Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.
I’m a simple man, I see blockchain, I downvote.
I understand the impulse, but I think that’s a knee-jerk reaction. I am immediately suspicious of any technology that claims to use blockchains.
It’s just something for a very specific usage.
https://gist.github.com/joepie91/a90e21e3d06e1ad924a1bfdfe3c16902
You shouldn’t be so intolerant. But I agree, here it does look like bullshit.
I don’t see how blockchain (in this case) adds any value over a federation like Matrix.
It adds value by helping convince clueless investors to give you money. I’m entirely serious. There’s a significant number of investors that think blockchain technology is a good thing. Doesn’t matter that it’s a terrible solution to practically every problem. The goal isn’t to be a good solution. The goal is to make money. They only need to convince a few clueless people to give them that.
This system is federated.
The blockchain means that you can access your encrypted messages even if your server goes down.
you and everyone can access those encrypted messages. You are the only one that can decrypt them, sure, but as others have already mentioned, the history of encrypted messages is almost as bad as the actual content.
Publishing everything on a blockchain means that everybody who’s running a node has access to a copy. If confidentiality of communications is an issue, this may as well be a data breach with a few more steps. Also, how does giving everybody running a part of or monitoring the blockchain equate with “control over personal data?”
Centralized control: Only one entity can see it. Blockchain: Lots of third parties run a node, so every node can see it.
Each channel has a separate ledger: That makes surveillance of a particular communications channel much easier. Thanks. Also, each user has to have a keypair; great for pseudnonymity, lousy for repudiability.
Messages cannot be altered but they can be audited to prove their metadata. Did they learn nothing from the Obama administration? At this point in the paper I can’t shake the feeling that this is a deliberate effort to invert all of the properties of privacy.
Smart contract: Yay, more deliberately memory unsafe programming. I guess they never played with Core Wars as kids, either.
An attacker would be unable to breach the network: An attacker would just have to stand up a node. If channels are side ledgers on a blockchain, and the network assumes that nodes can come and go (which they all do, as far back as bitcoind), any node can join, say “Hey, I’d like to join this channel,” and get at the very least a pointer to the side ledger for that channel.
Long-term storage of communications is dangerous, mm’kay?
Publishing everything on a blockchain means that everybody who’s running a node has access to a copy
I’m not sure that’s the case, although the article is rather vague. It says:
[…] the user must register with a node of their choice using their public key. Once registered, users can create channels and invite others to join. Each channel has a separate ledger hosted by the nodes. […] The data in the ledgers are encrypted, and the secret key is managed by the users of the channel.
IIUC, nodes will not have access to private keys, neither those from users nor those from channels. Users could use their keys to exchange the channel’s private key without the node getting to know it. I don’t quite understand how user’s would exchange their public keys without the node being able to play MITM, though…
Edit: Removed an irrelevant sentence from the quote
I believe their point was that even encrypted messages convey data. So if you have a record of all the encrypted messages, you can still tell who was talking, when they were talking, and approximately how much they said, even if you can’t read the messages.
If you wait until someone is gone and then loudly raid their house, you don’t need to read their messages to guess the content of what they send to people as soon as they find out. Now you know who else you want to target, despite not being able to read a single message.
This type of metadata analysis is able to reveal a lot about what’s being communicated. It’s why private communication should be ephemeral, so that only what’s directly intercepted can be scrutinized.
That was exactly why I said “Did they learn nothing from the Obama administration?”
From 2014: “We kill people based on metadata.” (Michael Hayden, former DIRNSA, 2014.ev)
There is no “harmless” here.
No, this is already solved without scam shit tied in.
Eh, I wouldn’t go as far as calling distributed ledger tech a scam. Sure, 99% of the current ecosystem is at best digital tulip trading if not an outright scam, but that doesn’t mean everything blockchain-related is a scam.
There’s valid use cases for what’s essentially a distributed database with immutable history (or a “smart contract” system which is essentially a distributed singleton VM with immutable state history), but NFTs etc ain’t it. Fintech will probably incorporate some of the stuff that came out of the blockchain craze, but I figure that at best it’ll be like Linux; most people who use the internet interact with Linux systems pretty much all the time, and of course Android is a Linux-based phone OS, but very few actually run Linux or even care about the whole concept. It’s just part of the infrastructure, which in my assumption some kinds of blockchain-ish technologies might be. Probably just not the public networks people associate with it now, but private / internal ones with limited validator sets etc
People keep saying there’s a valid use case for this but what is it? Basically any distributed ledger would actually perform better, be more secure, and be easier to use as a centralized database.
Basically any distributed ledger would actually perform better, be more secure, and be easier to use as a centralized database.
Performance is relative to what your goals are (extremely high transaction volume isn’t always something you need to handle, and also isn’t guaranteed to be impossible with a DLT either), and centralized databases / services aren’t always the best fit for every problem. Regarding security, well, I really don’t see how you came to that conclusion. Guess it depends on what exactly you mean with security?
Real estate is pretty commonly seen as the prime example of a field where a DLT is a better fit than a more “traditional” centralized service. As an example let’s say we want a system that could be used to record changes in property ownership, so you need auditable state changes and an immutable history, and you want some sort of guarantees that generally someone who’s not authorized to do something to a property isn’t going to be able to do it by just issuing a state change (ie writing to the DB.) Your stakeholders are probably going to be the local government, licensed real estate brokers (if that’s a thing in your jurisdiction), possibly all private property owners who want to sell their property etc. etc. You absolutely could build this with a “traditional” centralized service that eg. the GOBERMENT (or whoever trusted stakeholder) runs and operates, but then you have a single bottleneck that’s entirely dependent on a single stakeholder, and you still need to implement eg. audit trails for state mutations, access control, etc. etc. As I said it’s absolutely doable, but many of the things you’d do to build it are essentially just reinventing some sort of DLT but in a monolithic package and without any of the benefits. Take state immutability for example; you’d probably be building some sort of hash tree or chain anyhow but now you have to do both the hashing and the verification and validation manually instead of the infrastructure doing it for you, and it’s nontrivial to do right so the attack surface here is not going to be small in a home-grown solution. You’ll probably want to require that all state changes (transactions) are signed by a known trusted actor, so you’ll need to build that too, so here’s yet more attack surface. Also you probably don’t want to run literally just a single instance of your database so you’re going to want some sort of replication, which may need some legwork depending on the database system used. Compare this (non-exhaustive) list to what your average DLT framework like Hyperledger guarantees “out of the box”, where the infrastructure itself gives you guarantees about the immutability of history and who is allowed to make state changes to which parts of the state (in our fictional case you’d want a Proof of Authority consensus mechanism, so anyone making state changes would have to have a valid X.509 cert issued by some trusted CA, but with public reads as property ownership is a matter of public record), which is by default distributed so there’s no single point of failure, and is eventually consistent within known parameters and known behavior.
Distributed systems definitely do require more skill to operate so the benefits need to outweigh the costs (and they often do, which is why we eg. tend to use microservices for high volume systems), but I honestly fail to see how for example a project using Hyperledger tools (and there’s more than just the DLT Fabric), which are specifically built around privacy and security, would automatically be less secure than a centralized system where you have to build the same features yourself, meaning you just have to trust that you did everything right.
Well… Banking. I’m not going to write a long explanation like other commenters, but each bank having their independent ledger and syncronizing them each X time, with lots of manual intervention is not optimal. Ditributed Ledgers allow for banks to share the information with each other and for transactions to be done instantly, without dispute issues. This technology is already being used internally within the financial industry, and it’s going to stay since it facilitates a lot of internal work to the beenfit of the users.
Edit: As an extra point, these distributed ledgers are not really distributed between everyone, banks store them in secured environments and share them with other partner banks, in a controlled environment.
Electronic voting, maybe? But for most cases a transparently ran centralized ledger should work better.
People are still looking for problems to which blockchain is the solution.
So far we’ve found none.
Most of what you describe is the inverse: Problems for which blockchain is the cause, or at least part of the problem.
That a speculative digital asset with no tangible value could perform better than other objects of investments, including currency, should not be surprising, that’s just group psychology and concerted effort to make people want to invest in intangibles.
Argentinian currency might be tangible, but its valuation isn’t.
You’re right. A blockchain doesn’t solve the double-spending problem, so don’t create decentralized payment networks. Let’s use something like Paypal instead, you know, the one that will sooner or later merge with this single-letter company.
You can also use Google Pay or Apple Pay, and developers can use their stores to monetize their apps. Just 30% or so commission and the apps ‘adjusted’ to the stores’ rules (to be fair, there are not really soooo many trackers, right?).
Proof of provenance isn’t a use case either. Use Amazon servers. Microsoft Azure. They store all the data, and it’s safe.
We don’t need companies like drife.io or particl.io. We have Uber and Amazon. Centralized services are much better. They are so good for humanity that their companies don’t even have to pay taxes.
You’re pointing out plenty of good problems that wasting CPU cycles and lack of authority doesn’t solve.
Maybe if we actually looked harder for a solution instead of throwing one that doesn’t work on the problem and hyping it up to be everything that it will never be - we could actually get somewhere.
I mean it all sounds fine when people spin it, but take a step back and look at the problems inherit to the “solution”.
Just based on your phrasing and tone I’ll probably never convince you, but don’t trust me. There’s plenty of people out there who’s described the problem way better than I ever will.
And there are solutions to the problems you point out, they just don’t involve useless computing and executing arbitrary code.
But if you really want to get into fixing these problems you need to get involved with policy (ie. politics).
We need to fix politicians being elected thanks to corporate capital, both direct and indirect.
We need to fix tax regulation globally. We need to stop the race to the bottom where companies incorporate where they can funnel money back to the mothership without paying tax.
We need to fix education, so people get a clue and don’t elect corporate puppets or flat out fascists.
We need to fix healthcare.
We need to fix environmental policy, and thanks to the environmental policies for the last 200 years, the environment as well.
Heck, we even need to fix the Internet.
And all the idealism in the world - the idealist blockchain crowd becomes useful idiots because they’re busy with something that won’t work out (instead of pushing the world in a better direction).
I do however highly recommend a few talks with Larry Lessig:
And on DMCA (you may want to start with this):
I would beg to differ. It seems to be pretty useful for Software development. After all git repos are Blockchains. That being said: use a solution that fits your problem, don’t try to adapt a problen to your solution. Thats something a lot of the crypto- or AI-bros are apparently misunderstanding
After all git repos are Blockchains
No, git repos are merkle trees. Blockchains happen to build on merkle trees. Git is not blockchain.
I suppose it depends on how exactly you define a blockchain. If you add distributed consensus algorithms and a requirement for BFT resistance, then it clearly isnt. Its the usual issue with definition…
I have to wonder if it’s a solution looking for a problem or a matter of people trying to just throw stuff at a wall and see what sticks.
I think it also probably has to do with the sheer number of people trying to create something that every one of them has to learn that just because something exists, doesn’t mean you have to use it. They end up just building it hoping that people will come to use it, but sometimes you gotta learn the hard way that it isn’t always the case.
