this post was submitted on 16 Oct 2024
14 points (93.8% liked)
Decentralization
172 readers
6 users here now
All things and everything about decentralization: news, announcements, proposals, and discussions about decentralized apps, protocols and communities.
- decentralized web (dweb)
- peer-to-peer (P2P)
- file-sharing (e.g., BitTorrent, IPFS, and Gnutella)
- self-hosting
- federation (e.g., ActivityPub/Fediverse and Bluesky)
- federated apps (e.g., Mastodon, Lemmy, and Pixelfed)
- cryptocurrencies (e.g., Bitcoin and Ethereum)
Rules
- Be polite and follow the rules of our instance lemmy.world.
- "Follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others."
- With respect to peer-to-peer and file-sharing technologies, refrain from posting illegal content (piracy) or links to it.
- With respect to cryptocurrencies, refrain from
- posting initial coin offerings (ICOs) and giveaways
- posting referral and promo links/codes
founded 4 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So, one big drawback to your system is that it could be used as a command-and-control node for a botnet.
Since IPFS is a hash table, generally it's going to be incredibly difficult to find a hash collision with an existing file. So you'll need the link any ways. Since changing the file changes the hash, it can't be used to communicate through - it is always simply a file storage.
But with Tenfingers, once the link is out there - the data can change. This means it wouldn't be difficult to use a file itself for communication - you'd only need to point someone at the file, and since the hash never changes, you could theoretically control a botnet through it.
Granted, at the same time - this could also be used for "encrypted" communications, so long as Tenfingers itself doesn't keep track of hashes. If it keeps track of the existing hashes, then technically it has every link available to the network and thus, also has the ability to break the encryption, right?
If someone has the link - generally those are retrieved in plain-text. Even with an HTTPS connection, you're asking the server in, basically plaintext "give me the data for [X]" -- do you guard against that somehow?
Okay, so first of all, Tenfingers is wildly different compared to IPFS or say Filecoin, it's another underlying paradigm.
There are no "hashes", the nodes are trust-less, and everything is encrypted.
Which means that if you have the link to a data, you can retrieve it, and decrypt it. If you don't have the link you cannot do either.
The link is not a hash like in IPFS but a small collection of information, like how to connect to the nodes, encryption key etc.
So, in order:
If you have a bot net, you don't need tenfingers to control it. But sure, you could I guess, like you could control a lamp with it. A normal web server can do the same thing ofc.
Yes you can use the data for communications, that is actually the idea behind the protocol. You can have a web page that "communicates" with other people for example, by you updating it when you want to communicate something. You can even share links to other webpages shared with tenfingers, and they can link back to you.
I hope that explains it, but just to be a bit more precise, there are no hashes, instead the IP:ports are used (several if you overshare) so that the link only knows exactly who to call (and that's all secured so you can't just randomly try to get random data).
Hope it helps, it is a quite different system, so please say if there is something unclear!