
Show HN: Decentralized P2P Messaging with Blockchain Verified Identities - prabhaav
https://www.stealthy.im/?ref=hn
======
ac4tw
Greetings, I develop Stealthy with the OP. After reading a lot of the HN dApp
posts, I want to address two frequently occurring topics from the comments:

1\. How decentralized is this dAPP? Stealthy is decentralized in two main
ways. The first is that it does not require a centralized signaling server to
establish connections, when two people have added each other as contacts. That
of course requires that they initially co-ordinate outside of stealthy (though
we do however have a convenience mode that does a one-time centralized
introduction / discovery service if both users have that enabled). The second
is our storage, which is built atop Blockstack's GAIA storage system (more
info here:
[https://github.com/blockstack/gaia](https://github.com/blockstack/gaia)).

2\. How secure is Clientside javascript crypto? In other HN posts, I've seen
quotes like: 'Nobody who's serious about security is going to use an app that
does crypto in javascript. Why not make browser plugins to avoid this
complication?' and posted the classic Javascript cryptography being considered
harmful article. Blockstack gets around this in a way similar to being a plug-
in with their one-time browser download (which is essentially a node process
that also has your crypto keys/generation capabilities so you're not
transmitting those back and forth for acquisition purposes). You can find more
information on that subject in this forum post:
[https://forum.blockstack.org/t/blockstack-vs-clientside-
js-e...](https://forum.blockstack.org/t/blockstack-vs-clientside-js-
encryption-concerns/4677)

~~~
lawl
I don't understand what a blockchain is needed for. Resolving registered
identities to a public key? Because I can't seem to sign up without an e-mail
address, which seems... weird to me.

What is the centralized storage used for? Offline messages and history sync
between devices? _edit: i didn 't see the dAPP part, is it also used in P2P
messaging?_

How does your decentralized lookup avoid leaking friend requests out into the
open?

On your website it also sais you use WebRTC for P2P communication. Am I
correct in my assumption then that the STUN/TURN/ICE server at least knows who
started talking to whom and when?

I really miss a detailed architecture/protocol overview. It doesn't have to be
as detailed as for example the signal docs[0], but just something to be able
to understand your architecture and the choices you made on a high level.

[0]
[https://signal.org/docs/specifications/doubleratchet/](https://signal.org/docs/specifications/doubleratchet/)

~~~
ac4tw
Good questions lawl. I'll try to address them in order:

1\. "A blockchain, implemented using virtualchains [6], is used to bind
digital property, like domain names, to public keys. Blockstack’s blockchain
solves the problem of bootstrapping trust in a decentralized way i.e., a new
node on the network can independently verify all data bindings."
[[https://blockstack.org/whitepaper.pdf](https://blockstack.org/whitepaper.pdf)]

2\. I believe collecting an email is required in case you need to recover your
12 word pass phrase.

3\. The default storage that comes with a Blockstack account is a Microsoft
Azure Blob. If you implement your own GAIA hub, you can circumvent that with a
number of other options, but conventionally you would refer to the other
options as 'centralized' too. Consider this though: "We decentralize data
storage with relationship to trusted 3rd parties - remove control from app
developers, cloud storage providers, etc and give it to users."
[[https://forum.blockstack.org/t/gaia-
decentralisation/4275/2](https://forum.blockstack.org/t/gaia-
decentralisation/4275/2)].

Anyway, each user's storage is used for the following things: \- contact lists
\- conversations \- offline messaging \- initiating WebRTC connections

It is all encrypted client side.

4\. We have two forms of discovering users.

The first is where the users coordinate outside of Stealthy to add eachother
as contacts--at this point communication is established only between the two
chat clients with no third party, consequently there is not traditional
leakage that may occur in this mode.

The second (which can be disabled from options) uses a centralized DB and
listeners to simply exchange the notion that someone wishes to talk to you. If
that centralized DB were to be hacked, that request could theoretically be
leaked. The invitation to talk only occurs initially when both parties are not
within eachother's contact lists.

5\. We do use WebRTC for P2P communication and it can be disabled from the
options or during initial configuration. The STUN/TURN/ICE server could
certainly acquire some of the information that you mention.

6\. We agree with your notion of an architecture / protocol overview and are
currently considering precisely how we will proceed with that. Earlier this
month we spoke with a representative from the EFF and their advice was to
publish a paper on the subject and then commence with formal review of our
work, similar to Signal.

Hopefully this helps.

~~~
lawl
Thanks, you answered some questions, but I still have some question marks.
I've bookmarked the website and will check back for the (white)paper.

------
gnarcoregrizz
So this is like a decentralized keybase? Are the identities and associated
public keys stored in a decentralized manner? It wasn't clear to me when I
registered an identity, because I figured if it's decentralized, then I would
have to pay for it in some manner with a cryptotoken. I always thought this
would be a good use case for Ethereum (and indeed, there seem to be a few
projects working on it). It would be extra cool if it could integrate into
existing wallet/dapp software so you don't need to juggle extra keys. Anyway,
cool stuff. I'm hoping more people adopt end to end encryption

edit* looks like the identities are stored in a decentralized manner, and that
all of this should integrate with blockstack's keychain and browser

~~~
prabhaav
Yes, the blockstack node package running on your machine generates the key
pairs for you and thus the keys are stored on your local machine, not a
centralized authority.

The reason you need an .id is because we have to register your identity on the
blockchain and propagate your zonefiles.

We can help you register a .stealthy.id that gives you access to the tool if
you create an account today :)

------
kodablah
Pardon my Blockstack ignorance, but are keys deterministically created via
some kind of KDF w/ some factors I provide or are the users expected to handle
key management? IMO the latter significantly restricts adoption, especially in
a multi-device-same-identity world.

~~~
prabhaav
Users have to back up a 12-word mnemonic phrase, a la BIP39. We also email
users an encrypted copy of their phrase (where their password is the key)

~~~
kodablah
I think email is a reasonable place to do this since it's one of the few
storage places people keep around across devices (sadly, other services with
no centralization at all can't easily send SMTP). Could also consider a
printable QR code I guess. I assume the Blockstack browser or whatever makes
it easy to enter your clear text 12 word phrase or the encrypted one w/ the
password when using a new device. I also assume that there is no way to revoke
access by device (e.g. per-device keys but still same identity and some
revocation list, I dunno). These are definitely tough problems.

~~~
prabhaav
Another decentralized app, [https://keys.casa/](https://keys.casa/), is
solving a similar problem.

------
djangowithme
Are you running IPFS nodes for unloaders to keep data persisting? From what I
understand, as soon as the last available node stops broadcasting, the pinned
object is gone.

How do you deal with illegal content? Aka people using this service to host
bad content.

~~~
prabhaav
The message data is encrypted client side and stored in a cloud service of
your choice (dropbox, s3, google, azure: default).

We don't host any data, it's stored in the users data store; the user controls
all their data.

~~~
voxadam
Would it be possible to shard the encrypted data across multiple backends
(e.g. across multiple providers or across multiple accounts on a single
service)? It might be useful/interesting/fun to use erasure coding to increase
redundancy and availibiliy.

~~~
prabhaav
Yes, people can redundantly shard their data to multiple cloud storage
services. We plan on offering such a service if there is demand for it.

------
handbanana
It's a nice looking product. My main concern with apps like these are that
they use very green looking projects.
[https://github.com/blockstack/gaia](https://github.com/blockstack/gaia) has
154 total commits and 6 contributors. The rest of blockstack's stuff has more,
but still hardly a lot. I guess my point is, I'd be weary of anything that
appears this early on in development - whether it's a dAPP or not

~~~
ac4tw
Thank you. I appreciate your concern. My understanding is that the Blockstack
team has more development planned for GAIA, but to date have been focused more
in other areas, as you discovered. We've been working on their platform since
December of '2017 and so far their GAIA storage system has been reasonably
reliable for us.

*Edit: Though recently I've been considering the system and Stealthy's use of it for scaling purposes and it's likely that we'll be looking into running our own hub(s). A brief discussion on throttling of the free hubs, best practices, and performance here: [https://forum.blockstack.org/t/gaia-read-write-and-throttlin...](https://forum.blockstack.org/t/gaia-read-write-and-throttling-specifications/4926/2)

------
ac4tw
The diagram at the bottom of this link, 'How Blockstack Works', has proven
helpful to me for discussing and understanding Blockstack and dApps built upon
it: [https://blockstack.org/intro](https://blockstack.org/intro)

------
dnprock
I looked at blockchain and couldn't find information on how identity
management works. I assume identities are stored on centralized blockstack
servers. And how do I recover if I lose my passphrase or password?

How does stealthy address this issue?

~~~
ac4tw
Answering your question to my satisfaction is difficult from a single source,
but here are some key points and source links that may help:

* "Can Blockstack control my data or ID when I use it? No. When you're using a Blockstack client you control your data and ID with a private key. This private key never leaves your device and is meant to stay on your laptop/phone. As long as no one gets access to your private key, no one can control your data or ID. When you use Blockstack, by design, your private keys are never sent to any remote servers." [[https://blockstack.org/faq](https://blockstack.org/faq)]

* "The main difference between blockchain identities and accounts on any other service is that blockchain-based systems have strong ownership. Blockchain identities can't be confiscated by any service because the system defines ownership according to ownership of public-private keypairs, just like ownership of coins on Bitcoin. This is in direct contrast to Twitter or Facebook usernames, which could be confiscated or censored at any time by the respective companies that they belong to." [[https://blockstack.org/posts/blockchain-identity](https://blockstack.org/posts/blockchain-identity)]

* "Identity is user-controlled and utilizes the blockchain for secure management of keys, devices and usernames. When users login with apps, they are anonymous by default and use an app-specific key, but their full identity can be revealed and proven at any time. Keys are for signing and encryption and can be changed as devices need to be added or removed." [[https://blockstack.org/intro](https://blockstack.org/intro)]

------
jhunter1016
The types of apps we're seeing on the decentralized market are pretty damn
impressive.

The thing I've been wondering is how this works without a Blockstack ID? What
does someone do if they don't have an ID?

~~~
prabhaav
A Blockstack ID is required for chat to work in a decentralized manner and for
people to look you up.

Good news is we can register you for a .stealthy.id when you create your
account and thus you don't have to pay for a Blockstack ID.

------
pohl
Could an internationally-distributed, loosely-affiliated group of people use
this to orchestrate tipping an election for some quid pro quo without leaving
a paper trail? Asking for a friend.

~~~
prabhaav
Haha maybe one day! We have no visibility into the messages that are sent on
Stealthy.

------
prabhaav
If you have an id or have registered for an id, you can fill out this app
feedback survey and earn a 100 stacks:
[https://contribute.blockstack.org/b/mpktxj/view](https://contribute.blockstack.org/b/mpktxj/view)

------
dale14
We need more stuff like that

~~~
prabhaav
Thanks Dale! If you have an id you can fill out app survey and get a 100
stacks! Here's the link:
[https://contribute.blockstack.org/b/mpktxj/view](https://contribute.blockstack.org/b/mpktxj/view)

~~~
dale14
Thanks mate

------
justme00
Great value mate!

