Hi, the service seems gone, and also Firefox refuses to visit because of a self-signed certificate. 
yes, sorry for not updating this thread. the service is gone and I refunded users. 
Topic: [ANN] ecsda.org: Diaspora node for Bitcoin users (Read 1518 times)
Hi, the service seems gone, and also Firefox refuses to visit because of a self-signed certificate.
Is there a registration problem right now?
I have sent the fee but my username and email is not known to the system.
Even though I received the welcome Email.
I have sent the fee but my username and email is not known to the system.
Even though I received the welcome Email.
Hi, I just saw your message and sent you a PM.
indeed, it seems there was a problem with the payment processor. I will activate your acount manually.
Edit: the problem has been solved, and your account has been created. sorry for the delay.
Is there a registration problem right now?
I have sent the fee but my username and email is not known to the system.
Even though I received the welcome Email.
I have sent the fee but my username and email is not known to the system.
Even though I received the welcome Email.
Please note that private messages encryption is not activated by default when you first login.
You have to visit Settings->Privacy and enter a passphrase. Your encryption keypairs will be derived from it.
The passphrase is not sent to the server, it is stored locally (cookie)
You have to visit Settings->Privacy and enter a passphrase. Your encryption keypairs will be derived from it.
The passphrase is not sent to the server, it is stored locally (cookie)
Per communication? So you exchange the key with someone? Ah okay, that would explain it.
I understood client side encryption merely as a feature that the encrypted messages are stored in the database so that not even the pod owner can see them, but users on other pods that don't have the same feature would then not be able to decrypt them (regardless of what diaspora additionally does in inter-pod communication), even if they are in your aspect.
I understood client side encryption merely as a feature that the encrypted messages are stored in the database so that not even the pod owner can see them, but users on other pods that don't have the same feature would then not be able to decrypt them (regardless of what diaspora additionally does in inter-pod communication), even if they are in your aspect.
well, it is more complicated than that... if you send a PM to someone who has enabled client-side encryption, then your message will be encrypted with their public key, even if they are on a different pod. Once received, the message will be decrypted by their client, not by their pod. The pod only sees it encrypted.
But of course, Diaspora also has its own encryption layer, so you have to see this as an extra layer of encryption, where private keys remain in the browser.
Here is a description of the system made by Justin Thomas: (source: https://ser.endipito.us/tags/serendipitous)
Quote
For purposes of posterity, here is how my cryptosystem is designed:
Four keys are generated for each user, one key for each of these purposes: encryption, decryption, signing, verification.
The decryption and signing keys are encrypted to the passphrase specified by the user.
All keys are stored on the server.
The passphrase is stored only in the user's browser using the HTML5 localStorage facility. Unlike traditional cookies, objects in localStorage are never sent over the network (unless explicitly made to via an AJAX call or something like that). This setup means that you need to re-enter your passphrase on any additional browser that you want to use to view encrypted messages (hence the reason for my first enhancement in my original post above).
Encryption and verification keys are made public to all Diaspora users as part of each user's webfinger profile.
When a private message is sent, a lookup is performed to verify two things: that a decryption key for the sending user is available and that an encryption key for all recipients exists. If both criteria are met, the message is encrypted prior to being submitted to the server. If either are not met, then the message is sent unencrypted.
I'm actually not using the signing and verification keys with Diaspora right now because D* already has it's own message signing mechanism and I don't see much point in duplicating that functionality.
Four keys are generated for each user, one key for each of these purposes: encryption, decryption, signing, verification.
The decryption and signing keys are encrypted to the passphrase specified by the user.
All keys are stored on the server.
The passphrase is stored only in the user's browser using the HTML5 localStorage facility. Unlike traditional cookies, objects in localStorage are never sent over the network (unless explicitly made to via an AJAX call or something like that). This setup means that you need to re-enter your passphrase on any additional browser that you want to use to view encrypted messages (hence the reason for my first enhancement in my original post above).
Encryption and verification keys are made public to all Diaspora users as part of each user's webfinger profile.
When a private message is sent, a lookup is performed to verify two things: that a decryption key for the sending user is available and that an encryption key for all recipients exists. If both criteria are met, the message is encrypted prior to being submitted to the server. If either are not met, then the message is sent unencrypted.
I'm actually not using the signing and verification keys with Diaspora right now because D* already has it's own message signing mechanism and I don't see much point in duplicating that functionality.
Per communication? So you exchange the key with someone? Ah okay, that would explain it.
I understood client side encryption merely as a feature that the encrypted messages are stored in the database so that not even the pod owner can see them, but users on other pods that don't have the same feature would then not be able to decrypt them (regardless of what diaspora additionally does in inter-pod communication), even if they are in your aspect.
I understood client side encryption merely as a feature that the encrypted messages are stored in the database so that not even the pod owner can see them, but users on other pods that don't have the same feature would then not be able to decrypt them (regardless of what diaspora additionally does in inter-pod communication), even if they are in your aspect.
how does it work with the client-side encryption and communication to other pods? not, i guess.
huh? client-side encryption works with the plugin developed by Justin Thomas, which is already being used at ser.endipito.us. (see the FAQ above.)
in order to activate client-side encryption, you need add a passphrase to your settings (go to settings->privacy)
Then, for each conversation, it will generate a private key.
Note that this is an additional encryption layer, which is not used in inter-pod communication.
In order to communicate with other pods, Diaspora already encrypts messages. However, that encryption layer requires you to trust the pod admin, because the private keys are stored on the server. What this plugin does is add an extra layer of encryption, for which only you have the keys.
nice, as said. 
watching, and curious if it will attract many users. Maybe some here will like the encryption feature, as RetroShare is maybe too heavy-weight. But I don't know if Diaspora already has all the features that many here would be looking for in a secure communication platform.
how does it work with the client-side encryption and communication to other pods? not, i guess.
watching, and curious if it will attract many users. Maybe some here will like the encryption feature, as RetroShare is maybe too heavy-weight. But I don't know if Diaspora already has all the features that many here would be looking for in a secure communication platform.
how does it work with the client-side encryption and communication to other pods? not, i guess.
So, what are the benefits? I don't really mind ads. Why should I register to that diaspora?
You can register to any Diaspora pod you like
However, the large one (joindiaspora.net) has too much traffic and sometimes has a several-hours lag; better use a smaller pod.
The benefits of a paying service is that we can pay for servers and bandwidth.
This will ensure a continued presence, so that our server (and your online identity) will not vanish one day because of lack of funding.
So, what are the benefits? I don't really mind ads. Why should I register to that diaspora?
reserved
I have setup a new Diaspora node at ecdsa.org, with paying access.
In addition to the standard Diaspora software, this pod features several extensions that will be interesting for Bitcoin users (see list below)
More features will be added in the future.
The main page is here: https://ecdsa.org/
Registration is here: https://ecdsa.org/users/sign_up
Here is an almost verbatim copy of the Terms of Service:
In addition to the standard Diaspora software, this pod features several extensions that will be interesting for Bitcoin users (see list below)
More features will be added in the future.
The main page is here: https://ecdsa.org/
Registration is here: https://ecdsa.org/users/sign_up
Here is an almost verbatim copy of the Terms of Service:
Quote
About:
Ecdsa.org is a Diaspora pod for Bitcoin users. Its features are:
* Paying registration.
* No advertising. No disclosure of private user data.
* Client-side encryption: your private messages are encrypted in
your browser, with a key that is kept on your computer. Thus, we
cannot read them. Even if our database is compromised, your
private messages will never be disclosed.
* Support for 'bitcoin:' links. (I guess this will soon be merged
in the main Diaspora code)
* Support for Bitcoin aliases: you can receive Bitcoins at your
Diaspora handle: [email protected]
(For the moment this is only supported if you use Electrum,
but a common spec should be decided soon, according to Gavin)
Terms of service:
* The registration fee is 1 bitcoin. Registration is not limited in
time; you will not need to renew your registration.
* Partial refund guarantee: should the ecdsa.org service be
terminated for any reason (financial, legal or other), users will
have the possibility to retrieve their data and to transfer their
account to another Diaspora pod. Users who have been registered for
less than 1 year will get a partial refund, proportional to the
time remaining from their 1 year guarantee period.
* Account termination: We may terminate any account in case of
behaviour that we deem non-appropriate: breaking US or EU law,
abusing our hosting capabilities, or otherwise threatening the
existence of this pod. No refund shall be claimed in this case.
* Modifications: The present Terms of Service may be updated or
otherwise modified at any time. In case of substantial
modification, users will have the possibility to opt-out and
receive a partial refund.
FAQ
* Do you use free software?
Yes! We use the same software as other Diaspora nodes, with a
few modifications intended to facilitate the use of Bitcoin. The
modifications we added to the code are free and public, protected
by the GNU AGPL Licence.
* How are private messages encrypted?
Your private messages are encrypted in the browser, using a
javascript extension written by Justin Thomas and deployed at
ser.endipito.us. This means that messages are decrypted locally,
and only you can decrypt them. Even if our database was stolen or
confiscated, your messages would remain private. (Note: depending
on your jurisdiction, you may be required to give your encryption
key to law enforcement).
* Is javascript safe?
Client-side javascript encryption offers the same level of security
as so-called 'web wallets', such as blockchain.info. That is, if
our website is compromised, an attacker could in principle send you
malicious javascript and steal your key. However, in practice, such
an attack would be noticed quickly. In addition, we plan to develop
dedicated apps or browser extensions, that will not be subject to
this.
* Are images encrypted?
No, images are not encrypted. Neither is your list of contacts.
* Why is there a registration fee?
The fee is here to cover our costs, to ensure quality and sustainability
of our service, and to allow us to develop new features for the
Diaspora software. Other Diaspora nodes typically have relied on
donations or advertising; we believe that Bitcoin, because it
respects the privacy of users, allows us to use a different
strategy.
* Isn't the price too high?
We are one order of magnitude cheaper than App.net, a famous
ad-free paying social network. At the time of writing, their price
is $50/year. In contrast, our registration fee is 1 BTC once and
for all; there is no yearly renewal of your subscription.
In addition, we are not in a situation of monopoly, with a closed
network and captive users, like Facebook or App.net. We are part of
the open Diaspora network. Anyone can run a Diaspora pod and
propose the same service for free, or for a lower price than us. We
believe that this will create a situation of healthy competition,
which is in the interest of users.
* Isn't the price too low?
We do not know if the current registration fee will allow us to
cover our costs in a sustainable way; we did not run a market study
for that. If it turns out that we need to increase our fees, early
subscribers will have gained a bargain.
* Can I pay with Paypal or credit card?
No, you have to use Bitcoin. Diaspora pods often gather communities
of users who share common interests. This pod is dedicated to the
Bitcoin community, and we want our users to be Bitcoin users.
Ecdsa.org is a Diaspora pod for Bitcoin users. Its features are:
* Paying registration.
* No advertising. No disclosure of private user data.
* Client-side encryption: your private messages are encrypted in
your browser, with a key that is kept on your computer. Thus, we
cannot read them. Even if our database is compromised, your
private messages will never be disclosed.
* Support for 'bitcoin:' links. (I guess this will soon be merged
in the main Diaspora code)
* Support for Bitcoin aliases: you can receive Bitcoins at your
Diaspora handle: [email protected]
(For the moment this is only supported if you use Electrum,
but a common spec should be decided soon, according to Gavin)
Terms of service:
* The registration fee is 1 bitcoin. Registration is not limited in
time; you will not need to renew your registration.
* Partial refund guarantee: should the ecdsa.org service be
terminated for any reason (financial, legal or other), users will
have the possibility to retrieve their data and to transfer their
account to another Diaspora pod. Users who have been registered for
less than 1 year will get a partial refund, proportional to the
time remaining from their 1 year guarantee period.
* Account termination: We may terminate any account in case of
behaviour that we deem non-appropriate: breaking US or EU law,
abusing our hosting capabilities, or otherwise threatening the
existence of this pod. No refund shall be claimed in this case.
* Modifications: The present Terms of Service may be updated or
otherwise modified at any time. In case of substantial
modification, users will have the possibility to opt-out and
receive a partial refund.
FAQ
* Do you use free software?
Yes! We use the same software as other Diaspora nodes, with a
few modifications intended to facilitate the use of Bitcoin. The
modifications we added to the code are free and public, protected
by the GNU AGPL Licence.
* How are private messages encrypted?
Your private messages are encrypted in the browser, using a
javascript extension written by Justin Thomas and deployed at
ser.endipito.us. This means that messages are decrypted locally,
and only you can decrypt them. Even if our database was stolen or
confiscated, your messages would remain private. (Note: depending
on your jurisdiction, you may be required to give your encryption
key to law enforcement).
* Is javascript safe?
Client-side javascript encryption offers the same level of security
as so-called 'web wallets', such as blockchain.info. That is, if
our website is compromised, an attacker could in principle send you
malicious javascript and steal your key. However, in practice, such
an attack would be noticed quickly. In addition, we plan to develop
dedicated apps or browser extensions, that will not be subject to
this.
* Are images encrypted?
No, images are not encrypted. Neither is your list of contacts.
* Why is there a registration fee?
The fee is here to cover our costs, to ensure quality and sustainability
of our service, and to allow us to develop new features for the
Diaspora software. Other Diaspora nodes typically have relied on
donations or advertising; we believe that Bitcoin, because it
respects the privacy of users, allows us to use a different
strategy.
* Isn't the price too high?
We are one order of magnitude cheaper than App.net, a famous
ad-free paying social network. At the time of writing, their price
is $50/year. In contrast, our registration fee is 1 BTC once and
for all; there is no yearly renewal of your subscription.
In addition, we are not in a situation of monopoly, with a closed
network and captive users, like Facebook or App.net. We are part of
the open Diaspora network. Anyone can run a Diaspora pod and
propose the same service for free, or for a lower price than us. We
believe that this will create a situation of healthy competition,
which is in the interest of users.
* Isn't the price too low?
We do not know if the current registration fee will allow us to
cover our costs in a sustainable way; we did not run a market study
for that. If it turns out that we need to increase our fees, early
subscribers will have gained a bargain.
* Can I pay with Paypal or credit card?
No, you have to use Bitcoin. Diaspora pods often gather communities
of users who share common interests. This pod is dedicated to the
Bitcoin community, and we want our users to be Bitcoin users.
Jump to: