Data and security breaches are becoming increasingly common, highlighting the vulnerabilities of existing messaging and communications platforms. Devising computational tools and systems that better protect sensitive data against malicious attacks is therefore of utmost importance.
Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.
Publishing everything on a blockchain means that everybody who's running a node has access to a copy. If confidentiality of communications is an issue, this may as well be a data breach with a few more steps. Also, how does giving everybody running a part of or monitoring the blockchain equate with "control over personal data?"
Centralized control: Only one entity can see it. Blockchain: Lots of third parties run a node, so every node can see it.
Each channel has a separate ledger: That makes surveillance of a particular communications channel much easier. Thanks. Also, each user has to have a keypair; great for pseudnonymity, lousy for repudiability.
Messages cannot be altered but they can be audited to prove their metadata. Did they learn nothing from the Obama administration? At this point in the paper I can't shake the feeling that this is a deliberate effort to invert all of the properties of privacy.
Smart contract: Yay, more deliberately memory unsafe programming. I guess they never played with Core Wars as kids, either.
An attacker would be unable to breach the network: An attacker would just have to stand up a node. If channels are side ledgers on a blockchain, and the network assumes that nodes can come and go (which they all do, as far back as bitcoind), any node can join, say "Hey, I'd like to join this channel," and get at the very least a pointer to the side ledger for that channel.
Long-term storage of communications is dangerous, mm'kay?
Fuck no. What is better is p2p, or federated. No Blockchain is needed, and this is one of those examples where Blockchain is jammed into something where it really doesn't need to be, nor should it be. The last thing we want is for our encrypted messages be permanently stored. Element is federated, and they're working on getting it to be p2p. Some nerd will probably mention XMPP too.
Notably, in Quarks, every user operation and information exchange that takes part on a channel is carried out via the ledger's so-called smart contract. In practice, this means that no-one outside of a channel should be able to send or read messages on it. In addition, all messages on the channels cannot be altered or edited, yet they can be audited, meaning that users should be able to derive information about when they were created, sent, delivered, and so on.
Ah, yes. I definitely want anyone in the world to figure out who I'm communicating with by checking the timestamps of when various messages were delivered. Much like how the "anonymous" Bitcoin could be pretty easily de-anonymized just by checking where various bitcoins go and inferring who those wallets likely belonged to.
I'm not entirely convinced this needs a blockchain. I guess Hyperledger (Fabric, I'm assuming) is a handy way of guaranteeing a total order for a channel's messages / events and making sure history is immutable, but it seems a bit unwieldy for a distributed messaging app despite being somewhat modular.
Most of their goals aren't specifically dependent on anything blockchain-like, and the ones that are seem like they could be implemented in a much "cleaner" way than having to bring in Hyperledger and all that it involves
There are lots of knee-jerk reactions because people saw the word "blockchain" in the title. It's as intellectually lazy as the shills who refuse to criticize the crypto industry for its shady parts
This just sounds like a decentralized Slack, with a blockchain to ensure all nodes have the same data. The details are sparse, but this sounds like a proof of authority system to achieve consensus between authorized nodes in the network. No cryptocurrency involved. It's just using blockchain as a consensus algorithm between decentralized nodes(which is what it was designed for).
It doesn't say, but since their target demo seems to be enterprises, my guess is that the idea would be companies run their own node in the network, which would allow a high degree of security and be interoperable with other enterprises.
"But you could use a federated system..."
I'm all for the growth of the fediverse, but it still has many problems. If you're running a large enterprise that needs a guarantee that all your messages are synced, in the right order, and nothing has been removed later, a proof-of-authority blockchain is a better system than something federated