cyph
Peergos
Our great sponsors
cyph | Peergos | |
---|---|---|
7 | 33 | |
366 | 1,846 | |
0.5% | 3.4% | |
9.3 | 9.3 | |
7 days ago | 2 days ago | |
TypeScript | Java | |
GNU General Public License v3.0 or later | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cyph
-
Ask HN: Why no browser-based E2E encryption?
[where this model breaks down] -- Alice and Bob go to your website and have a conversation. Eve hacks into the website and modifies the E2EE code. She can switch between serving the normal webapp and the malicious non-E2EE webapp. There's no good way to detect it. There are people out there who really like end to end security, but don't like browser-based e2ee because it doesn't have end to end security.
Note: https://www.cyph.com/ is a bbE2EE chat system.
-
E2EE on the web: is the web that bad?
If we do care about the delta in security model between the web and other platforms, then we could build some kind of code bundling and signing mechanism for web applications, perhaps with some kind of transparency layer on top to make the code publicly auditable and make it harder to target specific users with malicious code. A bundling/signing/transparency solution for the web could probably be built out of some of a collection of mechanisms that already exist or have at least been explored. Related ideas include Subresource Integrity, Isolated Web Apps, Signed Exchanges and Web Packaging, Meta’s Code Verify extension, and source code and supply chain transparency proposals.
Incidentally, I've actually just recently developed a solution to this exact problem: https://www.websign.app.
WebSign started a while back as an internal framework used by the Cyph E2EE messenger (https://www.cyph.com), and @eganist and I gave a talk that covered part of the architecture at Black Hat and DEF CON. Now we have a static web hosting service built around it for others to use, which takes care of bundling and code signing during deployment.
If anyone here has a use case for it, we're looking for pilot customers now. Just shoot me an email at [email protected].
-
Graph of Keybase commits pre and post Zoom acquisition
https://github.com/cyph/cyph
It would be wasteful to throw away the Web of Trust (people with handles to keys) that everyone entered into Keybase. Hopefully, Zoom will consider opening up the remaining pieces of Keybase if not just spinning the product back out to a separate entity?
W3C DIDs and https://blockcerts
From https://news.ycombinator.com/item?id=19185998 https://westurner.github.io/hnlog/#comment-19185998 :
> There's also "Web Key Directory"; which hosts GPG keys over HTTPS from a .well-known URL for a given user@domain identifier: https://wiki.gnupg.org/WKD
> GPG presumes secure key distribution
> Compared to existing PGP/GPG keyservers [HKP], WKD does rely upon HTTPS.
Blockcerts can be signed when granted to a particular identity entity:
> Here are the open sources of blockchain-certificates/cert-issuer and blockchain-certificates/cert-verifier-js: https://github.com/blockchain-certificates
Peergos
- Skiff Is Joining Notion
- I Moved My Blog from IPFS to a Server
- Filecoin Foundation Successfully Deploys IPFS in Space
-
Amino – The Public IPFS DHT Is Getting a Facelift
You can do that with peergos [1]- mount a peergos folder locally using FUSE. Or login to the web interface and share easily and privately.
-
The problem with federated web apps
You might be interested in the p2p design of Peergos. You sign up to Peergos[0]. Your initial server is just responsible for storing your data (although you can run as many live mirrors as you like), and clients verify all updates. You can automatically move server (by running a command) and all your data is moved, and old links continue to work, and you keep your social graph and identity.
You can also log in through any instance, including localhost. Links also work on any server because they include a capability to the content in the link.
This is the beauty of content addressing plus public key based addressing.
-
Enigma: A simple cross-platform encrypted filesystem in Golang
https://peergos.org
https://github.com/peergos/peergos
Features:
* audited by Cure53
* protects metadata (directory structure, file name and properties, file sizes, social graph)
* fine grained capability-based access control
* built-in social media
* sandboxed 3rd-party apps: e.g. word doc viewer, calendar, text editor, games etc.
* FUSE bindings
* CLI
* cross platform
* browser client
-
Ask HN: What do you do for online privacy?
I use Peergos[0] for E2EE storage, doc editing, sharing media, calendar, kanban boards and social media. (Disclaimer: I also work on Peergos).
-
A fully open-source and end-to-end encrypted note taking alternative to Evernote
If you're looking for a fully open source, self-hostable, E2EE wiki web app then you might be interested in Peergos - https://peergos.org
We have a markdown based wiki viewer and editor- https://peergos.org/posts/markdown-browser
Peergos is a generic P2P E2EE filesystem with a bunch of apps on top, and you can write your own too - https://peergos.org/posts/a-better-web
Disclaimer: co-founder here
-
Twilio Incident: What Signal Users Need to Know
If you're looking for a Keybase replacement, check out Peergos (https://peergos.org). Peergos is a P2P E2EE global filesystem and application protocol that's:
* fully open source (including the server) and self hostable
* has a business model of charging for a hosted version
* designed so that you don't need to trust your server
* audited by Cure53
* fine-grained access control
* identity proofs with controllable visibility
* encrypted applications like calendar, chat, social media, text editor, video streamer, PDF viewer, kanban
* custom apps - you can write your own apps for it (HTML5), which run in a sandbox which you can grant various permissions
* designed with quantum resistance in mind
You can read more in our tech book (https://book.peergos.org) or source (https://github.com/peergos/peergos)
Disclaimer: co-founder here
We have a FUSE mount and CLI. For details see: https://github.com/peergos/peergos#fuse-native-folder-mounti...
What are some alternatives?
slate - WIP - We're building the place you go to discover, share, and sell files on the web.
CoreDB - Take back control of your data with a self-hosted network node for your digital identity. The IndiView app works with this node allowing you to share contact details, photos, and videos only with the people you specify.
ipfs-chat - Real-time P2P messenger using go-ipfs pubsub. TUI. End-to-end encrypted texting & file-sharing. NAT traversal.
web3.storage - DEPRECATED ⁂ The simple file storage service for IPFS & Filecoin
solid - Solid - Re-decentralizing the web (project directory)
skynet-cli - a lightweight cli to interact with Skynet
meshenger-android - P2P Voice/Video phone App for local networks.
Rundeck - Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
ts-odd - An SDK for building apps with decentralized identity and storage.
iiab - Internet-in-a-Box - Build your own LIBRARY OF ALEXANDRIA with a Raspberry Pi !
client - Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
i2pplus - I2P+ is a soft-fork of the Java I2P Anonymizing Network Layer - this is a mirror of https://gitlab.com/i2pplus/I2P.Plus/