Re: [Ring] Lost device = Lost account?

[Bruno Pagani]

Hi again,

Le 01/01/2017 à 09:53, AHIB a écrit :
> Thanks for the fast reply. I understand a decentralized robust system must 
> have some costs, but is there at least an easy Android way to backup your 
> username via a file just like Bitcoin? Needing to have two devices just to 
> backup is an overkill IMO especially that in Beta app failure is common.

I agree. Currently, you have to rely on standard Android backup tools.
Either the full system (not really suitable if moving to a new phone for
instance, and not very convenient), or just the app and its data. This
is far from ideal, and it would be nice to have an in-app feature for
backing up data (optionally encrypted). SilenceIM[0] has such an option,
which is very convenient. Probably worth opening a ticket on Tuleap if
there is not already one.

> What's especially frustrating for me is I still have the password, but 
> because the lack of synchronization it's no good to retrieve my nick.

The password is for deciphering the local encrypted tarball containing
user account information in case you need to synchronize it to another
device. So it’s useless if you don’t have access to your account anyway.

> That said I don't know if it's technically feasible to incorporate a username 
> expiration feature eg. if a username's last seen date by the network is 6+ 
> months ago the network would revoke its RingID, allowing its recycling. 
> Otherwise it'd be a matter of time before easy and popular usernames are 
> reserved to people who are unable or uninterested in using them.

Not with this blockchain setup AFAIK. And I agree this is not an ideal
solution, but is being able to recycle username a good thing (I think it
depends on lot on the level of security you expect from this, and thus
the targeted audience)? Depending on this, the use of a blockchain might
not be a good idea, but that’s just my personal user opinion based on my
understanding of how things work.

Anyway, designing a decentralized system with all the required
properties is quite probably very hard. You want no one to be able to
steal your username as long as you use it regularly (to be defined), but
be able to wipe it else. So, this would require being able to update a
timestamp like “last use”. This could be done in some sort of
distributed lookup table, where you register your username:RingID pair
at a given time (=timestamp), and using the fact you own the secret key
corresponding to this RingID, update this timestamp every time you
connect. Then, table nodes are allowed to clear usernames not seen for
more than the desired time span. Not sure what kind of decentralized
technos can provide this, since they are hard constraints on not being
able to write an username already present. Maybe the DHT works the same
way with RingID:username, but I’m definitively not an expert about that
and dunno how it works in details.

Bruno

[0] https://silence.im

signature.asc
Description: OpenPGP digital signature