Proofmode Integration #162
Comments
|
@n8fr8 handing to you since you mentioned other funding to support this |
johnhess
added
enhancement
|
Would like information on where proofmode integration w/ ios stands |
|
We have a library nearly ready that we can work with @tladesignz on how to integrate. We also have a greatly-updated version of the Android library (1.0.23+ release) that we should talk about using now in Save. Finally, we have a public ProofCheck tool that makes verification of proof bundles easier: |
|
Wonderful news! |
|
@n8fr8 seems like proofmode for android is still using a static password for the local key store. We would like to be able to pass a user or app generated string. I wonder if that's something that is already in your roadmap or maybe we should send a PR your way. |
|
I think we have that in our roadmap for the library - both allowing a developer to provide the password, and possibly the key, as well. https://gitlab.com/guardianproject/proofmode/proofmode-android/-/issues/16 |
|
@hiromipaw, please note, this is an issue of Save >iOS<. @n8fr8, can you ping me, when Proofmode iOS is ready? Thank you! |
|
@tladesignz apologies for the confusion, I should have specified, that my question was more about not having the same issue on iOS as well. |
|
Ok, so I checked out the current state of ProofMode iOS: The latest code can be found here: https://gitlab.com/guardianproject/proofmode/proofmode-ios/-/tree/main_npex I cannot currently build it, because I don't understand the build instructions. ("gomobile-iofs" does not exist. GoMobile is typically used the other way round, so I'm at a loss here. Anyway, not so important right now, I could find out.) It's currently not in a state of a reusable library. Instead, it's an app and the important files which would be needed are scattered around the project. Most important file seems to be this one: https://gitlab.com/guardianproject/proofmode/proofmode-ios/-/blob/main_npex/Proofmode/Proof.swift Anyway, this doesn't look like it's going to be in a usable shape any time soon. I estimate at least half a year. |
|
@tladesignz please join our ProofMode scrum tomorrow morning, and you can talk with n-pex and I about it directly. He has been beginning the work on the libProofMode library for iOS, and it may not all be in the places you expect. |
|
The current testflight release of the app itself (which is in a very usable state) is here: as linked to from here: https://proofmode.org/project/proofmode-ios |
…iles when detecting end of upload. Fixed Dropbox upload: Do one after another to not run into rate limiting.
|
Ok, so I have it working, mostly. Remaining issues:
Here's my code (proof data currently disabled): https://github.com/OpenArchive/Save-app-ios/blob/master/Save/Management/IaConduit.swift Here's the current Android code:
It doesn't make sense to send it to the server per asset. It always stays the same. The Android code doesn't seem to send it to the server, either. It might make sense to send it once per collection. However, that's going to be really ugly to implement, as there's no concept of a collection upload, only an asset upload. Checking, if the file is already there, per asset also seems ugly, but slightly better. @n8fr8, maybe you can clarify: what was the original idea of how the public key gets passed around? Just by exporting it and sending it via another channel? |
|
Yes, the original idea was that the user would just export and distribute their public key however they saw fit. They might even cross-sign it with a known public identity, or add it to keybase or some other system like that. We should still give them that freedom. With the current ProofMode official apps, we generate a proof bundle zip file that has all the various proofmode generated files (csv, json, asc, optional 3rd party notary data, public signing key). The proof zip also contains the photo or video. This is meant as a full self-contained atomic bundle of media+proof+identity that can be shared through messaging apps, sneakernet'd over bluetooth or airdrop, or posted to IPFS, etc. This proof zip bundle is also what the ProofCheck tool https://proofcheck.gpfs.link/ and underlying scripts expect for easy verification. Of course, manual verificatino of proof is always possible, as documented here: https://proofmode.org/verify YES, we include the public key in every proof zip bundle, because again, we want this to be self-contained, and also there is still no good, open, reliable openpgp public key server, and proofmode itself does not have any centralized infrastructure for identity. It is also a tiny bit of data, so it really doesn't matter from a bandwidth or processing perspective. What I would like to see is a proof zip generated with the pubkey.asc, but without the media file in it. It would be uploaded along side the media file. We are enhancing the ProofCheck tool so that you can easily add both the proof zip and corresponding media file to do the verification easily. If this all seems too much and not compatible with what you've implemented, then fine, feel free to put the user's proofmode public key where you want in your collection metadata. It doesn't matter to us ultimately, as long as it exists somewhere for use in manual verification as needed down the road. |
… continuously overwritten in collection. Unclear, if this is cheaper or if existence check would be.
|
Ok, so added public key export and upload. Internet Archive still not working. No idea, why. It takes the first file which finishes, and seems to ignore the rest. And I don't really understand the difference to the Android code, besides, that the Android version actually creates 2 items: The actual asset, and another item for all the metadata. |
did this get resolved?
Isn't the primary value of Proofmode that it captures relevant sensor data at the time of media capture, not after? Our users need it to work this way to capture cell tower data + barometric + etc. etc. to corroborate exif data. We need to make sure this is clear to users as well - perhaps with a popup saying: "Proofmode is most effective when you capture your media in-app." or something similiar.
We would want to ensure it does, and also bring back in-app capture to best utilize Proofmode. Will make an android issue. |
We need to figure this out...let us know how we can help |
|
I think it's super-ugly to create another asset on the Internet Archive, which is actually just the ProofMode metadata of another one. This definitely should go into the container, each asset gets on the Internet Archive anyway. You would need to clarify with IA, how and if that is possible. On the other hand, I think with ProofMode and the new C2PA stuff, there's going to be metadata attached directly to the content file. (Although, that's never going to be true for every file format.) That would need to be clarified with @n8fr8. |
|
I think this requires a call. I agree, the new integration with C2PA does offer a way forward here that fits more cleanly within the existing Save model. |
|
Ok let's set up a call @n8fr8 @tladesignz to discuss this and a few other issues asap, I will coordinate! |
What needs to be done for us to do this?
The text was updated successfully, but these errors were encountered: