We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.
We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.
Am 03.09.2014 01:25, schrieb Paul Frazee: > For some interesting reading, I'll refer you to Dominic's project, > https://github.com/dominictarr/secure-scuttlebutt. > > Got one question here: this seems to replicate data. Does it protect against malicious updates too? To illustrate: I'm currently working on some simple payment system. (I picked "payment system" because that's something everyone understands without explanation of the app's purpose; however it's only an application which requires the features to be demonstrated.) It works like this: * Every "wallet" is a (sqlite) database holding a balance table of two columns: amount and currency. (Together with some user interface.) * Users can create orders (documents) to transfer some amount to some other wallet. The receiver can either accept or reject. (There is more, like maintaining nick names for wallets. But those are irrelevant at this point.) The important point: the wallet must make sure that it no order exceeds the senders balance and no receiver can accept the same order twice. (The total the currency must not change.) Having a eventually consistent database is not enough here: we can't trust the peer to store a correct value. Our solution is rather simple. Each wallet is replicated (tolerating byzantine faults) at several notaries. For a small world (like 5-20 peers) this could be *all* peers, to simplify the situation for the time being. Now members of the group can readily use it. Any attempt to cheat does not work. However: This can not transfer money beyond the boundaries of the group. (An incoming order would be signed by many notaries. To no effect: the group would only trust those notaries in the receivers set and reject the order if the intersection of senders and receivers notaries is too small.) For a larger world byzantine replication does not work, because it comes at quadratic communication cost. Instead we would create "virtual banks": groups of individuals each running a peer and *contracted* (as in "having signed a legal contract") to keep it mostly online and prevent fraud. Such a group could be used as an intermediary between wallets running at too disjoint groups. So if I wanted to build applications like that one on scuttlebutt... possible? How would I make sure the wallet is always correct? Best /Jörg