varx @varx@infosec.exchange

I'm building a new thing for the Distributed 'Net, and I'd love company!

Cavern is a new journaling protocol focused on user agency, with end-to-end encryption and local-first design at its core. It has a social model intended to restore some chill to online communication, embracing non-public posting and manageably small social spaces. Check out <https://www.brainonfire.net/cavern/> for a rundown and links to code and discussion spaces!

​

I'd love to get in touch with people who can help guide the design. This can be technical, but really the *social* aspects are the most important for me to get feedback on—what I want in a social network is not what everyone else wants!

There are tradeoffs like "how important is contact list privacy vs. being able to meet new people" and people will have dramatically different perspectives on that.

Wat would make it easiest for you to share input? Following the GitLab repo to get notified of issues and pull requests? A mailing list? IRC channel? Hashtags on Mastodon? Other?

As far as I can tell, what's going on here is that AWS has network-level encryption between CloudFront and S3, which accomplishes the same goal. It's not *explicitly* there, which bothers me, but I think it's the compromise I'm going to have to make.

Whenever a package food says "new look, same great taste" -- that means they changed their ingredients, right? It seems to be the pattern as far as I can tell. Is there some law in the US that the appearance has to change when the ingredients change?

Is there a way to serve a static website off of Amazon S3 or similar and that meets the following criteria?

- Simple for a cloud services noob to set up
- HTTPS on all hops
- Serves index.html page when visiting a directory URL

Using S3 + Cloudfront I can get #1 (arguably) but then have to choose between #2 and #3 (because "serve bucket as website" disables TLS from Cloudfront to S3!) I don't *think* I want to have to set up a Lambda for this.

Any other options? Other providers that would make this easy and have good scale, low cost, and well-supported API access for uploading/syncing?

​

So help me, I'm a mod on one of those newfangled AI text-to-image Discord instances now.

People sure do some weird stuff.

How far can this model be pushed? What if I didn't just publish journal entries, but also Freecycle-style "here are things I want to borrow and can offer to lend", and people were able to *locally* perform searches on that data in their local social network?

What else could a desktop app facilitate, if it effectively had a map of the user's local social graph? Meetups? Introductions for dating, jobs, hobby groups? Restaurant/business ratings where you could actually trust the reviews?

Some of the ideas I want to explore:

- To what degree can social media "go dark"—become invisible to those who would be onlookers? Can we avoid the social ills of public posts while still meeting new people and new ideas?

- What if posts could be marked as "feel free to relay this to others, but only under this special pseudonym + signature" so that Very Good Ideas could percolate freely and become extremely popular, but the author could *later* opt into being identified as the original source?

- How "sloppy" can post privacy be as long as people are assured there is always a short social chain between authors and readers? Maybe I'm always fine with people I don't know reading most of my posts as long as they're friends-of-friends-of-friends.

Look, I'll be honest though: None of this is without a catch.

- People could use this system for bad things (terrorism, CSAM, the usual bugaboos) without hosters knowing. With good privacy you *always* have that risk.

- It's currently polling based. That could be patched over with a notifications layer, but conversations might be high-latency in the first iterations.

- Oh, and uh... it's mostly not built yet? There's totally a working client, but comments, rich text, key gossip, and some other things are only lightly sketched out at this point. That's why I'm looking for some kindred spirits!

I suppose you also can't control what other people are saying. You can keep them from saying it on your journal, but you can't keep them from saying it on *their* journal. You can't control who they talk to.

This isn't a federated system—there are no "instance policies". Everyone has to, and gets to, make their own choices. You could totally have shared blocklists, I guess. But they shouldn't be needed, since you'll be able to say "hmm, I want to follow this person's journal, but not those of their friends".

The one thing you're not in control over, if someone else is hosting, is the domain name. You'll still want to pick someone who's not a *total* flake.

But Cavern identity is designed to be nomadic. There's a signing key built in that will automatically authenticate any move you make to a different domain name, a different host.

And there's a design for a "gossip" system for propagating these updates in a safe and efficient way.

That's right, no moderation required!

That's because this is fundamentally a pull-based system. No push. You can write posts, you can comment on other people's posts, but you can't send a message to anyone who isn't already following you. If you want to do that, try email! That's what email excels at. (Stop reinventing email and its problems.)

So: No spam, because this isn't email.

But also no moderation, not in the usual sense. You are admin over your own journal, nothing more and nothing less. (This is just like on Livejournal or Dreamwidth.) Once comments are built out, you'll be able to delete, screen, block, etc. and won't have to beg some moderator to do the right thing.

The combination of these (cheap file servers, end-to-end encryption) means it should be easy *and* safe to host other people's journals, or have other people host yours.

Self-hosting is a luxury that most people can't afford (in time, money, or knowledge). But if it's cheap and easy, a handful of people could host for thousands.

That kind of amplification factor is what we need for distributed systems -- a few tech-savvy enablers who don't have to do any maintenance or moderation work at all.

There's a web of trust, but not the annoying key-signing-party kind; your desktop app should learn about some people's keys automatically via your friends, and will trust-on-first-use (TOFU) anyhow.

This is not intended for high-security, cloak-and-dagger social blogging. It's just enough to prevent casual abuses of power. (You *could* make your Cavern app be more distrustful, but you couldn't make other people do that.)

But seriously, the coolest thing about Cavern is that you can host it on any HTTP server. And that means you don't have to "host" it so much as find someone with a domain name and a file server, which could be anything from a box in the basement to Amazon S3.

There's no server software to deploy!

If you ever thought, "Hmm, this new 'Livejournal' thing all the kids are talking about is *pretty cool*, but what if it was also private from server admins and used a static site generator"... then wow, do I have the protocol for you!

I wrote a couple of small scripts to download the images I've made with DALL-E and Midjourney:

- https://github.com/timmc/dalle-history-sync
- https://github.com/timmc/midjourney-history-sync

DALL-E doesn't have a downloader at all, last I checked. Midjourney does, but doesn't include complete prompts. So here you go, have fun.

(These aren't just downloaders, they're syncers—you can run them repeatedly and they only grab the new stuff.)