![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
timmc posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
social_media_designI've been designing a distributed social media protocol, and one thing I've been puzzling over is comments. Specifically, how to handle plausible deniability.
For example If I comment on your journal, there are at least three ways I could possibly do it in some imagined protocol:
1. Hand you a comment, and you publish it to your journal. This is like how commenting works on Wordpress. Simple, but you could make fake comments and pass them off as mine. Maybe this is not a problem, though!
2. Hand you a cryptographically signed comment, which you publish to your journal. Anyone could verify that it's really from me. But on the other hand... it can now be proven at any point in the future that I said that thing, which might be highly embarrassing, or misleading out of context. It's a mismatch for the way casual interaction usually works; we don't go around getting our chit-chat friggin' notarized.
3. Publish the comment myself, and send you a link to it; you display the comment and include metadata indicating where it can be retrieved on my site. People's clients can verify it comes from me by asking my journal about it. If I ever want to take it down, I can just delete or hide it. Downside: More complicated, more fragile.
Option 3 might be for the best since it's the closest match to "casual privacy", despite the complexity.
(There's also still the problem of how to publish a journal post and ensure that people can verify that I wrote it at the time they retrieve it, but *not* allow them to convey that proof to others. The solution to that might also be the solution to the comments issue, or possibly not.)
For example If I comment on your journal, there are at least three ways I could possibly do it in some imagined protocol:
1. Hand you a comment, and you publish it to your journal. This is like how commenting works on Wordpress. Simple, but you could make fake comments and pass them off as mine. Maybe this is not a problem, though!
2. Hand you a cryptographically signed comment, which you publish to your journal. Anyone could verify that it's really from me. But on the other hand... it can now be proven at any point in the future that I said that thing, which might be highly embarrassing, or misleading out of context. It's a mismatch for the way casual interaction usually works; we don't go around getting our chit-chat friggin' notarized.
3. Publish the comment myself, and send you a link to it; you display the comment and include metadata indicating where it can be retrieved on my site. People's clients can verify it comes from me by asking my journal about it. If I ever want to take it down, I can just delete or hide it. Downside: More complicated, more fragile.
Option 3 might be for the best since it's the closest match to "casual privacy", despite the complexity.
(There's also still the problem of how to publish a journal post and ensure that people can verify that I wrote it at the time they retrieve it, but *not* allow them to convey that proof to others. The solution to that might also be the solution to the comments issue, or possibly not.)
no subject
Date: 2021-03-25 12:32 am (UTC)In Cavern, the journal owner creates an index file for each contact, encrypted and signed in this manner. The index file contains URLs and symmetric keys for the posts. While the presence of the post on the server does indicate the journal owner authored it, and the symmetric keys could be shared around, the owner could also choose to delete these posts at any time. And while the signed index file includes these URLs and keys, there's no connection between the URL and the post content, and even if there were -- the authorized reader of the index could have forged the index.
Therefore, the posts are only non-repudiable to the extent that they are still on the server and one assumes that the server has not been compromised by the reader.