# NGI Assure 7th call ## General project information > Project name (max. 100 characters) **Private groups in Manyverse** > Website / wiki https://manyver.se > Please be short and to the point in your answers; focus primarily on the what and how, not so much on the why. Add longer descriptions as attachments (see below). If English isn't your first language, don't worry - our reviewers don't care about spelling errors, only about great ideas. We apologise for the inconvenience of having to submit in English. On the up side, you can be as technical as you need to be (but you don't have to). Do stay concrete. Use plain text in your reply only, if you need any HTML to make your point please include this as attachment. > **Abstract: Can you explain the whole project and its expected outcome(s). You have 1200 characters** "SSB Private Groups" is a novel subprotocol of the peer-to-peer social network protocol "SSB" that creates cryptographic privacy mechanisms for large groups of people, but unproven in production at scale. We want to make private groups ready for production, by tackling challenges such as scalability (being able to only replicate content belonging to a private group), moderation (the ability of pre-assigned moderators to "remove" a member by minting a new cryptographic group), user friendliness (as new UI features in Manyverse, to evaluate in a real-world deployment whether it works and what are the shortcomings), and developer friendliness (improving APIs and documentation such as specifications). > Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions? (Optional) Yes. As the project lead of Manyverse, I have a worked on it for the past 5 years. Manyverse was once a recipient of the NGI Pet in 2019. Later, in 2021, together with Anders Rune Jensen and others, we were recipients of NGI Pointer, and accomplished a few breakthroughs such as the protocol design of "SSB Partial Replication", which will be relevant for our plan with private groups. Mix Irving (from New Zealand) is the designer of the private groups subprotocol and SSB contributor since 2015, and he will be working with us on this grant too. ## Requested support > Requested Amount, between 5000 and 50000 (in Euro) 50 000 > Explain what the requested budget will be used for? Does the project have other funding sources, both past and present? (If you want, you can in addition attach a budget at the bottom of the form) > Explain costs for hardware, human labor, travel cost to technical meetings, etc. The budget will be used to pay developers and advisors to work on the goals specified in our milestones (see attachment). Thus, only human labor, we don't have other types of costs. Our team will consist of Andre Medeiros (in Finland, full-stack development and coordination), Mix Irving (in New Zealand, protocol design and development of libraries), Jacob Karlsson (in Sweden, app developer), Anders Rune Jensen (in Denmark, technical advisor), some of which will be working part-time for this grant project. In the past, some of these people have received NGI funding, e.g. NGI Pointer, but all the grants and their milestones have been completed. Manyverse receives donations from individuals, enough to cover maintenance of the app on all platforms. So far no budget has been used for private groups in Manyverse. Mix Irving has developed libraries for private groups as part of his employment to https://ahau.io, but the work he will do in this NGI Assure grant will not overlap with Ahau. > Compare your own project with existing or historical efforts. (e.g. what is new, more thorough or otherwise different) Other services exist that provide support for large private groups, such as Matrix, and the typical centralized ones (Facebook, etc), but the private group is typically tied to specific server infrastructure. Decentralized private groups with no shared infrastructure required is harder and rare, and this is what SSB Private groups aim to achieve, through cryptography. Manyverse currently has private chat features, but it's cryptographically limited to 8 peers. We want to extend this to unlimited. At the same time, we want to research and develop moderation tools in this context. > What are significant technical challenges you expect to solve during the project, if any? (optional but recommended) Scalability and moderation are probably the biggest challenges. We need to combine "SSB Partial Replication" (developed in NGI Pointer in 2021) with "SSB Private Groups" so that we can realistically support groups with thousands of members, where each of these members stores replica of data locally. For moderation, a group member cannot simply be "removed" from a group (cryptographically, there is no way we can make them forget a symmetric encryption key), so we have to create a new group where such member is not included anymore. We have an idea called "shrink proposal" where this whole process is automated and should work seamlessly in the background, so that end-users effectively perceive the event as a removal. > Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes? (E.g. which actors will you involve? Who should run or deploy your solution to make it a success?) The SSB ecosystem is vibrant, since 2014. Working with Mix Irving means using his insight on the use of SSB Private Groups in the New Zealand startup Ahau which uses SSB. That said, our primary point of interaction will be with Manyverse end-users. We think that developing UI features for SSB Private Groups in Manyverse under this grant is fundamental, not a mere bonus. We believe that the same team that builds these cryptographic mechanisms and libraries should also put them in production for end-users to make sure the libraries are battle-tested and have covered important corner cases. This way we can avoid building libraries that are abandoned after a grant project ends. Often, functionality in Manyverse is merely functionality of the libraries that we maintain, in order to maximize the reusability of our solutions to developers of other apps. For example, the library https://github.com/ssbc/ssb-threads was built Manyverse-first and is used by a competitor app, Planetary https://github.com/planetary-social/planetary-pub/blob/353c55415422952723fcfee28418f9b841f02b42/package.json#L55. ## Attachments > Attachments: add any additional information about the project that may help us to gain more insight into the proposed effort, for instance a more detailed task description, a justification of costs or relevant endorsements. Attachments should only contain background information, please make sure that the proposal without attachments is self-contained and concise. Don't waste too much time on this. Really. ??? ## Extra notes (internal) ### Team | Who | Confirmed? | Role | Availability | Hourly rate wish | |--------|--------------------|------------|------------------|------------------| | Staltz | :heavy_check_mark: | Full-stack | ~18 hours/week | ~30 EUR/h | | Mix | :heavy_check_mark: | Backend | 15–20 hours/week | >= 50 NZD/h | | Jacob | :heavy_check_mark: | Frontend | 16–21 hours/week | >= 30 EUR/h | | Arj | :heavy_check_mark: | Advisor | 3 hours/week | >= 30 EUR/h | | Keks | :heavy_check_mark: | Advisor | 3 hours/week | >= 30 EUR/h | For budget calculations, consider 1 week to have 40 hours. ### Milestones 1. **Manyverse private chats with unlimited members** 1. **Moderators with powers to remove members** 1. **Space-efficient replication of large groups** 1. **Manyverse closed communities** 1. **Update SSB specification** ### Molestones 1. **Manyverse private chats with unlimited members** - Estimate: 2–3 weeks of 1 full-time equivalent - Frontend: change code for private chat logic in Manyverse - Backend: integrate ssb-db2 and ssb-tribes - Open question: what if members are included in the group but they cannot decrypt box2? 2. **Moderators with powers to remove members** - Estimate: 3–5 weeks of 1 full-time equivalent - Backend: perhaps a sub-tribe can be assigned as moderators, and only moderators can create shrink proposals? - _[name=MIX:] Ahau [has built admin sub-groups ([link](https://gitlab.com/ahau/spec/private-subgroup-spec)), means less research here:_ - Backend: utils to "remove" a member by proposing a new group. Call these "shrink proposals" - _[name=MIX:] VERY interested in this_ 3. **Space-efficient replication of large groups** - Estimate: 4–7 weeks of 1 full-time equivalent - Backend: partial replication of content in private groups, using metafeeds and subfeeds dedicated to messages sent to a specific private group - Backend: the metafeed can publish **encrypted** messages regarding those subfeeds, such that outsiders cannot discover that you belong to a private group - Backend: replication of non-hops community members - Backend: conn-firewall allows private group members to connect 4. **Manyverse closed communities** - Estimate: 4–7 weeks of 1 full-time equivalent - Frontend: UX/UI design for a "Google+ Circles"-style group feature - Backend: Should there be an intersection between rooms and private groups? Staltz: I don't think there should be, but before dismissing it we should consider that rooms currently encapsulate a ""community"" in some sense, and that people may feel confused about ssb-tribes as communities versus rooms as communities. Inviting someone to a community may similar to inviting someone to SSB. Several levels of invites may be confusing. - Frontend: new tab for communities 5. **Update SSB specification** - Estimate: 1–2 weeks of 1 full-time equivalent - Update the protocol guide to include: - box2 - envelope-spec - BFE - private groups - _[name=MIX:] likely this is my work. Might be good to do it alongside another person to share knowledge and get outside perspective to make it more accessible. But this could be done with maintenance fund._ ## Budget | Milestone | weeks low | weeks high | EUR low | EUR high | We'll ask for | |-|-|-|-|-|-| | **1st** | 2 | 3 | 2800 | 4200 | 7500 | | **2nd** | 3 | 5 | 4200 | 7000 | 10000 | | **3rd** | 4 | 7 | 5600 | 9800 | 13500 | | **4th** | 4 | 7 | 5600 | 9800 | 14500 | | **5th** | 1 | 2 | 1400 | 2800 | 4500 | | TOTAL | 14| 24| 19600| 33600| 50000 | https://cryptpad.fr/sheet/#/2/sheet/edit/33Rtd7DHkP+ZPJ04gK0j0Ocr/ ---- ### Questions - We can't use ssb-tribes AGPL-3.0 in Manyverse, can the license be changed? If not, we would have to implement another private groups library, licensed LGPL - _[name=MIX:] if I'm legally allowed to change from AGPL it I will for this to work._ - @mixmix Jacob: i think you're likely allowed to change to whatever you want, as long as you made most/all of the code. but i think mv also should be able to switch to agpl (note: you're also allowed to add [additional terms](https://docs.pretix.eu/en/latest/license/faq.html) to agpl) and i think that's the better option - What are the biggest technical challenges in ssb-tribes? - Developer challenges? - Compat with ssb-db2? - re-indexing messages after discovering a new group member - User experience challenges? - more re-indexing = slow - E.g. how cumbersome is "removing" a member by making a new group - Security challenges? - Open issues? ## Meeting notes (2022-01-31) ### Agenda - Schedule: when does the grant work begin? - Jacob: would be better to start after July - Andre: April-May break of 2~3 weeks - Availability: does the table have realistic numbers? - Jacob: maximum ~22 hours/week - Mix: 15-20 hours/week - Pay: we might get paid more than the hourly rate specified - Could accumulate "bonus pay" as buffer and then work on extra molestone - Bump up to 50k ### Action points - [x] Andre: bump the budget to 50k and readjust the numbers - [ ] Andre: Find a designer - Ask how little they can work and still feel useful - Couple of hours of consultation peer week ## Meeting notes (2021-02-04) - - <style> :root { --subtle: rgba(00, 100, 100, .6); --radius:6px; } em { color: var(--subtle); font-size: .7em; } .fa-user { color: var(--sublte); } </style>