See: https://github.com/mozilla/webextension-polyfill

Can we create a headless driver inside the current tab making the queries?

Let there be a space character between with Maskbook.io: and 🎼.

I wish that we can have un thorough and in-depth review on the proposed cooperative friendship discovery mechanism before @Jack-Works coding it into reality. Commentaries from @yisiliu and @mindey are especially expected.

Thanks all.

Hey sorry, gungame.herokuapp.com got deleted (heroku complaining I'm using too many hours) and I need the hours for my scaling tests (please don't use the testing peer).

I should have checked first before deleting it, cause I see it now in your code.

The problem is now that I've deleted it, any peer connected to it will start throwing errors constantl, as it'll try reconnecting every 2 seconds and fail.

So sorry about this! None of those peers were intended for production use.

The good news is the scaling tests are going super well, so expect a bunch of new peers with AXE that will auto DHT peer discovery and stuff! Hopefully next several months it'll be out!

This issue is a heads up warning about the deleted peer and the resulting errors throwing.

Background

It can be hard to ensure that the automatic verification posting mechanism can work, so we need some saturation measures to ensure that the public key is posted, in bio or in post.

Some basic change on setup

Measure 1: Just-in-time Self-checking

As soon as the setup is completed (proof(s) automatically added), the extension shall immediately check if the proof is really added to bio and really posted on timeline. If no proof is online, the user will receive alert message like "automatic proof failed, please add manually", and will be guided to post the public key.

Error handling: User bio may have no enough space for the public key. This will lead to failure of bio update and the other method of proof is the only possible way. In the best case, we can detect the available space in user bio so we can ban the option when it is not possible.

Measure 2: Continued Self-checking

The extension shall periodically check the proofs of claimed accounts of the user to see if they are validly connected.

If the proof is no longer available, the user will receive alert message like "proof broken, please re-add". This alert should appear only when the user is logged in as the Facebook account.

• Use the same AES key for the post.
• Use the SHA512 of the whole post as the AES key.

Are there other options that we may consider?

Not reproduced by my side yet. Maybe caused by racing

Suspect since the payload msg is too long and folded, maskbook fail to detect

Such a backup alert shall appear if:

• Last saved backup was 168 hours ago; or
• No backup saved ever

... and:

• The last time the user manually clicked "close" was within the last 168 hours.

The alert text shall differ according to the case.

• Last backup was 7 days ago.
• Create your first backup!

Notice:

• There can be saved backup (saved) and unsaved backup (user clicked "cancel").
• Regardless of manual closings, the time span for "X days" always starts from last saved backup.

Click to jump to dashboard, which should now show two options — new user or returning user.

If the user clicks "close", the "link" at the bottom of left panel will appear.

Let nous think.

Will add feedbacks from users here:

• Change the account ownership proof procedure more intuitive by switching to the double column frame. Reference: #23

First off, incredible work!

Second off, don't let anything I'm saying delay launch, timing is way more important.

Third, AES-GCM is more secure than AES-CBC (tho obviously, there infinitely forever will be "X is better than Y" problems, so I'm not going to be naive that CBC has a tradeoff perhaps you intended?).

Fourth, I forget exactly what it was, but I think I found compatibility issues between NodeJS WebCrypto implementations and browser. Altho this may be because at the time I wasn't fully using node-webcrypto-ossl (the other projects failed to be fully implemented enough, or had tiny padding problems). I think it was that CBC with the other libraries (not OSSL) were what caused the compatibility issues. So just keep this in mind, GCM wound up being easier to find cross-environment working solution.

(and, well, we use GCM, so that is a selfish reason GCM could help. Please be honest, was there issues with SEA wrapper?)

According to the Sketch prototype, it should be 600px.

We should also support Mnemonic Code for easy key restore, as is done in https://github.com/DimensionDev/PriceDoge/blob/master/extension/src/utils/keyStore.ts

Originally posted by @yisiliu in #11 (comment)

decrypt from

Not reproduced on my side yet.

For example: when user post https://maskbook.com in the encrypted text, receiver should able to click the URLs directly.

Please follow fb default setting about open URLs in new tab or not.
點擊鏈接是否彈出新窗口請根據facebook默認行為。

如果这个下个版本按照JN的设计会没有的话就不用管了。

This was a tricky thing I struggled with.

Chrome offers Isolated Worlds for extensions to manipulate DOM without host knowing.

However, any DOM inserts/etc. can be witnessed by host.

This lets hosts fingerprint users for what extensions they are using, and also identify extensions.

So it is better to avoid any DOM inserts until necessary (for instance, decrypting*, and in your case, showing encryptor UI).

https://github.com/project-maskbook/Maskbook/blob/16c31b803a578888a91f48477a7dbc57a382d371/src/extension/injected-script/index.ts#L7

*it is vital that decryption is not inline or else host can scrape decrypted text after the fact, that is why I use an iframe which prevents them from scraping decryption, tho it is much harder to get the render right. Ultimately, DOM insert is inevitably going to occur, so this issue is kinda FUD, but I'll be following up by looking (or could you link?) at how decrypt is handled, cause that is much more serious.

And again, just making notes now while I have some time, keep focused on launching with the epic timing of all this crazy stuff going down.

Users still will figure this easily and this is will definitely make user uncomfortable.

Wondering is there anyway that we achieve this wo opening new tabs?
Oh do you have to build our own browser sometime?

Situation:

Alice installed Maskbook and posted the pub-key;
Bob installed Maskbook and added Alice's pub-key into cached. He post a encrypted post to Alice before post his pub-key in bio/post.

Currently Alice will see error message:

 's public key is not xxx ... 

We should change error message:

• let it make more sense
• let Alice remind Bob to post his pub-key in bio/post (maybe?)

Also we need a better entry point for 1st time user to post pub-key

Use YYYYMMDD instead.

E.g. https://github.com/DimensionDev/Tessercube-Meta/projects/1

It will cause the user to confuse
Reproduce on Chrome store ver

Support of zh-hant before May24 due to Business cooperation

You can add me https://www.facebook.com/suji.yan.me to see if we can reproduce this bug

這裏的中文版，“來解密”變成payload最後了

Update according to this.

And I prefer to let the gray box behaving like https://encodeuri.com/ output box. Readonly; focus to select all.

Current Status: Available

• ✔ Background Service
• ✔ Options Page
• ✔ Content Script
• ✔ Injected Script

Components:

• ✔ Encryption
• ✔ Decryption
• ✔ Welcome from the webpage
• ✔ Welcome from the options page
• ✔ Auto verify post
• ✔ Auto verify bio

• Web Extension #13
• Custom events registered many times
• Inject error Error: "document.documentElement is null"
• Error: conflictAction prompt not yet implemented in Backup
• Error: Permission denied to access property Symbol.iterator (addEventListener.ts:40)

• Publish on Firefox

Purpose

Every group of users, virtual or real, static or dynamic, should be identifiable across every node of the network and every member of the group should be able to retrieve necessary keys to decrypt the contents which they legitimately qualify decrypting by providing certain proof of their membership of the group.

Design

Example

In the context of Facebook, specifically, there are several scenarios how people interact in timelines.

In order to make sure the Group ID being constructed can be universally unique in the cosmos of Maskbook, in respect to expectation on portability to other social networks, I suggest composing it in such un way.

Rules

Basic part:

• Social network identifier, [0-9A-Z\-]{2,128}
• 2 colons, ::
• Group primary identifier (publisher UID for virtual group, group UID for real group), base64 if necessary (supposedly never)

Optional part:

• 3 greater marks, >>>
• Group type code, [0-9A-Z]{2,8}
• 3 greater marks, >>>
• Group secondary identifier (defined in each scenario)

And, the default generation of group secondary identifier is:

• Make un ordered array of UIDs of participating members, sorted by Unicode dictionary order.
• Join the array by +++ to make un string.
• Calculate SHA512 of the string and the output encoding should be hex uppercase.

This proposal is at draft stage. Any idea is welcomed. This draft is expected to be finished on 2019 Apr 19.

I have been thinking about a feasible implementation and extension of this mechanism. The following lied in my considerations:

• BitTorrent trackers or implementing a DHT (distributed hash table) for tracking requests
• "Buses" in CPU architecture, in which different types of data go through them with corresponding privileges. We can potentially build different "buses" based on GunDB with different functionalities and privileges. E.g., address bus for tracking, signal/control bus for transmitting operations and data bus for holding temporary friendship certificate issuing/renewing requests. This is an efficient design, and I would like to explore more on a distributed implementation of this.
• Using FB's graph API to get a user's friend list directly?
• Zero knowledge in certificates
• To be continued

https://github.com/DimensionDev/Maskbook/blob/master/src/components/DataSource/PeopleRef.ts#L16

For example, for this situation:

We should remind the user that the private key is not imported or generated.

Nothing happens.
Hard to reproduce.

E.g.: https://www.facebook.com/sobsoldcom/
Maskbook cannot figure out the existence of the comment box

Hard to reproduce.
Suspect this bug is related to the outcome of some user changed their identifier.
Also, sometimes the contacts cached in the browser will lost.

Documentation: https://github.com/DimensionDev/Maskbook/wiki/UserGroup-Abstraction-Model