Shelter Protocol: End-to-end encrypted, federated, user-friendly web apps

I really wonder why is it so common for people to default to JSON even when designing complex cryptographic protocols like this. I was skimming the spec for the script interpreter, which is something you&#x27;d expect would be focused on compactness, but it seems like it&#x27;s designed entirely around JSON semantics and concepts, which means any implementation necessarily carries along this complexity. This isn&#x27;t to say that JSON is bad, but to put it at the absolute core of the data model seems problematic. This problem happened with Matrix when they started having to layer JSON around base64-encoded-encrypted-JSON and generally the looseness of the format infecting the entire data model of the protocol.<p>Like the SPMessage format here too, uses JSON.stringify to indicate structure encoding, which necessarily implies that any implementation of the protocol is bringing along needing to handle JSON semantics. JSON does not seem to be well-suited here as it doesn&#x27;t composing cleanly in the way a data structure defined in terms of bytes would.

&gt; End-to-end encrypted, federated...<p><a href="https:&#x2F;&#x2F;shelterprotocol.net&#x2F;en&#x2F;federation&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;shelterprotocol.net&#x2F;en&#x2F;federation&#x2F;</a><p>&quot;Federation: Coming Soon!&quot;<p>And I&#x27;m seeing a lot of &quot;under construction&quot; and &quot;coming soon&quot; in other parts of the protocol which seem critical to functionality, to the extent that I can&#x27;t see how this protocol is even meant to fit together.

Hey greg! Glad to see the recording of the D&#x27;Web presentation made it online [0], &quot;Most of today&#x27;s web apps have privacy settings, but none of those privacy settings are real. We didn&#x27;t want to be one of those companies that gave our users privacy settings, and effectively be lying to our users&quot; is a great problem statement.<p>For the blockchain skeptics, good news, it&#x27;s not a blockchain: it&#x27;s a distributed virtual machine without waste-heat-enforced-global-consensus. Of course it&#x27;s much faster to see &quot;smart contract&quot; and hit the back button than investigate a new way of doing things so Shelter has their work cut out for them.<p>[0] <a href="https:&#x2F;&#x2F;youtu.be&#x2F;PKjwUagTq-U" rel="nofollow noreferrer">https:&#x2F;&#x2F;youtu.be&#x2F;PKjwUagTq-U</a>

Off topic - is this webpage impossible to back-button out of without double-clicking? I really, really hate that.

Am I right to read this as a replicated, optionally encrypted, append-or-kv-set &quot;database&quot;? With a mechanism for adding identities which can control each &quot;primary key&quot; of sorts?<p>I think I&#x27;m not following how the checksums are produced (are you going to serialize and replicate the code too? seems odd if you&#x27;re going to include Vue in that serialized data...), nor how that does much at all different than an append-only log would achieve (maybe you can compress kv-sets and discard the history after some time?)... but docs are somewhat incomplete so maybe that&#x27;s just not covered sufficiently yet. Or I skimmed too quickly and missed something.

&gt; This virtual machine defines operations (“op codes”) for managing keys, defining so-called &quot;smart contracts&quot; (computer programs), and performing both encrypted and unencrypted actions.<p>I suspected that was going to be in there

But I already have end to end encryption - that&#x27;s literally any sensible TLS configuration, and what iOS requires for apps unless they explicitly opt in to allowing weak connections.<p>Responding to the nonsense introduction:<p>&gt; By design, traditional web applications enable server administrators to monitor all user activities.<p>That&#x27;s a choice. What is the compelling reason for a company that wants to monitor the use of their apps to use a system that ostensibly says you can&#x27;t?<p>&gt; Although these web apps offer “privacy settings” to users, they fail to provide any real privacy protection.<p>Yes, because the options are either the data is inherently insecure, or the data is fully encrypted. Governments and users both have difficulty with this concept: you cannot have data security and also backdoors, you can&#x27;t have data security and also &quot;I have lost every component of my account identity: devices, passwords, and passcodes, but want you to recover my data&quot;.<p>This is ignoring companies for whom &quot;privacy settings&quot; are an intentional lie (Facebook, Google, ...), and again, why would such a company adopt a platform that ostensibly forces lack of spying?<p>&gt; Shelter Protocol introduces new ways to handle logins and data storage on the server while preserving the conventional username&#x2F;password experience that users are familiar with.<p>The username&#x2F;password system people are familiar with is widely understood, and clearly demonstrated, as being bad for security.<p>&gt; Instead of storing data in a database in clear text on the server, data can now be end-to-end encrypted and synced across multiple devices, and even across servers operated by different individuals.<p>Already completely doable, and the companies that don&#x27;t do so have chosen not to, for a variety of reasons - some good, some bad, but those reasons are not because encrypting content securely is hard.<p>&gt; The Shelter Protocol (SP) defines operations for a high-level, lightweight, federated, end-to-end encrypted virtual machine.<p>Or you can use JS, which is already available, runs on every machine that exists at this point (is this good?), is already federated: any device can run any JS you send it.<p>&gt; [remainder of front page]<p>Largely nonsense.<p>* Key concepts *<p>&gt; Since every action in SP is signed using a user’s private key, which in turn is derived from their password<p>So it&#x27;s bad crypto. Huzzah!<p>After this I got bored reading this nonsense.<p>There&#x27;s no actual justification for why this magical VM is necessary or good, nor any explanation of how they&#x27;re going to make it &quot;federated&quot; (because despite advertising federation, it does not appear to be), what they consider federation to be, or why that is good.<p>Their one example app does nothing that requires any of their advertised features - literally every part of this could be done with existing web tech, and largely be done better.

Federated.<p>User friendly.<p>Pick one.<p>Federation is mistake. IRC is dead, Usenet is dead, email SHOULD be dead.<p>Federation sucks and causes no end of issues.