How to keep private data in publishing apps


#1

Following the Multi-player Storage Tutorial it appears that all data pushed with putFile() are accessible publicly if the publish_data scope has been requested.

What is the recommended way for apps to keep some private information?

Would it be recommended to simply use the option to encrypt, or is there another layer of safety that hides the location of the file, or even to prevent third party access through the framework (at least to the same degree as if publish_data is not requested)? Or would you separate each component into individual apps with varying permissions?

For example, keeping a draft for publication could be private, contacts could be private, etc.


#2

putFile can be passed an encrypt option into its options argument (http://blockstack.github.io/blockstack.js/index.html#putfile). The data can only be decrypted with the user’s private key, so you can feel comfortable that your data is private (the filename may still be accessible, however). So yes, what you suggested is the way to go as of now – simply encrypt the files you want saved as private data.

You wouldn’t do this since it would require the user to authenticate into each app separately, among other reasons! :slight_smile:


#3

Is there any documentation describing how data_privacy is achieved ? and how the publish_data scope is used to request access to a user’s data ?


#4

All files stored on Gaia are world-readable by default whether or not an app uses the publish_data scope. Files are also encrypted client-side by default unless the app disables this on a per-file basis. There’s no easy way to connect files with a given user/app without using the publish_data scope. The publish_data scope causes the authenticator (browser) to add an key-value entry to the user’s profile where the key is the the app domain and the value is a link to app’s gaia storage bucket. This makes it easy for anyone to discover where the files for a given user of a given app are stored. They can only decrypt these files if the files have been encrypted for them.


#5

@larry For a file stored in Gaia, is it possible to have fine grained access control such that I can grant(or revoke) visibility of this file to specific users ?
At this point, it seems like the multiplayer storage simply allows an app to ask a user’s permission for it to read and write to a user’s storage space. Is that undertanding correct ?