Hacker News new | past | comments | ask | show | jobs | submit login

Conceptually, this sounds very similar to Freenet; a DAT URL seems analogous to a Freenet SSK.

What I don't see is anything analogous to a USK -- there's no obvious way for an author to distribute an update to content they have published. It's also unclear how much (if any!) privacy this protocol provides to content publishers or requestors -- the use of discovery keys only provides protection for users requesting content which an eavesdropper has no knowledge of.




There is no equivalent to an USK because dat doesn't give direct access to old revisions. What you get is always the latest.

The old content is still there though, and you can access it, just not in an "easy" manner: https://docs.dat.foundation/docs/faq#does-dat-store-version-....

The dat url references a given private key, and that's about it in terms of privacy. Transfer is done between two endpoints on the normal internet, so neither peer is "hidden".

It's a shame but the dat content is spread in many places and it's hard to get access to all the documentations. The most impressive and interesting part of the project right now is probably Beaker, you should have a look: https://beakerbrowser.com/


> There is no equivalent to an USK because dat doesn't give direct access to old revisions. What you get is always the latest.

How do you guarantee that you're getting the latest content, though? If a peer has a cached copy of an older revision, wouldn't you end up with that instead, since there's no way to distinguish between them?

> The dat url references a given private key, and that's about it in terms of privacy. Transfer is done between two endpoints on the normal internet, so neither peer is "hidden".

What concerns me here is that, from what I'm reading, it seems like any client on the local network could eavesdrop on mDNS requests to determine what content other clients are viewing. Worse, a client could announce itself with the discovery key for a well-known piece of content to be notified when any other client, anywhere, requests that content.

This is a worse privacy model than unencrypted HTTP. Are you aware of any plans to mitigate this?


> How do you guarantee that you're getting the latest content, though?

Only the original creator can update the content. You can never know you're at the latest version until you've connected to them and they've told you "this is the last I have"

> What concerns me here is that, from what I'm reading, it seems like any client on the local network could eavesdrop on mDNS requests to determine what content other clients are viewing. Worse, a client could announce itself with the discovery key for a well-known piece of content to be notified when any other client, anywhere, requests that content.

Disclaimer: I'm not an expert on the project, only following it because it's cool.

As far as I know, the only obfuscation is that keys are hashed so that you can't infer what content is being exchanged just by listening to the network. However when you want to watch a specific key, you can get on the swarm and see who's there.

Note that dat doesn't attempt to solve the same problems as Freenet does. They have different goals, and as such can't be compared on something that one explicitly focuses.


You have the details right. I think it's fair to say that the protocol is very leaky with its metadata right now. In a local network, it would be wise to only exchange announcements with trusted devices. In the global network, it would be wise to introduce some kind of proxy (distributed or not).




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: