Frequently Asked Questions


How do I ask a question that is not included here?

Post to the Peerscape Users discussion group at Google Groups.

Why Peerscape? How is it different/better?

There are various reasons you might want to use a peer-to-peer system instead of a service offered through a web site:

  • You might not want to enter into a relationship with a commercial service provider.
  • You might not want to have to understand and abide by restrictive Terms of Use insofar as they extend beyond forbidding illegal activities.

In terms of functionality, Peerscape is a fairly ordinary social network supporting communication and sharing of content among friends. It is interesting mainly as a research prototype exploring a number of underlying technology ideas:

  • Allowing people to maintain control over the data in an information cloud through cryptographic means instead of by controlling the computers on which the data is hosted.
  • Creating a scalable and responsive peer-to-peer network based on data replication instead of relaying of queries in an unstructured overlay or a distributed hash table.
  • Using the browser's same-origin policy to safely allow third-party AJAX applications to modify Peerscape data using the credentials of the user. We seek a deeper understanding of sandboxing of Rich Internet Applications as an alternative to asking the user to decide when to install and when to decline to install software.

How much privacy do I have when I use Peerscape?

The name and picture that you choose for your profile are public, as is the status text that you enter. Other personal information that you add to the profile is restricted to your friends unless you specifically mark it as public.

The entire social graph is public and crawlable. In particular, your friendships and memberships are publicly visible. Even if you hide the link referring to a group on your personal profile, the full membership list of the group will continue to be available in the group profile.

On the other hand, your content (e.g., a photo album) is restricted to your friends unless you specifically mark it as public. Group content is similarly restricted to the group members. The content is not encrypted; rather, distribution is limited to the computers of the people authorized to view it. Distribution of a content dataset is controlled in turn by controlling the distribution of the dataset ID (40 hexadecimal digits). Anybody in possession of that ID can effectively make the dataset publicly available by publishing the ID.

In general, the mechanisms for restricting information to friends or to group members are only intended to provide loose controls as an alternative to making the information available to total strangers (which many people do on the web for the sake of convenience). Because the access keys are effectively included in a friendship/membership invitation, anybody in possession of an invitation has access to the restricted information, at least in principle. This includes former friends/members, as well as people who have received invitations without accepting them.

Restricted content is stored and transmitted without encryption. It is thus available to any party capable of eavesdropping on the network or obtaining access to your hard drive. Secret keys (including non-public dataset IDs) are never transmitted over the network as cleartext.

Authoring is not anonymous. Everything you write (e.g., a comment in some content dataset of another person or a group) is linked to your profile.

Peerscape utilizes the OpenLookup service. The operator of an OpenLookup server has opportunities to gather information about client requests, including IP addresses and timestamps, as with any other web server. The current version of the OpenLookup software (version 2.2) logs the IP address and timestamp for the first request that it sees from each particular IP address.

It is possible to get information about the nodes that are currently on-line by querying OpenLookup for advertisements for well-known datasets. One such dataset is the Peerscape Users list, where the software automatically maintains an entry (ID and name) for each personal profile.


How does it work?

See the Architectural Overview on the wiki.

Are there really no servers?

Peerscape relies on the OpenLookup service to find other computers that have copies of the same data, and to store the encrypted information referred to by invitation codes and recovery codes.

Why is the social graph public and crawlable?

Say you were to publish a photo album such that only your friends can add comments but anybody at all can view the album, including the comments. What prevents strangers from adding comments is that every computer checks each update to the data to confirm that the person signing it is one of your friends.

To take another example, the public information on a group profile can be edited by any of the group admins. Everybody's software needs to know which RSA keys are authorized to sign updates to this information.

This use of friendships and memberships to authorize signing makes it difficult to control the visibility of the social network. Actually, an earlier version of the system did just that by generating many different RSA key pairs for each person, but the software was harder to understand, and so we switched to the current approach where each RSA public key maps directly to a personal profile.

How can I get involved?

Peerscape applications, such as the Wall and Photo Album, are simply AJAX applications served out of virtual web sites in the Peerscape information cloud. Anybody at all can create and deploy new applications. If you are an expert AJAX developer interested in doing that, we would be happy to offer advice and answer questions.


Do I need to configure my firewall?

For Peerscape to work properly, it will have to be able to establish outbound connnections to port 5851 for the OpenLookup service, as well as outbound sync connections, typically to port 35800.

If your machine has a public IP address, you should ideally arrange for inbound connections to be allowed to port 35800.  Peerscape may nevertheless be able to make outbound sync connections to peers that have the data of interest.  If your machine is behind NAT and has a private IP address, you can set up TCP port forwarding from your NAT box if you wish, but do not translate the port number—i.e., forward port 35800 to 35800.

How do I uninstall the software?

To disable or uninstall Peerscape, go to Add-ons in Firefox's Tools menu, and choose the Extensions subpanel.

If you only wish to temporarily deactivate Peerscape, simply quit and restart Firefox. Peerscape will not reactivate until you click on the Peerscape icon in the Firefox status bar or access a Peerscape URL of the form

Peerscape's database is located in .peerscape in your home directory [explain where that is in Windows]. However, because the database also contains the keys to your Peerscape identity and profile, we urge you not to delete it if you have established friendships or group memberships. Otherwise, people will have to sort out the "old you" and the "new you" if you return to Peerscape at a later date.

Using Peerscape

How do I join a group?

Contact some member of the group and ask them to e-mail you a membership invitation.