After being introduced to this technology at TreeHacks I’ve reflected on it and came across a question:
How are malicious apps detected and managed?
For example, say we have a messaging application. What prevents the app from sending a message directed from Alice to Bob to–say, Eve? Surely if the code was open-sourced, it could be audited–but I don’t believe open-sourced projects are mandated by Blockstack.
Blockstack applications are realized as Web applications, so anything a Web app can do, a Blockstack app can do.
@jude, maybe we are all looking at this wrong, Its not about the app its about the creator(s) of the app. Maybe an app developer(s)/Company is vetted in the app submission process?.? Kind of like vote.blockstack.org but on the individual?.?.?
If i was putting together a team to develop/fork dApps for my clients, I would need to be able to trust developer/code. Especially with Healthcare apps or apps that monitor whereabouts of car or individual.
My worries today is, the criteria of an app is based on if you keep the data only in your own bucket. I own a healthcare app today that in the future, I would like to connect to blockstack and it needs to work as described below
Dr logins (with a blockstack.id)
A doctor scans the persons foot, a 3d object is created, then they fill out a form for that particular client.
In the future, I would like to have patient login (with a blockstack.id) and when the data is saved it would be sent to 2 buckets
- The doctors office bucket and the patients bucket.
Would that weight the system differently? Thanks again for your knowledge
No, I don’t think we would ever penalize you for storing data in multiple Gaia buckets. That is a valid use case.