Social Profile
Exchange Protocol

A Specification defining how independent clients and servers can exchange information about social profiles, focusing on privacy, security and individual sovereignty.

HOW  

Simple JSON files, referenced by a Profile URI:

curl https://example.com/spxp/alice

                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com"
                                }
                            

Profiles are identified by a unique Profile Key:


                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com",
                                  "publicKey" : {
                                    "kid" : "C8xSIBPKRTcXxFix",
                                    "kty" : "OKP",
                                    "crv" : "Ed25519",
                                    "x" : "skpRppgAopeYo9MWRdExl26rGA_z701tMoiuJ-jIjU8"
                                  }
                                }
                            

Authenticated by Digital Signatures:


                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com",
                                  "publicKey" : {
                                    "kid" : "C8xSIBPKRTcXxFix",
                                    "kty" : "OKP",
                                    "crv" : "Ed25519",
                                    "x" : "skpRppgAopeYo9MWRdExl26rGA_z701tMoiuJ-jIjU8"
                                  },
                                  "signature" : {
                                    "key" : "C8xSIBPKRTcXxFix",
                                    "sig" : "WnRIWY8eoU5qPzWlgYjaT_j5x1MnQKpS2vD-8sC2ScnqEldHcLDnIEwRz1fOkGklq1ojNB4D2tRJVbEBrFB3AA"
                                  }
                                }
                            

Can verifyably reference other profiles:


                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com",
                                  "hometown" : {
                                    "uri" : "https://example.com/spxp/emerald.city",
                                    "publicKey" : {
                                      "kid" : "DJlPdI5nMAYjDevc",
                                      "kty" : "OKP",
                                      "crv" : "Ed25519",
                                      "x" : "1B7B4OpoRBA6UvtewqF9cb_P1PiXVpc4f1THHfkzLmY"
                                    }
                                  },
                                  "publicKey" : {
                                    "kid" : "C8xSIBPKRTcXxFix",
                                    "kty" : "OKP",
                                    "crv" : "Ed25519",
                                    "x" : "skpRppgAopeYo9MWRdExl26rGA_z701tMoiuJ-jIjU8"
                                  },
                                  "signature" : {
                                    "key" : "C8xSIBPKRTcXxFix",
                                    "sig" : "WnRIWY8eoU5qPzWlgYjaT_j5x1MnQKpS2vD-8sC2ScnqEldHcLDnIEwRz1fOkGklq1ojNB4D2tRJVbEBrFB3AA"
                                  }
                                }
                            

Privacy by JWE based encryption:


                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com",
                                  "hometown" : {
                                    "uri" : "https://example.com/spxp/emerald.city",
                                    "publicKey" : {
                                      "kid" : "DJlPdI5nMAYjDevc",
                                      "kty" : "OKP",
                                      "crv" : "Ed25519",
                                      "x" : "1B7B4OpoRBA6UvtewqF9cb_P1PiXVpc4f1THHfkzLmY"
                                    }
                                  },
                                  "publicKey" : {
                                    "kid" : "C8xSIBPKRTcXxFix",
                                    "kty" : "OKP",
                                    "crv" : "Ed25519",
                                    "x" : "skpRppgAopeYo9MWRdExl26rGA_z701tMoiuJ-jIjU8"
                                  },
                                  "private" : [
                                      "eyJraWQiOiJBQkNELjEyMzQiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..SfT0skkIjzru5ylj.eDnedk0RIWIk6m6YQwwwzeZg7q1GH87HW5wUqKJcWRCNZHgI5hCUmDATDzW_eeUsQp8mkkQ4fpqlrBmX5lwv3vsdmgL4r-18GVhxGhbq6GxtbR8YE2MPTxJUZ3D56QHld8ZkOV5pOu7h5BhO9f2zKNEB2j0xbNEqgr259_T983VEoqqp0Rrze1qgmshMQLkZsUrbHsnDaPsp28bhRb_zMInvhBNfa6M.zYtiVMmo-TC_BhJDGPwoHA"
                                  ],
                                  "signature" : {
                                    "key" : "C8xSIBPKRTcXxFix",
                                    "sig" : "WnRIWY8eoU5qPzWlgYjaT_j5x1MnQKpS2vD-8sC2ScnqEldHcLDnIEwRz1fOkGklq1ojNB4D2tRJVbEBrFB3AA"
                                  }
                                }
                            

Extra data provided by additional endpoints:


                                {
                                  "ver" : "0.3",
                                  "name" : "Crypto Alice",
                                  "shortInfo" : "I love cryptography.",
                                  "gender" : "female",
                                  "email" : "cryptoalice@example.com",
                                  "hometown" : {
                                    "uri" : "https://example.com/spxp/emerald.city",
                                    "publicKey" : {
                                      "kid" : "DJlPdI5nMAYjDevc",
                                      "kty" : "OKP",
                                      "crv" : "Ed25519",
                                      "x" : "1B7B4OpoRBA6UvtewqF9cb_P1PiXVpc4f1THHfkzLmY"
                                    }
                                  },
                                  "publicKey" : {
                                    "kid" : "C8xSIBPKRTcXxFix",
                                    "kty" : "OKP",
                                    "crv" : "Ed25519",
                                    "x" : "skpRppgAopeYo9MWRdExl26rGA_z701tMoiuJ-jIjU8"
                                  },
                                  "private" : [
                                      "eyJraWQiOiJBQkNELjEyMzQiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiZGlyIn0..SfT0skkIjzru5ylj.eDnedk0RIWIk6m6YQwwwzeZg7q1GH87HW5wUqKJcWRCNZHgI5hCUmDATDzW_eeUsQp8mkkQ4fpqlrBmX5lwv3vsdmgL4r-18GVhxGhbq6GxtbR8YE2MPTxJUZ3D56QHld8ZkOV5pOu7h5BhO9f2zKNEB2j0xbNEqgr259_T983VEoqqp0Rrze1qgmshMQLkZsUrbHsnDaPsp28bhRb_zMInvhBNfa6M.zYtiVMmo-TC_BhJDGPwoHA"
                                  ],
                                  "friendsEndpoint" : "friends/alice",
                                  "postsEndpoint" : "posts?profile=alice",
                                  "signature" : {
                                    "key" : "C8xSIBPKRTcXxFix",
                                    "sig" : "WnRIWY8eoU5qPzWlgYjaT_j5x1MnQKpS2vD-8sC2ScnqEldHcLDnIEwRz1fOkGklq1ojNB4D2tRJVbEBrFB3AA"
                                  }
                                }
                            

Time series of posts:

curl https://example.com/spxp/posts?profile=alice

                                {
                                  "data" : [
                                      {
                                        "seqts" : "2018-09-17T14:04:27.373",
                                        "createts" : "2018-09-16T12:23:18.751",
                                        "type" : "text",
                                        "message" : "Hello, world!",
                                        "signature" : {
                                          "key" : "C8xSIBPKRTcXxFix",
                                          "sig" : "bDOgcT4uxTKYMTuOJXDbAPc1UA2p-aGdxwplUWNStzyDRIRPu9UxaTU1IoZ1ELjBY5iRf4FEBPV09Uw9TOYuCA"
                                        }
                                      }, {
                                        "seqts" : "2018-09-15T12:35:47.735",
                                        "type" : "web",
                                        "message" : "Interesting read...",
                                        "link" : "https://example.com",
                                        "signature" : {
                                          "key" : "C8xSIBPKRTcXxFix",
                                          "sig" : "skQBzttDURV-N4kqK9fgyWw4Ddixsmld4nnilC_XUqSZhXfeNfw_4PrIlLwaFdHDTO-au4iaZM64oSWLP-z0BA"
                                        }
                                      }
                                    ],
                                    "more" : true
                                }
                            

Clients follow profiles and present data based on user preferences:

Based on rock-solid standards:

  • HTTP (RFC7230 family)
  • JSON (RFC7519)
  • JWE (RFC7516)
  • JWK (RFC7517)
  • Curve 25519 (RFC7748, RFC8032, RFC8037)
  WHY  

Freedom

  • Freed timeline (no "algorithm" or "bubble")
  • Any webserver can host profiles
  • Fosters client/server ecosystem
  • Choose your app to see profiles

Privacy

  • Own your content & data
  • Define who sees what
  • Private posts end-to-end encrypted
  • Metadata of private posts encrypted!

Transparency

  • Open source (Apache license)
  • Welcomes participation
  • Easy to learn and get started
  • Proven internet security standards

Own "the algorithm"

SPXP has the potential to make a real difference when it comes to "the algorithm". It's the mechanism that suggests content to you and usually tries to make you stay inside a social network for as long as possible. The reasoning is simple: the longer you stay, the more ads you see. To achieve this goal today's "algorithms" tend to show you more and more content similar to what caught your attention in the past. The resulting effect is often that views and believes you already had are amplified as it's getting harder to view differing opinions. Many refer to this as a "bubble" that's surrounding you and distorting your perception of the outside world.
The good news is, with SPXP, there is no "one algorithm". Instead, we're convinced there's going to be a wide variety of clients (apps) that differ - amongst other things - in the way they suggest content to you. Imagine clients that allow you to adjust the parameters of content suggestion. Or if you cannot find a client that suits your needs, go ahead and write your own!

Privacy

The makers of SPXP believe that privacy is a fundamental human right and the protocol was designed from the ground up to provide end-to-end encryption for all of its aspects. Consequently, if you choose to, every piece of information that's either on storage or in transition through an SPXP server remains completely unreadable for the server as well as third parties.

Strong End-to-end cryptography

Under the hood, SPXP uses an asymmetric keypair to protect your profile. When you create a new profile on your mobile phone, the private key is automatically stored there. However, it is important to understand that your profile's integrity is bound to you (and noone else) posessing its private key. With this respect, an SPXP profile is very similar to a Bitcoin address. So make sure you store your private key in a secure place!

Open Source - Apache Licensed

SPXP is developed in the open on GitHub. Everybody can see its source code and we welcome participation very much. Do you like to tinker around and manually create your own profile or do you have an improvement suggestion? Head over to GitHub and check out our organization.

It's a protocol, not a server!

The network topology of the big social networks of our time typically looks like a star - one big service provider talks to many many clients (e.g. mobile phones). SPXP couldn't be more different. It's a protocol that defines how servers and clients can talk to each other in a way that the resulting communication depicts what we commonly know as a social network. With this regards, it's topoligy is much more similar to a mesh (like the WWW).

Choose your client (and host)!

Because it's a protocol, there's not the one internet address you need to go to or the one app you need to use. Instead, if you're interested and have some technical skills, you can host profiles yourself or write your own app to view them. This allows for a wide variety of offerings and business models.

Currently, the following solutions are nown to implement the SPXP protocol: