The document proposes a PGP-based social network called "PGPBook" that combines PGP encryption, the PGP web of trust model, and a friend-to-friend network structure. It would use a user's PGP public key and locally signed keys from friends to build a social graph and verify accounts. The goal is to provide more privacy and authentication than typical social networks by leveraging PGP's cryptographic features while expanding its use. Concerns include reliance on secure private keys and lack of mass adoption of PGP. Feedback on the concept is welcomed.
2. PGP based social network
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
combination of hashing, data compression, symmetric-key cryptography,
and, finally, public-key cryptography
data encryption and decryption computer program that provides
cryptographic privacy and authentication for data communication
often used for signing, encrypting and decrypting texts, e-mails, files
PGP software usually constructs the user ID from the Real Name,
Comment and E-mail Address, ex.:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
3. PGP based social network
http://en.wikipedia.org/wiki/Web_of_trust
PGP products have included an internal certificate 'vetting scheme'
a trust model to establish the authenticity of the binding between a public
key and its owner
PGP public keys can be digitally signed by other PGP keys, if they are
confident the key actually belongs to the person who claims it. Generally
happens at key signing parties
4. PGP based social network
http://en.wikipedia.org/wiki/Friend-to-friend [Network]
A friend-to-friend (or F2F) computer network is a type of peer-to-peer
network in which users only make direct connections with people they
know
5. PGP based social network
PGP
+
Web Of Trust
+
Friend2Friend Network
=
PGP-based Social Network
Call it "PGPBook" for now
6. PGP based social network
How it could work
Account creation:
Regular user registration
User sets PGP key ID in the registration form
E-mail verification, containing verification link, is encrypted with the user's
public key and sent to the e-mail associated with the public key (in the user
ID)
7. PGP based social network
Friends network/social graph
PGP User (not pgpbook user) A locally signs (trust model) PGP user's B
key and exports to public key-server(s)
pgpbook polls public key server(s) periodically (and/or on-demand) and
synchronizes/imports user B into user A's social graph
Expanding
8. PGP based social network
Why (it's not really a bad idea)
http://www.dailykos.com/story/2011/02/16/945768/-UPDATED:-The-HB-
Gary-Email-That-Should-Concern-Us-All ("sockpuppets")
http://www.google.pt/search?sourceid=chrome&ie=UTF-
8&q=facebook+privacy+issues
9. PGP based social network
Related ideas
client-side browser encryption/decryption seems possible (although it
raises security issues):
http://www.google.pt/search?sourceid=chrome&ie=UTF-
8&q=javascript+pgp
perhaps it's something that could be implemented within existing socials
apps instead of a full fledged social network
10. PGP based social network
Downsides
trust model dependent on private key security
PGP use is not massified
11. PGP based social network
Suggestions and feedback
zemanel@zemanel.eu
irc://zemanel@irc.freenode.net
@zemanel