user must trust the server that is hosting their friend's identities. However, this is not a problem unique to DSNP. This is true of email as well.

The Protocol
DSNP is a communication protocol between servers hosting identities. It is still evolving. See this document for an incomplete and somewhat out-dated description of the protocol.

There is an implementation, but there are no releases yet, only a subversion repository where ongoing work happens.

http://svn.complang.org/spp/trunk/
Testing Sites
There are three testing sites. They are all backed by a different database and they interact only using the DSNP protocol.

https://www.anemo.ca/

https://www.anemonal.ca/

https://www.iduri.ca/
Mailing List
There is a mailing list for anything related to the project. Please discusss!
dsnp-interest
Author
Adrian Thurston is responsible for this. Please direct comments to him.

More information about the cypherpunks-legacy mailing list