2022-03-06
I am still thinking about building a BBS-style alternate internet. The client
fetches lua scripts over https and executes them. Server-side is just regular
https.
A basic API allows the script to display monospace colorized characters
in a terminal-like interface. Being a client, this raises concerns about
security and privacy.
There are two ways of making network requests:
1) load a script or data from the same server and use it within the current script;
2) load a script from a different server and execute it after terminating the current script.
This precludes involving a third party to interfere with a site, disallowing a
range of tracking practices. But the server can communicate with third parties
to fetch data or functionnality.
Also, for preventing tracking from the same server, the idea is to have no
client side storage (no cache, no cookies and the likes) and a well-defined
stable API which doesn't leak user information (all measurable information is
as uniform as possible).
The goal is that the ip address is the only thing that the server knows. This is hard
to achieve. Here are a few potential identity leaks:
- mouse resolution (count events before reaching new integral coordinate)
- keyboard layout (compare text and keys recieved in events)
- timer resolution / cpu speed (number of computations between two drawn frames)
- lua version (fix to a given major version and do not expose VERSION)
Security-wise it is also difficult to achieve. Lua scripts shall be isolated in
a minimal sandboxed environment. Here are a few attacks that may be performed:
- infinite loop (enforce a timeout with lua debug features)
- error() in c-call (use error checking calls qcall)
- chained navigation (forbid navigation outside of event related to user
intent, or track navigate loops)
- use of system calls (blacklist most of standard library)
- out-of-memory (use custom allocator with fixed memory)
- simulate ui such as errors (use different font or location for ui)
- state serialization (make it transient)
I am implementing some of this stuff. It's hard and makes you understand web
browser developers.