A protocol for a decentralised social network, focusing on privacy, security and individual sovereignty.
Designed after the principles of the world wide web, adding strong end-to-end cryptography to push power from the network into endpoint devices.
If you want to play with it and see it in action ASAP, take a look at our Quickstart.
For a conceptual introduction, please take a look at SPXP in a nutshell.
Similar to the world wide web, a social profile is described by a simple text file in JSON format:
https://spxp.org/spxp
{
"ver": "0.3",
"name": "SPXP.org",
"shortInfo": "Social Profile Exchange Protocol",
"about": "A protocol for a decentralised social network, focusing on privacy, security and individual sovereignty.",
"website": "https://spxp.org",
"profilePhoto": "spxp-profile-logo.png",
"postsEndpoint": "spxp-posts"
}To participate, use a client like the HeyFolks app to display these files and navigate the social graph:
As a publisher, you can eliminate the network between you and the reader. Nobody inbetween will alter your content or rate its importance. Even more important, your content resides on your server under your control. You do not need to grant anybody a license for your content.
As a reader, you can participate immediately without setting up a profile - just like browsing the world wide web. You have fulll control what you see, and how you want to consume it.
To guarantee authenticity and sovereignty, a publisher can optionally sign all information. The profile is then bound to the public key rather than the URI, allowing the publisher to move to a different server or provider without friction.
To guarantee privacy, individual information can be encrypted allowing a profile to restrict individual bits of information to a limited audience.
This cryptographic process is described in detail in this video.
-
Social Profile Exchange Protocol - SPXP
The core protocol defining how clients can retrieve information from protocol servers, validate the information and participate in the connection handshake.
Released version: 0.3, working draft: 0.4 -
SPXP Profile Management Extension - SPXP-PME
Protocol extension defining how clients can manage a protocol server which is hosting their own profile.
Released version: 0.3, working draft: 0.4 -
SPXP Service Provider Extension - SPXP-SPE
Extension defining a secure setup process for new profiles between a client and a service provider.
Released version: 0.3, working draft: 0.4
Server:
- Wordpress Plugin to expose your blog via SPXP (GPL license)
- A Simple PHP Server supporting the entire protocol family (Apache license)
- and you can always create a profile manually and throw it on any web server
Clients:
- HeyFolks app a mobile client for iOS and Android (commercial license)
- spxp-cli implemented as a single plain bash script to manage profiles (supports the Service Provider and the Profile Management Extension, Apache license)
- and you can always use
curlandjqmanually
Service provider:
- spxp.space a commercial SPXP hosting provider supporting the entire protocol family
- and you can always set up your own hosting service using the Simple PHP Server mentioned above (Apache license)
If you want to see it in action and learn more about this protocol, here are some suggestions for next steps:
- Take a look at our Quickstart guide walking you through the protocol essentials and some of the steps below
- Visit the SPXP Bridge and see how ActivityPub, AT Protocol and Nostr are translated to SPXP
(Best explored with Firefox as it renders json nicely) - If you want to see more sophisticated profiles using encryption and signing, take a look at some testbed profiles
For example this profile, it's posts and friends - Install the HeyFolks app and explore some bridge or testbed profiles to see the end user experience
- Manually create a simple profile with a plain text editor, put it on your web server and open it in the HeyFolks app
- Set up your own profile in the HeyFolks app on spxp.space
- Take a deeper look at the cryptographic operations by exploring and decrypting some testbed profiles
- You can then further manually sign and encrypt your hand crafted profile
- Deploy the Simple PHP Server and run your own spxp hosting service
- Use the spxp-cli to create test profile(s) on your own hosting service or spxp.space
- Send a connection request with the spxp-cli to your profile in the HeyFolks app, accept it and see how you can unlock additional content additional content
...ActivityPub, Nostr, Desosprotocol, AT protocol, Diaspora, ...
A common and very relevant question.
We have prepared a comparison with other protocols investigating the differences and discussing how these do or do not fulfil our design goals.
In addition to the protocol spec in this repository, you might find these additional resources helpful.
We provide sets of artificially generated profiles on testbed.spxp.org for all protocol versions. These can be used to develop new client applications and validate your implementation against different test sets. The generator for these profiles is available as well under Apache license.
There are already numerous libraries out there for HTTP communication and JSON handling - the two main foundation blocks of SPXP. We think providing an SDK that would depend on one of these would interfere too much with developer preferences. The situation however is different for the cryptographic operations in SPXP. The spxp-crypto library provides a reference implementation in Java as well as a standard library that can be used directly in your projects.
For most operations, curl and jq are sufficient. For cryptographic operations, we provide the
SpxpCryptoTool
which can be used on the command line or from scripts.
With this tool, you can explore the testbed profiles
from the command line.