privacy in decentralized apps vs centralized apps

[Dustin Getz]

Hey guys, 

You give an example of a p2p social media app, so in beaker that would look like, each user hosts their own profile.json with name, friendslist, timeline etc. And its my understanding that only the host/seed/owner* of a file can update the file. *What is the word for this?

As the seed of my own profile.json do I get to enforce access control on it? (Friends can load this file, non-friends cannot)? How does that work with distributed caching of content? Do I need to layer encryption, so the assets are distributed but can't be decrypted without me giving a key out of band? How would this work

What are the consequences of having each user operate their own little "database" instead of one central one? What capabilities do you lose and do you gain? 

For example of a capability beaker apps gain, facebook uses centralization to control the ways in which we see data. We don't get access to raw data, we only get access to certain views of it. I am permitted to see the profile data of all my friends (since i can see their rendered profile) but they don't allow creepy queries like "select friends where single=true and likes bars", and there are strict terms of service governing using their API so for example tinder isn't allowed to do this query either. This is maybe a negatively framed example but it could be spun to be positive. The decentralized model gives raw data access. You can fork facebook and change the queries. It will teach people to be careful with their data. It shifts the balance of power back to the people.

What capabilities does beaker lose? Are there queries that Beaker can't do efficiently, like maybe large queries across millions of users that are too slow if you need to query across all the millions of user "databases"? This actually probably is efficient due to immutability. How about implementing Reddit which has a central database for a subreddit. How would that change in beaker?

[Paul Frazee]

Hey Dustin,

You ask some good questions.

>  host/seed/owner* of a file can update the file. *What is the word for this?

We call that the owner or author.

> As the seed of my own profile.json do I get to enforce access control on it?

It'll be by encryption. The scheme we're planning will use "profile dats" which represent identities. Because the dats are represented by public keys, it'll be possible to encrypt messages for a profile-dat using its URL. Key-distribution will be through a Web-of-Trust which are assisted by identity services. (More on that another time, but Dat provides similar protocol guarantees to Certificate Transparency, and so it makes a good foundation for identity & key-distribution services.)

It might be possible to use an access-control scheme as well, but it would require 1) users to authenticate on the network, and 2) all recipients to honor the desired access control.

I should also point out that dat URLs are unguessable, and the network encrypts the traffic and discovery such that you have to possess the URL in order to read the network traffic. That makes the URLs secret. Put another way, they are "read capabilities."

> What are the consequences of having each user operate their own little "database" instead of one central one? What capabilities do you lose and do you gain? 

Gains:

 - Can read/write without an internet connection

 - Also works over the local wifi

 - No network latency for writes, and downloaded data is cached for fast reads as well

 - User controls the dataset and can move it between applications at-will

 - Better privacy story with end-to-end encryption

 - Bandwidth sharing (p2p)

 - No ops for developers because there's no service to maintain

Losses:

 - As you say, no central authority enforcing rules on what can/cant be read and written

 - Data aggregated from multiple users is eventually consistent; no transactions or strict-ordering is possible

 - No concept of "global knowledge"; there may be updates or datasets that havent reached your computer yet

You're right about the scaling profile, in that most users aren't going to be able to download billions of records. I wrote about this here: http://pfrazee.github.io/blog/achieving-scale. Short answer is, we can use dat-web crawlers to create aggregated like the ones you suggest. So long as users do their writes to dats, they maintain the advantage of an open data system which Dat provides, even if they do reads from the services.

--
You received this message because you are subscribed to the Google Groups "Beaker Browser" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beaker-browser+unsubscribe@googlegroups.com.
To post to this group, send email to beaker-browser@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beaker-browser/7d31e9a7-8ad1-4b4c-a7f5-11e37e11bf68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dustin Getz]

Hi Paul, thanks, that makes a lot of sense.

Can you walk me through how an app like Wikipedia or Reddit would look in beaker, or am i thinking about this wrong and those apps are not suitable for this platform?

To post to this group, send email to beaker-...@googlegroups.com.