Skip to content

Instantly share code, notes, and snippets.

@hackergrrl

hackergrrl/cmp.md

Last active August 17, 2018 21:02
Show Gist options
  • Save hackergrrl/eba104c0cc9ffc8ff15e930976518fa4 to your computer and use it in GitHub Desktop.
Save hackergrrl/eba104c0cc9ffc8ff15e930976518fa4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cmp.md

I'm not well versed with Matrix, so please let me know where I've erred.

My understanding is that Matrix is a federated chat protocol, using both server-to-server and server-to-client connections for moving messages around. As I understand it, chat data can be cached on clients, but fundamentally lives on the servers, which host anywhere between 1 and maybe 1000s of users.

Cabal is peer-to-peer, in the sense that there is no server/client distinction. Any peer currently has a full copy of chat history, and seeks out other peers in the cabal to send and receive new messages to. This means that nobody has to choose a server to join / entrust their identity to: it lives on your computer as your private/public keypair. Cabal is really just a database that anybody with the shared key can append new data to. Peers sync any new data around until everyone has the same eventual state. The clients (cabal-desktop, etc) scan everyone's append-only feed of messages to build a view of chat history for each channel.

There are some practical effects that arise from this approach:

  1. no servers are required for coordination or ownership: everything you need to create/join a cabal is on your laptop/phone
  2. servers, if used, strengthen the network, but are an equal peer & don't have the power to terminate/control anyone's identity (they're just dumb pipes that are online 24/7)
  3. because the full database is on every machine, using the app in offline or low connectivity or local-network-only environments works the same way as when you're on the internet: it's just reading and writing to a database!
@Xananax
Copy link

Xananax commented Aug 17, 2018

Hello! I'm the one who had asked on Twitter.

I think this is a good start and a very clear, yet succinct summary, thank you for this.

What I think would be interesting next is to consider this difference from a user's point of view. I'm going to ask a few questions that come to mind as examples, feel free to ignore:

  • What does this architecture bring to me in terms of security and privacy (vs a centralized or federated system)?
  • How much privacy does Cabal allow? For example:
    • Is there plausible deniability
    • Is the protocol obfuscating my identity and location more, less, or comparably to other technologies (and Matrix in particular)?
  • Matrix has the option of encrypted rooms, does Cabal offer that too?
  • What is "eventual consistency" and how does it affect me? In particular, as a user, am I guaranteed of reading messages in the same order as everyone else?
  • Is there history for a "room"? Does it disappear if all pears disconnect/trash their cache?
  • How does peer discovery work
  • How do I make sure who I'm talking to is who they say they are?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment