Hacker News new | past | comments | ask | show | jobs | submit login
Secushare: A decentralized, secure social network built on GNUnet (secushare.org)
191 points by federicoponzi on Sept 5, 2019 | hide | past | favorite | 51 comments

I'm quite annoyed by the superficial critics that are currently overflowing the comments. Of course this is an ambitious project that is driven by (of course slow paced) academic research. This is very serious and is of course actively not giving a fuck about current mainstream trends in software engineering.

It is technically ambitious: no-bullshit distributed systems are hard with the current Xcoin trends. GNUnet strives to imagine and implement a networking stack that is mostly friend-to-friend, eg a network where the topology is dictated by the real life trust relationships (just as most old low-level protocol did, think bgp). It wants to support delay-tolerant and low bandwidth networks that exist outside of our privileged western world, have privacy protections on the routing level, etc etc.

It is politically ambitious since much of it is deeply anti-commercial, striving for local self-management (and that on several stacked levels). In particular it strives to have an architecture that defuses the network effect that comes with walled gardens. Applications built on top will probably do the exact opposite of the neuropsychology-based methods of drawing attention that is being used in almos every single mainstream private and free software web application. Imho there is limited value in reimplementing all these mechanisms like suggestions, notifications, infinite stream based information architecture (think mastodon) that have negative aspects on the content (superficial and intellectually aggressive content) and negative aspects as a tool (no decent archiving or information retrieval).

So yeah, this is very much in progress, but GNUnet as a whole is currently federating a lot of academic (and non-academic but still very much based on experimental science methods) work, it's already a gold mine of papers, thesis, experimental protocols, foundations for radically different applications, etc. Please take the time to go deeper than just the front page, it is really worth the time (this is a website, not a marketing page, you have to actually explore it to understand what it's about).

>I'm quite annoyed by the superficial critics that are currently overflowing the comments. Of course this is [...] academic research

I'm guessing there would be less readers' irritation if the following text that's at the bottom was moved to the very top so it's the 1st thing people see:

>secushare is a research project that hasn't reached prototype status, yet. [...] So if you truly want to get started with secushare, please read how you can help on the introduction page.

Many readers would prefer that above text to be shown before the following paragraph which is structured as a "teaser":

>Imagine Facebook, Whatsapp, Gmail and Skype rolled into one, without the centralized surveillance and control. Crazy? Well, it hasn't been tried before, at least not our way. So let's give it a try.

The "let's give it a try" is actually a request for more "researchers" instead of "users". Instead of a beta or even alpha system to experiment with, the current status is that they need programmers to help build it from nothing to a prototype.

There's nothing wrong with asking for help but it takes a whole page worth of text to get to that point. Even if a software project has moral goals, it doesn't mean readers will not be annoyed at the way the presentation's text is ordered from least important ("imagine if...") to most important ("not even a prototype").

The HN demographic is probably overwhelmingly working programmers instead of academics so they're already predisposed to prefer something concrete they can try out.

The front page currently has articles about Finnish babies sleeping in cardboard boxes, and the benefits of sleeping with a weighted blanket. Just because there isn't something you can try, doesn't mean it's not interesting.

> Just because there isn't something you can try, doesn't mean it's not interesting.

Please don't misrepresent what I actually wrote. I did not dismiss the project as not interesting.

I made a very specific point in my reply to OP (lapinot) and the complaint of "superficial criticism":

If one structures the project's landing page text so that it makes something sound promising at the top but then later reveal that the status is actually "not even prototype" at the bottom (after ~10+ minutes of reading), that "teaser" style of slow reveal is going to invite hostile criticism from some readers. (E.g. see this thread's other comments of "vaporware", "generic introduction on something that doesn't exist", and "this page uses a lot of words to explain almost nothing.") Yes, maybe those comments are unfair but consider if the text's obfuscated style of exposition triggered those responses.

The lesson for project authors is: Yes, your project can have moral ethics, pursue ideals of privacy & decentralization, be "interesting", and other laudable goals, etc -- but you'll throw all that good will away if the project's text describing it disrespects your readers.

There's nothing wrong with an interesting project that's looking for contributors to build something real.

Appreciate the feedback. There was never an intention to mislead. We can see how having a disclaimer upfront improves communication transparency, so we've change the front-page accordingly.

I'll abuse this comment to ask: Have the GNUnet developers considered joining forces with the RINA developers?

I feel extremely tired of Beads-on-a-String networking which essentially still boils down to phone calls with extra steps which we falsely label as somehow constituting an Inter-Network capable system, despite neither IPv4 nor IPv6 in any way actually supporting internetwork communication. RINA addresses this issue completely, but it doesn't address the privacy infrastructure GNUnet addresses.

Thanks for writing this. Do you have any good starting points for someone interested in developing applications on GNUnet?

Read and follow the bug reports, specially this one : https://bugs.gnunet.org/view.php?id=4625

Can its network federate? Can you use a single identity across networks?



In my opinion it is worth going over most if not all of the website's content. It is time-consuming, I know, but it is such a gold mine. There are links to other websites, too, and when I get the time I will open those links as well. So much useful information, so much to explore and learn! I love it.

I have seen a lot of their presentations at 33C3. Its quite interesting ideas that I was quite interested in.

The problem with GNUnet in general that it seem very inaccessible to those outside of the university context. In their presentation they show that they did all these great test, but very little how I can run them, or achieve things with GNUnet. GNUnet is academic and has not yet found any real-world use case that I know off and thus suffers the problem of academic projects.

Overall they have a very interesting vision of what you can do, but its pretty far in the future and the website is a bit of nonsense. It took me a couple hours of listing to the craters to understand what they were really trying to do.

Have you gotten in touch with the developers? They recently redesigned their website, and are trying to make the project more approachable in general. If you have any remarks or suggestions for improvement, I'm sure they would be appreciated! (There's a contact page: https://gnunet.org/en/engage.html)

But yes, most of the sub-projects seem experimental, or on a low level and lacking a pleasant way for people to make use of them. It seems possible to integrate the GNU Name System into a web browser, though, and re:claimID (https://reclaim-identity.io/) has an add-on in development. GNUnet news list some ‘major design issues’ they're aware of, so hopefully stuff like filesharing will work well enough once those are fixed.

I have seen an looked at some of these efforts, and its very nice. I don't really have usecase, or time to work on a project like that.

I'm sure if you get into it, you can lots of information but I have observed with multiple people that they start reading are interested and then drop out quickly.

This sounds a lot like my own side project's goals, but I've made it work inside the browser using web-rtc. There's a (somewhat) usable prototype online.


Oh wow! I thought I disliked GNU but after all this... damn. This project made me dig deep into other GNU projects. I have to say I am extremely impressed. GNUnet, their featured and upcoming applications are intriguing. There is even GNU Taler, a privacy-preserving payment system. These projects are remarkable. I hope that they will continue working on them. They must! This is the direction I would like the future to take. I love the Secushare website, too, it is utterly informative and the design is pleasing my eyes. The content is stimulating my mind. Their goals are restoring my faith. Please make this a reality! I am so excited about this!

Thank you so much! If someone can afford to help them (Secushare, GNUnet) financially, please do! I will dig even deeper and try to contribute as much as I can as I have some knowledge in C and cryptography.

For anyone who is interested in contributing to Secushare: https://secushare.org/introduction (especially the "How can you help?" section)

For anyone who is interested in contributing to GNUnet: https://gnunet.org/en/engage.html

Clicked expecting to see a social network. Instead got a generic introduction on something that doesn't exist.

Seems like vaporware. The "built on GNUnet" in the subject line really should be "planned to be built on GNUnet" or maybe "imagined on GNUnet".

Last commit to https://gnunet.org/git/secushare.git is from 2017:

    commit 4fbc224f25d71c30b16a2f5aa45cb1f2954d2d38 (HEAD ->             
    master, origin/master, origin/HEAD)
    Author: t3sserakt <t3ss@posteo.de>
    Date:   Wed Sep 20 22:15:53 2017 +0200
        deleted test

Is development still going?

Yeah, probably just moved to other repositories for the time being. (E.g. I think https://git.gnunet.org/groupchat.git/ is from secushare.) The PSYC chatrooms are pretty active, and they have recently opened some issues in GNUnet's bug tracking system, too (https://bugs.gnunet.org/).

Decentralized social network: a customized phpBB with a good OpenID module would be enough. Host your own, authenticate yourself to other instances, use RSS feeds to create your own composite timelines.

Your idea breaks down immediately when you realize that hosting your own phpBB instance is far outside the capabilities of most users. This means that you're at least centralized into groups around phpBB hosts, i.e. this is a federated system.

In practice, federated systems become centralized. Email, for example, is now mostly centralized in a few providers: GMail, Yahoo, Outlook, etc. Even if you don't use one of these providers, they have a significant percentage of your emails.

But then nobody gets to write anything new. There is nothing the modern software developer loves more than writing new things from scratch that do same things as older things but slower and with more buzzwords.

This page uses a lot of words to explain almost nothing, the linked “introduction” page is similar.

Is this a thing I can sign up to? How does it make my life better? All I can tell so far is that it’s secure and some kind of social network

Compare this to the WhatsApp landing page: https://www.whatsapp.com/

Edit: looks like it’s a framework for building apps, still unclear to me if it’s usable or any apps exist for it yet

From the "Getting Started" section:

> secushare is a research project that hasn't reached prototype status, yet. Consider that it basically consists of a new Internet stack combined with a full-fledged distributed scalability alternative to cloud technology. The challenge is so big, please be patient that we're not done quite yet.

(I agree that the homepage is not clear at all btw)

> (I agree that the homepage is not clear at all btw)

I have a feeling it was written by people whose mother tongue is not English - probably Italian.

This is true about anything GNUnet related, really.

I still find this image of GNUnet-GTK hilarious: https://upload.wikimedia.org/wikipedia/it/0/0a/Gnunet-gtk_0....

I like how the availability of each file is 0%. "Yeah, we focused on the amazing UI first - we'll handle downloading later".

I wonder if they considered simply shipping with hashes for each byte of data of common files users may want to download.

Then users could "download" by brute-forcing each byte of data. This would not only keep the content private but also the metadata.

It might also speed up adoption.

What do you mean exactly?

It links to this page (from 2011 - any day now, right?):


Well, to me they don't look as if they'd like to be like WhatsApp. The product mustn't be finished yet and this is probably just some info to atract possible users, programmers and people who'd like to contribute. You can subscribe to their newsletter anyways (if that's what you want)

>Well, to me they don't look as if they'd like to be like WhatsApp.

Yes, the overwhelming impression is that they'd like to avoid being like WhatsApp in that they don't want to have any users.

Even if you are hoping to contribute, the "Getting Started" section which actually details what exists of the project is buried down at the bottom of the page - and that section is the closest the site comes to giving a proper explanation of what secushare actually is in terms of technology. The rest is waffle.

> Yes, the overwhelming impression is that they'd like to avoid being like WhatsApp in that they don't want to have any users.

What makes you say that?

> Even if you are hoping to contribute, the "Getting Started" section which actually details what exists of the project is buried down at the bottom of the page - and that section is the closest the site comes to giving a proper explanation of what secushare actually is in terms of technology. The rest is waffle.

I suspect your issue stems from your approach to the project. I found the website tremendously informative. I spent a great deal of time on reading from top to bottom, and I followed the links, even links outside of Secushare.

The website tells you exactly what Secushare is, it goes into detail, you just have to go through "Navigation", and for example when you encounter an unfamiliar term in the context of the project, click on it to gain understanding, then continue.

You may want to start with https://secushare.org/, then go to https://secushare.org/introduction. You will reach section "Buzzwords to Dig Into". Go through them one by one, or pick whichever you would like to know more about. You could go to "Navigation -> Answers" instead as there will be links to the same pages. There are many different ways to go about this, but it essentially boils down to taking the time and effort to do so, and an open, curious mind.

I've built https://lastochka.network — an encrypted social network myself and did not get what this project is all about by reading this page…

Cool idea: Looks more like building blocks than a complete application.

I'm curious how a system like this is resilient to SPAM.

Specifically: The (cough) power of centralized systems is that they have an economic incentive to police themselves. (Although we can disagree about how well they do it.)

Example: I don't get a lot of SPAM on Facebook, but I get a ton of SPAM emails and phone calls. Likewise, LinkedIn is mostly SPAM, so I don't use it very much.

Couldn't a micropayments option (built on bitcoin's Lightning network) where friends send the same micropayments back and forth keep SPAM at bay, since one wouldn't return the micropayments to spammers by way of return comments?

It sounds cutting edge to me but the last time I tried to install GnuNet on Windows and Ubuntu I gave up after awhile because it seemed like, if I recall correctly, it wouldn't run on Windows anymore and something was broken with the Ubuntu build/install I was trying to do.\

It seemed like I would need to debug a broken build in order to use any of it for anything.

That's the solution we need, to replace Facebook and Twitter! :) I'm in.

Anyone knows the relationships (if any) between this project and RetroShare?

I don't think they're associated, but they seem to have a similar function. secushare has a comparison page where they compare their project to others (including RetroShare) for various use cases, so you might want to take a look at that. (https://secushare.org/comparison)

Who are some people who will use this and what does one get for taking the risk to associate with them? It seems superficial, but for a social network, it's the only question that matters.

Following this up:

Their statement on how it will not disrupt society: https://secushare.org/society

And statement on their threat model: https://secushare.org/threats

The language is a bit passive, but charitably, their intent is to push surveillance stakeholders into either a) using social means to infiltrate group membership, or b) targeting user endpoints with malware. The tool will do this while frustrating passive interception.

Presumably we can use ML bots on accounts to infiltrate communities by now and then hand the reins to an investigator as a cover identity when it becomes useful.

Just not sure how this is all desirable.

Lots of good ideas. Continue working on it.

for those wondering if there are more tangible alternatives, check out the “social” apps on Blockstack (sadly there's no way to filter/sort).


EDITED: fixed to use a public URL.

Being "more tangible" is an opinion, so i could just counter "non-argue" that i think these things are actually less tangible, we would now have ended-up nowhere since there is nothing more to add (tbh i actually have that opinion, which might be explained by what follows).

To add something which is not an opinion, i would say that these blockstack or actually Xcoin based whatever "dapp" (seriously, what is this vocabulary, these are brandings, marketing terms) have nothing to do with gnunet or secushare on the moral level, they are really different beasts with different goals, different contexts. Marketing vs science, social vs commercial, private vs libre... Really, if you're not seeing the objective difference here then you're not trying.

To steelman the argument: I think by "more tangible" OP means, "software in a working state."

Secushare clearly isn't in that category of software yet.

I’ll try and address your objections to my post, Blockstack and the apps developed on top of Blockstack.

> Being "more tangible" is an opinion

Yes. However my post was in response to someone who seemed disappointed that the story was not about something that was available. It was not meant as a criticism generally, but as something else to check out for those who might share that disappointment.

> “dapp" (seriously, what is this vocabulary, these are brandings, marketing terms

Some may use this term as a marketing ploy, but “dapp” is literally nothing more than “distributed app”. What is distributed? In the case of Blockstack, the users’ data and their identity. By design it ensures that control of data and identity is not only distributed to the users, but cannot be centralised (or recentralised), irrespective of the app. [0]

> have nothing to do with gnunet or secushare on the moral level, they are really different beasts with different goals

Firstly I’d argue that this is an opinion. But secondly I’d add that it is an ill-informed opinion. The Blockstack design means that users retain control of their data and their identity, and these cannot be taken from, nor weaponised against users. This is not merely a statement of intent [0], but am outcome of design [1].

> Marketing vs science,

I believe this is adequately addressed by their white paper which I won’t attempt to summarise. [1]

> social vs commercial, private vs libre

The GNU philosophy is not about free as in beer but free as in libre. It is also not anathema to commercial use. The Blockstack core is licensed under the GPL v3, and all documentation is Creative Commons licensed. I’d argue that a worse denial of freedom (than software freedom) is having your data and identity held hostage ie. denial of the freedom to move or remove my data and identity. Holding your digital self hostage is eminently possible by a cloud service even if it’s built entirely on open source software, while not possible for a Blockstack dapp even if it were closed source. The core philosophy of Blockstack is “can’t be evil”.

> if you're not seeing the objective difference here then you're not trying

An opinion. I could counter that you didn’t try very hard to see the similarities.

[0] https://github.com/blockstack/blockstack-core/blob/master/RE...

[1] https://blockstack.org/docs/how-blockstack-works

[2] https://github.com/blockstack/blockstack-core/blob/master/RE...

That page looks like it has a login-wall, which is not a good first experience.

In contrast, check out these dApps which are immediately usable, https://d.tube/ & https://notabug.io/ (they're GUN based, but I know Blockstacks should be able to do this too).

Thanks for the pickup. I've corrected the URL.

I hope this goes further than app.net (https://en.wikipedia.org/wiki/App.net) did.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact