Selective Disclosure of Data Best Practices

Hey all,

I am part of the team at Flex Dapps and we have developed a (semi) decentralized cryptocurrency gateway app to sell digital content called enzypt (beta). I want to see if we can create a fully decentralized version of this app that doesn’t require a centralized server at all. I have been following the Blockstack project for quite a while and I think it could be a great fit for this purpose.

I have been going through the tutorials and researching what is possible on Blockstack and I have a couple of questions.

  • I noticed on a forum post from a while back that someone mentioned that a few teams were already building something similar to this concept already. If anyone has more details, I would love to get in touch with the other developers to share ideas.

  • I imagine it might be too early for the ecosystem to have developed many developer best practices yet, but I was wondering if anyone had worked out the best way to selectively give access to files / data yet. I read through the Blockstagram medium post which details their method for doing that by having a ‘secret’ that all of the files are encrypted with and then encrypting that secret with the users keys, allowing them to decrypt all of the shared files.

    • Is there a way that a malicious user could access the key.json file that stores the secret? From my understanding the files are encrypted and decrypted with the app’s key, so could someone make a getFiles request from the app in the console to get a hold of the secret and then be able to decrypt all of the ‘private’ files? I am guessing that is not possible, but would like to be sure.
  • We have built our own gaia hub on a droplet on digital ocean and can successfully connect to it by creating a new free username after changing the gaia url. As I understand it, for the paid usernames, we need to update our Zonefile to point to the new gaia hub url, which requires another bitcoin transaction? Is there an easier way to do this for testing purposes?

  • Has anyone made any scripts that make it easier for users to create a local or dropbox gaia hub?

  • So far our conclusion would be that the ecosystem isn’t quite ready to support an app like this as the user experience would likely be pretty terrible unless they use the default gaia hub which is limited to 5mb uploads/downloads and is also reliant on one centralized company providing storage. I imagine changing the zone file is going to need to become a simpler process as well so that users can use multiple storage options and switch between them at will.

We are regularly consulting with companies that want POC’s that solve problems related to identity management and selective disclosure of decentralized data, so Blockstack could become a good go to tech stack for us if we can solve these problems effectively.

Any ideas, feedback, tips and corrections would be much appreciated!