Blockstack guarantees?

blockstackrocks · April 13, 2019, 2:25am

I’m really impressed with the number of apps on Blockstack. What guarantees does the protocol make regarding privacy and security?

friedger · April 13, 2019, 10:14am

Which protocol?

The authentication protocol guarantees that the owner of the key of the Blockstack ID controls the blockstack app key.

The gaia protocol guarantees that a storage bucket can only be written with the corresponding address owners consent.

The blockstack consensus proof of burn protocol is not yet implemented.

blockstackrocks · April 13, 2019, 11:48am

How about data privacy. If I start using cal.openintents.org for my personal calendar, does Blockstack prevent anyone else from reading my data? If so, how can I be sure since I don’t know what the remote server is really doing and if it even actually uses Blockstack.

blockstackrocks · April 20, 2019, 1:25pm

Can anyone help me understand this? I’m trying to figure out what I gain by using a Blockstack app vs a conventional cloud app.

nguyenloc · April 21, 2019, 9:48am

You should read this https://medium.com/the-lead/the-misconception-of-decentralized-app-promises-ff91c011c0b1

Justin has some answer for you in there.

friedger · April 21, 2019, 2:17pm

Great answer from Justin!
Looking at OI Calendar you can see

that the app is open source
that the network requests only contact your storage server or your matrix server
that the company behind has strong roots in open source and data exchange between apps.

Please let me know if you more questions about OI Calendar and OpenIntents

blockstackrocks · April 21, 2019, 2:19pm

Thanks for pointing that out. I hadn’t seen it. Justin says “protocols themselves cannot make promises about the privacy or security of the apps built on the protocol” which is of course incorrect. A couple examples:

When you interact with an app built on ethereum the protocol makes a security guarantee that the app will not write to your address unless you enter your passphrase for key decryption after being given the opportunity to inspect the contents of the request.

I don’t expect that Maidsafe will release a full implementation of their protocol any time soon or perhaps ever but their specification makes extensive security and privacy guarantees that can’t be circumvented at the app layer.

friedger · April 21, 2019, 3:06pm

If you are looking at that level then blockstack guarantees that an app has not access to any of your data that was encrypted by an app from a different domain.