Sia is a new decentralized cloud storage platform aimed at giving users control of their data. Storage is pulled from a large network of hosts, each using Sia’s blockchain to form storage contracts with clients. When uploading, clients erasure code their data into many encrypted pieces and upload each piece to a different host. The storage contracts on the blockchain ensure that the host will only get paid if they actually store the file (it’s like a blockchain-based escrow). Out of the hundreds of hosts, only a fraction need to be online for the data to be recovered. Even in a network with many unreliable hosts, the data is safe.
Interesting. @light did you try this out?
Thoughts:
- another currency?
- another crypto company that can’t set up TLS properly on their website?
On the website they say:
When uploading, clients erasure code their data into many encrypted pieces and upload each piece to a different host.
In the whitepaper:
A contract requires consent from both the storage provider and their client, allowing the provider to re- ject unfavorable terms or unwanted (e.g. illegal) files.
- If files are encrypted before upload, how would a storage provider be able to reject illegal files?
a monthly cost of $6/TB. The service provided by Sia is likely to be an improvement upon the service provided by Amazon S3, which costs at best $27/TB/mo. Under these calculations, Sia will be the absolutely dominant service in the cloud storage market.
Lofty claims. AWS Glacier & Google nearline are already ~$10/TB/mo before volume discounts.
I haven’t tried it but I know someone who did and it appears to work.
Yes. Notable is that even StorJ, which is built on bitcoin, uses another token (although I find the reason - “Bitcoin is too valuable… not enough digits” - to be unconvincing).
HTTPS works for me on their site, and their software is served over Github HTTPS. What is wrong here?
Indeed, a glaring contradiction. They likely didn’t think that through very well.
I don’t know what the ultimate cost will be in a global free market for decentralized data storage but Amazon et al certainly have economies of scale on their side as far as hard drive purchasing and hosting goes. We’ll have to see how it all shakes out in a few years.
Unencrypted by default is unencrypted. Crypto industry should be leading by example here.
Ah, by default, yes. I use HTTPS Everywhere so hardly noticed.
Hey, siacoin dev here. First, wanted to say sorry about the TLS off-by-default problem. We’re not web engineers, and we didn’t think it made sense to expend a lot of resources right now encrypting a page that doesn’t have any dynamic content anyway. We tried to do it, but then we added cloudflare and things got confusing again. We ultimately chose not to worry about it for the immediate future.
If a storage provider wanted to be more sure that they were not dealing with illegal files, they’d either need to whitelist the people they accept contracts from, or they’d need to reject anything that looked encrypted. Even this wouldn’t solve all of the problems.
But the biggest offenders can be blacklisted, logs can be kept, and if a file is discovered to contain illegal content the storage providers can notify the authorities.
Storage providers can also check for suspicious behavior, IE a 4.7GB file that’s constantly being downloaded. At that point they’re stuck with the file, but they can blacklist the uploader and refuse to let anyone download the file.
I don’t think you give us enough credit.
2 Likes
Hi @Taek, thanks for stopping by to join the conversation here. We met at the Bitcoin Social in SF a couple months back, great to hear from you again. Regarding my comment:
and your reply:
I was referencing the quote Larry pulled from the whitepaper which says:
If a file is encrypted, then the host has only one way of rejecting illegal files: they can’t tell the difference unless someone were to download the file, decrypt it, and then report it after-the-fact (in which case, if I understand how it works correctly based on what you said here:
the host can’t reject the file until after the contract is expired). When the uploader realizes they or their files have been “blacklisted,” they can simply change their ID and change the password on the encrypted file to change its fingerprint, then re-upload again and be more careful with who they give the keys to.
The point: it’s a stretch to say the providers can reject “illegal files” without adding a bunch of fine print. But then, that’s the way it is for most marketing claims. It’s nitpicking a bit but in a whitepaper it’s best to be as precise with words as possible, and this claim does warrant further explanation.
Overall, I’m impressed with the software, I’m glad to see something like this working. Since we last met in SF, has the Sia team thought any more about working with @juan and the IPFS crew to help them complete the Filecoin vision?
1 Like
We are planning on retouching the whitepaper at some point, it’s a bit dated at this point. No storage provider is going to be able to avoid encrypted illegal files any more than it can be avoided with Sia, that comment was mostly targeted at people concerned about publicly visible illegal files like you might find on pirate bay. Once you start encrypting the uploads, crawlers + search engines lose the ability to find the files automatically, and you also need some way to share the encryption keys.
It’s definitely a grade up from storing unencrypted illegal files, and hosts can have some sort of bloom filter to help them catch anything illegal and unencrypted that goes up on the network.
An important extension of the encryption is that it’s not a fundamental part of the protocol, it’s a part of the open source client. Someone could easily write a client that doesn’t encrypt anything upon uploading, and there might be reason to do so if said person was highly interested in, say, sharing copyrighted movies with the masses.
We are still pretty early in development, collaboration with juan is not yet something we are actively pursuing simply because the technology isn’t stable yet. Lots of people are having trouble using the wallet safely (a shortcoming on our end), and the file-renting software is about as weak as it could be without being completely broken. We need at least one more iteration, perhaps even two more iterations.
The next iteration has been in development for about 4 weeks now, and has another 3-6 weeks to go. We’re aiming at August 15th.
2 Likes
That clears things up a lot! Thanks!