If I may add my 2mSTX (as they are called now? haha);
Blockstack is not the traditional “decentralized” technology like Peer-to-Peer or even something like Ethereum where everything (even application logic) is stored on the blockchain. Instead, Blockstack’s goal (as far as I can tell from reading the whitepaper – at least the pre-2019 version, though not much has changed) is to provide a degree of separation between the application and the data storage, so that data-storage can be controlled by the user, if they so desire.
In diagram form:
# Current Architecture
End-User -> App (Partial logic) -> Server (Partial logic) -> Storage
# Blockstack Architecture
End-User -> App (All logic) -> ("Gaia" Storage Server) -> (End-User's) Storage
Of course, the
App is served the same way for both types – in a non-decentralized manner through a website tied to the standard DNS. In addition, the App can very well be obfuscated and closed source, and (especially when not audited) can get away with sending data to their own storage backend as well. Apps are not sandboxed or restricted in any way or form from using non-decentralized technology (such as ads, tracking, data mining, custom api requests, etc), and Gaia (storage) hubs are technically centralized servers themselves, so Blockstack is more of a pseudo-decentralized architecture.
Authentication is generally different – instead of checking in with the backend server in a classic application architecture, instead the Browser generates a storage token for the app to use and which contains the User’s address (so they can lookup the user profile) – and that’s it.
Currently the Blockchain is only used to store your username zonefile hash – with the zonefile itself being stored in the Atlas p2p storage network, which will continue to be used even under the new Stacks blockchain system. Authentication, storage, and logic “transactions” are not tied down in any way , though maybe in the future Apps will use their own blockchains built on top of the root Stacks blockchain, but I think we are a long ways away from that happening.
To quickly answer your question (in addition to @friedger 's already excellent responses):
- It’s Blockstack PBC’s S3 bucket
- They pay it, with reduced speed after 10gb of storage per address (meaning per-app, not per-user because Gaia doesn’t track users)
- Yes, by default Blockstack is very centralized. For instance, the Gaia hub went down for quite a few hours a while ago and they started a thread looking into how to not have such a large outage like that again, though I don’t believe anything happened from that). Blockstack PBC can also technically read all data, except by default Apps store data in an encrypted format so the Gaia host can’t read it. Public-facing data can still be mined by a nefarious host, however.
- Yes, which is why it’s more pseudo-decentralized instead of actually decentralized.
For part 2, see the above on my explanation on how auth works. Also, your password is more of a local passkey, used only client side and not stored or used anywhere else.
If you have any further questions, feel free to ask!