Frequently Answered Questions regarding Classified Ads

• How to set up discussion group internal to a working team?
  A group more or less needs to be constructed around a profile, reason for this is that a profile has list of readers and that means your team members. Because profiles may be created at will, it may be handy to create one profile for each group needed, with following steps:
  1. From file-menu create a new profile and assign a unique password for it ; CA uses only passwords for selecting between user profiles in single computer.
  2. Assign a nifty name for the profile, like "Classified ads testing team", or leave blank. If all information regarding profile is left blank, the SHA1 fingerprint is the only identifying information regarding this profile.
  3. Make this new profile private. While this is not exactly necessary, not doing this means that your teams discussions are public and anyone can comment on anything so your working team actually is the whole world.
  4. In profile readers include each team member you have. Task is easier if you have viewed profile of each team member to make sure that encryption key associated with the members profile is in local database and the member is found from address book of the new private profile as the search function in profile readers-dialog makes use of local nicknames in address book.
  5. Publish profile.
  6. From new profile send a private message to each team member. Reason for this is that private profile does not appear in search results, indexing encrypted data is a bit problematic. As each team member gets a message from the new profile, they can add the team profile to their own address books (and also assign trust to it, if there is any question in the future about which profile is which).
  Your team members should after publish delay (may be between 1 second and ~10 minutes, depending on your publish queue length) be able to see the profile and add comments to it ; Comments are visible to every team member and can also carry binary attachments. If there is need to permanently share files associated with the team, the team profile needs to be opened in the machine where it was originally created and list of shared files edited there.


• What are the benefits of not having a central server somewhere?
  Numerous. Including:
1. Everything works in slow pace, fetching items from DHT is not very snappy. This is internet for the lazy.
2. There is no concept of service provider that would require you to make a contract with if you want to use the system. Here everybody provides storage and data transfer to everybody else and there is no central authority to decide who's in and who's out and with what conditions.
3. There is no easy method to cut someone off from network.
4. As copying of Classified Ads is free of charge, so is usage ; there is no owner or organization that would ask for money or other valuables from installing and using full feature set of the Classified Ads. Due to nature of LGPL license this situation is also very unlikely to change in the future so Classified Ads may very well be regarded as long term viable solution for public and private messaging needs.


• Where are images embedded into documents?
  This feature has been working since release 0.08. Size-limit of documents is still 2MB so really big images may need to be downscaled first.
  


• Why I can't read my private messages using my neighbours computer even if I know my password?
  The private encryption key required to open your messages is stored only in that computer where the profile was originally created. When you open Classified Ads for the first time, it automatically generates one profile for you and its private encryption keys remain in that computer only. This is slightly difficult technical item and current implementation is that private keys never leave the computer.
  
  
• Because data storage is variant of DHT and any user may have copies of other users messages, why can't he read messages destined to others?
  Generally all messages destined to some limited set of recipients are encypted using recipients public encryption key. Reader of the message needs to have copy of the private encryption key in order to open the message for reading. Under the hood Classified Ads currently is using RSA-2048 for public-key encryption and actual content inside messages is encrypted using AES-256 algorithm. These encryption methods are currently difficult to crack for average citizen but things may change in the future and data items that really for reason or another should remain private, should not be put into any computer, not even computer running copy of Classified Ads.
  
  
• Why I can't access more than one profile even tough I created multiple?
  This thing is poorly documented. Profile password is only method of selecting between profiles. If you have multiple profiles with same password, the system will only open one of them. To rectify the situation, first open one profile, change its password to something else, then open the previously created profile using its password.
  
  There is no easy way to list private profiles in the system. The password for each must be known.
  
  Note that this system simply has no easy password recovery system. Forget your word and there is no easy way to access your messages or other private content.
  


• Why are my private messages not showing up?
  Generally they should. At least note that the "private messages" tab shows only message of the profile that is open. If you have multiple profiles, you need switch in order to have all messages displayed. Naturally same applies to profile comments.
  


• Are VoIP calls encrypted from end-to-end?
  Yes. Currently (in v0.10) all real-time data like call data is sent directly between nodes with no 3rd node acting as intermediator and all this traffic is inside TLS socket.
  


• What are storage limits of distributed database?
  Depends on how DB is used. The db api has concept of collection a little same way as mongodb has collections - records in same collection may or may not belong together or can be similar in structure or different. Practically documents going to same collection are stored in same nodes of distributed hash table network. By default the number database records in storage per node is 50000 and classified-ads makes several redundant copies of same records into multiple nodes so in practice programmer could safely store some 50000-10000 records in single collection without fear that they start falling off the network. If number of records exceeds that, the application needs to be designed so that it uses multiple collections.
  


• How is consistency ensured in distributed database?
  It is not. The distributed database of classified ads is suitable for applications, that do not require concept of database transaction or care about ACID properties. When a new database record is stored (e.g. published in the network) it will get propagated through nodes in the DHT. If record is published in one node and another node immediately makes a query that would match the new record but there is no direct connection between these 2 nodes, it is likely that the querying node will come up with record as it was before the publish. Of ACID principles the D is indeed honoured: it is very difficult to completely erase a database record. It is possible to publish empty record with same identifier and have it overwrite previous non-empty record but apart from that, there is no delete operation.
  


• How about consumer privacy with classified-ads?
  There is no concept of "consumer" in classified-ads messaging system, in same way as there is no concept of "service provider" whose services the user would "consume". Privacy of users stronly influences design of features of classified ads, some of them are already described above. In short, application design that lacks central data storage makes classified-ads more difficult platform for harvesting personal details of individual users. Content targeted for limited audience inside classified ads is encrypted to be opened using only recipients encryption keys so gaining access to this material requires some work, for example by stealing the keys or cracking the RSA-encryption. It is likely that there is already shops who are capable for one or both acts - nothing really secret stuff should never be handled with a computer.
  
  Some problems currently plaguing WWW like tracking cookies or user tracking in general is difficult to implement inside classified-ads, collecting data which ads from which classification each user is browsing is not very straightforward to implement. This is because of de-centralized nature of the application.
  
  Identity management is solely on hands of each user and it is very simple: in classified-ads you can create identities at will and minimally identity is just anonymous encryption key with no other data - it lets you fully interact with other user of the application. This still doesn't make user really anonymous in the network - some types of network requests like "request for classified-ad" are visible to immediate peers in P2P network of classified-ads.