Hacker News new | past | comments | ask | show | jobs | submit login
Peergos Alpha – A decentralized file storage and communication network (peergos.org)
82 points by ianopolous 23 days ago | hide | past | web | favorite | 49 comments

Trying out the demo, got this warning:

> I understand that passwords cannot be reset or recovered - if I forget my password, then I will lose access to my account and all my data

Shame, cause P2P password resets are totally possible these days, see my tweets on this with Brendan Eich: https://twitter.com/marknadal/status/1131258225095991296

Also, I just got:

> Error: User already exists!

How is this decentralized then? Unless it is using a blockchain to register usernames, then there has to be a master server that "decides" whose username is taken.

Or worse: It is decentralized, but not offline-first (what happens if I register without internet access)? What is the point of being P2P/decentralized if I need to be connected to a peer?

> Creating filesystem

Is really slow! Is this IPFS?

Small actions, like "send friend request" takes ~5seconds. Have you guys tried using something faster? There is a P2P version of Reddit ( https://notabug.io/ ) and he's done a ton of optimizations to make things instant, probably require switching p2p protocols though.

Overall, it worked! That is saying a lot in the blockchain/decentralized world. So this should actually be viewed as a huge success. Congrats!

Hi Mark,

Thanks for your feedback.

We do hope to use shamir secret sharing among your friends to allow password recovery in the future, but that's strictly less secure (your friend's can collude against you) and would be optional.

There is a centralised pki to ensure unique usernames (eventually it could be made into a blockchain - it's already an append only merkle-tree in ipfs, but this is an alpha). This is a UX tradeoff. Peergos is designed to be used by people who can use facebook - they should never need to see a hash or manage their keys. Once you have signed up and claimed your username you only need to interact with your storage node (and those of your friends for social stuff) unless you need to lookup a new friend who's recently signed up.

Some things are slow yes, we have a lot of optimisation to do, but wanted to start getting feedback.

The idea of enforcing unique usernames kinda sucks, and so does trying to add people to a contact list by searching for and entering usernames.

This is, of course, how it’s always been done. But need it be?

If you’re bootstrapping off of your existing Twitter/Facebook/Whatever I would assume Oauth could get you the ability to discover friends on the network without ever having a “username” to enter.

If you’re making a new friend on the spot it’s a QR code or Bluetooth or Ultrasonic handshake between the devices?

If you’re making a new friend online I’d rather send them a peergos://<base56>/invite via SMS or Email or whatever other chat program we’re using. Tap and it should app switch right over to a screen showing their contact info with the “Friend” or “Add” button right there.

iOS will convert a webpage link into a preview of the page. I wonder if you could use that functionality to make sharing an invite link via SMS on iOS preview the actual contact page. I don’t know if iOS will let installed third party apps provide a preview bubble for link/protocols they’ve registered to handle.

OT: Shouldn’t the name just be PeerGo? Or really, Peer.

Or use Shamir's Secret Sharing to split your key/password up between friends at the outset: https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

Great reference! Do you know of a WebCrypto based implementation of this? Or even libsodium? That has been my hold back.

In the https://peergos.org/features page we can read:

"Alternatively you can pay another provider to store your data (they won't be able to read your files). Currently, we have a small central server which stores usernames and public key"

So IPFS is useful to eventually have your data copied to other nodes, but you need centralized servers for basically all reliable operations?

You always have to host your own files or pay someone to host them for you, to guarantee some useful degree of availability. That cost is often minimal. For most non-commercial purposes, a raspberry pi on a home internet connection would probably be sufficient.

IPFS isn't a service to store unpopular files for you for free. If you're not going to do it, someone else has to be paid or otherwise motivated to host your files for you.

IPFS reduces bandwidth costs, and might reduce latency, in the event your files/data become popular. In a sense, it's a free content-addressable autoscaling cdn. It's not a free S3/B2 replacement.

The only thing that is currently logically centralised is the pki server. And that is only to guarantee unique usernames during sign-up, and its data is mirrored on other nodes.

You can self host, and then your own node is responsible for storing your data (which could be a machine in your house, or eventually maybe even your phone).

Why use a centralized server to guarantee unique usernames instead of using a public key as a username?, potentially with a friendly alias?

It's a UX tradeoff. People are used to services having unique usernames for everyone which they can use to look friends up. No one wants to say oh just add me on X I'm Qmeufhj32f84hfnejcn438f. Or Add me on X I'm one of the 100 people with real name Bob. Long term it doesn't need to be physically centralized and would make a good candidate for a blockchain with consensus. It's already an append only merkle-tree which is mirrored in other nodes for privacy of public key look ups.

The other effect it has is it allows us to have a global filesystem with all the semantics people are used to from filesystems with human readable paths of the form /$username/$path_in_users_space

Or you need a Pi-like device on your network to act as your personal storage node.

I think if you could plug in an old iPhone/Android and have it become your host I don’t see why that couldn’t be mainstream. Everyone (who would consider using this) has an old phone they can plug in and forget.

Plug and forget, and one day realize your data is lost?

That's the thing I really can't wrap my mind around with these kind of solutions: how can they be advocated while not offering a good way to be reliable? That's doing a disservice to the other good parts like the better privacy.

In what why is this not true of centralized services too?

If you "plug and forget" from a paid centralized service not using IPFS you have even less recourse.

With IPFS it doesn't matter whether the blocks are locally on your system or in a paid cloud, the blocks are readily available because they are transparently available from BOTH.

If you stop paying the cloud the blocks are still available but slower if they are on a slower pipe.

Maybe I misunderstand you - but I think the objection is that paid services typically do a great job at hosting files. Normal casual people, do not. Eg, if I run a RaspPi from my closet it seems far more likely that my server will fail, than if I had used Google/etc.

And IPFS does not work (or at least, has no guarantee) in the event of a file has no hosts. So the only way you could host it yourself safely would be to use something like P2P and distribute the files. Either at large scale (like FileCoin proposes), or by having something like RaspPi's in 2 family members closets so you have redundancy in your hosting - should your house burn down.

I've hosted Web sites, git repos, etc. from my laptop; it would be suspended/resumed during my commute, over night, I'd sometimes be in places without WiFi, etc.

Since I was using IPFS that wasn't a problem, since I also had a few other machines hosting the same blocks from different places (including one in a different country).

Yea, but that requires other people to have gotten it. Which, if your site matters, is not a gamble you can take.

I love IPFS, but it still needs a live server to pin a resource. Luckily you can host IPFS stuff (theoretically) on a tiny box because any amount of traffic becomes "instantly" distributed. But, still having it hosted is the only way to guarantee your content is actually available.

> that requires other people to have gotten it

Did you miss the last part where I said multiple machines are hosting it?

No, I just misunderstood it. You described hosting it on your laptop. Which, if "other machines host it" to cover your laptop downtime, I would not call it hosting on your laptop anymore lol.

When you mentioned other machines, I assumed you meant that other machines had accessed the content and effectively temporarily seed it, as is the way IPFS works.

If your point was truly that other machines have your content pinned, then what is your point about "hosting it on your laptop"? Seems a bizarre description if your laptop can be closed, but the other machines have the content actually pinned. It's hosted by the other machines, not your laptop.

I’ve been using syncthing and the rule is you just have to have one working computer, since computers are cheap and most people are throwing them away all the time it’s easy to end up with many at a time. I’d imagine this is the same way.

As long as you follow that rule you don’t lose data.

We hope to eventually solve that problem (the house burning down issue) by mirroring your data among your friends. They could already do that, it's just not built in.

Exactly this. Storage and bandwidth are insanely cheap.

Also, not all content I keep is the same, I think it could be be tiered. There is a lot of content I have which is third party and easily replaced, these are files that hash to values that other people will also happen to have.

Then there is content I personally created like photos and video which is voluminous and important but not an epic disaster if some of it is lost. Finally there are crucial documents which are truly mission critical, but these make up the smallest share (less than perhaps .1%) by volume.

Every friend I connect with I wouldn’t think twice about giving them some amount of space on my server. I mean, you’re allocating space for chat and metadata and such, why not also a baseline amount of per-peer storage like 100MB. Then you could slide it up from there.

Making this automatic, and on by default at a baseline, adds a level of resiliency to the whole network.

I assume my friends can act as relays (store-and-forward) for anything I’m sending or sharing through the network as well.

Thats almost how I feel about using raspberry pis as servers in general. Arent I better off with 1 computer, running the free Citrix Xen, that I can run ALL my servers on, instead of a closet full of raspberry pis to manage.

Just because you can...

Is this thing pronounced purge os? Even if its not supposed to be..

Of course you can also do that, but right for now 99% of people “all the servers” are exactly 0 servers. Even the concept of a “server” is foreign.

Maybe the first server most people buy is a home NAS or wireless gateway. Those types of devices should also be able to act as the host as long as they have pluggable storage.

Are binaries / programmatic access available?

I've been writing a knowledge repository and was debating using IPFS to distribute encrypted files. However Peergos is interesting for the same reason. To toy around with the alpha I'd like to experiment with integrating the sharing model with my project.

We are distributing releases through Peergos itself: https://alpha.peergos.net/public/peergos/releases

The rest api is quite simple, and mostly a subset of the IPFS rest api. The complexity is mostly client side. We have a Java client, which we cross compile to JS for the browser.

If you're mainly interested in the access control mechanism it is a simplification of cryptree: https://github.com/Peergos/Peergos/tree/master/papers

I tried to sign up, but just got `(TypeError) : Cannot read property 'dhtClient' of null` on submitting the form. Chrome 74 on Linux. All blockers off/tried in incognito.

We think we've just figured out the cause, and deployed a fix. Are you able to sign up now? You may need to CTRL+F5 force refresh.

Blockers shouldn't matter because we don't have any third party hosted content, not even fonts.

Thanks for letting us know. We've had 2 other reports of that error, but so far we haven't been able to reproduce it. We've tried chrome 74 on windows and 73 on Linux.

I successfully signed up with FF67 on Linux just now.

Am getting the same on Firefox 66, Windows

Another one? These are all subject to network effects. consider them contractions on the way to the birth of the successor to the web.

> These are all subject to network effects.

Can you describe in more detail the issue? Would love to hear critical thoughts on this project, as I'm interested, but wary.

It's just the chicken-and-egg problem - how do you get enough people using it for it to be a real resource, vs another OK-but-not-outstanding platform that has a few dedicated users but too shallow a community?

I'm a bit cranky about it because I have watched a bunch of projects like this bud and then fail to develop even though they were/all very worthy in their way.

Ah hah, appreciate the depth. I misunderstood your comment and thought you meant it was vulnerable to some type of network attack haha.

Sign up is broken. It didn’t finished, but now shows user taken. Would love to try login in, but can’t find the login screen.

The login url is https://alpha.peergos.net

I'm a little confused what the use case is for this. Can someone elaborate?

Right now, we have a consumer, provider model of the internet. The internet in the 90s was very different, and looked much more peer-to-peer.

The higher level sharing and storage that we have now through services such as Facebook, Instagram, Dropbox, etc, could have been built in a peer-to-peer way, on top of things like Peergos.

I do not think that Peergos will necessarily be the exact technology that a new, decentralized version of internet technologies will be built on, but we are building the infrastructure and knowledge needed to be ready for power and economics shifts online.

It's a place for you to store your stuff, where you control who see's what. You get fine grained access control (per file or directory) all enforced cryptographically. We try hard to hide metadata as well - like file names and sizes, directory structure, your social graph. It doesn't inherently depend on DNS or the TLS certificate authorities for operation (clearly using the public web interface does, but you can also run it locally).

Didn't you watch Silicon Valley? It's the answer to Hooli's Box III.

Amazing! How it works?

There's a talk introducing the architecture here: https://www.youtube.com/watch?v=h54pShffxvI

TLDR: It's a cryptographic capability based global filesystem with a focus on privacy.

How does this compare to IPFS and the DAT project?

It seems like it uses IPFS under-the-hood. So they're essentially handling the end-to-end encryption aspect of it, so that those hosting it via IPFS can't see the data.

Yes, we use IPFS as a datastore using their IPLD merkle tree data structure, and as a p2p networking stack.

Disclaimer: I also work on IPFS

On that note, how does this differ from FileCoin? Is it basically a self-hosted NAS on top of IPFS?

Congrats guys!!

Please use an informative title.

How is it now?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact