Users owning their own data is powerful, but now let’s move into the use case where we want to build an application that displays data from other users, using an Indexer like Radiks.
There is no real way to sanitize data? Users can modify their data on Gaia directly, disable any verification done on input from the client-side? So is the only protection cleaning data before displaying it? this seems very difficult to implement in practice without accidentally screwing up, considering a console log could screw this up.
Does Gaia have some type of cleaning that occurs at its application level? before retrieving or sending out? but considering that a malicious player could modify this out as well. What’s the best-proposed solution?
Having a middle man server inspect all strings? Is there a way to do this while maintaining privacy?
Middle men would only see encrypted strings. There is no sanitizer on application level as far as I know
absolutely, so you would have to send things unencrypted, I wish there existed some type of homomorphic encryption for this. But its starting to seem to me this may be the biggest issue that plagues these types of systems, I don’t think a solid solution for this really exists yet.
I was thinking maybe possible if you could run a sanitization task in Gaia, but then you would need to create some type of system to verify that the Gaia server you are working with is, in fact, the version you put out, possibly with hashing, but even then there might still be ways for a malicious player to get around this.
@hank might have something to add here
Very valid concerns, and yes XSS attacks are possible. I wrote an article on this a while ago: https://medium.com/@marvinjanssen/stealing-app-private-keys-on-blockstack-2cec9d606390.
Applying multiple techniques like client-side sanitisation, setting strict content security policies, and/or sandboxing user content, etc., is recommended to secure your application. I agree it is difficult to implement properly. One slip-up can cause permanent access to user data and there is no way the victim can tell. As you see in my article, even some of the more well-built applications had a leak somewhere.
There is no way to have Gaia sanitise user data, as data is encrypted with the user’s app key by default. Plain data can also be signed by the user which makes it equally impossible for Gaia to change the data, not to mention all the myriad of other issues of having a Gaia server sanitise data. (How does it work? Who decides what is sanitised?) Also, we do not want Gaia to do those kind of things.
@marvin.id you are the man! great article, covered all the concerns I had regarding these issues! I’m glad that there still seems some hope. Towards the end of the article you were talking about working on a universal solution. You still on that?
Yes, I am.
I am working on a Blockstack identity/STX hardware wallet. I would love collaboration/feedback on it. Here are some more links with videos / write-ups:
I am interested in seeing what you come up with!
Ooo now this is an interesting concept would it keep the keys out of the browser?
Even better, it would keep the keys out of your computer altogether!