Secure User Interfaces (Spritely)
Usability of decentralised social media
Spritely is a project to advance the federated social network by adding richer communication and privacy/security features to the network. This particular sub-project aims to demonstrate how user interfaces can and should play an important role in user security. The core elements necessary for secure interaction are shown through a simple chat interface which integrates a contact list as an easy-to-use implementation of a "petname interface". Information from this contact list is integrated throughout the implementation in such a way that helps reduce phishing risk, aids discovery of meeting other users, and requires no centralized naming authority. As an additional benefit, this project will demonstrate some of the asynchronous network programming features of the Spritely development stack.
- The project's own website: https://spritelyproject.org/
Why does this actually matter to end users?
Online deception and social engineering, better known as phishing, is becoming a bigger threat everyday as we store and share more of our (sensitive) data online. Because the risk of getting caught is low and the payoff potentially high, fraud and theft on the internet is running rampant. Through fake emails, websites and instant messages, users and businesses are tricked into sharing sensitive data like passwords and credit card details. People can end up with all of their money stolen, their lives ruined or their personal sensitive data spread all across the internet.
Social media are one of the channels used by cybercriminals to extort and pressure users into handing over their credentials. Because phishing attempts become more believable and pervasive everyday, social media networks need to protect their users. Commercial networks like Twitter and Facebook can organize protective measures on their own, while decentralized networks like Mastodon and Pleroma rely on the hosts of individual instances to protect users against spam, trolls and phishing attempts.
While decentralized social media offer users more privacy, less ads and data governance, they are more vulnerable to all sorts of cybercrime that can turn users away. This project will improve privacy and security in decentralized social networks by showing users how they can best protect themselves against phishing, using the Mastodon web interface. Decentralized networks by design give users more governance over their personal data and anonymity, but to win users over should provide the same security as centralized, commercial social media. This project will help create decentralized networks that are just as privacy-friendly as they are secure, putting the user first.
Run by Libre Labs
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.
