I found the following effort to implement an open source version of iCloud’s end-to-end encryption offering: Slashdot
They ask specifically for help - and I think the Logos tech stack can be particularly suited for it, with Waku and Codex taking care of the required decentralized communication and storage respectively.
Interested in your opinions whether it’s something that our tech stack could help with and if it’s worth getting involved 
Good catching this in the wild!
Seem like th repo with spec draft is available here: GitHub - OpenADP/openadp: Open source Advanced Data Protection for everyone
Reading it, and maybe I am missing something or not seeing the whole picture, it sounds like it could be relatively straightforward to build this using Waku, Codex and Threshold TACo (https://docs.taco.build/)
TACo already implements the T-of-N scheme they mention - but with significantly more flexible way of setting the rules for who can actually decrypt the data
They talk about using TLS tunnel from client to Cloudflare and then further to the OpenADP server using Noise-KK - this seems like it will a) heavily rely on Cloudflare, so could be easily censored/shutdown, b) could leak some private metadata - Waku could provide the client-server(s) communication infra
They assume the encrypted backups are uploaded to cloud - so this could be Codex, obviously
Guru’s Cyphershare now integrates all 3 technologies and I’d be genuinly curious if this is something that could be prototyped on top of it. Even if not, it seems like all the knowledge gained from Cyphershare could be really useful here:)
The author has an email on Github (waywardgeek (Bill) · GitHub), so it might be worth trying to reach out - happy to do it, or you can @gabrielmer
I’ll share this post with Guru an TACo guys, let’s do it!
One note I forgot to add, I am sceptical about this claim in the repo:
When turned up, time, whole world will be able to securely E2EE encrypt their data for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service.
We know too well that things are rarely free and free things are too easy to take down (especially important things with powerful opponents).
So I think the approach of making this infra available entirely for free is not gonna work - especially given nation states are blocking it already and especially without strong privacy and censorship resistance guarantees. Hence we should make it our goal to explain how web3 technologies and ecenomics would/could actually enable that
Amazing! It does seem we have both the technology and the knowledge to make something like this happen.
I also saw in Joining the effort · Issue #1 · OpenADP/openadp · GitHub that they have a Discord server, so we can communicate either via Discord or email.
If you could do the initial reach-out that would be best I think, you are for sure more knowledgeable on the matter than I am :)) I can of course support in anything anytime.
We know too well that things are rarely free and free things are too easy to take down (especially important things with powerful opponents).
Agree 100% - costs and incentives have to be in place in order for it to work. We will see how they respond to feedback, it clearly wouldn’t make sense to spend any effort in something going in a direction we don’t think is going to work.
So it will be really important to get an idea on how open they are to input and if critical issues we find in the spec are addressed
I’d counter a little that while providing something openly for free doesn’t work (allowing for unbounded use of a communal resource, leading to classic tragedy of the commons outcomes), it is fair that now with the advent of zk membership sets (RLN, zkpassport etc), it is possible to now establish an agreed upon “commons” - e.g. “each person has the fundamental human right of storage for 50mb” or similar. This seems like a good way of enshrining a common good, providing utility to many - and then it’s from these commons other enterprises spawn (and through which they would likely greatly exceed free storage guarantees, and have to pay for such a service).
Yes, I agree that there could be some “free tier”, but that free tier still needs to run on a robust infrastructure and someone has to pay for that. Depending on the design, maybe an “altruistic” tit-for-tat model could work - I get the service, because I offer a service, or something build on the “trust/social networks”.
Anyway, I like free things, I am just sceptical
Hi, folks! IMO, there is a catastrophic loss of privacy on the horizon which will happen when big tech allows secret mass surveillance. Perhaps the interesting part here is that Apple and Google fought it, and continue to fight it. Historically, this was not the case.
I would like to help prevent this, in any way I can. I don’t care it it OpenADP or some entity on Logos that makes it happen. I just want to see the world moving in a sane direction. Anywhere you folks can help OpenADP, or vise-versa, to achieve the goal SGTM (sounds good to me).
TACo sounds the closest. I’m quite familiar with ElGamal threshold cryptography, and zero-knowledge proof frameworks for building it all trustworthy.
Can TACo fill this need now? We need to authenticate by logging in to register a backup secret, and later logged in users need to prove to a threshold of nodes that they know their phone unlock secret. If they make 10 incorrect guesses to a node, that node needs to refuse to allow any more guesses.
The systems I’ve worked on that are similar to this do not reach consensus between nodes, so by involving only a threshold of nodes per guess, you can get more guesses. This is OK. For example, in a 9-of-15 threshold scheme, they can get 16 guesses instead of 10.
Does TACo also solve the global consensus problem? Can it track per-user state like a bad guess counter?
Are folks here crypto anarchists? In the past I’ve been severely flamed for suggesting compromising with authorities.
IMO, we’re reaching the end of being able to turn off “exceptional access” to all protected data 100% of the time, like Google/Apple’s Advanced Data Protection does. I suspect that the best we can do is one of:
Probably, going underground would lead to only a small fraction of folks ever using it. That leaves making a compromise. IMO, it is better to be the party offering the compromise if we want it to be something we can live with.
Can TACo nodes evaluate a set of publicly verifiable conditions for agreeing to release a secret to some 3rd party?
A design I’ve worked on in the past was to allow arbitrary smart contracts (web assembly) define conditions for secret share release. As an example, maybe we could allow say 0.0001% of secrets managed by the system to be handed over in any jurisdiction to a third party per day. Then authorities in each jurisdiction could do their own prioritization to determine which user data is the most critical.
Another similar situation is when a user dies. Google has a significant effort to help families recover data in this situation. You’d be surprised how many people are unprepared for a death in the family and need access to bank counts, etc. Here’s a situation where a threshold of family members might be able to obtain account access if they use their signing keys.
Another example is when families reach out to Googlers who escalate account access internally. Usually this is a time critical situation where someone’s safety is at stake, and any reasonable person would immediately allow access to the user’s account by the family.
Sometimes families need immediate access to a family member’s recent location history. Abuse by governments of Google geofence search capability led to Google turning it off. This was the right decision, IMO, but it would be better to continue allow exception access in the most critical situations.
So, are the TACo folks ready to help create a compromise?
Are folks here crypto anarchists?
I would say that many people here do define themselves as crypto-anarchists and many don’t, but everyone cares a lot about privacy and censorship-resistance. Take it with a grain of salt because I can’t speak for other people, but that’s my perception at least.
As @vpavlin commented on Discord, I think there’s space for the privacy guarantees to be tunable and being able to cater to users that don’t accept any compromise on privacy, while having a “mainstream” version with the compromises needed to be available on app stores. As long as the software is modular and well architected, there shouldn’t be any issues on that I believe.
At the end of the day, if we want to bring the highest possible privacy guarantees to the masses there will be compromises to be made - that’s being realistic. Sometimes where to draw the lines regarding compromises is a grey area and that will inevitably bring lots of contention.
I think that as long as there is a way to use it in a fully private way if someone wants to set it up, then the project brings value to everyone. The compromises in order to make the service available to the masses can be done empirically to bring the maximum amount of value to the maximum amount of people.
But I do think that from the get-go there should be clear privacy guarantees for the most private configuration. Otherwise, many contributors will find out mid-way that the project in which they invested time and effort doesn’t match their views and will render it as a waste, and many won’t attempt to contribute at all as there’s no clear guarantees to what exactly will be achieved in terms of privacy (and many of the compromises can’t be known before the fact)
100% agree with the “catastrophic loss of privacy on the horizon” and that we need to do our best to prevent it. I think your proposal for OpenADP (I like the name, although my brain keeps chaning it to OpenLDAP whenever I try to type it:D) is great, so from my perspective, I would love for us to contribute to OpenADP while making sure we can leverage truly decentralized, permissionless and private technology.
As Gabriel said, there is good mix of humans here - some hard core crypto-anarchists, some cypherpunks, some want to break the governments, some want to build parallel societies:) But we are all open source devs who want to build better future.
Privacy is not secrecy. Privacy is the power to selectively reveal oneself to the world.
I like your thinking about recovering data when a user dies etc. - having safetynets is improtant.
I will let TACo folks to answer the questions aimed at them (they promised they will:D).
TACo contributor here. Thank you for bringing this important initiative to our attention!
I tend to agree that requests for blanket access to encrypted backups are likely to continue, which will either result in compliance+backdoors or e2ee deprecation. The latter carrying the extra risk of being a pretext for more corporate surveillance – if Apple can’t legally offer true privacy as a marketable value prop, then they’re more likely to get into the lucrative data harvesting game.
Yes, that is precisely what the TACo node client is set up to do – the software used to be called ‘Conditions-Based Decryption’.
Access to secrets can be predicated on Web3 state (i.e. arbitrary smart contract calls), Web2 state (i.e. retrieve state from JSON HTTPS endpoints), or time-based (currently blockchain-based timestamps). Conditions of all types can be composed into sets, or combined with calls, into pre-constructed sequences or IfThenElse logic. I mention all this because the conditions under which a user would/should relinquish access to their e2ee cloud storage or backup will likely be quite complex, accounting in advance for a wide range of preferences, laws, and corner cases.
100% agree – this is a great reason to use public, immutable, verifiable and auditable conditions, so the end-user isn’t trusting an authority to store, execute or vouch for this logic. Access conditions can also be selected/tuned by the user directly, down to a per-ciphertext granularity.
One of my colleagues will respond with more on this, but on the face of it the authentication + registration you described seems feasible. Logging failed recovery requests may require TACo’s programmatic signing service, which leverages the same population of access control nodes to collectively validate stuff (like a bespoke oracle).
One of TACO’s adopters has developed a pretty sophisticated protocol for posthumous secret recovery, utilizing dead-man switches + VDFs + TACo. Check out BqETHz