22 May 2011
Jon Crowcroft pointed me to Safebook, a peer to peer social network developed by a team of researchers at Eurecom. Eurecom is research lab and engineering school in Sophia-Antipolis, and I used to have closed contact with them 15 years ago, when I was researching networks at INRIA in Sophia-Antipolis. The Safebook work appears very interesting, and I am happy to see that Sophia-Antipolis continues to produce interesting networking project!
I have yet to finish reading their papers, but the general architecture of Safebook appears quite nice. The general idea is to replace the centralized repository of social interactions by a peer-to-peer network, and to also use this peer-to-peer network to relay transactions and obfuscate the source and origin of traffic, much like what is done with Tor.
The obvious issue with such architecture is the relative weakness of P2P networks against determined intruders. Classic architectures based on distributed hash tables are rather easy to penetrate by determined attackers. They would set up their own nodes, participate in the network, and either observe the traffic or in some cases selectively disrupt it. They use a centralized identity server to assign unique identities to network participants, which if done correctly could mitigate the "sybil" attack. The network appears organized around expanding circles of trust which they call "matriochkas," and they replicate the user data on a small set of trusted peers, instead of the random nodes of classic DHT, which should contribute to better reliability. I think I will spend some time reading a bunch of papers!
Of course, a sound architecture does not guarantee success. The centralized nature of Facebook may be a target for all kind of interferences, but it is also very popular and very convenient. Being almost as good but way more private appeals to guys like me, but not always with the general public. It will be interesting to see whether we can develop specific services that can work peer to peer in Safebook but would be hard to develop in centralized services like Facebook or Twitter. I suppose that's for the next project!