Hacker News new | past | comments | ask | show | jobs | submit login
Twister: Anonymous, private BtC/DHT/Torrent P2P microblogging (net.co)
127 points by ianso on Dec 31, 2013 | hide | past | web | favorite | 47 comments



Doesn't that make this service website independent? It is like twitter without the downtime, or twitter with multiple twitter networks all being able to collaborate with one another, or twitter without legal BS.

And those are beautiful ramifications. Flaws anyone?


It's also twitter without "delete" and twitter without private accounts, from what I can see skimming the whitepaper.


Read the whitepaper and it sounds pretty amazing. The one downside is the spam messages, which they say are important to the security of the network, and that clients cannot hide them, but don't explain a method to prevent clients from hiding them. If they really are essential to the security of the network then there needs to be more than shaming, right?


"send text posts limited to 140 characters"

That's just weird. Like putting horses reins on an early automobile, or putting a hopper in the front of the car to pour oats into.

"Bitcoin, in the sense of the digital currency, is not used at all"

I had to LOL at this. BTC is popular enough to try to piggyback completely unrelated things using the term as a lure. I've lived thru the "turbo" era, the "e-" and "i-" era and now we're entering the BTC era, where we can soon expect shampoos and hamburgers to be "BTC shampoo" and "BTC hamburgers" as a marketing gimmick.


The project is a fork of bitcoin, uses bitcoin blockchains, but because it doesn't use bitcoin currency they shouldn't mention the lineage?


Yes, at least not as a marketing scheme.

So this is a competitor of coinbase? Oh you mean its a miner. Oh no wait OK its like paypal but for BTC.

So... they copied some general source code concepts? Thats it? What a scam. Thats not real bitcoin support at all.

Its like saying a new game is internet compatible, in that if you install it on an internet connected computer its not incompatible with the OS. I actually saw this kind of thing during the early years of mass adoption of the internet. And now we'll see it in BTC.


From the FAQ:

    How is Bitcoin used here?

    Bitcoin, in the sense of the digital currency, is not used at all.
    However, the Bitcoin protocol and the implementation of the neat
    idea of block chain is on the basis of twister. The block chain 
    provides a sort of distributed notary service, certifying who owns 
    a given nickname. The name is associated with a specific key pair, 
    which is used for authentication and cryptography.
They're not using this as a marketing scheme! It's also not being used as a crytocurrency, they're merely forking the codebase to use the blockchain in their codebase.


The blockchain in twister is used as a distributed user registration database:

> How does it work?

> For the complete description you should refer to the white paper. But in short: twister is comprised of three mostly independent overlay networks. The first provides distributed user registration and authentication and is based on the Bitcoin protocol. The second one is a Distributed Hash Table (DHT) overlay network providing key/value storage for user resources and tracker location for the third network. The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users.


You misunderstand, this project is literally a fork of the bitcoin repo. They didn't just "copy general source code concepts". It's right there on their about page.


"the implementation of the neat idea of block chain is on the basis of twister."

MS Excel uses do...while loops, my latest project uses do...while loops, therefore my project is based on Excel. I was reading it as algorithm use not literally forking the codebase as appears to be the case. Not everything using Quicksort is a kissing cousin of everything else using Quicksort, for example.

Its still cheesy as a marketing scheme. This thing's bitcoin, that means its a currency, right, or a funds storage system, or a psuedobank, or .. oh its a microblog service. LAME.

From a tech perspective I think its cool as an unusual use of the algorithm and technology.


Bitcoins block chain implementation and idea is innovative and revolutionary. Your do... while example is not. Also, the blockchain is sort of the most important bit of bitcoin. I struggle to see how you're missing this...


The 140 characters is probably built-into the spec since there is no transfer fee like in bitcoin, therefore nothing would stop people from sending over large files to abuse the blockchain.


Heres a link to some binary to text encodings to abuse the blockchain.

http://en.wikipedia.org/wiki/Binary-to-text_encoding

With very modest client software modification, you could MIME encode any arbitrary binary file then squirt out one line of base64 per "post". Or the venerable uuencoded format.

What would prevent abuse would be some manner of throttling in the protocol to stop both this technique of blockchain abuse or arbitrary file length abuse.

I'm not thinking of apps like distributing cracked bluerays which would be fairly ridiculous, but much smaller binary files like a GPG key or SSH or whatever. Yeah yeah cut and paste whatever, why not automate it if you can. Click this menu option to send an extremely small file as a binary rather than screwing around with cut and paste.


Stop spamming up this thread without even reading the damn protocol. The whitepaper is a whopping 12 pages and very explicitly states the mechanism used to prevent this kind of spamming. The post rate is throttled against the blockchain rate where "If a new Block k is produced every 10 minutes this limits the mean post rate of new users, for life, to a maximum of 288 posts/day. Average."

It's cool if you don't understand any of this, but you should try to stick to commenting on things you actually understand.


The incentive to 'mine' in this scheme is the possibility of winning the ability to send a sponsored message to all users. These sponsored messages could easily be filtered by users, making them worthless. Even if users collectively agree not to filter the sponsored messages, the average cost of winning the proof-of-work race must be less than the average value of the sponsored messages, which is unlikely.


>No IP recording

The IP address you use to access twister is not recorded on any server. Your online presence is not announced.

Can you really make that claim with a distributed protocol? Your IP address is visible to whoever you send data to, they could easily keep logs (heck my router does by default).


Your peers cannot know if the data originated from you or you're simply relaying traffic. Thus, your IP address cannot be associated with tweets.


Untrue. An (for example) ISP could very easily determine if you were an originator simply by if someone relayed it to you.

Similarly, a Sybil attack can probabilistically figure out the originator, simply be seeing which peer first relayed the communication.


This is about what I was thinking. Tor avoids some of the ISP-problems by re-encrypting at every step (so you can't correlate input and output, except by time/size, which is hard on a busy node).

After poking through the FAQ the claim softens quite a bit, into that "normal" users can't detect such things. This I'll grant is true. And they even mention that, if hiding from adversaries who can observe lots of traffic, you should probably use Tor.

That said, the FAQ does say:

>However if one entity is capable of recording the entire internet traffic, he will probably be able to at least statistically sort out where you are connecting from (your IP address).

which I think I'll still disagree with, unless this is provided by DHT (I don't know DHT, sadly. I'll remedy this some day). Unless you run through Tor, it seems(?) like all messages are essentially plaintext across the internet, so they would know exactly where a message originated, if you're within their view.


You can accomplish the same with Bitmessage broadcast addresses, and it solves the spam issue with proof of work.

https://bitmessage.org/


I don't know much about Bitmessage, but aren't messages dropped after two days? So a new follower / visitor would only see two days' worth of my microblog?


Yes. I would disregard comparisons with BitMessage. I don't think they really target the same market. BitMessage wants to be more of a private snooping-free e-mail system. Twister wants to be more of a public decentralized social network (resistant to censorship).

There may be some technical overlap and functionality overlap, but I think they are more different than similar. It's like saying Gmail is the same as Twitter, since you can also broadcast messages with Gmail, and you can also send private messages with Twitter. But the two really aren't the same.


This isn't the right problem to be fixing: The right problem is a distributed data store.


Nice, how secure is it though?


From an anonymity perspective, it is just as secure as current bitcoin protocols. Public anonymity at the sacrifice of privacy. In which case, if your 'twister' info is out there, you can theoretically be identified.


In other words, the security is poorly defined and based on the honest parties devoting at least as much energy to defending the system as the attacker devotes to attacking it.

What I want to know is this: What does Bitcoin have to do with this? You can have peer to peer, anonymous, encrypted messaging without any of the nonsense that Bitcoin entails.


I think the BtC protocol was used to ensure that peoples usernames were guaranteed unique, and linkable to a private key, i.e. verifiable. I think the whitepaper has more info, reading it now:

http://arxiv.org/abs/1312.7152


Basically, if you have anonymous, P2P, encrypted messaging you need to solve the problem of maintaining a public ledger of user names to public keys. There are several approaches to this, but one of the most compelling right now is using the exact same mechanism that bitcoin uses to prevent double spending. Twister has absolutely nothing to do with bitcoin, they are only similar in that double-spending a bitcoin is analogous to identity theft in Twister.


"the problem of maintaining a public ledger of user names to public keys"

What is the point of that ledger? Public keys identify users on their own.


Yes they do but 1) most people are more comfortable dealing with usernames compared to public keys, and 2) distributing the public keys themselves can be tricky if you don't already have a trusted connection set up (just look at past abuses of Certificate Authorities for examples of this).


I do not see how distributing keys is "tricky" in this context. If you do not know who you are communicating with, then a man in the middle attack works if the attack occurs during your first attempt to communicate (think SSH); this would seem to be true regardless of the existence of a ledger, since you need to figure out which username you want to communicate with. If you do know who you are communicating with, you can distribute keys offline (e.g. "contact me with $key") or establish keys via some existing communication channel (OTR, PGP, whatever), just as you would have to distribute your username offline or via another channel given the ledger.

So sure, I can grant people are more comfortable dealing with usernames than with public keys, but that sounds more like a UI problem than a technology problem. People are certainly capable of dealing with Tor hidden service addresses, and I suspect that is because they are already using a UI they know well (their web browser).


From what I can tell its main focus is not to be an alternative to Tor, but a censorship-resistant P2P Twitter alternative. Or if you will, a "true" P2P social network (Diaspora, Status.net always relied on federated servers, which weren't that "decentralized", and normal users would've never hosted their own servers anyway).


Like Tahrir?


Simple question, many answers.

Also, don't ask this question so soon, it takes time to review code, and even more time to find vulnerabilities and come up with working exploits.

Second also, P2P system inner working are much more complex, and can be vulnerable to some other types of attacks which are specific to P2P protocols.

Having decent P2P security is not really easy. P2P is really exciting, and the advantages are great, but I don't know the specifics of P2P security.

Bittorrent and bitcoin can seem simple compared to a P2P messaging program.

TLDR: It's the future, but it's not exactly there yet. I'd still use it with those vulnerabilities though.


I need at least one more /buzzword in the title before I use it.


are there other open source versions of Twitter? I could gladly use this one if I could embed mathematical equations in it - e.g. with mathJax http://www.mathjax.org/ - and possibly lift the 140 character limit.


Is there any follow model or does every participant receive all messages sent by everyone else?


Everyone gets every message. There is no solution here to the data bloat problem. Other than that the project forks bitcoin to make a namecoin clone (distributed authorization), which I dont see the need for since a private key already identifies me.

The reason something like namecoin is to allow people to update their identity in the event the first identity was compromised/blocked.

Finally this was posted yesterday https://news.ycombinator.com/item?id=6987396


This is not true. Followers are established by connecting to bittorrent swarms. From the paper: "The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users."

Furthermore, not all clients need to store and reseed all messages they receive. More seeders is obviously better for network health, but it's not always a reasonable option. The paper suggests that clients can choose to be "achivists" which means that they keep messages and seed them to others (so it's optional). Clients like mobile phones could easily disable this behavior.

Also Twister can't use Namecoin because the incentives are wrong. In Namecoin, miners get to create domains. It would be horrible if only Twister miners could make accounts. Instead they get to make promoted posts, so it has to be a separate implementation.


Thanks a bunch for your response. I guess an end user could always filter messages themselves, but it seems untenable at large scales.


Followers are established by connecting to bittorrent swarms. From the paper: "The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users."

Furthermore, not all clients need to store and reseed all messages they receive. More seeders is obviously better for network health, but it's not always a reasonable option. The paper suggests that clients can choose to be "achivists" which means that they keep messages and seed them to others (so it's optional). Clients like mobile phones could easily disable this behavior.


Cool, but why not make the first client a web based one so we can all it work?



I couldn't find the whitepaper link. Anyone?



Thanks.


Another win against Zooko's conjecture!




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: