
Avatar: A browser OS with built-in privacy and anonymity - staltz
http://sneakpeek.avatar.ai/technology.html
======
uzero
We are looking for security experts to double check/triple check/audit our
protocol designs.

So if you know your crypto and you are intimately familiar with Alice and Bob,
please lend us a hand and take a look at the protocols. Our discussion forum
has a special section for security and protocols where you can post your
comments.

Thank you!

~~~
jhdkjqhkjqhwk
> that runs on modern web browsers.

Never mind your protocols, I'm pretty sure nothing can go wrong here!

------
4ad
I wish people would not misuse the term "operating system" so much.

~~~
steveklabnik
I'm posting this comment from a Chromebook. I'm imagining this could (I
haven't gotten through all the marketing yet) be something very similar, which
very much is an operating system.

~~~
4ad
No, it's a javascript app plus another app that runs outside the browser. It's
similar to freenet.

------
Karunamon
This looks to be very similar to Freenet[1] - basically a specialized,
distributed network that runs on top of the internet but has its own
server/client infrastructure.

Does Avatar serve pages over plain HTTP(S) like Freenet, or is there some
other magic here?

[1] [https://freenetproject.org/‎](https://freenetproject.org/‎)

~~~
uzero
Everything is encrypted by default. Even Freenet and Avatar are similar at
very high-level, there's many differences under the surface.

I wrote more about how Avatar compares to X here:
[https://discussions.avatar.ai/topic/13/comparison-to-tor-
fre...](https://discussions.avatar.ai/topic/13/comparison-to-tor-freenet-
retroshare-etc)

~~~
hnisnotreddit
your comparison to Tor completely glosses over Hidden Services, which are less
complimentary to Avatar.

------
seanmcelroy
I think this would be a much more interesting project if it was to put a great
interface on top of the Freenet protocol. Encryption and anonymization on P2P
is very hard, and building on Freenet as a basis for the plumbing would speed
the time to a deliverable and build on existing technologies rather than
reinvent the wheel.

------
mQu
Do I understand correctly that browsers obtain source code through bridge
(local HTTP server?) from Avatar network or is it downloaded traditionally?

EDIT (from here to end): to clarify - my question is to assess security of the
'runtime' \- if it's downloaded from the server what is there to stop
malicious party from compromising the server and sending modified verification
code?

Would it be downloaded through the bridge then (and only then) verification
with block chain could be done on received updates (providing first d/l wasn't
compromised). User browser would then access files exposed by the bridge.

At least this is how I imagine it but the OP overview is light on details.

------
TacticalCoder
It's interesting that they're using secp256k1 (as Bitcoin does) for
performance reasons (regarding Bitcoin, Satoshi mentioned in early messages
that he did choose EC because it would help keep the size of the blockchain
not too big). I wonder if Bitcoin's use of EC is "giving a boost" to EC...

Anyway... TFA states this:

"We are aware of theoretical weaknesses in secp256k1"

What are the theoretical weaknesses in EC secp256k1?

~~~
hendzen
See [http://safecurves.cr.yp.to/](http://safecurves.cr.yp.to/) for an
explanation.

------
uzero
I wrote a clarification about how Avatar is an operating system and about how
it runs on a browser at [https://discussions.avatar.ai/topic/18/what-makes-
avatar-an-...](https://discussions.avatar.ai/topic/18/what-makes-avatar-an-
operating-system) \- I hope this clarifies a bit what we are trying to
accomplish with Avatar.

------
jokoon
I like the initiative to tackle against what the NSA is doing, but I'm seeing
many projects that just seem to overdo it.

You will have better results by going out and educating people about how
technology works than inventing a internet-obscurity-security sort of thing.

On top of it, if the NSA can detect who encrypts its traffic the most, who use
what OS, what browser, if that person has used PGP, etc, it just needs to
monitor this person a little bit more.

I don't want to sound cynical, but I wish I could see programmers work on
solving real problems, like economical ones: you'll be surprised how
miscommunication and lack of information spreading can worsen situations.

Many people seems to criticize facebook, why am I not seeing anyone
reinventing the social network ? I'm not talking a website like diaspora or
google+, but anything which is designed for making the economy work better.
Like a craiglist for masses, but more efficient and relevant.

~~~
woah
It sounds like you are basically suggesting the most generic of web startups.

~~~
jokoon
Yeah well I see countless posts of people failing their startup...

------
blueskin_
Wait, so this is a browser-in-a-browser?

How the fsck is that in any way an OS?

>"We believe it's not your job to keep track of what social networks your
contacts use. With Avatar you simply just write a message and the system takes
care of delivering the message to your friend. You can use your Avatar to
communicate "cross-border" with other social networks like Facebook or
Twitter."

I saw someone mention this yesterday on HN for another service, but I'll say
it here. This seems like a huge WTF, as people separate services for a reason.
If I want to talk to someone on facebook, I might not via email, or via a
different email address to the default. See: Google recently outing a trans
person who used different services for different identities.

------
spaceheeder
Can you link to your source code? Have you given any thought to using the GNU
Naming System to smooth over some of the usability problems with public keys?
Are you familiar with unhosted.org, and their use of Oasis.js to partially
solve the problem of running untrusted js in the browser?

~~~
staltz
We haven't released any source code yet because we first want to make sure our
protocol designs are correct. Unhosted is a familiar project and we are
currently evaluating multiple options to run unsecure code.

~~~
spaceheeder
Going on a slight tangent off of jude-'s question, will there be any social or
economic incentive for making one's bridge persistent, or capable of holding
more data? Or will this rely on volunteer participation, like tor/freenet/etc?

~~~
staltz
At first it's volunteer but we do realize that incentives are needed and we're
working on different models. The long-term goal, which depends on WebRTC
maturity, is to have no need for Bridges, because that code would be in the
browser OS.

~~~
spaceheeder
If the storage _wasn't_ separate from the client, wouldn't access time
performance top out around the same levels as, e.g., Freenet?

------
jude-
I worry about storage performance. Why use a DHT? Could you get away with
using cloud storage to host the signed and encrypted data? Also, are you
worried about Sybil attacks on the DHT?

~~~
spaceheeder
Based on my read through, I think the files themselves live in the bridges and
the DHT is how they are found. So you could set up an Avatar bridge in the
cloud and use that as your bridge (or put the bridge on your local device and
tell _it_ to store/retrieve everything from a network folder).

~~~
jude-
So, performance will depend on where these bridges live, and how generously
provisioned they are. Using the DHT for routing doesn't address this problem,
though--requests for hot content will be routed to the same node, regardless
of how well-positioned it is to serve requests. Also, what happens to the
content when that node goes offline? I skimmed the R5N DHT whitepaper, and
while it replicates keys, it's not clear that the bridges replicate chunks.

Do the authors have a plan to address data loss? Do they have a plan for
caching/replicating data to alleviate hot spots? Will their replication
strategies on read/write objects include a well-defined consistency model?

~~~
spaceheeder
Their current line is that, with increased WebRTC adoption, bridges will
somehow become unnecessary? I'm not convinced, and agree with you that there
may be some problems here that will lead to poor performance (which is
critical).

According to someone (a developer?) further down this thread, they realize
that incentives will be needed for things like this. It sounds sort of like
the same problem that the bitcloud people are trying to solve, but to my
knowledge nobody has any solid solutions.

Why pay more for a blind CDN when 99.9% of your customers use infrastructure
that only require you to use unsecured ones? That shouldn't be a rhetorical
question--this is an important issue that needs to be addressed if we want to
make the Internet a better, freer, and more secure place to communicate. We'll
see if these guys come forward with something that sounds like it can work, I
guess.

~~~
staltz
Avatar is very complex and we were aware that many questions like these would
come up. That's why we built a forum just for this purpose, where we can go
through all these issues in detail.
[https://discussions.avatar.ai](https://discussions.avatar.ai) This wouldn't
be labeled 'sneak peek' if we weren't seeking for security audits and
architecture reviews before publishing it officially.

------
computer
Technically I love new plans in this space.

However, it seems that this requires a lot of people using it to be useful
(network effect)? Is there a plan for getting this used by people?

------
kitd
_The guiding goal has been to create a portable, easy-to-use layer on top of a
browser_

I can't help thinking they're looking at this the wrong way round.

------
fiatjaf
Why didn't they write everything in Javascript and run from the browser? A
pure-browser Freenet is possible, isn't it?

------
hotloo
Looks interesting.

Any action videos or demo available?

~~~
uzero
Not yet but hopefully soon.

------
hmhrex
Are there any other OS' similar?

~~~
samweinberg
It reminds me of Joli OS
[http://www.jolicloud.com/jolios](http://www.jolicloud.com/jolios)

~~~
hmhrex
Almost forgot about Joli. Great little OS.

------
keyo
Looks promising

