Comment on Why selfhosted social media protocols are hated ?
rinse@lemmy.world 4 days agoPlebbit is text-only, images are not hosted on the protocol anywhere. Although you can embed a link to an image within your comments or posts. Eventually we will think of a design for p2p image hosting but it’s not high priority right now, also it could be abused easily.
Locate bob given a name or some other ID At the moment we use key-value trackers similar to bittorrent trackers, Bob in this sceneario would post their content CID (content identifier, similar to hash) with addresses they can be reached through (quic, webtransport, websocket, https, etc).
If we assume Bob in this is a community with human name like cats
, then the backend of Plebbit will resolve the text records of the domain to find its IPNS address, which then can be queries from trackers to find Bob, or anyone else who has the content of Bob’s community.
Verify that it is indeed Bob (and not someone pretending to be Bob)
Plebbit uses IPFS for its backend, which is based on content-addressing. You always get what you ask for.
Prove to Bob that I am indeed who I say I am Each comment/vote/edit published by users to communities is signed with ed25519 keys.
Send that cat picture without anyone in the middle snooping on it
Depending how you connected to Bob, if you connect over a websocket or any encrypted protocol it will encrypted and nobody can snoop on you.
savvywolf@pawb.social 4 days ago
It still looks like you’re relying on IP addresses, which means if you want to host a Plebbit server (sorry, “always on peer”) you need one of the following:
rinse@lemmy.world 4 days ago
Did you mean a community (subplebbit) here? Or did you mean running your own client instance, like Seedit?
If you still wanna host it with someone else, you could have the address of the community be a blockchain name system tied to a wallet you own, and then give the hosting provider your database (which contains your IPNS private key). The hosting provider will receive and publish updates on your behalf, but in the case they went rogue, you can update the text records of your domain to point to a new IPNS you fully own.
So even this way, the hosting provider doesn’t really have a lot of power over the community owner.
You can use relays/tor/vpn to obfuscate your real ip address. The peers in the network won’t know necessarily that IP address <x> is running these specific communities, just in the same way you don’t know if a random bittorrent seeder is person who originally created the file and uploaded it.