this post was submitted on 28 Oct 2025
419 points (99.1% liked)

Technology

75756 readers
1975 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
419
‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS (www.theverge.com)
submitted 4 days ago by schizoidman@lemmy.zip to c/technology@lemmy.world
108 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.zip/post/51866711

Signal was just one of many services brought down by the AWS outage.

you are viewing a single comment's thread
view the rest of the comments
[–] qwerty@discuss.tchncs.de 20 points 4 days ago (3 children)

Tor relays only relay the traffic, they don't store anything (other than HSDirs, but that's miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users' messages undelivered. It also incentivizes honest operators to ensure their node's reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don't really see any downside to it, especially since the end user doesn't need to interact with it at all.

[–] hanke@feddit.nu 6 points 4 days ago (1 children)

Where does the reward come from?

Who pays the node maintainers for keeping stable nodes online?

[–] qwerty@discuss.tchncs.de 5 points 4 days ago (1 children)

Inflation, those are new tokens generated by the network, the same way new bitcoin is generated by the miners roughly every 10 minutes, just without the proof of work mining part. It's called proof of stake, ethereum uses it as well.

[–] hanke@feddit.nu 3 points 4 days ago (1 children)

Okay, does this use a common crypto currency, or how do the node owners "profit" from upholding the service?

If it has its own cryptocurrency, where can they spend it?

[–] qwerty@discuss.tchncs.de 10 points 4 days ago (1 children)

It uses it's own crypto. It's not really a crypto -currency- in the sense that it's meant to be used for payment or to store value. It's more of a crypto -token- that's meant to provide some limited utility in it's ecosystem. Like an arcade token in an arcade, you can use it to play the games but that's about it. Likewise the session token can be used to get some extra functionality within the network, like registering custom names on it's dns like service that can be used to add new contacts instead of the long default user hash or as a stake if you want to run a node. The functionality is fairly limited right now but the devs plan to expand it soon. People also sometimes use these kind of tokens as a stock of sorts, so if the service/network becomes popular the value of it's "stock" can grow so it can be used as an investment (personally I wouldn't recommend that but whatever floats your boat [not a financial advice btw]). The node operators profit from selling these tokens to whomever wants to buy them.

[–] boonhet@sopuli.xyz 9 points 4 days ago (1 children)

Hey, thank you for providing actually informative answers to the other guy's questions. It was interesting for me to read as well.

I looked into running a node, but apparently the required amount of tokens to stake is over 1000 euros. I'll have to pass for now.

[–] qwerty@discuss.tchncs.de 4 points 4 days ago

No problem, glad I could be of use.

You can bring down the stake amount to 6250 tokens (~300€) by running a multi-contributor node link, but your cut of the rewards will be proportionally smaller as well.

[–] Natanael@infosec.pub 2 points 4 days ago (1 children)

I2P already did that with their DHT network (remember DHT?). I2P Bote uses that for messaging

[–] vacuumflower@lemmy.sdf.org 1 points 3 days ago (1 children)

Eh, no. A DHT doesn't solve offline storage of data, when the source node is already offline, and the target node is not yet online.

[–] Natanael@infosec.pub 1 points 3 days ago (1 children)

It does temporarily, on the order of hours to days. It's not designed to use the network for long term storage, just message passing

[–] vacuumflower@lemmy.sdf.org 2 points 3 days ago (1 children)

No, DHT is just a way of determining paths and priority of value lookup by key in the network, so that the load were distributed predictably, while allowing you to find, well, what you are looking for. BTW, while everybody uses Kademlia with modifications, I'd argue that Chord is better for anything related to security and anonymity.

Storage and serving of anything big is another thing. I take it you mean that I2P nodes cache messages relayed via them when the target node is unavailable. That doesn't have anything to do with DHT.

[–] Natanael@infosec.pub 3 points 2 days ago (1 children)

I2P has its own internal DHT network. Bote piggybacks on it to relay messages between Bote nodes. You can even configure it so you can address random online nodes and ask them to hold a message for another node to relay (online or offline) to obscure message timing

DHT can be used for almost anything as a generic key value store, even if the typical use is just peer finding

https://bote.readthedocs.io/en/latest/v5/kademlia/

[–] vacuumflower@lemmy.sdf.org 1 points 2 days ago (1 children)

Ye-es, but wouldn't that be kinda slow?

[–] Natanael@infosec.pub 2 points 2 days ago* (last edited 2 days ago) (1 children)

Correct, and slow is kinda the point (traffic metadata protection through timing obfuscation)

There's even a setting to set multiple Bote hops (inside I2P which already use multiple hop tunnels) with random delay per node (up to 24h)

[–] vacuumflower@lemmy.sdf.org 0 points 2 days ago (1 children)

OK, I really love I2P, just wish sometimes there would be ways to use it with latency and throughput approaching clearnet. I like that it's a platform solving the P2P and discovery problems for everyone in the same way and providing interfaces for that, but the privacy and security orientation means that it's mostly used for privacy and security (even pedo filesharing doesn't seem to be too many people).

[–] Natanael@infosec.pub 1 points 1 day ago (1 children)

Can't really do that with volunteer nodes only in open networks. Reliable low latency anonymous connections require stable direct links between most nodes. Like you'd need a bunch of big universities to run it.

[–] machenni@procial.tchncs.de 0 points 1 day ago (1 children)

@Natanael@infosec.pub @vacuumflower@lemmy.sdf.org this concept sounds familiar…

What you are saying is create our own internet for messaging…

[–] Natanael@infosec.pub 1 points 1 day ago

Well, you could make your own overlay network, maybe make use of cjdns or something like it

[–] tengkuizdihar@programming.dev 1 points 3 days ago

yet they couldve done this with volunteer nodes or even their own, because not even the server knows the content, right?