Also, because Paul has awesome projects, and deserves some attention when a project of his makes it to the top of HN but doesn't even mention him, he is working on a browser for the distributed web called Beaker (I am using it to write this now), and it is awesome.

https://github.com/beakerbrowser/beaker

@cowardlydragon you got downvoted to death but that's a fair assumption so I want to reply to you here

> forking a website so easily also makes spoofing very easy...

A fork copies the files of a site, so yeah, it certainly would be easily to spoof somebody's site. It basically is a spoof button. But doing so creates a new cryptographic identity for the site, and that will be the basis of how we authenticate

Cross device identity is still an issue, but not a problem in the foundation. It's a matter of making client apps (like Patchwork) recognize a message of type "link this and that account together" and then your friend's app would automatically follow both accounts and render them as if they are the same thing. It'll be done eventually in Patchwork.

Yeah that is what they were talking about when I was following the project. Once that is done in patchwork, I might try using it again.

It will be a must once mobile is launched, which I'm working on.

Is it also possible to use multiple devices without leaking from which device each message was posted?

Well, yes and no. The log will show a different id (public key) which authored the message. But the device itself (iPhone or Google Nexus or whatever) doesn't need to be mentioned.

That could leak information a user doesn't want to be leaked, like at which hours he is at work (using the work computer) etc. Which id belongs to which device could probably be inferred when the service is used actively.

I understand that transparency might not be a design goal or techinically possible, I'm just raising the concern.

Can't I just share my private key across multiple devices?

Nothing stops you from copy-pasting your asymmetric keys (it's a file) to different devices. I bet it's feasible, the biggest issue is also making sure your log stays the same, because a log shouldn't get forked.

Those sound like pretty unavoidable, and often acceptable, drawbacks.

Is there a reason you can't just use the same key pair on both devices?

yes. 1) it would be significantly less secure - compromising either device would compromise both. Imagine an airplane with two engines that needs both to fly - a single engine plane is actually safer - because the chance of loosing one of one is less than the chance of loosing one of two, (assuming chance of engine failure is independent) Use a separate key on each device is like a two engine plane that can still fly with one engine - this is significantly safer than a single engine plane.

2) it would greatly complicate the replication protocol, having to take into account forks, rather than assuming append only, where you can represent the current synced state with a single counter.

I'm having trouble following this and the reply thread below. Why is identity device-specific? So every time a get a new computer I have a new public key?

You can also use the same keypair on multiple devices. This however results in another problem: You could post content from both devices simultaneously. But the underlying protocol requires each message to refer to the previous message by the same identity. So if two different devices post a message without having received the message of the other one, one of the messages is considered invalid.

My role was to provide an applications perspective. I worked on UIs and data models. Dominic's the maker of the tech.

I ended up removing the gif maker in one iteration because it was so frequently buggy. That was probably the worst call I made.

Can you (or someone) clarify the difference between Patchwork and SSB? Does SSB handle the networking and discovery and encryption and whatnot, and Patchwork just acts as front-end for displaying diaries, connecting to pubs, posting and so forth?

Patchwork is a user interface for displaying messages from the distributed database to the user, and to allow the user to add new messages. The underlying protocol supports arbitrary message types, patchwork exposes a UI for interacting with a subset of them. Anyone could write and use other UIs while still contributing to the same database. Patchbay[1] for example is a more developer-centric frontend.

Under the hood, patchwork connects to a scuttlebot[2] server. Scuttlebot in turn is based on secure-scuttlebutt (ssb).

[1] https://github.com/ssbc/patchbay [2] http://scuttlebot.io/

The downvotes on replies are baffling over here. Here's what AljoschaMeyer said, and it's all accurate:

Patchwork is a user interface for displaying messages from the distributed database to the user, and to allow the user to add new messages. The underlying protocol supports arbitrary message types, patchwork exposes a UI for interacting with a subset of them. Anyone could write and use other UIs while still contributing to the same database. Patchbay[1] for example is a more developer-centric frontend. Under the hood, patchwork connects to a scuttlebot[2] server. Scuttlebot in turn is based on secure-scuttlebutt (ssb). [1] https://github.com/ssbc/patchbay [2] http://scuttlebot.io/

Thank you, I enabled [dead] and I too am baffled at why useful responses are getting killed.

edit- they got unkilled.

correct, patchwork is the UI, ssb is the database.