Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

55% Positive

Analyzed from 651 words in the discussion.

Trending Topics

#groups#distributed#group#chat#don#signal#world#simplex#https#matrix

Discussion (14 Comments)Read Original on HackerNews

arto13 minutes ago
@Realman78 Have you looked into how SimpleX does it?

https://github.com/simplex-chat/simplex-chat/blob/stable/doc...

miloignis32 minutes ago
Neat, thanks for the writeup! I think a single creator-admin for small groups is a nice, simple, and practical design point.

I did want to point out that Matrix does do distributed eventually-consistent authorization, which is their key invention IMHO. (Rooms are distributed among the homeservers, none of which are privileged over the others. You could (and their long-term plan from back in the day) was to run a tiny little single-device homeserver on every device to achieve P2P.)

It's tricky, but a very cool algorithm! Several entities (including myself as a hobby project) are working in combining the Matrix eventually-consistent CRDT with MLS for encryption for a no-compromise distributed E2EE system. It's possible, but very hard, as you might imagine.

Edit: Here's one academic paper writing up the abstract algorithm behind Matrix https://dl.acm.org/doi/10.1145/3381991.3395399

tpah8about 2 hours ago
One option that you sort-of mentioned but missed: go with the static groups, but don’t let the users feel that.

In other words, show the kick/invite options to users when it does happen, but destroy and create a new group behind the scenes.

Realman78about 2 hours ago
I understand the vision, but I would still have to rotate keys through different groups. It doesn't solve anything, it just gives the illusion of a clean group delete-then-rebuild
sandeepkd39 minutes ago
Decentralization is not really a feasible option when you have more than one actors. Either you embed the centralization from beginning with some good and verifiable contracts or a certain majority is going to hijack the platform and act as centralized controllers.
Realman7820 minutes ago
Sure, but what is there to hijack in a messenger platform? The groups basically act as their own separate islands, and everything is signed for their buckets. Worst thing that an attacker can do is hurt availability
aeturnumabout 2 hours ago
This is a nice little write up and I kinda feel like the author (sensibly) chose centralization just on a smaller scale. I also think that the algorithm is pretty similar to the og textsecure2[1] protocol signal used (and still uses?) in terms of key generation. It's different in that messages are in a distributed hash table instead of sent through a server and also that there's less cross-verification by chat members, but I'm not sure the author would lose any of their goals by using the signal approach (with distributed storage).

[1] https://signal.org/blog/private-groups/

Realman78about 1 hour ago
The issue with that is that when there is no "leader", there is also no way to guarantee kicking someone out. Signal didn't have the kick option for years, and they only added it once they moved the group state management to the server. Now, is "kicking" a good enough justification to go with the leadership route? That is up for debate...
thaumasiotes10 minutes ago
> The issue with that is that when there is no "leader", there is also no way to guarantee kicking someone out.

Why is that an issue? It's a fundamental fact about the world that your software will never address. No matter what options you purport to provide, you can't stop people from telling other people what messages they received.

In a decentralized system, messages are sent to a list of recipients. If you don't want someone to receive your message, you can take them off the list of recipients that you send to. But if you send a message to party B, and they recommunicate it to party C, there's nothing you can do about that. The only solutions are (1) to stop communicating with people you don't trust; or (2) to have the guy you want to kick out of the chat group kicked out of the world.

2830428340923410 minutes ago
Like...email? Usenet?
esafakabout 2 hours ago
The hardest problem is social. Who is going to use this?
swatcoder29 minutes ago
Probably not a ton of people in the largely-peaceful, largely-comfortable world that many people here have only ever experienced.

But history (and world-awareness) shows that those periods don't last forever, so having mature decentralized technology ready and warm for periods of crisis or devolotion is hugely valuable in the long term. It can be hard to maintain commitment to maturing and seeding that kind of technology when there's not yet a pressing need, exactly because it's hard to gain enough traction to overcome the relative inconveniences. It's admirable and important work regardless.

Realman7816 minutes ago
Thank you!
Realman78about 2 hours ago
I agree, and since there is no mobile version, this won't replace your whatsapp, and it was never designed for that. The actual people I see using this: - People who want anonymous messaging (I realize that there are already Tor messengers, so the idea was to make this one much more feature rich) - Friend groups that want private group chats without any central dependencies or accounts - security, self-hosting, decentralization and open-source enthusiasts