hellozeronet / zeroid Goto Github PK

Currently, ZeroNet uses a quasi-centralized system called "certificate authorities" for user registration. In brief:

1. I register as [email protected]
2. My identity is stuck to that provider for all time
3. Trust is handled by having zites delegate to a list of trusted certificate providers
4. Clients keep a full copy of the database of the relevant providers
5. Spam is handled by the certificate authority removing bad users (unlikely) or by each individual user filtering them out

This has its obvious issues (limited spam resistance, excessive trust in provider, no portability). It is also not technologically necessary.

There is a very similar system, known as Web of Trust, used in GPG and other places. In brief:

1. I seek up a centralized provider for registration (theoretically, anyone who has an account)
2. That account adds me to its list at a very low trust level
3. Everyone who trusts that account now transitively trusts me, if very little
4. People who see my behavior and notice it is not harmful can assign more trust to me
5. Zites (or users) delegate to a list of trusted root nodes
6. Clients keep a full copy of the trust lists of everyone they trust and so on

This is very similar to the old system, except that:

1. My identity is not tied to any specific provider. As soon as I have gained some trust from other sources, the initial provider can remove me from its trust list
2. Spam can be handled by letting anyone in your trust graph filter it out, instead of requiring it to be done at the top or in your client
3. Theoretically, registration can be done out-of-band, e.g. by asking my friend from IRC to trust me

In the worst possible case, this is equivalent to the old system, but under realistic assumptions, it is strictly superior. For users who are concerned about censorship, it is possible to set trust thresholds in such a way as to mimic the old system ("as long as one person has at least something positive to say about them, I want to see their messages")

While setting up an account, the username field understandably tries to convert your uppercase characters to lowercase.

Unfortunately, instead of converting it (backspacing and typing the character + 32) it ends up transforming the uppercase character and typing another lowercase one, making some very confusing usernames.

Hello,

I am having an issue with creating an ID for ZeroMail. My port 15441 is forwarded properly and I tried it in --tor always mode as well as without that (although I prefer with it). More specifically, when I open ZeroMail and select a username it points me to ZeroID where I attempt to create a username like so: https://imgur.com/sbn1gqN I get the error that you can see at the top.

I tried going on the IRC to resolve the issue, but the only suggestion that people had was that I should double check that my ports are forwarded, which they are.

Please advise.

After a HDD crash and reinstalling ZeroNet, I no longer have the ZeroID files. As such, I can no longer access ZeroMail, etc.

Is there a recovery process....?

Wrong code: https://github.com/HelloZeroNet/ZeroID/blob/master/publisher-http/solution.php#L23
According your rule "only 0-9 and a-z are allowed in a user name", but you still allow upper case letter.

I assume my problem is related to ZeroID and not ZeroMail.

I'd like to create a second email address on ZeroMail. How do I it?
Either on ZeroMail and/or on ZeroID there should be a "switch auth" button.

I guess ZeroMail itself should also provide multiple email addresses for a single ID.

Hello!

Want to ask you about maximum ZeroID length. It seem that now it is 16 symbols.
Can it be increased ?

Thank you!

I'm trying to register a ZeroID account, but I get this error:

add translation for brazilian portuguese (pt-br)

aa4244e

Perdi el acesso a la llave privada de mi cuenta ZeroID, Si pasado un tiempo pudiera recuperarla seria maravilloso y la red se volveria mas rapida sin tantas cuentas huerfanas.

I lost access to the private key of my ZeroID account, if after a while I could recover it it would be wonderful and the network would become faster without so many orphan accounts.

I tried register user in ZeroId. I click "Get auth cert", then write username and click "Send request" it fails with notification:
Error while during request: [Exception... "" nsresult: "0x805e0006 ()" location: "JS frame :: http://127.0.0.1:43110/zeroid.bit/js/all.js :: .send :: line 9" data: no]
undefined

ZeroNet rev 3179
ZeroId.bit
Ubuntu 17.10

Downloaded using wget ZeroBundle, etc.

Wrapper message:
Error while during request: Forbidden
Please try again later.

Missing files: dbschema.json (not showing in zite folder, either.)

Port is open
Clicking update does nothing. Reloading and Rebuilding dbschema does nothing.
1 hour now, and still not updating.

Can following js library be used in an decentralized way or used on zeroid.bit clearnet server that checks newly registered identities to reduce SPAM comming from single device?

https://fingerprintjs.com

1. After deactivated, can't reactivate
2. After deactivated, can't use the account to do anything

If someday my privacy key is stolen, try best to reduce data damage via this feature.

Icons:

• ZeroBlog
• ZeroTalk
• ZeroMe

The Brazilian Portuguese language was all in English

There is a problem of SPAM in 8chan zite and in the near future SPAM will become a major issue with the grow of the 0net network.

So my suggestion is the implementation of a payment system (primarily time payment, cryptomining ) for update its free IDs (the actual IDs).

In a first phase a time payment that use a js script that mine Monero cryprocorrency:
https://github.com/cazala/coin-hive
can be used to attach to the ID from ZeroID a label with the money mined with the coin-hive js code executed in the PC of the user when he requests to update his ID to a payed level.

Coin Hive js code is a mining code for Monero cryptocorrency. It can be used to do works and earn money that goes to ZeroID owner in a cryptographic manner.

Zite like 8chan or other zite can used the ID and its label with the works done for oblige the users to not spam the forum, otherwise the user will be banned. Bot can not create a lot of IDs without doing a lot of work and a lot of electric energy trashed.

I suggest a standard work with low end desktop computer of about 60 seconds and a custom works that is measured in money (Monero) or mining work.

In the second phase ZeroID user can upgrade their IDs directly with Monero.

The Cryptomoney earned by ZeroID go to the project but the mining money will be very low, i suppose.

The zite like 8chan will have a good antiSPAM system for free. Every zite can set the level of mining works (the label attach to the ID) that a ID must have to use their zite/forum. Monero is anonymous.

https://www.getmonero.org/

I see some hardlnks into clearnet in the sources.
It's very bad when such an important task as user identification is provided by some outside authority and not by ZeroMet itself.
Is there already work being done to make ZeroID independent of centralized server?

And I think the fact that ZeroID goes outside should be properly disclosed on the page. (Especially if it's by design)

Error: Error while during request: Forbidden
Referer error.

There is include("ratelimit.php") but no ratelimit.php file in this repository. Can I get it somewhere for tests?

Signature format:

"python zeronet.py --debug cryptSign %s#bitmsg/%s %s 2>&1" % (auth_address, user_name, config.site_privatekey)

The first %s is obviously the user's public key. After that it is the portal type. The second %s is the user name.

Certificate format:

data["users"][user_name] = "bitmsg,%s,%s" % (auth_address, sign)

The first item is certainly the portal type. The second item is the user's public key. The third item is the signature. The signature seems to be a signed message digest, so the whole message must be reconstructed in order to verify a signature (Is it Schnorr-SHA256?)

One possible way of adding additional fields to the certificate (i.e. registration time) is to append these information to the portal type or the user name, but I don't know how ZeroNet interprets the certificate.

I.
When zeroid could save an url (1) from the user,
other services like e.g. zerotalk could use this info from zeroid
to make the username clickable with this url

the url is in most of the cases a ZN address,
where the user details more info (blog, homepage, gpg key, hobbies, ...)

so e.g. ideas like this would be possible: HelloZeroNet/ZeroTalk#13

II.
this feature would need:
adding url
editing url in future
deleting url (deleting is a sub case of editing)

(1) it must be not a complete url, but only everything that comes after http://127.0.0.1:43110/

For example:
1- User come from ZeroMe and this step is recorded
2- User creates a ID
3- User will have a button to return to ZeroMe (latest site)

Hello. I tried to register the second username today and got a "Network full, please try again later." error. I asked people at ZeroTalk and someone told me they got the same error when they tried registering after 8chan collapse. So it looks like "Network full" means that, uh, ZeroID network is full. If I guessed correctly, can we increased that limit or remove it completely? This might and will cause problems in future. If not, what is the reason and can I fix it locally somehow?

I'm using Tor Browser if that matters, by the way.

Hello.

I have:

1. Installed ZeroNet
2. Registered at ZeroID (then got corresponding certificates in users.json)
3. Switched Multiuser plugin on
4. Created new user, also regisered it with ZeroID
5. Logged in using older master_seed from users.json
6. ZeroID can't use my old single-user identity until it is really in users.json and Zeronet is started with --multiuser_local option

Just want to have an ability to convert my single-user local identity to multiuser one.

Not sure it was best place to post this, but I can't figure out where is better one, but it looks like ZeroNet itself recognizes old single-user identity correctly (I can be wrong though).

Thank you!

FYI, always 403

Maybe add some documentation on the format ZeroID uses? I looked through code and can't find any information about new certs_*.json in this repository.

It gets stuck on loading users data (2/2)

console log below:

Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified 2
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 6 utils.js:35:9
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 content_script.js:119:34
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 content_script.js:119:34
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified 10
[Wrapper] Created! all.js:1973:26
WrapperZeroFrame
Object { reloadIframe: bind(), setSizeLimit: bind(), updateModifiedPanel: bind(), sitePublish: bind(), siteSign: bind(), onWrapperLoad: bind(), onPageLoad: bind(), onCloseWebsocket: bind(), onOpenWebsocket: bind(), handleMessage: bind()
, … }
all.js:2015:15
[ZeroWebsocket] Not connected, adding message to queue all.js:148:26
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified 2
Content Security Policy: The page’s settings blocked the loading of a resource at data:application/font-woff2;charset=utf-… (“default-src”). 3 Readerable.jsm:136:2
Content Security Policy: The page’s settings blocked the loading of a resource at data:application/font-woff;charset=utf-8… (“default-src”). 6 Readerable.jsm:136:2
[ZeroWebsocket] Open all.js:148:26
[Wrapper] onPageLoad all.js:1973:26
Pixi.js 3.0.3 - WebGL - http://www.pixijs.com/ all.js:21:24407
Start all.js:698:15
[ZeroFrame] Websocket callback not found:
Object { cmd: "response", to: 1000000, result: "ok", id: 2 }
all.js:472:26
[Wrapper] Setting title to ZeroID - ZeroNet all.js:1973:26
[ZeroFrame] Status: Loading users data (1/2)... all.js:472:26
[ZeroFrame] Status: Loading users data (2/2)... all.js:472:26
[ZeroFrame]
Array [ "file_started", true ]

Object { cmd: "setSiteInfo", params: {…}, id: 7 }
all.js:472:26
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://b9bd5f6d-f726-4acb-85ef-de8926f62432/libs/lodash.min.js
Source Map URL: lodash.min.js.map

[Loading] hideProgress all.js:767:26
[ZeroFrame]
Array [ "file_failed", "data/users.json" ]

Object { cmd: "setSiteInfo", params: {…}, id: 8 }
all.js:472:26
[ZeroFrame] Unknown command
Object { cmd: "setServerInfo", params: {…}, id: 9 }
all.js:472:26
TypeError: JSON.parse(...) is null
all.js:1095:24
reloadUsers http://127.0.0.1:43110/zeroid.bit/js/all.js?lang=en:1095
onMessage http://127.0.0.1:43110/zeroid.bit/js/all.js?lang=en:415
bind http://127.0.0.1:43110/zeroid.bit/js/all.js?lang=en:379
[Loading] hideProgress all.js:767:26
[ZeroFrame]
Array [ "peers_added", 3 ]

Object { cmd: "setSiteInfo", params: {…}, id: 11 }

torrc file can have HashedControlPassword set to protect the control port from an unauthorized access. ZeroNet needs to support the corresponding command line option and pass it to the control port.

See the control port spec: https://gitweb.torproject.org/torspec.git/tree/control-spec.txt

how to change name?