Zbay, Fighting FAANG, and the Quest for a Peer-To-Peer Messaging App That "Just Works"
7:52PM Aug 2, 2020
Everyone How y'all doing Philip here from Portugal watching hope for the first time live always wanted to attend never quite managed to make it beyond the great pond. Great to be here with you guys talking on the chat watching a lot of great talks a lot of great content so far and still a lot more stuff to go a little bit about me I won the this netlabel called enough records. If you go to enough records outseam.org we have shit tons of releases free for download. I'm a big advocate of free culture and copyright reform. And I'm also an active member of the demo scene doing some programming code for graphics and also artists. Digital artists have differences. Doing nice music and that kind of stuff. So, yeah. Oh, nice to meet you all and hope you have a great hope
You're here with us on day nine of hope. 2020. The final day of an amazing conference or closing ceremonies begins at 8pm. Please join us until the last byte of data. Thank you to the attendees, presenters and volunteers. Hope is helping the Electronic Frontier Foundation please make sure to make a donation so we can meet our goal. Our next session is Holmes Wilson discussing the bay fighting Fang and the quest for peer to peer messaging and an app that just works. Stay in the matrix chat for questions. Holmes, let's take it away.
My name is Thomas Wilson. I'm an activist, a software developer and a Product Manager. From 2011 to 2018. I was co founder and co executive director of the US based tech policy activism organization fight for the future. Or I'm now on the board. And I previously did activism campaigns for the Free Software Foundation, co founded a large website for us legislative transparency called Open Congress, and co founded a free software BitTorrent based video player and podcast directory called mirror. I should also note that I want to make this talk accessible to as many audiences as possible. So I want to give at least a quick explanation of all the terms I'm using, hopefully quick enough to know for those of you who are more technical, my starting point for this talk is that the internet has been incredible at spotlighting unaccountable power and enabling people to fix it. There are so many concrete recent examples of this from the Hong Kong protests last summer to this summer's global protests in response to the murder of George Floyd to the metoo movement to the actual viability of the Bernie Sanders campaign this year and in 2016 On and on and on. To me as an activist, each one of these seems to be more spectacular and surprising than the last. But increasingly I've seen in discussions between friends, discussions online and discussions in the popular press, a trend where people think that the internet sucks. I think it's because while the Internet has been amazing for spotlighting and fighting unaccountable power, it itself is becoming an unaccountable power. The tech press have a fun new name for some of the internet's unaccountable powers. Fang, Facebook's social network monopoly, Apple's iron fisted power over mobile apps, Amazon's looming monopoly over stuff. Netflix is addictive television and Google's search monopoly. I like the name Fang because it sounds like 80s cartoon Nemesis or a giant spider monster. I also like it because it can be a kind of shorthand for this kind of power. Because really, it's not just about these companies. So many startups aspire to wield them. This kind of power someday in one domain or another. So if Fang represents unaccountable power on the internet, and the internet is so great at fighting unaccountable power, how do we use the internet to fight Fang? Well, these are ultimately software makers we're talking about. And historically free, or sometimes open source software software that gives users the freedom to use it however they wish, understand it, change it, and redistribute their changes, has been the best tool we've had for holding software makers accountable. Free software has a strong accountability mechanism. Having the freedom to understand change and redistribute a piece of software lets stakeholders fork the software and take it in a new direction. Even if they don't do that the credible threat of a ruthlessly cheap competitor creates a check on the unaccountable power of the software maker. This free software doesn't bring the downsides or cleansiness of government intervention either. The finance industry, the energy and time And telecom industry show that regulation might address specific harms. But it only strengthens unaccountable power. exxon mobil and Bank of America are subjected to much more regulation than most tech companies are. But they've probably done much more harm to the planet than any of the Fang companies even established, companies can usually get leverage over the regulatory process. And even if they fail to do that, they have vastly more resources for working around regulation and their smaller competitors do. Free software also doesn't bring the snake eating its tail problem of nationalization and public companies. Ultimately, we want tech that lets us hold governments accountable. So we don't want our tech to be controlled by governments to the point where they could undermine that. And a not too many people are talking about nationalization of tech companies, but in conversations among friends, I hear it and so it seems worth responding to.
Free software also fits well with both boycotts and anti corporate activism campaigns which are both pretty effective to begin with. It's a lot easier to get people to boycott a company or to get The company to change its behavior with an Active Campaign or some kind of public shaming campaign when there's a viable ethical alternative to it. Most of all, free software has a strong track record in other areas of tech monopoly. Looking back through history from browsers and web standards, to the Microsoft desktop monopoly of the 90s, to the power of the entertainment companies, and to Apple's seemingly inevitable smartphone OS monopoly, free software has helped unseat or so to speak, defang unaccountable power time and time again. But in this era of monopoly, free software's victory has been limited. And that's because it's been at the edges and not in the middle. To see what I mean. Think about how users often view the online world through free software browsers OSS, or media players. And on the other hand, developers often build the online world with free software dev tools, but in the middle of everything, where all the important human interaction is happening. He's the opposite of free opposite of free software software. There's nearly zero user freedom and the difficulty of forking the software we use is at its most extreme, free software has not thrived in this crucially important middle space, the way it thrived at the edges. For cool about why that hasn't happened. Let's look at some very popular software right in the middle of everything that was until recently free software, the front page of the internet, Reddit. Reddit is right in the middle of anything and everything by any standard. Hollywood actors and presidential candidates go there to be interviewed by unpredictable crowds. It was briefly the third most popular website in the US, head of facebook.com. And now it's number six, and read it may be a good company, but its status until just two years ago as a free software project has not given its users meaningful freedom or created meaningful accountability. Because forking Reddit would leave you with an empty website, when Reddit announced that it was giving up being free software free give you a pretty convincing explanation why that big a deal. We are actively moving away from the monolithic version of Reddit that works using only that original repository. As we move towards a more service oriented architecture, red is being divided into many smaller repositories that are under active development. Which means that a third party trying to run a functional Reddit install is finding it more and more difficult to do so the posts continued. In fact, we're going through some growing pains where it can be difficult for our own development team to have a consistent local Reddit build to develop against. We're doing heavy work on Kubernetes. And we'll likely be open sourcing a lot of tooling later this year. In laypersons terms, they're pretty much saying our site's popularity has made it so complex that anyone forking it will have a really, really bad time. Unlike browsers, OSS, and dev tools. When free software is in this middle, you have to be able to fork its content too. Otherwise forking becomes impractical, and the threat of forking becomes really weak. There. are a few examples of free software in the middle that are workable in this way. Back in the day, we had peer to peer file sharing apps like limewire. They were often free software and fully forgivable if you fork the limewire app. Or even if you build your own compatible app from scratch, all the music was still there. Bitcoin works like this to a fork to Bitcoin app can have all the same transactions as the original, and it's easy to move your account that is your addresses and money from one to the other. You can fork the network if you want to Bitcoin in the projects that inspired were so easy to fork that people even fork them to make silly statements like Dogecoin or Kanye West. Peer to Peer apps are fully forgivable and create accountability in a way that Reddit never was, or did. So if Spotify or Apple Music is the thing version limewire and its cousins are the peer to peer free software version. If PayPal Venmo, or Apple Pay, or the Fang version, Bitcoin and its cousins are the peer to peer free software version, filling in this middle space where all the important human interaction is happening with fully workable peer to peer free software seems extremely important to me. Does something have to be peer to peer like limewire in Bitcoin to be fully workable in this way? Not
Ultimately, free software itself depends on a legal contract between software makers. And you can imagine a similar legal contract where Reddit promises to make forking its code easy, and to make data for people to within limits of user consent. Or if that seems unworkable. And it would be really tricky. You can imagine a hosting platform that enforces these guarantees on apps that use it. And there are projects like block stack and three box that partially achieved this right now. But just as making a Rails hosting platform, like Heroku is a lot harder than building one rails website. And Heroku came years after rails. My guess is that solving this fork ability problem in the general case will be a lot harder than solving it in a specific case. And you won't see a general solution until we've had a generation of Successful decentralized apps built from simpler building blocks. To me messaging apps seemed like a great place to start for a few reasons. First, messaging apps are really popular and people use them all the time. Second, their core functionality to a wide set of products like social networks, obviously, but also marketplaces, dating apps, Airbnb, Lyft, etc. So figuring out peer to peer messaging is a pathway to building other apps in this important middle where all human interaction is happening. Third, messaging apps impact people's privacy. Even if some thing apps like AI messages and WhatsApp offer privacy. It's really bad to depend on them for that, for obvious reasons, see, the Edward Snowden revelations. So free peer to peer software can give you more meaningful privacy guarantees. Even if they're a non thing, private messaging apps like signal, it's probably better to have fully for peer to peer ones for accountability, autonomy, censorship, resistance, or just in case messaging apps are also very interesting. Way to wield power. And this comes up again and again. I mean, for me most of the collaborative work I've ever done in my life, especially the activist work, dependent on messaging apps, telegram and signal downloads spiked during the Hong Kong protests and the George Floyd protests, respectively. That's been widely reported. So making these messaging apps that are giving people ways to wield power together more accountable, and more censorship resistant, seems like it will make them even more powerful. And that's great. Finally, recent developments and peer to peer tech have made the essential set of messaging app features pretty easy to build, especially say compared to building a search engine.
So let's look at what is easier what might be easy to do when it comes to building a free software peer to peer messaging app specifically to start. Peer to Peer apps do well at real time communication. Even sending images and larger files is easy enough if both parties are online and can connect. There's another cool thing where the notifications and quick reply features of phones Create a single unified interface for interacting with all installed messaging apps. That's a huge help you think about it. It's almost like phones give users a basic multi protocol messaging app. And then the apps the install become plugins for that. Even on desktop people will tolerate or at least try several messaging apps if each one is uniquely useful in some way. my desktop, for example, is often a collage of messaging apps. And I can complain about it, but it makes sense and there's utility there, it feels harder to split time between five different search engines or even five different social networks than it does to split time between five different messaging apps. privacy in messaging apps is doable. Also, encryption for individual and group chat is an area where there's been a ton of work and active research, and there are models working at scale like WhatsApp. There's been some good work on how to keep user IP addresses metadata, private and peer to peer messaging apps as well. And a feature that exists in only the most Fang of all messaging apps, Facebook, messenger that is sending funds is really doable with cryptocurrencies and privacy focused cryptocurrencies, like z cash and Manero. But you do this privately and perhaps even anonymously. blockchain networks also make possible another key feature secure decentralized human readable identifiers for usernames, communities, posts, etc. For example, if you want to invite a friend to send you a message, it's a lot easier to give them a username than it is to give them a long series of random letters and numbers or a QR code. moderation can be solved to. A funny irony is that as soon as you make a censorship resistant group chat, moderation becomes quite easy as long as it's consensual. Users can pick the moderators they trust, and special moderation messages from these moderators can tell each user's app which people and which messages to ignore. So if all of those are the easy parts, what are the hard parts? Well, connecting to peers in 100% of situations is still actually pretty hard. It often requires some help from a server to get past the protections that Wi Fi routers routinely put up. peer to peer networks like limewire. And Bitcoin didn't have this problem, because you just had to connect to some large set of peers, not every peer, for the experience to work. Scaling messaging networks is pretty hard to even some solve problems like payments and identity become very challenging when you have 10s of thousands of users or millions of users or hundreds of millions of users. one specific hard thing, even at a small scale is what happens when users aren't online. If I send a message to a friend who's not online, where does the message go? Somebody needs to be staying online a lot holding on to messages and waiting online for the recipient to appear. Who is going to do that? Will it be one of my friends? Will it be a helpful stranger? Will it be some role built into the network facilitates tricky. The problem gets even trickier when you go from text which isn't that much data to images and video which can be a ton of data. How long can you store things for how How much can you send and receive? If there's a cost involved? What's the incentive for people to store images and videos for others and stay online until they're delivered? It gets really complicated. on mobile, it's even trickier. Our phones seem like almost always on devices. But in practice, they're not. If two users will have the same app open, they're probably both online and able to reach each other. But once an app is in the background, the OS on your phone will often kill it to save memory and battery. And iOS is very rigid and aggressive about this. Spam on an open free peer to peer network is an issue too. That's ultimately what brought down limewire ton of fake songs put up there by the music companies. Another hard thing is account recovery. I mean, it's not technically hard. You know, all you have to do really is backup your device. But given that most people don't regularly backup their devices, especially on their phone, or at least that they don't do it without giving something company access to their data, making good UX for getting back into your account after your phone falls in the toilet without sacrificing Privacy and autonomy is actually still pretty hard. a baseline approach for this used to buy a crypto wallet is paper backups of random words. But as anyone who's lost Bitcoin, those 30 years old piece of paper is actually pretty easy to lose. And unless all those messages you sent and received are still stored in the network's somewhere, you'll lose them no matter what even if you get your old account back. Some apps encourage users to sync keys and data across as many of their devices as possible. But that doesn't help people
who just have a phone. on mobile, there are some unavoidable and odious central has choke points, namely Apple's App Store, where on iOS your app requires Apple's permission to be distributed. That's one area where activism legislation, antitrust action by the US or EU could help a ton. Apple simply shouldn't be allowed to wield that kind of power. And everybody knows. There's also push notifications. If you want your phone to notify you quickly and reliably have a new message you'll need a push notification server, and on iOS two requires Apple's permission. Let's look at some real peer to peer messaging apps including the one I'm working on to see how they address these problems. ricochet starts a Tor hidden service, the same system used by sites like the Silk Road on the infamous dark web for every user. And then people connect to each other over that. In exchange for depending on infrastructure run by Tor, ricochet gets to run on a kind of magical ideal internet where everyone's computer has a stable address and can connect to each other pretty anonymously with strong end to end encryption. Building on the guarantees of a well tested privacy and anonymity tool on ricochet instead of usernames, you get a public key. This is a pattern in peer to peer messaging apps, and the UX for it isn't great, but it's where most approaches start. This means you have to communicate your key to someone out of band that is through some other communication channel. But once you do, they can connect to your little hidden service on this magical ideal internet that people for some reason called the dark web and they can send you a message
If they also communicate their key to you, you can No, it's um
once you two are both connected, you can send messages and everything feels pretty normal. But if one of you goes offline, the message sits in limbo until you're both online again at the same time, which might almost never happen. You might think that Tor would make it slow, but in practice messaging and ricochets snappy tours pretty fast these days. Computers are always getting faster. So it's slow today might be totally fine in just a few years, and we have to keep updating our sense of what's possible for sending files ricochet just doesn't support that now, but the project intended to before it was abandoned, and as long as you and your friend are online long enough to transfer the file, it should be straightforward. ricochets abandoned now and the existing release has known security issues, but privacy activists at a Canadian NGO called Open privacy are developing a successor to ricochet called coach named after a Welsh word for cuddling. So to look at
doesn't have group chats, could add them. It also adds some ability for users to See messages sent to the group while they were offline, with the aid of a femoral servers that are interchangeable and can do very little harm. If malicious. These ephemeral servers receive no compensation, anyone can run one, and users can choose which one they connect to, and switch servers at any time. Another cool approach to peer to peer messaging and one that's a lot more whimsical, but it's totally worth mentioning is a proof of concept called a bug out. Most peer to peer apps are not designed to run in the browser. But it has been possible ever since back in 2013. When browsers added support for a standard called web RTC to make peer to peer video conferencing possible. You could use WebRTC for things other than video conferencing too. And people did. One notable projects web torrent built a fork of BitTorrent that works right in a web browser. bugout uses infrastructure used by the web torrent project to find and connect to peers and sort of miraculously, it totally works. One amazing thing
about this is that you get the full portability of a peer to peer app without having to download any software. Whenever you download an app, the app developer could run malicious code on your device. Or if the app has a serious security flaw, especially if it's a peer to peer app, other attackers could do. But with bug out, you can rely on your browser to prevent attackers or the software maker themself from running malicious code on your computer. Now, the software maker could still serve you a malicious version of their code anytime you load the webpage. I don't think bugout implements any kind of end to end encryption for privacy protection. But if it did, you'd be trusting whoever controls the website, not to invisibly turn off that privacy protection or secretly send themselves your private keys. This is why doing end to end encryption on the web is generally considered a bad idea. That said, every modern desktop or mobile app developer is pushing updates quite frequently with security fixes that users have to install in order to stay safe so they could pull the same dirty trick to when you download signal on an iPhone. You're trusting both signal and Apple to give you an unsanitized version of signal. And if you want to prevent the creators and bug out from pushing you out. malicious update, all you have to do is save an archive of the page to your desktop. And everything still works because bugout is peer to peer. It's fully portable and any user can decouple it from its creators control without losing its functionality, just by clicking Save. possibly the biggest security downside of in browser peer to peer apps using WebRTC is that they don't work with Tor yet. So almost any attacker could get your IP address. And from that your location, maybe your employer, maybe your school, and link it to behavior across the web or other peer to peer networks. Since WebRTC. can work over TCP, it could in theory work in Tor someday. And the Tor project actually has an open ticket for this. In the meantime, you could build onion routing protocols like Tor over web RTC. And there has been some work on this. But anonymity tools require large anonymity sets and it's hard to compete with Tor is nearly 3 million users. Another problem with WebRTC is that Apple doesn't let you use it on iOS So if you take this approach, you'll have to make an iPhone app if you want it to work on iPhones, this could change in the future, and activist pressure campaigns and possibly antitrust action could be super helpful here. There are some more established foundations for in browser peer to peer applications than the one bugout uses. But I chose bugout for my example, because it's so charmingly simple. Next, we'll look at something that's a bit closer to an app you could picture yourself using every day. Peer to Peer matrix. matrix is an open standard for secure decentralized real time communication to lets you deploy free software substitutes for Team chat solutions, like slack or Discord. matrix has some funding has at least one polished messaging app built on it, and it seems to have found some product market fit. The big difference between matrix and slack or discord is that matrix is federated. This means it works a bit like email does anyone can run their own server, and that servers can connect and relay messages to each other. Peer to Peer matrix is their effort to graph the purely peer to peer solution onto their existing federated one. They're exploring a few different approaches. One of them uses WebRTC and runs in the browser. And the other runs over a peer to peer overlay network called drizzle, and requires that you run a special peer to peer enabled matrix server locally. The peer to peer piece of all this is experimental, so it's not very polished yet. Just like in ricochet your address is a series of letters and numbers, that you can also choose a display name. There are no trusted usernames. You can choose any name you want, even a name that's already being used for account recovery. I think they'll use the same system they use for managing keys right now, which is to let users make paper backups and sync keys to as many devices as possible. There's no solution yet for offline storage of messages, though, I think their plan is to fall back to the Federated system in that case, or at least that's one option. There's also no plan to protect the privacy of IP addresses, which is a pretty serious issue. Again, even thanks Next, keep the person you're talking to you from knowing your IP address. So not having IP address protection is a step backward from thing. And we've learned from Bitcoin that if you don't design these systems from the ground up to protect user IP addresses, just connecting to the peer to peer network through Tor doesn't necessarily help. And it might even make things worse, as demonstrated in the paper. Bitcoin over Tor isn't a good idea.
While peer to peer matrix is experimental, the leading matrix app element formerly called riot, he's extremely polished. I could picture using the Federated version right now with my team, and many large organizations already do use it. So when the peer to peer version is finished and integrated, that'll be really exciting. But not having a clear plan for protecting user IP addresses is a real issue and having your username be a cryptographic key. still feels like it will be confusing to most users. The next step I'll look at status comes out of the Ethereum community. A theory of dramatically accelerated interest in peer to peer Tech by showing the early glimmers of a world where everything on the internet can be free peer to peer software and by unleashing a speculative bubble status is a messaging app built by a team that is psyched about Ethereum Ethereum. His original plan was to include a peer to peer messaging protocol called whisper status, picked up the whisper idea and ran with it, and ended up making their own protocol called waku. In status, your name is a key. Actually, it's a series of random words in English. But unlike Cush, ricochet, or matrix status lets you pay some cryptocurrency to register a secure, human readable username. This is a really big deal, since from Twitter to Instagram users are really used to having their own usernames. You can also use usernames registered on a theorems naming system. Ns status also lets you send money. And since it's an aetherium app, you can even send stable coins like die, which are proven to stress people out a lot less than the rollercoaster ride that has been Bitcoin and ether. status is fairly polished like matrix but peer to peer chat is their main focus, and it's working right now. There's no desktop version yet, which means you can't really use it to work with your team. But this makes sense. Since most of the technical challenges one will run into when building a peer to peer messaging app will be on mobile, not on desktop, so it reduces uncertainty to tackle the hard part first, status is open about their scalability limits that prevent them from serving large numbers of users. But they have plans to address these limits. This characterization oversimplifies things. But status is basic scaling approach is moving from a starting point where every user receives every message and then decrypts the ones relevant to them to an extreme endpoint where every user receives their own messages and a few others for decoy traffic. The limit you hit with the first approach is bandwidth. And the trade off is that you can bring bandwidth usage down by revealing more metadata about who users are speaking to and sending them less irrelevant messages. Right now there is no incentive to run a node and presumably most nodes are run by status themselves, but one can imagine micro payments of somebody Or for some reward and status his own token addressing this,
in terms of protecting the privacy of your IP address status is better than matrix because you rarely connected directly to other users, instead connecting through dedicated nodes. But it's not nearly as good as ricochet or cutch, which are built on tour and can leverage the leading anonymity tool and its large anonymity set of 3 million users. The next project we'll look at is my own PROJECT Z Bay, which is built on z cash. z cash is a fork of Bitcoin and as a peer to peer network, it's similar to Bitcoin in many ways. The big difference between z cash and Bitcoin is that on the Z cash blockchain, the sender, the recipient, and the value of each transaction is encrypted using zero knowledge proofs. z cash also lets any transaction include a 512 character message encrypted to the recipient. These messages are stored on the Z cash blockchain. What CB does is build a familiar looking messaging app onto this basic messaging functionality in z cache, says eBay can rely on z cache to securely encrypt a message and it's metadata broadcasted to the network stored indefinitely and let the recipient receive it. There are ways to store data semi publicly on the Z cash blockchain to by sending to an address and sharing the key for that address with others. This lets the bay have group chats and like status z Bay can give people secure unique usernames. Also like status eBay can send money. And unlike status, the sender, recipient and value of the transaction are not visible on the blockchain is eBay even lets you post an item for sale and makes it really easy for users to buy it with z cash and provide their shipping information to the seller for physical goods that must be shipped. Zhi Bay also supports basic moderation. When a user publishes a group chat to the blockchain, they become its owner, and can send special messages that will cause the eBay app to hide a message or silence a user. But hidden messages are still permanently visible on the blockchain to anyone who really wants to see them. But eBay will hide them, giving communities a powerful way to protect themselves from troels z cache is built by a well funded world class team. And while it still has some significant privacy weaknesses, it seems reasonable to expect that these will be fixed. The z cash team is also focused on scaling their network through an approach called sharding. And their goal is to be able to serve billions of users someday. Reaching this goal will take years and maybe decades. But as the Z cache team makes progress in privacy and scalability, z Bay will benefit from that.
There are some privacy
downsides in z cash and z Bay right now. First, encrypted messages are stored in a public blockchain. So if z cache encryption fails, they'll be revealed to everyone. In terms of the spy agencies of large countries, all encrypt Internet has the same problem because they capture all interesting internet traffic and can decrypt it as soon as they figure out how, but for every other attacker, block chains do all the hard work of full text surveillance for them by saving all transactions in a public record. So if the encryption is ever broken, it won't just be the NSA who can read everyone's messages. Anyone who can use Google will be able to, that's not so great. Another privacy downside comes from the fact that currently z cache does not protect a user's IP address. This is a gaping hole in the Z cash privacy model, because it means that once an attacker controls enough nodes, they can determine the IP address that created each new transaction will link transactions to each other and link them to transactions with cryptocurrency exchanges like Coinbase, where users have probably revealed their identity, z cash supports connecting to the network via Tor. And this should make it harder for an attacker to learn a real IP address. The problem is, according to attacks published in the paper, Bitcoin over Tor isn't a good idea, many of which also apply to z cash using z cash over Tor may make surrounding a target with malicious nodes and linking the targets transactions even cheaper and easier, because Tor makes it cheaper for attackers to spin up new nodes and to trick peers into connecting only to malicious nodes. The z cache team intends to address IP address privacy and in the meantime, I think we disobey team have a way to address it on our end by using Tor connecting to a single light wallet server and using a different Tor circuit for each transaction. But this will need to review. Another less serious but very important drawback of eBay is that it's still pretty clunky. It's less clunky than you might expect if you've tried z cache before, or used other blockchain tech, but it's vastly more clunky than any normal messaging app, including the others mentioned here. For one thing, Zb currently uses a full z cache node. This will change soon, but for now, it requires about 25 gigabytes of disk space and about two hours to sync on a fast home internet connection the first time a user runs it. message delivery takes about six seconds, three of which happens locally preparing the zero knowledge proof and that's on a modern fast computer. A significant amount of CPU use happens when you receive and decrypt messages to right now sending messages is very low cost about 100th of a sent but that could change quickly as traffic on the Z cache network increases. For now. We send every user A few senses e cash to get started. But that's not sustainable as we grow, and eventually they'll have to spend some money. Zba is switching to a light wallet model. And this will improve some of these resource requirement issues. But the real solutions to these problems can only come from a robust scaling strategy, either in z Bay, z cash or both. For z cache scaling means figuring out how sharding will work and perhaps many smaller optimizations along the way. For z Bay. I think the solution is to move more and more messaging off chain, which also has the privacy benefit of not storing messages on a public ledger. One way to do that is to send messages directly over Tor like ricochet does when users are online and use the Z cash network as a fallback for guaranteed message delivery when a user isn't online. Another way to do it is to use special servers like coach or status, working mobile wallets for z cash were just released. So while it would be possible to build for mobile soon, it makes sense to find product market fit or interest from other developers before tackling mobile apps. I think The last messaging app we'll look at is session, which is perhaps the farthest along the session, the messaging app of the blockchain network. Loki is actually really awesome. And I didn't appreciate how awesome it was until I researched it for this talk.
Like z Bay.
It builds on a privacy focused cryptocurrency similar to Manero, like status and coach session uses special servers called service nodes to make crude messaging fast and scalable. Unlike status and coach, these nodes are incentivized. And node operators can stake funds to run a server, which they lose if their server doesn't operate correctly, and then earn funds from block rewards.
do this because unlike status, or Zba, it's their own custom cryptocurrency so they write the rules. These incentivized servers also support sessions own Tor like onion routing scheme, so users receive some IP address protection, provided that everything is working correctly. session has desktop and mobile apps for each platform and all are fairly polished. So they don't seem adapted to any specific Use Case yet beyond private communication session gains a lot from being its own cryptocurrency in terms of the incentives that can offer node operators, and in terms of how they gain control over the privacy properties of the network, but using its own cryptocurrency also brings disadvantages sessions token has a pretty small market cap, and small support from exchanges. So it's going to be harder to buy then z cash Eve or Mineiro. That said, moving money between blockchains without centralized exchanges is becoming an understood problem. The building blocks are in place for session to let you deposit Bitcoin straight into their app and exchange it for their own token on their peer to peer network. The Ren project exists right now and supports this for ether Bitcoin and Zee cash. Since the session team is building their own cross chain exchange now, they might just have this part covered. The bigger disadvantage from being its own cryptocurrency and rolling its own solutions to everything is that it seems really hard to compete with Tor on anonymity for z cash and Manero on financial privacy. is also a chicken and egg problem where a privacy tool has to attract enough users to merit scrutiny from security researchers, but needs at least some scrutiny to make any claims at all about their security and privacy. What session is trying to do here is really, really hard. But if they feel sure they can pull it off, it's definitely the way to go. I spent a lot of time talking about privacy, security and Tor, you might be thinking, I don't need Tor level anonymity, I just don't want a Fang company controlling my entire experience of the internet. I have a few thoughts about that. First, if the privacy characteristics in these fully foreseeable peer to peer messaging apps are much worse than their paying alternatives. This will drive users away sooner or later, just as it did with limewire when Robo lawyers began suing the parents of teenage limewire users for more than the value of their homes. And it can be really hard to add privacy to an existing peer to peer network once it already has many users. Second, due to the openness that makes peer to peer networks, so formidable privacy on these networks will tend to work extremes have very strong or none, even more than with the Fang model, there might be some middle ground between Tor or something like it and handing your metadata to every shady data mining business in the world. But there probably isn't, especially if the app gets popular enough. Third, peer to peer substitutes for Fang apps need to be better in some way for people to switch to them. The conventional wisdom is that any new tech product has to be 10 times better at something to get traction. And I don't think free software is any exception to this. privacy, security, trust and anti censorship are one place where they can be a lot better. So it's a missed opportunity not to use that advantage. And I wonder whether peer to peer messaging apps that don't focus on privacy can be successful in the near term. I've spoken about privacy, I should address scalability to one pattern that emerges in all of the currently working approaches is that they all use untrusted servers in some way. Zb relies on z cache nodes and miners, ricocheting could use Tor servers, kitchens satis use their own servers to Even bugout relies on web torrent trackers. In all of these cases, the network's can use different approaches to limit the power of server operators to spy and censor users. But they kind of need those servers their ricochet Coach bugout ncba, use servers from existing networks that will reliably provide some capacity. This limits them to the scaling constraints, those networks, then up to some scale, each project can offer direct incentives for people to run servers, or simply operate them itself. As long as the server isn't trusted. And there's a plausible plan to decentralize further, that seems fine. At some point, any network will probably need an intrinsic economic incentive to run servers just like session has right now. But they don't need it until that point, and they have time. And there aren't really any insurmountable technical barriers to adding incentivize servers in any of these approaches. There's attention here, and approach like session that controls every aspect of its network can create cleaner incentives and pursue every feature it needs directly, but that also spreads a team thin. On the other hand, building on more established networks like Zee cash tour aetherium can simplify your project and provide stronger security guarantees. But things will get messy wherever the design of the network you're building on lacks something you need. This matters a lot for scaling, offline storage, and sending images and video.
a team taking any of these approaches could compensate for its shortcomings and make it to the end goal. The main factor is how much time experience and creativity they can dedicate to getting there. All of these questions about privacy and scalability lead to an even bigger question. Why will people switch from existing thing messaging apps to fully workable peer to peer alternatives? What will these new apps be 10 times better at in a way that outweighs the clunkiness? What initial use cases should developers of these apps focus on? discord is now a general purpose messaging app that excels for all kinds of uses, but it blew up because they built it specifically for gamers who care a ton about software and didn't have a great solution. I'm not sure if any of the projects I discussed today has been rigorously tailored to meet the needs of a specific kind of user the way discord was my project Zba certainly hasn't yet, though, I'm searching for a niche to focus on. And I'm optimistic about addressing the needs of journalists and activists, since that's a space I've been in myself and care a lot about. If you have an existing use case, you think a peer to peer messaging app could excel at serving, and you want months of free software development dedicated to meeting your needs, please contact me. I'm going to end my talk here. And I'm really excited about discussing this more in the q&a. I've put up a website for this talk at fight Fang. org, where you can find the talk slides, and any accompanying links and sources I've used. Thanks again, and I'll see you in the q&a.
we're back with Holmes. Thank you very much. That was an excellent discussion about z Bay and the whole show with fighting Fang, and a great peer messaging app that looks like amazing stuff, homes.
I also wanted to quickly thank a couple of friends who helped me prepare the talk. Gail Marceau and Lisa LaRoche.
Both help with feedback.
And yeah, I'm seeing some of the questions come in through through, right. I'd love to jump into them.
Yeah, sure. Okay, we've
got some questions lined up for you, we'll get right into them. Our first question is, how do you contrast Zba from other projects like open bazaar or particle? Cool. So
just for folks who don't know open bazaar is a peer to peer ecommerce app that's basically trying to look like the sort of standard ecommerce site, use all those patterns. It's built on a peer to peer network, their own network and it works with both Bitcoin and I believe z cash as well. Maybe a couple other cryptocurrencies particle is a is a ecommerce oriented app that does some other stuff. It's built on their own token. I'm not sure but I believe that token money Based on cryptonote, I'm not positive, but um, but it's built on their own token, both in both cases, their desktop apps that are trying to create one of these peer to peer apps that sits in the middle. And as such, they're both amazing projects. z Bay is different because we focus first and foremost on messaging. And because this this difference exists with particle, we build on a z cache, which is easier for people to acquire and to use to some degree then then particle which uses its own token. particle has
a lot of the ups and downs that session has, that the app I mentioned in the talk,
where they control their own network so they get more flexibility over what trade offs they make, but they also have to do all that heavy lifting themselves and with eBay, we're able to build on z cash and innovate with a really small team and rely on very well regarded and well bedded privacy project to to make privacy guarantees And to make the network work.
Sounds sounds incredible with all that work. Let's go on to the next question. How do you deal with the inherent environmental externalities of using cryptocurrency in a messaging app? It goes on and says, doesn't that create its own ethical quandary and raise the barrier of entry to interoperable p2p chat to those with the proper infrastructure?
This is a really important question.
Right now, it has it happens.
Any z cash including many other cryptocurrencies
with smaller market caps do not have an impact
on on climate more than the impact of a few US households. I think an October 2019 estimate estimated that z cash has impact was about 7.1 American households per year in climate. That could change obviously if the market cap goes up. It's going up a little But now, but right now, you know, just to put that number in context, purchasing carbon offsets for the amount of
entire z cash network burns would cost about $5,000 a year. That's certainly something I would propose that the Z cache, the entities that are involved in z, cash z cash foundation and ECC address, I think they should. And I'd be willing interested in working with anyone to try to convince them to do that. And I think in the long term where this could scale out of control to be very high impact. I think the solutions are potentially proof of stake and obviously renewable energy.
yeah, in terms of the the hurdle it creates, we give every user a tiny amount of z cash to get started. That's not sustainable. Right now, you can actually send zero fee transactions on the Z cash network, and we're dabbling with that. But that obviously won't continue forever. We can try to take as much stuff off chain as possible
And then, as far as resources goes, I mentioned that we're working on a light wallet version of eBay. So in a couple weeks, there will be a version of eBay that that, at least for testing that doesn't require you to download 25 gigs of blockchain. It'll just just start up and work. So I'm not too concerned about that. And I see it as more as more of a series of steps towards the end goal making something that works out of the box, as people would expect. That sounds like
some very nice project progress on your project. Our next question is, what are the privacy trade offs between z cash and Manero? And with something like z bei be possible with Monaro as well? And there's, there's a follow up question. I'll get to that. Let's do the first one,
um, z cache,
something like z they would be possible with Mineiro everything is possible with everything in this sort of peer to peer world which is amazing because all the building blocks are very possible to recombine. There's no total dead ends. If we had started with Mineiro we've would have had to build our messaging stack out of the we would have had to build our messaging stack from scratch. By starting with the bay, we got some limited messaging capability from scratch. I'm not sure I believe Mineiro might have
Mineiro has a system
for identity and secure human readable naming. I am not familiar with it enough to give a comparison in terms of how hard it would be to do that stuff with Mineiro. And in terms of the privacy differences between z cash and Manero. I think people are more excited about the underlying tech and z cash because it uses zero knowledge proofs which are theoretically more solid, and that Manero supporters are Mineiro users are disappointed with the fact that in z cash, not every transaction is private by default, as it should be. z cash sort of leverages z cash gets a lot of exchange support by allowing for public transaction transactions much like Bitcoin on the Z cash blockchain and Any exchange, the Giants really just has to reuse the Bitcoin stack. And they can interoperate with z cash quite easily. So there's an advantage there. But the disadvantage is that a user could accidentally do a transaction that wasn't private using z cash, which isn't possible. In the narrow. However, eBay, eBay itself, in almost all cases will guide you to use to, to using the private transaction functionality in z cash the shielded transactions, and it's all the messages we send in money we sent between users in z Bay is shielded.
I've lost your
audio, I think you're muted. You're muted. Yes. Got it.
Alright, so we have a few minutes left. And our next question is, what are the privacy trade offs between z cash? I'm sorry, I gave that to you. We followed up with the last question, what factors led you to choose z cash over Mineiro? I think you explained that in the follow up to your question. So our next question is Every project creates their own p2p protocols and tokens. Does that defeat the purpose of interpretive blue ability of peer to peer protocols in the first place? Yeah, yeah, I
kind of touched on this in my talk, right? It's that that's the tension and trade off between something like session or in something like eBay, where, in the case of eBay, we're using it, we're using a peer to peer layer and the token that is not ours. And so for example, right now, you could get your eBay messages or use eBay transactions on z cash mobile apps that happened to support messaging like Zack Wallet for mobile, for example, supports messaging. We didn't have to build that. So we benefit from it. And there's, you know, a potential for the protocol to be something that many different apps interact with and can can interoperate more or less. with, you know, with session or particle, many different apps could build on top of the tokens and protocols they've created. But there's less incentive for them to do that. And you know, it's not There's something kind of cool in the network becomes a shelling point where it's like, Okay, this is the choice that probably everybody is going to make. So let's do that. It would be great to see a peer to peer messaging stack emerge, that could be that for many projects, but, you know, there, there are so many trade offs involved and everyone's ultimately you have to pick the approach and stack that fits the use cases and threat models that you're concerned about.
or gateways or clearing houses that might be useful in that scenario. So there's one last question that we have, with question concerns about traffic correlation attacks in Tor.
deep core, does the architecture of z Bay potentially allow for using a different overlay network such as AI to pay?
I haven't looked into ITP I know that network layer privacy is a huge thing for z cash though I mentioned that In the slides that that right now, and for most cryptocurrencies that, you know, even if a cryptocurrency keeps your metadata off the blockchain
or hides it by using zero knowledge proofs you do, you still have the problem of someone action. And if the transaction
comes from an IP address or the transaction comes from a node in the Tor network, you can certainly make transactions together. And as soon as you link a transaction to the transaction that went up to coin base or by Nance, then you know, you can probably get to the point where you know who the person is, and you might be able to do a lot of harm even before that point. So
so that's already a huge issue. I think. We're not even at the point of,
of what happens if you hack, if you can D anonymize Tor being a problem with z cache because there isn't even there isn't even fully thought through Tor integration in a way that would consistently guarantee z cash Private privacy properties in z cache. So I think getting to the point where z cash transaction is as anonymous as visiting Tor hidden service would be that's already, you know, that's milestone number one. After that, I think maybe what this looks like. And, you know, I know the Z cache team is thinking about this and they're scaling work is that you could use, you can use mix nets. So mixed nuts don't have the same mix sets have theoretically better
a network of an all knowing network layer adversary like the NSA, because they can use they are not subject to the attack where the attacker can sort of see traffic coming in and see traffic going out and figure out what's figured out who's talking to who. And so the loop is paper I know is is one that gets talked about a lot. And
the exciting thing is that if that kind of work, because comes, Oh, another project that space is near. And then if that kind of
work becomes the basis for how your network layer works in z cache, we could actually in a few years have messaging and financial platform that's more anonymous than Tor is today. All right.
All right. Well, thank
you very much, Holmes. We really appreciate you coming in today and sharing us with us your project.
Thank you so much. It was great. I really enjoyed it. All right. Yeah. Yeah.
All right. Our next talk experiences and sharing digital security workshops in an autonomous and open hacker space in Mexico with Carlos Martinez. Fresh bumps and fresh tracks coming right up, ground control. Take it away.