💾 Archived View for tilde.town › ~tickletickle › blog › 2022-03-06.gmi captured on 2024-06-16 at 12:35:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-08)

-=-=-=-=-=-=-

Resuming fantasies

2022-03-06

I am still thinking about building a BBS-style alternate internet. The client

fetches lua scripts over https and executes them. Server-side is just regular

https.

A basic API allows the script to display monospace colorized characters

in a terminal-like interface. Being a client, this raises concerns about

security and privacy.

There are two ways of making network requests:

1) load a script or data from the same server and use it within the current script;

2) load a script from a different server and execute it after terminating the current script.

This precludes involving a third party to interfere with a site, disallowing a

range of tracking practices. But the server can communicate with third parties

to fetch data or functionnality.

Also, for preventing tracking from the same server, the idea is to have no

client side storage (no cache, no cookies and the likes) and a well-defined

stable API which doesn't leak user information (all measurable information is

as uniform as possible).

The goal is that the ip address is the only thing that the server knows. This is hard

to achieve. Here are a few potential identity leaks:

- mouse resolution (count events before reaching new integral coordinate)

- keyboard layout (compare text and keys recieved in events)

- timer resolution / cpu speed (number of computations between two drawn frames)

- lua version (fix to a given major version and do not expose VERSION)

Security-wise it is also difficult to achieve. Lua scripts shall be isolated in

a minimal sandboxed environment. Here are a few attacks that may be performed:

- infinite loop (enforce a timeout with lua debug features)

- error() in c-call (use error checking calls qcall)

- chained navigation (forbid navigation outside of event related to user

intent, or track navigate loops)

- use of system calls (blacklist most of standard library)

- out-of-memory (use custom allocator with fixed memory)

- simulate ui such as errors (use different font or location for ui)

- state serialization (make it transient)

I am implementing some of this stuff. It's hard and makes you understand web

browser developers.