Hello and thanks for making this community!

I would like to ask a question, I’m the creator of the Tenfingers sharing protocol, and a decentralised FOSS implementation of it.

You can basically have a decentralised web site or share data with anyone.

Would it be appropriate to post asking for help here? Testing and ideas for the future mostly I guess.

Cheers

  • GHiLA@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 months ago

    As someone who wouldn’t use this to spread terabytes of pirated media to others, could this hypothetically be used to spread terabytes of pirated media to others?

    • Valmond@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      2 months ago

      Well, theoretically then, it’s not made to handle terabytes in terabyte chunks (as when you share, someone else is needed to have something to share roughly the same size), it’s more thought for megabyte chunks of stuff, like a website. Downloading/uploading would be hasardous too for a TB chunk as most people only have megabit speed internet.

      So it’s not that it isn’t possible, but you would probably have to chunk up any (legal) data in say 1GB chunks, so that your chunks get shared. If everyone shares 1GB videos of their holidays (for example), it would work easily because your chunks would have people needing to share them.

      Edit: edited for clarity

    • Valmond@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      2 months ago

      Technically its very different (please do ask if you want to know more!). Usage wise it is a sort of distributed “file system with links” (IPFS is more of a distributed hash table) and it has some base differences:

      • When you change your data, you reuse the same link. So no need to redistribute it.

      • You share other peoples data. It’s the incentive, they share yours because you share theirs. So no need for benevolent nodes like in IPFS.

      • If you overshare (share data from several nodes so that they all share your data) your data is accessible even if your PC or most nodes are down, it makes it potentially very robust and takedown safe. I don’t really know how IPFS handles it when several nodes go down.

      • In my opinion, Tenfingers is very easy to set up, IPFS not so much, haven’t checked it out in a year or three though so that can have changed.

      • IPFS has a very cool name, but Tenfingers too, right :-) ?

      Cheers

      Edit: another difference is that Tenfingers encrypts everything, so without the link you cannot access the shared data in any way, neither by error nor malice. IIRC IPFS link is just a hash, I don’t know if/how the data and its transfers are secured either.

      • kitnaht@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 months ago

        So, one big drawback to your system is that it could be used as a command-and-control node for a botnet.

        Since IPFS is a hash table, generally it’s going to be incredibly difficult to find a hash collision with an existing file. So you’ll need the link any ways. Since changing the file changes the hash, it can’t be used to communicate through - it is always simply a file storage.

        But with Tenfingers, once the link is out there - the data can change. This means it wouldn’t be difficult to use a file itself for communication - you’d only need to point someone at the file, and since the hash never changes, you could theoretically control a botnet through it.

        Granted, at the same time - this could also be used for “encrypted” communications, so long as Tenfingers itself doesn’t keep track of hashes. If it keeps track of the existing hashes, then technically it has every link available to the network and thus, also has the ability to break the encryption, right?

        If someone has the link - generally those are retrieved in plain-text. Even with an HTTPS connection, you’re asking the server in, basically plaintext “give me the data for [X]” – do you guard against that somehow?

        • Valmond@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Okay, so first of all, Tenfingers is wildly different compared to IPFS or say Filecoin, it’s another underlying paradigm.

          There are no “hashes”, the nodes are trust-less, and everything is encrypted.

          Which means that if you have the link to a data, you can retrieve it, and decrypt it. If you don’t have the link you cannot do either.

          The link is not a hash like in IPFS but a small collection of information, like how to connect to the nodes, encryption key etc.

          So, in order:

          If you have a bot net, you don’t need tenfingers to control it. But sure, you could I guess, like you could control a lamp with it. A normal web server can do the same thing ofc.

          Yes you can use the data for communications, that is actually the idea behind the protocol. You can have a web page that “communicates” with other people for example, by you updating it when you want to communicate something. You can even share links to other webpages shared with tenfingers, and they can link back to you.

          I hope that explains it, but just to be a bit more precise, there are no hashes, instead the IP:ports are used (several if you overshare) so that the link only knows exactly who to call (and that’s all secured so you can’t just randomly try to get random data).

          Hope it helps, it is a quite different system, so please say if there is something unclear!

    • Valmond@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      Thanks!

      Yes I’m not advocating for illegal things (but thanks for pointing it out), I advocate for decentralised data sharing, for example your website, a personal-“book” (a crude script for that already exists), a chat (exists, also very crude), share some file without uploading it to google or amazon etc etc etc.