I’m really impressed with the number of apps on Blockstack. What guarantees does the protocol make regarding privacy and security?
The authentication protocol guarantees that the owner of the key of the Blockstack ID controls the blockstack app key.
The gaia protocol guarantees that a storage bucket can only be written with the corresponding address owners consent.
The blockstack consensus proof of burn protocol is not yet implemented.
How about data privacy. If I start using cal.openintents.org for my personal calendar, does Blockstack prevent anyone else from reading my data? If so, how can I be sure since I don’t know what the remote server is really doing and if it even actually uses Blockstack.
Can anyone help me understand this? I’m trying to figure out what I gain by using a Blockstack app vs a conventional cloud app.
Justin has some answer for you in there.
Great answer from Justin!
Looking at OI Calendar you can see
- that the app is open source
- that the network requests only contact your storage server or your matrix server
- that the company behind has strong roots in open source and data exchange between apps.
Please let me know if you more questions about OI Calendar and OpenIntents
Thanks for pointing that out. I hadn’t seen it. Justin says “protocols themselves cannot make promises about the privacy or security of the apps built on the protocol” which is of course incorrect. A couple examples:
When you interact with an app built on ethereum the protocol makes a security guarantee that the app will not write to your address unless you enter your passphrase for key decryption after being given the opportunity to inspect the contents of the request.
I don’t expect that Maidsafe will release a full implementation of their protocol any time soon or perhaps ever but their specification makes extensive security and privacy guarantees that can’t be circumvented at the app layer.
If you are looking at that level then blockstack guarantees that an app has not access to any of your data that was encrypted by an app from a different domain.