Replies: 4 comments 2 replies
-
|
@gitaaron the retrieval of metadata is indeed my question as well. @mehdibalouchi and might be able to shed light on it |
Beta Was this translation helpful? Give feedback.
-
|
We still don't have Orbitdb encryption and JSON are not encrypted. |
Beta Was this translation helpful? Give feedback.
-
|
This is right. At this point, we don't have any kind of encryption on Orbitdb. The app can encrypt values before sending them over the graph protocol, but key indices and collection names are not encrypted. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
Oh just to keep in mind:
|
Beta Was this translation helpful? Give feedback.
-
|
Nice catch
…On Wed., Jun. 8, 2022, 7:46 a.m. Farhoud, ***@***.***> wrote:
Oh just to keep in mind:
There is another edge case that may fail:
- when user leave a pool his pinset should be remove from pool.
—
Reply to this email directly, view it on GitHub
<#210 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAFDZZDNEKCLGDE2COUEKLVOCBZ5ANCNFSM5YEFT7BA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi @ruffiano89 @farhoud @mehdibalouchi @ehsan6sha @masih
First off this is tangentially related to private/public of IPFS, however, I am going to start a new thread here because I think this question focuses more on privacy within a pool and I believe that thread is more about how we will implement the use case of sharing my files with others.
I got a question from Gaby and I was not really sure how to answer it. I posed this question a few weeks back in one of our meetings but I wanted to resurface it as I’m not really clear on the answer. Can the following use case/scenario be supported? If it cannot be supported then perhaps it is ok to relax the privacy constraint for pools?
My initial impression is ‘yes’ as we will have client side encryption so if I download a file then only my devices with my password will be able to view the contents.
However, what about accessing the metadata (data retrieved from graphql interface)? For example, can I retrieve a list of photos that are members of an album from any Box in the pool?
In other words, do you think it will be feasible to encrypt OrbitDB indexing so that only the original creator of the record in OrbitDB can query it or move to a p2p database (eg/ hypercore) that supports this?
If not then perhaps we could still enable files to be accessed and just retrieve the list of photos in an album stored locally on the device? In that case as long as the person does not clear their cache the use case would still work.
My gut is telling me we should look for a solution that supports encrypted querying as the backup story also becomes a lot more difficult (either we would have to have a separate OrbitDB repo for each user in a pool or have a way to reassemble the chunks of an entire OrbitDB repo for each user ? )
Also, for the first case (only retrieving a single file and I know the file ID) - do we care that any member of the pool will have access to the encrypted files/data? I believe the answer is ‘no’ but it would be nice to have confirmation.
Beta Was this translation helpful? Give feedback.
All reactions