Metamorphic (Early Access) is using Elixir

Hi everyone :wave:

Posting here to showcase and announce that Metamorphic is now officially live on a public-facing domain at https://metamorphic.app.

Metamorphic is a privacy-focused alternative to the social networking (media) landscape. And it’s no clone, with fundamentally different behaviors and features, so it may feel strange at first (though the ideas and concepts should all feel pretty familiar).

I tend to just sum it up by saying that it’s a better way to connect and share online with the people in your life (no bias here).

It’s built with Elixir and Phoenix (lots of Live View) and it’s just me working on it! Some of the tooling includes:

  • phx_gen_auth
  • ecto
  • cloak_ecto
  • ets
  • enacl/libsodium
  • GenServer
  • nimble_totp
  • zxcvbn
  • bamboo
  • live view
  • tailwind
  • alpinejs
  • stripity_stripe
  • stun

The site is now ready to take sign ups for our upcoming Early Access Launch, this was a big push for me to get out before my family and I leave tomorrow to move from coast-to-coast.

You can easily click through to see other portions of the service and get sense of what’s in store for Metamorphic (I’ve disguised the feature images for now until the Early Access launch gets closer).

Here’s also a list of urls to quickly learn more:

Becoming a parent was the inspiration behind Metamorphic, as it totally changed my life and made me start to pay attention to things I had chosen to ignore before and focus on trying to create the kind of world I would want and hope for my family.

No plans to ever sell or spin-off Metamorphic, I’m in it for long-haul. Some inspiring small software businesses that are examples of success not trying to run the typical startup route are Transistor.fm, Fathom Analytics, and DuckDuckGo (though DDG is pretty “big” to me :blush:).

Big thanks to the Elixir community, I really never imagined I could have made something like this (or be making it) a year ago. The PETAL stack has definitely made development possible for me as I work on this in my spare full-time (“full-time” worked around being a primary caregiver).

In addition to the tooling, the Elixir community is such a super power for development, so thank you to everyone (including all the books from authors)!

Check it out, let me know what you think, and sign up to get on the Early Access list if you’re interested!

I hope you join me on this journey to a better online life.

-Mark

13 Likes

Thanks so much for your post and inspiring backstory. Also have been considering elixir and PETAL for some personal projects. To know that the stack and supportive community has helped you make your dream into a reality - and mostly as a one man team - is just…wow. an inspiration for myself to stop dabbing around and get going on making my own dream project a reality.

1 Like

Thank you, that’s so awesome to hear. I don’t know if it helps you, but things that have helped me, and continue to, are:

Wishing you the best and excited to see what you make!

1 Like

@shad Before the question: you worked with Sea Shepard? I think that’s so awesome. I just watched the documentary not too long ago on the founder. So many questions but so impressed you went out and did it.

Great question. It’s probably not clear because I haven’t yet put a section up explaining how it all works. So sorry about that and I’ve add that to my to do list. It’s just me making it all and my little one isn’t yet in daycare, so I work in nap breaks and after bed time if I’m not too exhausted (translation: takes me a longer than I’d like to check things off my list).

To answer: currently your data like images (for memories, avatars, other features) are hosted with Amazon S3.

I wasn’t stoked about this as there could well be a future where I’m paying them a significant amount of money, but it currently was within my ability to get it up and working.

I’ve looked at decentralized options like Storj, and I’m considering transition to Storj in the future (it has an S3 adapter — part of my reason for S3 was that I can more easily move services). When you sign in to your session and pull your images down from S3, they’re stored temporarily in ETS until you log out, then they’re cleared (currently that’s how the temp ETS is working).

Other non-object data like name, email, stripe_id, pseudonym, etc is stored with our hosting provider which is currently Render.

Oh! Just remembered: also when you delete your data, like a memory let’s say, the encrypted blob is also deleted from S3.

On Amazon
Now, S3 claims that they don’t do anything with the data in your buckets. I’ve read their policies a couple times and it actually sounds like that’s the case (I choose to not actually trust them—so what’s hosted is the asymmetrically encrypted object blob—even the file name, just not the extension—cause that made it much harder for how i then decrypt and show you the image temporarily in the browser without storing anything other than the decrypted binary temporarily on ets).

However, I do presume that their AI systems are involved in similar practices to scan public (and possibly private) images to train and build up their image recognition training sets. I presume this because that’s standard industry practice for the economic model.

So that’s when I realized I had to asymmetrically encrypt (with your password-derived key) because I didn’t want to “trust” that they wouldn’t do that with peoples data.

This also allows me to keep the buckets public but restricted with their CORS policy etc—which allows the frequent and hard to predict pulling of images for people (although as I write I realize I think I can update this now again to be private with presigned urls because the binary now gets stored in ets)—because the data is totally encrypted with the NaCl/libsodium libraries that the authors suggest not even the NSA can break (again all i can do is use my judgement and then decide to trust or not—I decided to trust them because they made a note on how NIST recommends algorithms and bit sizes that are strong for everyone but the NSA, hence 256 over 512 for SHA, which was my hunch, so that helped me feel like the library had similar hunches and I could count on it—it’s also recommended by the Practical Security book on prag prog). But you can forever go down the rabbit hole on wondering.

I encourage anyone to test and see if they can pull down any encrypted blobs from Metamorphics buckets (staging or otherwise and verify that the encrypted data is useless). Ive searched for them on grayhatwarfare but they don’t show up (although I don’t have a premium account so that may be why). They are currently named like: metamorphic-memories, metamorphic-avatars, and (I think) staging-metamorphic-memories (on my phone) etc.

On Render
The founder of Render comes from Stripe. And I felt Stripe is probably the most trustworthy with your data in the payments space. That inclined me to believe that @anuragg would bring similar if not better data and privacy practices. Again, I just have to trust at this point.

They also have temporary logging by default of only 7 days, which made me, again, feel that they had a similar respect for operational functionality and people’s data. And they encrypt their databases, use tls 1.3/1.2, I believe, when it’s supported.

However, I take a similar step as with Amazon and asymmetrically encrypt that data too before it hits the database with them (then I use amazon’s own symmetric encryption to encrypt that blob at rest).

Additionally with Render, the asymmetric encrypted data is then symmetrically encrypted by me with the Cloak/cloak_ecto library and I don’t store any logs outside of Render’s temp 7 day logs. Also, the logs are the base server error/warning logs.

Symmetric not asymmetric
Things not asymmetrically encrypted include the stripe_id. I added a section to the privacy policy on how a government may be able to get metadata by court ordering stripe and metamorphic’s databases (https://metamorphic.com/privacy), but it’s pretty trivial. Metamorphic is about protecting you and your data from surveillance capitalism and those AI systems, rather than making you 100% invisible/anonymous. It’s probably possible to do on Metamorphic but I don’t offer any guidance for that cause it’s next to impossible in the digital space.

Not encrypted
Things not encrypted explicitly by me but by my hosting provider only, are things like Boolean data that indicates really nothing sensitive or personal at all.

Okay this is probably straying off topic, sorry!

3 Likes

@kokolegorille Feel free to split this part of the conversation to another topic (or even better if possible, into the Metamorphic post) before we derail it completely :stuck_out_tongue_winking_eye:.

Yep, member of Sea Shepherd for like a decade now. Participated in various “missions” across the globe, and still do (the pandemic did make a slight dent in my plans for a few months, but back on track now). It’s been part of my life (an early decision in my life choices allowing me to be as “free” as possible, allowing me to do this).

Congratulations on the little one are in order then! I’m also a one-man shop, so to some extent, i perfectly understand the situation and i don’t have someone to take care of, so i can only imagine how much more tiring it must be at times (or all the time :thinking:).

It’s quite interesting to see how much thought you’ve put into this. And as you said, it’s not about going anonymous (a social network based on pictures and things like that are like a contradiction with it anyway…), but more like “that’s my data, and if i don’t want you to see or use it in any way, that’s it, end of the discussion”. Having said that, too many lines have been crossed by large U.S based cloud tech companies (emphasis on large), to the point where i now actively avoid them entirely. This isn’t really specific to U.S based services, but ever stronger privacy laws over here in the E.U has made our alternative a lot more compliant with that idea, ending up with people like me going for the alternative without even considering companies from the U.S (or any place outside the E.U) (note: this isn’t a push towards using E.U based cloud companies, i’d prefer being able to choose what i want, based on what i need, and the costs being aligned with my budget, without having to consider privacy stuff).

I’d say that encrypting everything before it even gets in their hands might provide the “you might be able to break into, but it’s going to be so costly and resource intensive that it’s going to make you question the point of even attempting it”. I’m rather unfamiliar with Stripe (in the sense, i don’t use it in any projects), i use PayPlug, so i can’t speak on that, but Render privacy terms clearly states “please note that your personal information may be transferred to a country and jurisdiction that does not have the same data protection laws as your jurisdiction”. I’m guessing you are taking action to ensure no personal data gets into the logs, but still (they have very little GDPR wise, making me wonder if they are even compliant with it…).

I had never heard of Storj before, so thanks for that, will keep an eye on it.

Just to be clear, so my answer doesn’t come across as too strong, i find what you’re attempting to do commendable, impressive and important. Far too few people (sometimes even in our line of work, sadly) are aware of how important this is. And at the end of the day, nothing is perfect, what you’ve already achieved is imho multiple order of magnitude better than what we had before (plus, you’re using Elixir, that’s one more point :blush:), and over time, you’ll get to make it even better (hopefully, with help from your future employees :stuck_out_tongue_winking_eye:). It’s just rather murky water to deal with privacy in the digital space, and considering the amount of money involved, unlikely to get clearer unless people like you make it so.

1 Like

Moved the last 2 posts to the Metamorphic topic, as requested

2 Likes

That’s so awesome, thanks for your work and commitment to causes like this!

Thank you. :blush:

Thank you for your detailed questions and interest. I’m so happy to respond to your thoughts and concerns, and I think I can address them all :blush:.

That’s my data
Yes, by asymmetrically encrypting your data on Metamorphic, I ensure that Metamorphic nor anyone but the person logging in each session with their correct password can decrypt their data and thus use it. In this case, using the data means on Metamorphic’s service to share with the people you choose to share with.

I also have an awesome future idea for how people can utilize the fact that they truly own their data on Metamorphic, to pay for the cost of their accounts even (and maybe make money) depending on the success of the service and if they choose to. But, I’m not saying more on this one yet, but it would still preserve and respect their privacy to some degree (though obviously less of a degree than before if participating it). It’s not set in stone, there’s a lot I have to think futher about and figure out, but I think there’s interesting options here to make the service more affordable for people and actually make their data work for them rather than against them. We’ll see.

I should note that I won’t do anything that I feel actually removes all or any of the protections I’ve worked so hard to put into place. It’s more that I’m just aware that some people may not be able to afford Metamorphic and I’m also trying to find ways to make it work both ways. :blush:

US Big Tech
I’m changing the name of the cloud tech companies here, because it’s really essentially a conversation about the giant surveillance capitalists (Google, Facebook, Amazon, now Microsoft, possibly Apple (but they’re so private we don’t have the same level of evidence at this point)).

It’s hard to find anything in tech that’s not supported directly or indirectly by these players. In fact, almost all of the undersea cables are run by them (so your data is going through their infrastructure regardless). And along the way it’s being siphoned by the spy agencies (typically at the access points) either with direct or indirect cooperation by these same companies.

This is why strong encryption is so important (and maybe why Facebook is trying to find ways to work with encrypted data in their pipelines – this may be more marketing hype than reality but I don’t know any more yet about that). As Bruce Schneier wrote, encryption keeps you safe.

I need to also be fair to Big Tech, they contribute a lot of good things to. And lots of amazing and gifted people work for these companies. And it’s hard to not have to rely on them in some way or another. However, we could reorganize the private-public arrangement around technology and have a probably far more equitable and advanced space (but this is an entirely different discussion :blush:).

On Encryption
If you read Glen Greenwald’s book on the Snowden disclosures, you’ll see that even simple configuration changes can make the difference between whether or not the NSA can successfully get your data. That seems aligned with the nature of tech, if your program is designed for certain things and the data doesn’t match up then your program tends to not work as expected.

This suggests to me me that strong encryption really does provide some solid cover for both your privacy and your data. We use the NaCl/libsodium library for the asymmetric encryption because it needs to be as airtight as possible and that library is as good as it gets (as far as I know at this point), and makes it possible for me to utilize such strong encryption safely with such limited resources.

Yes, security is really all about the tradeoffs of time and money.

On the GDPR
This law is so important (as is the California law, Illinois biometrics law, and others) but they aren’t enough and don’t go far enough in actually addressing surveillance capitalism.

For instance, I know from personal anecdotes of people in the industry here in the U.S., that the GDPR effectively allows them to continue with business as usual. So, while it is important, it’s not enough and Facebook rendered it meaningless by swapping their legal structure to have everyone’s data be effectively domiciled outside the reach of the GDPR. So, it’s unfortunately not enough to protect people but is is an important and great first step.

On Payments
Thanks for sharing the PayPlug link. I haven’t had time to read through in any detail but I wasn’t aware of them prior.

This is a tough space for privacy, you may be able to use one of those Visa gift cards for Stripe but I haven’t tried it. If that works, then you could use that with an anonymous email through DuckDuckGo or other services and have some strong privacy on the payments front with Metamorphic. Again, I haven’t tried it so I don’t know if it will work but it seems plausible.

Stripe also has a great climate program that makes it very easy to automatically donate part of your payment straight to funding climate programs. For me, that was another important consideration.

On Social Media
One of the most important things about social media is that is has shifted the access to the public sphere into the digital space with the potential to democratize it and give everyone a voice. A healthy public sphere is essential to a healthy society. Long long ago, in a galaxy far far away… (:joy:) the public sphere was a physical public space or square and people could/would debate and share ideas on how to organize and govern their communities (this is a more democratic example).

With this idea, if you participated in the public sphere you agreed to give up some of your privacy in order to preserve trust and lend credibility to your opinion. It also meant you needed to think about how you conducted yourself and treated others because your friends and community members would know that their neighbor behaved such-and-such way, etc.

So, there is an important aspect to giving up some privacy when you agree to participate in the public sphere. And it’s important to note that this sacrificing of privacy is known by you, initiated by you, and under your control – and in return for your ability to meaningfully participate.

With Metamorphic, my first step and goal is to empower people to take back control over their digital lives and regain some of their privacy. This means all the steps I’ve taken to create a system like this. My second goal was to remove all of the dark pattern design that addicts you and really hurts your mental, emotional, and social well being. This means that Metamorphic is more than just a privacy-respecting clone, there are significant differences in the way you interact and use the service (which I hope will translate to people spending less time on it and more time with life). The next step is to enable the ability to participate in the public sphere but in a manner that leaves it up to you, under your control, and still with a level of protection not currently happening on the major platforms. These public sphere participation features are future features and I can’t say more about them at this point as they’re still very early ideas.

A lot of the harmful stuff that happens on major platforms, are already rendered moot on Metamorphic by nature of its design. But, there are still lots of other things that I have to think about and consider as I develop Metamorphic.

Book worth reading: The Social Construction of Reality

Early Access
With early access, you sign up with an email address. This email address is symmetrically encrypted. When you get invite codes, you can then create an account at which point your account data is immediately asymmetrically encrypted and unknowable to me or anyone other than the password holder.

So, if you’re super concerned with privacy, and people signing up have already done this, you can use a temp or anonymous email to sign up for early access and another email to create your account.

The reason I don’t asymmetrically encrypt the early access sign up email, is that there’d be no way for me to email in the future when Early Access is ready to launch. At least, as I’ve designed the system for better or worse. Once Early Access is over I am going to delete all of that invite and email sign up data and it’ll be gone for good.

On Logs
Yes, no personal data is in logs at all. My logs would be frowned upon by probably every operations teams because of how basic, limited, and sparse they are.

It’s just the basic server functioning logs. I don’t personally log anything at this point. This opens up questions about denial of service attacks etc but I just haven’t got there yet. Maybe I will have to do something to address that but we’ll see.

Yes, Render’s privacy policy didn’t have me thrilled but I also felt like I protected against it all with my lack of identifying logs and encryption practices.

Now, they probably have my data for the account with them, but I have to make trade offs myself until a future where maybe I can build out our own infrastructure.

Also, I have a blog post on how I use the session rather than the IP to rate limit log in attempts while preserving privacy. So, I always try to look for solutions like that. That way I don’t have to take someone’s IP which could potentially be very privacy invading.

On Trust
At the end of the day, it all comes down to trust. I’ve learned that you could have a system that end-to-end or asymmetrically encrypts or zero-knowledges everything and still be stealing everyone’s data secretly. You would just do it before the data actually gets encrypted.

Take Zoom for example. They’re currently settling a multi-million dollar lawsuit that essentially shows that they lied about so many things and their settlement lets them claim they did nothing wrong, etc. I find a company like that very difficult to trust (and part of why I decided to make a feature like Portals – which will eventually be super awesome once I get my hands on that WebRTC book coming out in November).

Trust is also essential to a democracy and healthy society. This is another aspect why surveillance capitalism is so destructive to democracy and our societies. Its nature obliterates trust.

I mean even if you open-sourced your code, you could have another code base that you actually use. Again, this is an endless rabbit hole and at the end of the day you have to trust someone at some point. That being said, it’s important that your trust is earned. And in a healthy society trust is continually tested and reaffirmed.

I actually plan to open source Metamorphic after it’s in a more stable and secure position. I think my plan is to hopefully work with another company, like Dashbit, to help me make sure I do everything as good as I can.

To Conclude
Sorry, this is so long. I think I’m now losing my focus. Hope I answered some of your thoughts and concerns. I have put a lot of thought into this, and continue to, and my whole goal is to provide the power of technology to work for people (in this case to connect and share) to make their lives better rather than exploit them.

I don’t think I realized what I set out to do, how actually challenging it would be, but Elixir and Phoenix really make it possible for me.

This would probably make for an easier to follow discussion on a podcast :joy: as it is so much to read.

Perhaps I can invite you to hop on our humble podcast to discuss and learn more about what you’re up to and all of your adventures too? Or someone with a podcast can invite us both on :blush:.

1 Like

Apologies for the late response, i was sure i had sent that reply :unamused:. Thank you for the detailed response. It’s clearly getting into the difficult land of personal views (depending on how/where the person was raised, and so on).

That’s like the third time in that many months i’ve been asked for this (with one of the other two on this very forum :thinking:). I must have missed the bus about podcast making such a comeback (or they we’re always there, and i was too focused to notice…). Like the other two, it’s mostly a question of having the time at the moment, but i’ll be happy to once things settle in for me (should be the end of the year, or the beginning of the next).

1 Like

I’m happy to report that I’ve switched from using the Amazon S3 for object storage to using Storj. :blush:

I’d been wanting to do this for awhile and, now that I just finished up a big support feature, I’ve had the head space to circle back to make the switch!

Storj is a decentralized cloud object storage provider. And I still am asymmetrically encrypting everything sent through their network, so no changes there. :heart:

Since I haven’t yet sent out the first early access invite codes, this means that people will start from the beginning with their encrypted objects stored with Storj. I still need to update the privacy policy and copy to reflect the change.

1 Like

Storj seems interesting. WIll you develop a library to interact with it ? I see they provide bindings for their golang client in C.

1 Like

Admittedly, I hadn’t yet thought about it. I’m currently using ex_aws to connect through their Gateway (setup similarly to how you’d configure it for minio).

I’m glad you mention this though, because now it is in my head and I think it’s a really interesting idea.

I have some questions:

  • Are you referencing the uplink-c bindings?
  • Also, the Livebook team is interfacing with Storj through their Gateway, perhaps someone is already working on a library?
  • Are you interested in working on a library?

Yes I was refering to the C bindings as I know we can use C code from Elixir. There is also a rust library that uses the C bindings. I guess Rustler would be easier to use.

I am not really interested working on a library right now as I do not need that functionality. Maybe in the future. Also I do not really know how to write proper C code or to integrate C code with the BEAM.

1 Like