
Show HN: So.ciety, an end-to-end encrypted social network - dutchbrit
https://ciety.com/
======
tptacek
As drily as I can, given the rules of Show HN, but it's not end-to-end if the
crypto is delivered over browser Javascript. Every time a user's browser
touches your server for any reason, the server has the option to fatally
compromise security. End-to-end means you don't have to trust the server;
_that 's_ real privacy.

So, given that this is a proof-of-concept, my advice is to back off on the web
app part of this, and develop an installable client.

~~~
onion2k
In the same way that we trust bcrypt when we get the source from somewhere we
know, it would be possible to make an encryption module in JS that gets
imported from a trusted location eg [https://github.com/shaneGirish/bcrypt-
nodejs/blob/master/bCr...](https://github.com/shaneGirish/bcrypt-
nodejs/blob/master/bCrypt.js\[1\]). So long as the web app imports that
version, and checks it against a hash from another trusted location then it
would be possible to get true end-to-end encrpytion entirely in a browser
without trusting some random server. You'd 'just' have to trust Github (or any
other trustworthy server) instead.

[1] That's specifically for Node, but it could be tweaked to work in browsers.

~~~
tptacek
No, you can't do that, because browser Javascript lacks a mechanism to
segregate one "module" from another. In fact, any page that merely populates
the DOM can override any security decision made by any Javascript file.

This idea comes up a lot, and nobody's ever explained to me a workable method
for doing an integrity check of the entire Javascript runtime associated with
a specific site. It's not as easy to do as it sounds.

~~~
evv
You're right, but these sorts of browser apps will continue to be made because
of the convenience.

The cheapest browser-app integrity check that I know of is shipping the dev
code, complete with source maps. Allow anyone to read and debug what is going
on inside your app.

~~~
tptacek
That doesn't work either, because the app users read can be totally different
than the app that ends up running the next time the DOM updates itself in the
background.

See? "Fun" problem.

------
palakchokshi
Some feedback on the landing page. Please don't hijack my browser's Back
button so clicking back just stays on your site. Please provide more visuals
before signup especially if you claim my account might get deleted while you
develop this thing. Did not sign up, did not understand exactly how you plan
to keep the information secure and private from that short blurb on the
landing page. Wouldn't trust you with my data.

~~~
dutchbrit
Sorry about that, a redirect occurs to /login when you aren't authenticated, I
will get this solved asap.

Will make the homepage a bit more informative too.

------
matthuggins
All I see is a page that says "Do you like this concept? Please donate via
Bitcoin and help me build this further: 1CietyCHJi42RR1xb1nxVkdrdsRu3PbD5s".
Am I missing something?

~~~
dutchbrit
Do you mean after signing up? You can post a message - when you sign up, you
don't have any friends or posts, so what you're essentially seeing is the
footer. I will make this more clear - thanks for bringing it up.

If you can't even see the login/register part, may I ask which browser you are
using?

~~~
oneeyedpigeon
I get the same, on mobile (nexus 5, kitkat). This behaviour also occurs if
javascript is disabled. I'm guessing, because of the back-button-breaking,
that you've implemented the redirect using javascript - correct?

~~~
dutchbrit
Strange, I haven't encountered any real issues on android yet, will try
tomorrow on a virtual machine.

JavaScript needs to be turned on, otherwise it will indeed show nothing
content wise (angularjs)

~~~
oneeyedpigeon
Well, I've checked again and now, to be honest, it looks fine. I'm certain it
didn't process the redirect earlier, and I know this isn't the most helpful
bug report in the world - sorry! I'll let you know if it happens again.

~~~
dutchbrit
I'll keep an eye out, maybe it was due to high traffic or something, but I can
understand how confusing it must of been! Thanks for checking it out :)

------
inovica
Looks quite interesting. What did you create this with? I think you should
have a better intro and maybe some video or something to outline what it is
without people needing to log in

~~~
dutchbrit
AngularJS, Express, Socket.io & MongoDB. However, I'm considering switching
over to Postgres.

Encryption wise, I'm using CryptoJS for AES256 and OpenPGP.js for PGP.

All messages get encrypted in AES256 with a randomly created passphrase. The
passphrase is then distributed to the recipients using PGP.

~~~
Xeoncross
If it's a single server then PostgreSQL would certainly give the best
performance considering how invasive MongoDB is. However, I'm sure you'll soon
grow to multiple servers so that wouldn't be as big of a problem.

Keep MongoDB on it's own server.

------
Xeoncross
Building a social network takes a lot of work. If you open source this
codebase you will have people to help you build it and you will get the
product launched faster.

As long as we can trust you to share your code, we don't mind helping you
build this and using your server as the network hub. If the server was ever
taken over, only a couple days (or hours) worth of posts would be compromised
before someone noticed.

That is no comparison to google plus, facebook, or hacker news - even with
nasty in-browser encryption.

~~~
dutchbrit
The more help, the better! I will be open sourcing this ASAP, just want to
iron out the biggest bugs and clean up the source (just a little) before
putting it on Github.

Giving access to my server however isn't something I'd really consider,
without physically being next to the person.

~~~
Xeoncross
Oh, I wasn't suggesting that you give access to your server. Just that I
wouldn't mind using a site _hosted_ on your server (it has to be hosted
somewhere).

------
GrinningFool
Interesting POC, I'll be keeping an e ye on it.

I wanted to thank you for meaningful text right there on the landing page that
tells me exactly what the project is (and isn't). No needless scrolling, no
giant-sized pictures that convey nothing. Just a concise description and a
login box.

------
subpixel
Wow - I thought you had dropped six figures on the .ciety TLD at first glance.
I couldn't figure out whether that was genius or stupid. Thankfully you didn't
do that, so I don't have to figure that out.

------
AdmiralAsshat
Might be cool for some technical discussion forms between other security-
conscious, although as far as practical value goes, I'd probably have about as
much luck getting my friends to use it as using PGP...

------
shazow
Any reason why it makes sense to ask for two different passwords? If we're
going to trust the Javascript, then does it make sense to derive the server-
side password from the same client-side password?

------
dutchbrit
Quick note, this is currently a proof-of-concept (work in progress).

------
nhayden
I've always thought this was a good idea, glad to see someone doing it.

~~~
dutchbrit
Thanks!

------
djb_hackernews
Your bitcoin plea breaks the back button. Not cool.

~~~
dutchbrit
Yikes, I didn't know that (will remove the link on it)

------
walshie4
Any chance on open-sourcing this?

~~~
dutchbrit
I probably will yes

