this post was submitted on 29 Aug 2023
68 points (100.0% liked)

Technology

37747 readers
196 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.

top 50 comments
sorted by: hot top controversial new old
[–] rikudou@lemmings.world 127 points 1 year ago (2 children)

I'm a simple man, I see blockchain, I downvote.

[–] verdare@beehaw.org 19 points 1 year ago (1 children)

I understand the impulse, but I think that’s a knee-jerk reaction. I am immediately suspicious of any technology that claims to use blockchains.

[–] rikudou@lemmings.world 16 points 1 year ago

Possibly. But it's a well-deserved knee-jerk reaction. I just really hate reading anything the sick mind of a cryptobro has come up with.

[–] noctisatrae@beehaw.org 4 points 1 year ago

It’s just something for a very specific usage.

https://gist.github.com/joepie91/a90e21e3d06e1ad924a1bfdfe3c16902

You shouldn’t be so intolerant. But I agree, here it does look like bullshit.

[–] lily33@lemm.ee 61 points 1 year ago* (last edited 1 year ago) (7 children)

I don't see how blockchain (in this case) adds any value over a federation like Matrix.

[–] slacktoid@lemmy.ml 16 points 1 year ago

I doubt these bozos know of federation. Hell they forgot about the existence of p2p based comms like jami.

load more comments (6 replies)
[–] drwho@beehaw.org 59 points 1 year ago (2 children)

Publishing everything on a blockchain means that everybody who's running a node has access to a copy. If confidentiality of communications is an issue, this may as well be a data breach with a few more steps. Also, how does giving everybody running a part of or monitoring the blockchain equate with "control over personal data?"

Centralized control: Only one entity can see it. Blockchain: Lots of third parties run a node, so every node can see it.

Each channel has a separate ledger: That makes surveillance of a particular communications channel much easier. Thanks. Also, each user has to have a keypair; great for pseudnonymity, lousy for repudiability.

Messages cannot be altered but they can be audited to prove their metadata. Did they learn nothing from the Obama administration? At this point in the paper I can't shake the feeling that this is a deliberate effort to invert all of the properties of privacy.

Smart contract: Yay, more deliberately memory unsafe programming. I guess they never played with Core Wars as kids, either.

An attacker would be unable to breach the network: An attacker would just have to stand up a node. If channels are side ledgers on a blockchain, and the network assumes that nodes can come and go (which they all do, as far back as bitcoind), any node can join, say "Hey, I'd like to join this channel," and get at the very least a pointer to the side ledger for that channel.

Long-term storage of communications is dangerous, mm'kay?

[–] BlueBockser@programming.dev 8 points 1 year ago* (last edited 1 year ago) (1 children)

Publishing everything on a blockchain means that everybody who’s running a node has access to a copy

I'm not sure that's the case, although the article is rather vague. It says:

[...] the user must register with a node of their choice using their public key. Once registered, users can create channels and invite others to join. Each channel has a separate ledger hosted by the nodes. [...] The data in the ledgers are encrypted, and the secret key is managed by the users of the channel.

IIUC, nodes will not have access to private keys, neither those from users nor those from channels. Users could use their keys to exchange the channel's private key without the node getting to know it. I don't quite understand how user's would exchange their public keys without the node being able to play MITM, though...

Edit: Removed an irrelevant sentence from the quote

[–] ricecake@beehaw.org 22 points 1 year ago (1 children)

I believe their point was that even encrypted messages convey data. So if you have a record of all the encrypted messages, you can still tell who was talking, when they were talking, and approximately how much they said, even if you can't read the messages.

If you wait until someone is gone and then loudly raid their house, you don't need to read their messages to guess the content of what they send to people as soon as they find out. Now you know who else you want to target, despite not being able to read a single message.

This type of metadata analysis is able to reveal a lot about what's being communicated. It's why private communication should be ephemeral, so that only what's directly intercepted can be scrutinized.

[–] drwho@beehaw.org 5 points 1 year ago (5 children)

That was exactly why I said "Did they learn nothing from the Obama administration?"

From 2014: "We kill people based on metadata." (Michael Hayden, former DIRNSA, 2014.ev)

There is no "harmless" here.

load more comments (5 replies)
[–] ram@lemmy.ca 56 points 1 year ago (1 children)

No, this is already solved without scam shit tied in.

[–] interolivary@beehaw.org 22 points 1 year ago (2 children)

Eh, I wouldn't go as far as calling distributed ledger tech a scam. Sure, 99% of the current ecosystem is at best digital tulip trading if not an outright scam, but that doesn't mean everything blockchain-related is a scam.

There's valid use cases for what's essentially a distributed database with immutable history (or a "smart contract" system which is essentially a distributed singleton VM with immutable state history), but NFTs etc ain't it. Fintech will probably incorporate some of the stuff that came out of the blockchain craze, but I figure that at best it'll be like Linux; most people who use the internet interact with Linux systems pretty much all the time, and of course Android is a Linux-based phone OS, but very few actually run Linux or even care about the whole concept. It's just part of the infrastructure, which in my assumption some kinds of blockchain-ish technologies might be. Probably just not the public networks people associate with it now, but private / internal ones with limited validator sets etc

[–] Veraticus@lib.lgbt 25 points 1 year ago (27 children)

People keep saying there’s a valid use case for this but what is it? Basically any distributed ledger would actually perform better, be more secure, and be easier to use as a centralized database.

[–] interolivary@beehaw.org 4 points 1 year ago (2 children)

Basically any distributed ledger would actually perform better, be more secure, and be easier to use as a centralized database.

Performance is relative to what your goals are (extremely high transaction volume isn't always something you need to handle, and also isn't guaranteed to be impossible with a DLT either), and centralized databases / services aren't always the best fit for every problem. Regarding security, well, I really don't see how you came to that conclusion. Guess it depends on what exactly you mean with security?

Real estate is pretty commonly seen as the prime example of a field where a DLT is a better fit than a more "traditional" centralized service. As an example let's say we want a system that could be used to record changes in property ownership, so you need auditable state changes and an immutable history, and you want some sort of guarantees that generally someone who's not authorized to do something to a property isn't going to be able to do it by just issuing a state change (ie writing to the DB.) Your stakeholders are probably going to be the local government, licensed real estate brokers (if that's a thing in your jurisdiction), possibly all private property owners who want to sell their property etc. etc. You absolutely could build this with a "traditional" centralized service that eg. the GOBERMENT (or whoever trusted stakeholder) runs and operates, but then you have a single bottleneck that's entirely dependent on a single stakeholder, and you still need to implement eg. audit trails for state mutations, access control, etc. etc. As I said it's absolutely doable, but many of the things you'd do to build it are essentially just reinventing some sort of DLT but in a monolithic package and without any of the benefits. Take state immutability for example; you'd probably be building some sort of hash tree or chain anyhow but now you have to do both the hashing and the verification and validation manually instead of the infrastructure doing it for you, and it's nontrivial to do right so the attack surface here is not going to be small in a home-grown solution. You'll probably want to require that all state changes (transactions) are signed by a known trusted actor, so you'll need to build that too, so here's yet more attack surface. Also you probably don't want to run literally just a single instance of your database so you're going to want some sort of replication, which may need some legwork depending on the database system used. Compare this (non-exhaustive) list to what your average DLT framework like Hyperledger guarantees "out of the box", where the infrastructure itself gives you guarantees about the immutability of history and who is allowed to make state changes to which parts of the state (in our fictional case you'd want a Proof of Authority consensus mechanism, so anyone making state changes would have to have a valid X.509 cert issued by some trusted CA, but with public reads as property ownership is a matter of public record), which is by default distributed so there's no single point of failure, and is eventually consistent within known parameters and known behavior.

Distributed systems definitely do require more skill to operate so the benefits need to outweigh the costs (and they often do, which is why we eg. tend to use microservices for high volume systems), but I honestly fail to see how for example a project using Hyperledger tools (and there's more than just the DLT Fabric), which are specifically built around privacy and security, would automatically be less secure than a centralized system where you have to build the same features yourself, meaning you just have to trust that you did everything right.

[–] Karzyn@beehaw.org 11 points 1 year ago* (last edited 1 year ago) (7 children)

Real estate is a terrible example of where to use a blockchain. Someone gains access to your private key and you just... don't own your house anymore? There's not really a recourse here since it's controlled by the distributed system. On the other hand, the government which is entrusted with the authority to enforce laws can hold onto the this information in a more secure way than the average person. And if something does happen they have the ability to fix problems without issue. I read all these stories online about wallets getting compromised and contents stolen with very little recourse and am confused why I would want the largest purchase that I will ever make in my life tied up in that. Doubly so because that purchase is explicitly tied into the central authority of your government. It's not like cryptocurrency where it can exist externally to the current legal system. Real estate MUST be tied to government in some way.

Your point about how building a secure, central database will have so many technical hurdles to overcome is... odd. I mean, sure it's tough to make a secure database. Your answer is that some blockchain framework has certain security characteristics while ignoring that literally every secure data store that currently exists is running on a central database and just fine at that. Like, what do you think that your bank is using at this very moment? There are multiple companies with well-audited solutions selling and running secure databases RIGHT NOW. You just hand wave away the ability to make secure databases while ignoring that they already exist while expecting us to buy into the promises of some new, unproven framework like Hyperledger. The only thing that blockchain adds is immutability, which is something that I think would be a poor idea anyway.

Lastly, blockchains only work by having users with a financial stake and incentive. With proof-of-work you're staking the cost of the electricity you're spending, with proof-of-stake the crypto you're staking. The point is, they have this whole weird financial structure to keep people running this distributed ledger. How would that even work for real estate? Do you want people with perverse financial incentives muddling with the system that controls your ownership OF YOUR HOUSE? Or the government which is empowered by the people to serve them. And if it fails those leaders face expulsion? I know where my answer is.

would automatically be less secure than a centralized system where you have to build the same features yourself

I just want to hammer this point home one more time. This is a false comparison. You do not have to build these features yourself. Like, have you heard of this tiny company called "Oracle"? Or maybe this really obscure one "Microsoft"? They both make exactly this product.

[–] interolivary@beehaw.org 3 points 1 year ago* (last edited 1 year ago)

Someone gains access to your private key and you just… don’t own your house anymore?

Depends on a) what keys you have, b) who even gets to make mutations and c) if the system has provisions for "edit" transactions (which don't change history but say – to put it very simplistically – that eg. "previous transaction x is invalid"). Also it's unclear why you think this is different from a database password being stolen.

Your point about how building a secure, central database will have so many technical hurdles to overcome is… odd. I mean, sure it’s tough to make a secure database. Your answer is that some blockchain framework has certain security characteristics while ignoring that literally every secure data store that currently exists is running on a central database and just fine at that. Like, what do you think that your bank is using at this very moment? There are multiple companies with well-audited solutions selling and running secure databases RIGHT NOW. You just hand wave away the ability to make secure databases while ignoring that they already exist while expecting us to buy into the promises of some new, unproven framework like Hyperledger. The only thing that blockchain adds is immutability, which is something that I think would be a poor idea anyway.

I wasn't saying to throw away existing systems or that banks aren't running secure databases. Jesus christ you seem more intent in just being indignant about me daring to have a differing view about something than actually reading what I said.

You also clearly don't understand what Proof of Authority means and didn't bother to read my explanation, since PoW / PoS are completely different consensus mechanisms and the problems with them don't apply to PoA systems.

This is a false comparison. You do not have to build these features yourself. Like, have you heard of this tiny company called “Oracle”? Or maybe this really obscure one “Microsoft”? They both make exactly this product.

Remind me which Oracle or Microsoft database solution gives you signed state mutations, a guaranteed immutable and tamper proof history out of the box.

Honestly your whole argument relies on you not bothering to read what I wrote and then answering with sarcastic comments based on what you assumed was said. I know you don't agree with me, but try not to act like a twat just because you don't.

load more comments (6 replies)
[–] BarryZuckerkorn@beehaw.org 9 points 1 year ago (1 children)

You absolutely could build this with a “traditional” centralized service that eg. the GOBERMENT (or whoever trusted stakeholder) runs and operates, but then you have a single bottleneck that’s entirely dependent on a single stakeholder, and you still need to implement eg. audit trails for state mutations, access control, etc. etc.

So before anyone comes forward and claims that their innovative solution will improve on the status quo, I generally expect them to be able to describe the status quo. And here, you haven't done so.

In the U.S., county recorders allow for anyone to record to the centralized ledger (and this is literally paper technology that long predates computers), and the transactions themselves are validated when necessary to resolve a dispute: one can only sell what they already own, and if they sell something they no longer own it. The law allows for certain types of involuntary transactions: foreclosures, execution, inheritance (where the owner can voluntarily prescribe some rules but doesn't get to control the timing of when those rules get executed, and the failure to affirmatively write stuff into a will means that the inheritance falls back to defaults), divorce, partition, adverse possession, reverter, and then a bunch of special rules that apply to governments like tax foreclosures or eminent domain. And no matter what the actual papers say, ownership of land still must be enforced by a sheriff.

Which portions of this status quo should be decentralized? Or centralized? What would the benefit be?

In my opinion, real estate is the worst candidate for decentralizing the ledger.

load more comments (1 replies)
load more comments (26 replies)
[–] ram@lemmy.ca 17 points 1 year ago

Blockchain is a tool for scammers used for scamming, and has almost exclusively been used for such.

[–] upstream@beehaw.org 48 points 1 year ago (11 children)

People are still looking for problems to which blockchain is the solution.

So far we’ve found none.

[–] ExLisper@linux.community 11 points 1 year ago (1 children)

How about the problem of stupid people having to much money?

load more comments (1 replies)
load more comments (9 replies)
[–] regalia@literature.cafe 37 points 1 year ago (1 children)

Fuck no. What is better is p2p, or federated. No Blockchain is needed, and this is one of those examples where Blockchain is jammed into something where it really doesn't need to be, nor should it be. The last thing we want is for our encrypted messages be permanently stored. Element is federated, and they're working on getting it to be p2p. Some nerd will probably mention XMPP too.

[–] HubertManne@kbin.social 4 points 1 year ago (3 children)

I disagree here. with p2p/federated you have to worry about if your microprovider goes out. I think blockchain would be a useful way to keep a users preferences and to keep usernames distinct.

[–] BarryZuckerkorn@beehaw.org 9 points 1 year ago (1 children)

I disagree here. with p2p/federated you have to worry about if your microprovider goes out.

This Quarks protocol still seems to require reliance on "nodes," which is the same thing as a federated service, with extra steps. It's more overhead without any of the portability you want.

load more comments (1 replies)
[–] regalia@literature.cafe 9 points 1 year ago (16 children)

p2p has no middle man. There's nothing to go out. Blockchain is a literal plague, especially in this scenario when a simple database can handle this. MXIDs already provide distinct usernames. Preferences are often stores client side.

You do not need to burn a tree, push a Ponzi scheme, and make this data permanently public to solve this. That is a terrible idea, and any solution you come up with will be always better without a Blockchain.

load more comments (16 replies)
load more comments (1 replies)
[–] ryan@the.coolest.zone 31 points 1 year ago (2 children)

retain control

Notably, in Quarks, every user operation and information exchange that takes part on a channel is carried out via the ledger's so-called smart contract. In practice, this means that no-one outside of a channel should be able to send or read messages on it. In addition, all messages on the channels cannot be altered or edited, yet they can be audited, meaning that users should be able to derive information about when they were created, sent, delivered, and so on.

Ah, yes. I definitely want anyone in the world to figure out who I'm communicating with by checking the timestamps of when various messages were delivered. Much like how the "anonymous" Bitcoin could be pretty easily de-anonymized just by checking where various bitcoins go and inferring who those wallets likely belonged to.

load more comments (2 replies)
[–] Franzia@lemmy.blahaj.zone 26 points 1 year ago (4 children)

What the fuck do encrypted messages need a ledger for?

[–] Banzai51@midwest.social 7 points 1 year ago

So your thoughts can be monitored by authoritarians.

[–] drwho@beehaw.org 7 points 1 year ago

Because Postgres is too difficult? :)

[–] curiousgoo@beehaw.org 5 points 1 year ago

To get governments interested in it... for tracking it's own netizens... because just about everyone is dealing with CSAM!

load more comments (1 replies)
[–] wolo@lemmy.blahaj.zone 22 points 1 year ago* (last edited 1 year ago)

How is this better than a normal messaging protocol like Matrix? What does blockchain add to the solution?

[–] interolivary@beehaw.org 18 points 1 year ago* (last edited 1 year ago)

I'm not entirely convinced this needs a blockchain. I guess Hyperledger (Fabric, I'm assuming) is a handy way of guaranteeing a total order for a channel's messages / events and making sure history is immutable, but it seems a bit unwieldy for a distributed messaging app despite being somewhat modular.

Most of their goals aren't specifically dependent on anything blockchain-like, and the ones that are seem like they could be implemented in a much "cleaner" way than having to bring in Hyperledger and all that it involves

[–] BellaDonna@mujico.org 13 points 1 year ago

Entirely overengineered. Redundant with better solutions. This is being pushed for hidden reasons.

[–] doylio@lemmy.ca 9 points 1 year ago (1 children)

There are lots of knee-jerk reactions because people saw the word "blockchain" in the title. It's as intellectually lazy as the shills who refuse to criticize the crypto industry for its shady parts

This just sounds like a decentralized Slack, with a blockchain to ensure all nodes have the same data. The details are sparse, but this sounds like a proof of authority system to achieve consensus between authorized nodes in the network. No cryptocurrency involved. It's just using blockchain as a consensus algorithm between decentralized nodes(which is what it was designed for).

It doesn't say, but since their target demo seems to be enterprises, my guess is that the idea would be companies run their own node in the network, which would allow a high degree of security and be interoperable with other enterprises.

"But you could use a federated system..."

I'm all for the growth of the fediverse, but it still has many problems. If you're running a large enterprise that needs a guarantee that all your messages are synced, in the right order, and nothing has been removed later, a proof-of-authority blockchain is a better system than something federated

[–] drwho@beehaw.org 15 points 1 year ago

This just sounds like a decentralized Slack, with a blockchain to ensure all nodes have the same data.

We've had this since the late 1980's. It's called IRC.

[–] Magnetar@feddit.de 9 points 1 year ago

Yea, you lost me at "blockchain".

[–] Quexotic@beehaw.org 8 points 1 year ago (2 children)

So, if I understand that correctly, the user is now the target instead. Is that better?

load more comments (2 replies)
[–] Banzai51@midwest.social 8 points 1 year ago

Just what I want, a permanent record replicated everywhere for every flippent thing I say. Hard pass.

Blockchain is a solution in search of a problem. And it hasn't found one to solve yet.

[–] boatswain@infosec.pub 6 points 1 year ago (1 children)

I'd much rather have a full peer-to-peer solution like Veilid

load more comments (1 replies)
load more comments
view more: next ›