Cavern

Cavern apps allow you to blog and journal, comment and share — all from your own computer.

Unlike Wordpress, you can control who sees your posts. Unlike Facebook, there's no one selling your activity to advertisers. Unlike almost anything else out there, you always have a full copy of everything you write, with no extra work — and your pics and posts are safe from the prying eyes of corporations and their hungry, hungry investors.

Because Cavern does not run on some corporation's servers, you'll need to know at least one moderately trustworthy and tech-savvy person who can set up an S3 bucket or other fileserver. (If they know what that means, they can probably do it.) If they can do that, they can host Cavern journals for hundreds of their acquaintances for just a couple dollars per month, or less.

The catch is... the application isn't finished yet. We're working on it!

Technical notes

Cavern's architecture is fairly low-tech: Each person's journal is published as a collection of encrypted files on an arbitrary web server. These files are then downloaded by their friends' own desktop apps and decrypted. This design is inexpensive and creates a low barrier to entry, while also limiting the amount of trust people are required to place in the person hosting their files.

  • Local-first: When you write a journal entry or comment, it starts out on your computer, not a website; when your friend reads it, it has already been downloaded to their computer.
  • End-to-end encryption: Every user has a keypair which, if all goes well, they will never have to know about.
  • Low tech: No special server software to self-host, just an HTTP server. Cavern brings the stability and reduced maintenance possible with static site generators.
  • "Go dark": Encourages and enables people to not post publicly, by providing socially-local posting options (e.g. "friends of friends").
  • Low trust hosting: The server admin cannot read people's journals without impersonating someone (which would be quickly detected). And in the other direction, the server admin can restrict public posting, removing the moderation burden.
  • Cheap to host for others: One tech-savvy person can host hundreds of people's journals for dollars a month. A basement computer can easily be a homeserver.
  • No group moderation: Everyone is responsible for moderating discussion threads on their own journals; there are no outside moderators. It's your living room, your rules.
  • Nomadic identity: You can always move to a different server, even if your original one dies unexpectedly.
  • Social bootstrapping: The trust model rides lightly on top of existing social ties. There's a web of trust, but it's just the regular one that existed before computers; cryptography is merely used to facilitate it.

The protocol, philosophy, and some future plans are documented in the cavern repository, and a rudimentary but functional desktop app is in the spelunk repository.

You can help!

If you're interested, any of the following would be very useful!

  • Kick the tires on the "Spelunk" reference implementation (for Linux desktop; currently requires Java to be installed). Write posts! Read other people's journals!
  • Guide the evolution of the protocol, with an eye towards simplicity, robustness, and privacy.
  • Review the security model, including the use of cryptography. Design a workable threat model.
  • Help design a new semantic markup language that will thread the needle between simplicity (for ease of application development) and richness (to satisfy users).
  • Discuss the design of social media in general—what works, what doesn't, how we can improve on it.
  • Maybe even come up with a new name! "Cavern" is a working name, but it might not be the best for adoption.

Where to connect