Weekly Dev Update #70

Weekly Dev Update #70

Hey Y’all, 

Last week we released the Trusty Tyr 5.1.1 Binaries. All Service Nodes, mining pools and exchanges will need to update to these new binaries before block height 385824 (est. 7PM AEDT, 2019-10-23). Currently, approximately 78% of Service Nodes have upgraded, so if you are operating a Service Node, make sure you update in the next week so you stay on the correct chain.

In other news, the Loki Messenger team has sidelined multi device work for now since a key team member is on holidays. Instead, the Loki Messenger team are working on File attachments, profile pictures and @mentions, which should be delivered in a new release shortly.  

Loki Core


Lokinet

If you’re on our Discord you can catch Jeff, the lead developer of LLARP, live streaming as he codes at https://www.twitch.tv/uguu25519. He typically streams on Tuesday mornings, 9am – 12pm Eastern (US) time.

What Went on Last Week with Lokinet:

We merged a significant batch of performance improvements for Lokinet, which should allow for better performance scaling, particularly on multi-core machines. Work continues on implementing a Lokinet GUI, which will allow desktop users to easily control and view their Lokinet connection stats. This requires the underlying Lokinet daemon to be securely controlled by another process (the GUI), so we will need to do some rearchitecting of the Lokinet internals to allow for that. The plan here is for the interface to be used in both the GUI and also via a `lokinetctl` command-line tool that will allow command-line users (such as Linux greybeards and SNApp admins) to control some portions of Lokinet without having to edit config files.


PR Activity:


Loki Messenger for Desktop 

Loki Storage Server


Loki Messenger for Mobile (iOS and Android)

Loki Messenger for iOS:

Loki Messenger for Android:


Thanks,  

Kee 

Does Pulse Make the Rich Richer?

Loki Improvement Proposal: POS Scheme Pulse

Recently we released our fifth Loki Improvement Proposal in which we outlined a new Proof of Stake scheme, Pulse. If it’s to be implemented, Pulse would have Service Nodes produce blocks, order transactions, and secure the blockchain, rendering miners in the Loki ecosystem no longer necessary.

While we’re excited about the potential of Pulse, and the improvements it can bring to Loki’s suite of privacy tools, we’re aware it has raised some questions and concerns within the community. The main one being: “Won’t it Just Make the Rich Richer?”

Transitioning from Proof of Work to Proof of Stake

Let’s imagine Loki transitions from its current Proof of Work / Proof of Service hybrid consensus mechanism to Pulse (Proof of Stake). In this scenario, the Loki Network will be made up of two parties: Stakers and Non-Stakers. 

Stakers are those who are running a Service Node, either by themselves, or with others in a pool. They have enough $LOKI to do so.

Non-Stakers are those who aren’t running a Service Node, because they don’t have enough $LOKI to meet the staking threshold, or because they’re choosing to hold their $LOKI instead. 

Service Nodes

With Pulse, Service Nodes will create blocks in the Loki blockchain every two minutes, and receive a reward ($LOKI) for doing so. Ninety-five percent of that reward will go to the Service Node Staker (or Stakers, if it’s a pool), and the remaining five percent will go to the Loki Foundation.

In order to run a Service Node, Loki recommends you stake at least twenty-five percent of the full staking requirement. At the time of writing, that is roughly 5,200 $LOKI, which equates to about 1,400 USD. So Stakers – those that have enough (and choose) to stake the recommended amount of $LOKI – will increase their wealth through the accrual of rewards. 

Furthermore, each time a Service Node creates a block, the overall monetary supply of $LOKI increases. Just like in a traditional economy, assuming everything in the market stays constant, when the monetary supply increases, so does the inflation rate. And when the inflation rate goes up, the purchasing power of the currency goes down. This means everybody’s $LOKI buys a little less than it did before. This is an unfortunate (but not uncommon) side effect for those that hold (and don’t stake) currency. 

However, the inflation situation is the same with Proof of Work consensus mechanisms. When miners create blocks, they also receive rewards, which in turn increases the overall monetary supply and drives inflation up. 

One major difference between Proof of Work and Proof of Stake consensus mechanisms is the size of the barrier to entry. The initial investment (fixed cost) required to mine cryptocurrencies – specialised hardware, constant electricity, and a high-speed internet connection – is much higher than the cost of running a Service Node – which is essentially the cost of renting and maintaining a VPS. In essence, you need a lot more financial resources to be a miner, than to be a Staker. 

Of course, in reality everything in the market does not stay constant. The real-world market cap of $LOKI fluctuates, and if it increases, everyone’s purchasing power increases. Same goes the other way. Regardless, there still exists an inequality caused by the barriers to entry for mining or staking. However, a barrier to entry is necessary* in order to keep the Loki Network protected from malicious activities like Sybil Attacks. 

Low barrier of entry allows more people to benefit from POS

The lower barrier to entry for Service Node operators is why Pulse is an attractive prospect for Loki. It means more people have the opportunity to participate in the rewards-based ecosystem (especially when compared to Proof of Work). Ideally, it also means more Service Nodes are in operation on the Loki Network, making our privacy products better for all. So we think it’s a win-win.

We love that our community is engaged, and challenges us to be better, which is why we’ve endeavoured to answer this question. If you have more, please keep them coming on our various social media channels.

Service Node Pools and One click Service Nodes: Some important considerations.

Recently we have seen a couple of services that offer so called “One Click” hosting solutions for Loki Service Nodes. We thought it would be a good idea to flag these types of services and explain why current and future Service Node stakers should avoid them.

Let’s define the terminology.

One Click Node – Any node service that requires you to send them Loki to operate a node.

Service Node Pool – Node services where you retain full access to your funds but do not run the Service Node yourself.

Firstly, I want to explain some of the issues associated with “One Click Nodes.” It should be clear to most users that any service that requires you send them Loki directly should be treated with extreme caution. Loki has specifically designed a system so that you can stake for a node without your funds ever leaving your wallet. This is a case for both pooled and solo Service Nodes. 

It’s important that you understand that the process of staking will always involve the ‘register_service_node’ command being run in your wallet. Anyone trying to claim that to stake a node you need to send Loki to their address could possibly be scamming you. Even if the service is operating honestly, just by holding your Loki they make themselves a target to hackers who would seek to steal your funds, and the funds of other people. 

Although most Service Node stakers understand the risks of sending Loki to other parties, there are some more subtle risks that also apply to Service Node pooling.

Users who choose to forgo operating their own Service Node sacrifice network decentralisation. The more individuals we have running nodes from different jurisdictions, the more resistant the network is to attacks that target individuals or attacks that seek to gather the stakes of legitimate users.

The ideal case for the Loki Service Node network would be for each node to be a operated by a separate, disparate actor. Obviously, this does not reflect reality and we understand that there will be node operators seeking profit. However, it is important that we don’t let this get out of hand and allow a small number of node operators to control a large portion of the Loki Network without having to stake a large amount of Loki themselves. The Loki core team have introduced measures which require each pool operator to stake at least 25% of the node balance to prevent fully delegated stakes.

It’s also important to remember that running your own Service Node is going to be cheaper than using an operator who is going to charge a % fee which is taken in Loki. 

You might think that running your own Service Node is difficult – it may be easier than you think. Over the past few months, we have been making some significant improvements to make running a Service Node easier: 

  • Configuring Service Nodes to run as a system service by default (meaning improved reliability if your VPS shuts down)
  • Implementing infinite staking which means no more manual restaking and no more leaving a wallet open to autostake.
  • Improving RPC functionality for the loki daemon so that you can generate registration commands remotely

These improvements will be released over the coming months. Now is a better time than ever to get into the game and run your own Service Node instead of relying on someone else.

Loki’s Response to the Assistance and Access Bill 2018

As many of you may have been tracking, the Australian Parliament has been deliberating on a piece of legislation for the last couple of months called the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. This bill seeks to give Australian law enforcement and intelligence agencies powers to force tech companies and telcos operating in Australia to do any number of things. Here’s a partial list:

(a)  removing one or more forms of electronic protection that are or were applied by, or on behalf of, the provider; or

(b)  providing technical information; or

(c)  installing, maintaining, testing or using software or equipment; or

(d)  ensuring that information obtained in connection with the execution of a warrant or authorisation is given in a particular format; or

(f)  assisting with the testing, modification, development or maintenance of a technology or capability; or

(h)  modifying, or facilitating the modification of, any of the characteristics of a service provided by the designated communications provider; or

(j)  an act or thing done to conceal the fact that any thing has been done covertly in the performance of a function, or the exercise of a power, conferred by a law of the Commonwealth, a State or a Territory, so far as the function or power relates to:

(i)  enforcing the criminal law and laws imposing pecuniary penalties; or

(ii)  assisting the enforcement of the criminal laws in force in a foreign country; or

(iii)  the interests of Australia’s national security, the interests of Australia’s foreign relations or the interests of Australia’s national economic well-being.

Pretty scary stuff, huh? We thought so too. We’ve been tracking the progress of the bill and have been trying to analyse it to work out what the implications might be for software companies both inside and outside of Australia, and especially for Loki.

The Assistance and Access Bill 2018 (Shortened to AAA18 for the rest of the article) gives Australian agencies the ability to issue 3 types of notices to ‘communications service providers.’ The definition of ‘provider’ in the legislation is very broad. Pretty much anyone that provides any service or product that involves the internet could fall under its scope, and the notices that can be issued increase in scope and obligation, and are called Technical Assistance Requests (TARs), Technical Assistance Notices (TANs), and Technical Capability Notices (TCNs). The latter is a legally enforced instruction to create or modify features to give an agency a new technical capability. Although this notice must come from the Attorney General of Australia, the scope for new espionage tools to be created by this notice is extremely broad.

The scariest thing about this bill is the penalties given to providers who leak information about the investigation or notice, or refuse to comply with the notice. Jail sentences as long as 10 years could apply to a whistleblower, and given that these notices could be issued to companies and individuals that provide services to Australians, these notices could be issued to almost anyone around the world. With strong extradition treaties, this legislation could reach people across the nations of the Five Eyes Alliance (UK, US, AU, NZ, CA) and beyond. Some, myself included, strongly suspect that this is a coordinated effort by the Five Eyes alliance to gain access to the world’s most popular applications, as the UK recently pushed through an amendment to the already controversial Investigatory Powers Act of 2016, so that it is now quite closely aligned with this new Australian legislation. They even use similar terms, with the main similarity being the Technical Capability Notice.

Thankfully, AAA18 does explicitly state that these notices cannot be used to force a company to break its own encryption, introduce security flaws, or deliberately ignore existing flaws. It also explicitly says that these notices cannot be used to introduce a ‘systemic weakness’ into the product or service. There were a great many concerns about the definition of ‘systemic weakness’ being too vague in the legislation. The final amendment to the bill gave us the following definitions:

systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.

systemic weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.

target technology :

                    (a) for the purposes of this Part, a particular carriage service, so far as the service is used, or is likely to be used, (whether directly or indirectly) by a particular person, is a target technology that is connected with that person; and

                    (b) for the purposes of this Part, a particular electronic service, so far as the service is used, or is likely to be used, (whether directly or indirectly) by a particular person, is a target technology that is connected with that person; and

                    (c) for the purposes of this Part, particular software installed, or to be installed, on:

                             (i) a particular computer; or

                            (ii) a particular item of equipment;

                           used, or likely to be used, (whether directly or indirectly) by a particular person is a target technology that is connected with that person; and

                    (d) for the purposes of this Part, a particular update of software that has been installed on:

                             (i) a particular computer; or

                            (ii) a particular item of equipment;

                           used, or likely to be used, (whether directly or indirectly) by a particular person is a target technology that is connected with that person; and

                    (e) for the purposes of this Part, a particular item of customer equipment used, or likely to be used, (whether directly or indirectly) by a particular person is atarget technology that is connected with that person; and

                     (f) for the purposes of this Part, a particular data processing device used, or likely to be used, (whether directly or indirectly) by a particular person is a target technology that is connected with that person.

For the purposes of paragraphs (a), (b), (c), (d), (e) and (f), it is immaterial whether the person can be identified.

What this effectively means is that providers can not be forced to make changes to their products that negatively affect every user of that product. Instead, they can only be ordered to create the means by which they could selectively inject weaknesses or vulnerabilities into a specific product in use by a specific targeted person.

However, AAA18 gives the legislative authority for agencies to create and install monitoring tools and other intrusive mechanisms into all kinds of software and hardware. For this iteration of the bill, these tools can only be switched on and used to target crimes with minimum sentences of 3 years or more. However, there is nothing to say that won’t change and very little oversight is required by this bill. It is also extremely problematic that these tools will even exist in the first place. If they fall into the wrong hands, the effects will be devastating. The NSA in the US developed a range of surveillance techniques that were eventually leaked and used against American interests by criminals and foreign governments, and the same will likely happen here.

The introduction of AAA18 and its UK equivalent means that applications such as WhatsApp, Signal, Facebook Messenger, Gmail, and any other popular communications medium can silently turn into a monitoring device for ASIO, ASDS, AFP, GCHQ, MI5, and so on. The companies behind these products can’t utter a peep about these notices or their repercussions, or warn their users. They are even given protections to indemnify themselves against any civil cases caused by any later discovery of eroded privacy.

This bill does not require these companies to break the encryption of their systems, but there are plenty of other things these agencies could force companies to create and install, such as tools that would allow them to remotely pull information from a specific user’s device post-encryption, or gain access to these services’ servers where treasure troves of metadata could be harvested. Every ‘private’ messaging application out there could now be forced to send data back to intelligence agencies about who is communicating to who and when the communications are taking place. This isn’t hypothetical anymore – these powers are now law, and companies across the world can be compelled to follow them.

We will not know how widely these powers will be deployed until the first annual report is released. All it takes is one TCN for each of Facebook, Google, and WhatsApp, and the vast majority of private communications will be corruptible at the whim of the UK/Australian Intelligence and Law Enforcement community. The information that they can gather from this can easily be shared across the Five Eyes Alliance, effectively giving these tools to the governments of the whole English speaking world.

For advocates of digital privacy such as myself, this is a very concerning development. If anything, it only strengthens the need to shift the paradigm in communication tools so that they are decentralised, open source and private by default. If we succeed, laws such as these can’t dissolve our ability to collectively access private spaces online. I have said this before, but access to these online spaces is critical to a healthy 21st century democracy, and our governments are too quick to dismiss the need for widespread digital security.

How it will affect Loki

Obviously, we were terrified when we first saw this bill. The potential for the project to be entirely undermined by this legislation did not go unnoticed. We had begun to consider how we might set up failsafes to allow people to catch bad code being injected into our codebase, or to pay someone external to Loki to do regular inspections of our binaries that we release and ensure they are not leaking extra information or mismatching the codebase in some way.

If we were to be issued a TCN, we would not be able to tell anyone about it. If we set up some sort of canary system, we could be imprisoned. So whatever failsafe we did set up would have to be external to Loki, and would have to be regularly auditing us to make sure we haven’t been compromised before a TCN was issued.

We had also considered that we may have to leave Australia altogether. However, given the legislation allows them to target any company whether they are in Australia or not, and given most of the Loki team currently lives in Australia and has family here, this would be a very extreme and difficult move to make. None of us would ever be able to return home if we were issued a notice and refused to comply. We may have simply been extradited out of wherever we moved to anyway, so this option seemed extreme and ineffective. New amendments to the bill make this move unnecessary.

Our analysis of the bill and its proposed amendments lead us to the following conclusions:

  • With the addition of the amendment defining ‘systemic weakness,’ any modification to the Loki source code that gives authorities new capabilities would almost certainly be classed as a systemic weakness. Thus, we see it is a nearly impossible that we would be forced to implement any privacy degrading code into the software that we release to the public.
  • It is feasible that we may be forced to develop an alternative client software for authorities to use with additional data collecting features or something of the sort. Thankfully, given the network is regulated by Service Nodes, the authorities would still need to own 40%+ of the entire Service Node network to make this effective for widespread surveillance. Given our economic assumptions as outlined in our Cryptoeconomics proposal, this is likely to be prohibitively expensive for the government, particularly if the usage of Loki is so high that it is worth the government issuing a TCN in the first place.
  • As long as we are able to keep our code open source, we can guarantee that our code will always be auditable. As such, it may make sense to go over our existing licenses and convert them to GPLv3 to prevent closed source software derived from our implementation from appearing. We will require written permission from the copyright holders of the projects we have forked in order to achieve this.
  • As Loki is a decentralised system with extensive privacy protections, there is very little we as the Loki team can do to de-anonymise our users even if we wanted to. The extent of the information we might be able to provide to authorities are all known attacks such as DPI and traffic shape correlation, however we don’t have any additional information at hand than any other node operator on the network. This means that if we are issued a notice, we won’t be of much use to these agencies anyway.

The chances that Loki will eventually be issued a notice are fairly high, however such a notice would not result in compromising the privacy that our system provides.

The same can not be said of other communication platforms, where the service provider has central control over the data being transported. Your phone number is attached to your WhatsApp and Signal accounts, and all of the metadata that you create is now up for grabs. The case for a system like Loki has never been stronger. Only by decentralising the routing and storage of communications can it become truly private under this new legislation.

What you can do to stay private on the internet

With this new legislation, it is important to understand and be vigilant about our privacy on the internet. Wherever practical, using open source software is a good start to protecting one’s privacy. Open source software is much more trustworthy than closed source applications as the code is generally reviewed by people from all over the world. If any backdoors or questionable features are added to this software, alarm bells should be ringing shortly afterwards.

Whenever possible, you should also always build the open source software you are using from source. This will remove another layer of trust, as you’ll know the application you build is running exactly what is in the codebase you want to use. Nothing extra, nothing less. It is entirely feasible that modified versions of applications can put in place instead of the real ones if a notice compels a developer to do so. Reproducible builds help to mitigate against this, and this is something we are now striving towards, but it is your responsibility to check you didn’t get served a fake version of the application you want to use.

VPNs are a decent first step in protecting network privacy, but this legislation could severely undermine their utility. If the VPN you use is compelled to install monitoring systems in their service, you might just be handing your browsing and connection information straight over to the authorities and be none the wiser.

A better approach is to use some sort of mixnet. Tor is the obvious choice for the time being, but when Lokinet is launched, you should use it, as you’ll be able to use essentially any program you like straight out of the box (it’s both TCP and UDP friendly). You’ll enjoy low latency, and a dedicated network of incentivised nodes that you can reasonably trust to not be largely comprised of nodes run by surveillance agencies.

I hope this article has clarified the situation for you, and given you some insight to why decentralised privacy is so important. If you’d like to follow what we’re doing at Loki, head to https://loki.network

Simon

Simon-The-Easily-Forgotten-and-Seldom-Talked-About-Christmas-Leprechaun

There weren’t many famous leprechauns, but Simon was one of them. He was, on Christmas Eve, hanging out with his friend Lucky (another famous leprechaun). Every Christmas Eve, Lucky and Simon would eat, drink, and get into the festive spirit. Rescuing Christmas was Simon’s job, and he pulled it off flawlessly every year. Everyone forgets how pivotal Simon is to the Christmas process – maybe it is because he is seldom talked about. Alison, his mum, even forgets to get him a gift on his birthday. So Simon hangs out with the only friend he has who sometimes remembers him, Lucky. Only this time, their hang was different. Never before had lucky been so handsy- he was touching Simon a lot more than was usual.

“Why are you being so touchy?”

“All I’m doing is trying to show my friend some affection.”

Simon felt uncomfortable, so he decided to drive home as he needed to prepare for Santa’s arrival. To his surprise, his car would not work- did somebody mess with his engine?

Only a series of well thought out contemporary dance moves would save him from his current handsy predicament. He pranced and danced and jumped and jived. Immediately, Harriet the contemporary dance fairy appeared in front of him.

“Do you have a wish for me, young leprechaun?”

“Engineering knowledge of the motoring kind would be appreciated, my car doesn’t seem to work.”

Harriet did a small, contemporary dance number that Simon was sure would have been impressive if he understood its underlying message a little more.

“IGGIDY BIGGIDY BOOP!”

Simons car still did not start. Realisation hit that Harriet’s contemporary magical dancing powers were not working, and there was now a very solid chance Simon would not be at his house in time for Santa’s arrival. Everybody knows (but it is easily forgotten and seldom talked about) that Simon is needed on Santa’s Sleigh or the Christmas presents will not be delivered. Awkwardly Harriet exited the scene, and all seemed lost.

Luckily, Simon was at Lucky’s house and his residence was known to be the luckiest place on earth. It so happened that another magical deity appeared before Simon- Loki, the trickster god of the Norse.

“Do you need a hand?”

Enthusiastically, Simon nodded.

Now Loki well knew what the problem with Simon’s car was, but he’s a tricky little guy, the trickiest in fact.

“The problem is your engine’s fried.”

It was a surprisingly unlucky thing that was happening at Lucky’s house, Simon thought to himself.

“Tell me, what should I do?”

“You can use my car, it’s fast and it will get you to your house in time for Santa to pick you up.”

Fantastic news this was to Simon. Rolling around in Loki’s Rolls Royce didn’t seem like a bad option.

“Only thing is, if you’re going to use my Rolls Royce, I’m going to use your car to drive around in after I fix it.”

Mysterious was the way that Loki said it, but Simon didn’t have a problem with that. Perfect. Everyone was in agreement. Only a moment ago Simon was making wishes to dance gods, and now he was about to drive in a real Rolls Royce. Possibly the luckiest turn of events that could have eventuated. Lucky Simon. Ecstatically, he jumped into Loki’s car, but as soon as he closed the door behind him he was immediately teleported somewhere else!

“Where am I?”

He looked around and noticed that he was surrounded by thick, unforgiving jungle. Obviously he was far away from his home.

“Will I ever get home for Christmas?”

Everyone knows that Loki is a trickster, and boy, did Simon get tricked good. Relief swept over him as he remembered he still had the Rolls Royce. Even though there was no way that it would be driving anywhere through this jungle thicket, he still felt hopeful having a piece of civilisation close by. Lifting his head, he ventured forth into the jungle. Over vines. Over roots. Keeping a look out for dangerous jungle hazards like panthers and tribal hunters with poison darts. It might have been a lost cause, but it was better than doing nothing. Next to him he saw a little hut- maybe there would be someone he could get directions from. Gas was leaking out the top of the hut, but it was a very pleasant smelling gas. Totiki, the magical tribal woman, appeared from inside the hut.

“Oroboros alorobos!” Unsurprisingly she didn’t speak English.

“Santa needs me, can you help in any way?”

Every chance of saving Christmas was reliant on what Totiki did next. Totiki smoked from her magical smoking pipe, she laughed and did a handstand. Hope was lost and Simon sat down, put his head in his hands and wept.

“Is helping to Santa really what you want to do?” She spoke some English after all, it seemed.

“I need to or Christmas will be ruined, Santa needs me to help him deliver all the presents.”

“Not this Christmas, is that your job.”

Frustratingly, she sometimes talked backwards like Yoda. Orangutans howled from the trees as Simon faced this new truth. Ruining Christmas was not something he wanted any part of. Maybe there wasn’t anything he could do to stop it. And maybe this was meant to be, or predetermined in some way.

“That trickster god really got me good.”

Isolation was the only thing Simon could feel right now, but he was determined not to give up. Out of her mouth he snatched the magical smoking pipe. Next minute he was running through the jungle. All he could hear now were her angry cries coming from the hut. Gripping the pipe firmly between his fingers, he took a puff and wished with all his might that he would be back home and ready for Santa to visit. A swirl of smoke surrounded him, and whisked him up in the air and away.

“I’m flying, I’m flying home!”

Nothing besides smoke could be seen, all he knew was that he was travelling speedily through the air. Slowly, he began to decelerate and descend, his magical journey was coming to an end.

Touching his feet on the ground, the smoke cleared away and he realised he had arrived back at the hut with Totiki. Her beady little eyes watched him as she cackled out loud.

“I’m never getting home for Christmas.”

Maybe he never would.