Privacy-preserving offline delivery (avoiding all metadata) is a hard problem.

For now, the @cwtch_im groups experiment makes use of slow but explicitly untrusted servers that learn nothing about the messages they host.

Making them trivial to self-host is a critical goal:
If you read our recent roadmap update carefully you might have surmised that there are two main directions of work taking place @cwtch_im

1. Development of protocols that avoid intermediate hosting (hybrid groups)

2. Making shared infrastructure as simple to host as possible.
Certain features and use cases will always require some form of offline-delivery, so we need to provide options e.g.

1. Host an always online p2p bot (trusted and quick)
2. Use one of many public, decentralized server instances (private and untrusted but slow)
Either of those options require making self-hosting of infrastructure as accessible, easy and as trivial as possible.

The server hosting experiment in @cwtch_im beta 1.4 is the start of building out that functionality.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sarah Jamie Lewis

Sarah Jamie Lewis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SarahJamieLewis

13 Nov
I received quite a few requests for "how to get started" building something like this. So I'm going to dump some history and resources in this thread.

This isn't difficult. You can do it to. Getting to the level where it is peaceful instead of frustrating might take a while.
I started programming simple real mode operating systems in my teens and it's fluctuated as a hobby for me over the course of the last 2 decades.

In between I've built hobby emulators, (dis)assemblers, fuzzers, compilers, and uncountable weird hybrids.
I'm going to assume you know at least one high level programming language. If you don't then you should learn one. Any one will do. People may tell you the choice matters, it doesn't.

The basic principles you will learn in one are transferable to others.
Read 24 tweets
12 Nov
I spent my recent evenings writing an operating system in an assembly language that I also developed to compile to a custom bytecode that I also designed to run on an virtual machine that I also implemented.

A meditation on recursive complexity and what actually makes me happy.
It is completely useless. All that work, and you can only run a few commands, and one of them is QUIT.

I have never loved a piece of software more.
The kernel is 832 lines of custom assembly. ~300 are dedicates to embedding binary data like font bitmaps.
Read 11 tweets
12 Nov
Very sceptical about "metadata of the metadata".

Encrypted communication tools should be designed such that devs *don't* have access to things like "where [and when] accounts are created, how [data] travels, which [messages] are fastest to spread"

wired.com/story/encrypte…
Basically this. The underlying expectation that "responsible encryption" requires some kind of metadata surveillance to be safe seems to be to be a deeply flawed narrative that can only result in greater and greater privacy harms.

Also the entire idea that "aggregated, anonymized data" is an actual thing that can exist in the real world needs to die.
Read 4 tweets
11 Nov
Still stuck in the dream that maybe we can build p2p applications that aren't mediated through a global consensus layer.

Nonsense I know.
With all the talk of web 3 I fear we have forgotten how we used to think of the future of the internet.

And by "future" I mean how we used to imagine the web of 2015
Read 10 tweets
24 Oct
It's been 7 days, and now we have some ridiculous line about encryption making espionage easier. The pace is really heating up.
I'm not sure people really understand this, so I'm going to say this again:

The current argument by the anti-encryption side is that the threat of state violence should be used to prevent the offering of math-as-a-service.
I will grant that there are legitimate sounding arguments that may prompt someone to consider pointing weapons at anyone who dares to carry out the dark arts of arithmetic but I would hope that by now most would have outgrown such childish notions of how the world aught to work.
Read 10 tweets
21 Oct
One of the most dangerous narratives coming out of the pro-encryption camp right now is that metadata surveillance (by any other name) can be a solution to "online harms" in lieu of banning or restricting access to end-to-end encryption.

Ceding ground that is already lost.
Let us not blatantly ignore the fact that governments and corporations already conduct vast, intrusive metadata surveillance campaigns - and have done for decades.

Metadata surveillance is the gross, default state of the modern world.
The real solution to online harms rests in more anonymity, more encryption, more consensual communication and more decentralization of power.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

:(