Update 30th January, 2025

How’s that?

They are pointers, and readable

In the end the only secure way is to pre-encrypt the file, if you think that the map could be leaked. pointer map or datamap

I’m going to withhold further comment until I read the network’s technical docs and code myself.

I thought the fear was that there would still be chunks on the network after the delete? This would still be the case here, right?

Sure, you can add more indirection, more layers of encryption, etc, but the chunks will still persist.

For me, users/devs are free to add more layers if they want to. I don’t see how that detracts from the network or its current/default way of handling private data. I feel that is fine too.

1 Like

I never brought up chunks, that was @neo’s preoccupation. If chunks are fragments of an encrypted file, I don’t care nearly as much (or at all?) about them remaining as long as I can change the locks to lost keys.

This is where it came from.

In the design of the network the access you talked of is the chunks. The chunks are the only thing on the network related to your private file

Ah, ok.

So you’re more concerned about data map safety?

You could store a salt in a scratchpad, which was needed to encrypt to decrypt senstive data, such as a data map.

It could provide a sort of dead man’s handle to attempt to foil datamap theft, i.e. you delete/change it to something incorrect, asap.

Ofc, if the thief has already found and copied the salt, then bets are off. However, it does allow you to defuse a lost datamap that no one has found yet.

2 Likes

The issue for sensitive private data is that if the keys may be compromised, even if you delete the keys, anyone who any time in the future gets access to those keys will be able get your files if you can’t delete the chunks.

Which is why for now I think Autonomi is best suited for public data where permanence is a big benefit.

That is why using a pre-encrypt APP that also uploads the file is the best way since there is no salt, no storing of pointers and the file can be uploaded as public as well. The encrypt key can be stored in the account blob so that its all accessible online. If anyone gets your pass phrase to the account blob then you lose more than just a private file. Prior to account blob appearing then you just provide a pass phrase to the encrypt APP

To me this is so simple, solves those worried about ultra sensitive data being exposed as its an APP level solution requiring no changes to the core node code nor additional work elsewhere or adding levels of indirection.

3 Likes

Yes, pre encrypting a file is definitely a simple solution.

There are more elaborate options with different benefits and compromises though.

That’s good though. We don’t need one size fits all for non-public data. Folks have varying levels of comfort to address, I suppose.

One disadvantage of double encryption is it requires the software to be on the user’s device and for them to know how to use it properly. If it’ll be a common usage pattern, it might be worthwhile to add it in the form of best practices (avoiding the rolling your own pitfall) to the official programs themselves.

1 Like

Let’s all get fired right into the API docs when they are published and ensure we have such best practices.

4 Likes

Regarding security, are there plans to have wallets preloaded with ANTs, and their secret phrases peppered throughout the network, to help detect weaknesses through wallet activity? Essentially, embedding vulnerability bounties to incentivize security researchers.

Somewhat related but I intend on wearing shirts with addresses and secret phrases in different cities for guerilla marketing and to see how long it takes for the funds to be taken.

1 Like

If they can upload a private file then they could use such an APP, maybe the app is doing other things like maintaining their health records and does this automatically for the person. It could be a fork of the Client App that does this on the fly for the person. Claiming its more difficult is wrong.

Trying to get the person to setup indirections etc sounds harder for the person not to mention the extra upload costs to write those pointers and maintain them and securely store on your machine the pointer map to access them. That sounds like more work for the person and/or whatever app written to do it.

My comment on double encryption has nothing to do with the separate issue of private data deletion.

My comment on ease of use still applies

1 Like

It’s the start of a commercial journey ,the launch is, not so much an event, the race is on, and Autonomi will sprint into the lead into what is the ‘Internet Steeple Chase’ to an Internet form that is for the people managed by the people.

This is not the game of ‘Highlander, there can only be one’.

There will be bridges and gateways built in the future to Autonomi, as similar efforts emerge, or as existing projects morph to build up and join in, to create a much bigger Internet that serves the people in a distributed fashion owned by the people, likely to settle into a form,

imo, we can sort of imagine what ‘it’ might look like,

but can not quite define ‘it’ in any detail right now. All good!

We can be all but certain though, that in about 10 years, as the banksters wane in into the horizon,

we will see the reclaimed ‘distributed Internet of everything’ emerge as the dominant way we interact on a daily basis.

Exciting times :wink:

Kudos, David Irvine and to the team at Maidsafe, and kudos to the community for hanging in there!

Let the Journey begin!

8 Likes

@rreive I agree that this is the autonomi killer app opportunity. @JimCollinson has recently talked of the Autonomi User driven Agent opportunity and @dirvine the core role of our personal ai agent. One of the best explanations of a “distributed AI Agentic Framework” opportunity for Autonomi is from Neuroscientist Charlie Northrups Agentic Hyperconnected Universe (HCU) economy model for autonomous networks combined with his UFoT ai augmented tool designed .

I’m thinking about how this Agentic HCU economy’s value creation formula can be applied to/interact with the Autonomi network economics from the User perspective. e.g. data payments etc.

6 Likes