13 comments

[ 5.0 ms ] story [ 44.6 ms ] thread
At first glance looks like another competitor for filecoin, storj, etc. Anyone know what the major differences are in the players in this space currently? I'm interested in decentralized storage (low cost), but really have no idea how to judge the different options.
SAFE Network has been around for quite some time. I believe the project has been around for longer than both filecoin & storj, but it is still in beta phase. Filecoin AFAIK has not reached beta, while Storj is already online, as is it's competitor Sia.

SAFE Network's stack is mostly Rust, which is novel.[0][1]

Among other things, SAFE Network has no blockchain. It has an alternative approach to consensus: "To directly compare the language for the security of the bitcoin vs safe network, bitcoin is secured by ‘proof of work’, safe is secured by ‘close group consensus’."[2]

SAFE Network adds a cryptocoin (safecoin[3]) component to the Beaker browser[4], which builds on the Dat Protocol[5] for distributed apps.

Basically I'm interested in these types of technologies as well.

[0] https://github.com/maidsafe/crust

[1] https://github.com/maidsafe/routing

[2] https://safe-network-explained.github.io/safe-for-bitcoiners...

[3] https://maidsafe.net/safecoin.html

[4] https://datproject.org/

[5] https://beakerbrowser.com/

Interesting that they mention medical records. I'm pretty sure that US HIPAA law would preclude storing any medical records from being stored on a network whose owner you don't have a BA with. From my readings (see Digital Ocean's various discussions on the topic) this even includes data that is chunked and encrypted before sending off to storage. HIPAA laws are woefully vague and inadequate to deal with many new technologies. I'm not trying to argue for or against storing PHI in this matter, just pointing that they reference it, but I'm not sure it could be implemented in the US and be in compliance with current laws.
Thought experiment: if I were to take some medical records and XOR it with a one-time pad, then stored the result somewhere not HIPAA compliant, would that be illegal? How about if instead I stored the one-time pad somewhere not HIPAA compliant?

It would seem a little strange if one were illegal but not the other.

Both would be illegal* since your keys are info that could deanonymize patient data. However, you would be allowed to store them on your own PC if you follow proper procedures.

This is more important than it might seem from a purely tech perspective. HIPAA is partly designed to guard against 1) improper use of encryption 2) downstream contractors who are malicious or careless

The one-time pad is probably fine but it's easy to imagine lesser encryption being broken (especially by bugs). This problem gets much worse once PHI is stored on a medium, like a blockchain, where it can never be taken down. After all you probably wouldn't be happy if your health data was on the internet protected only by SHA1.

There are probably better solutions to all of these issues but HIPAA is intentionally conservative. In many respects HIPAA is a financial, not a technical, law.

* HIPAA doesn't make improper storage illegal in the sense that you go to jail if you do it wrong. It exposes people who handle data improperly to massive fines, usually when actual breaches occur. This is part of why BAAs are so important.

> I'm pretty sure that US HIPAA law would preclude storing any medical records from being stored on a network whose owner you don't have a BA with. From my readings (see Digital Ocean's various discussions on the topic) this even includes data that is chunked and encrypted before sending off to storage.

That's not clear. AFAICT, HIPAA and the security rules adopted under it would not do so, unless one were to interpret receiving, storing, and transmitting encrypted data without the key as equivalent to maintaining (etc.) the source data, which then would make transmitting encrypted PHI over the public internet without BAAs with the infrastructure providers at every network hop a violation of HIPAA.

SAFE will certainly store files, and it will do so in such a way that nobody will know who is reading them or who published them, striving to be completely censorship resistant. Think TOR hidden services that your grandma can use.

The network strives to be completely autonomous. Sort of like the bitcoin network is, with no human able to distrupt, roll-back, or alter the data on the network. But rather than just storing a blockchain autonomously, it stores files and data.

One of the pieces of data it will store will be the SAFEcoin tokens, which will be able to have their owners changed by the network when they are sent from one user to another. Because the consensus group that signs these ownership transfers is relatively small, you end up with a system that scales. The larger the network, the more transfers per second it can do, since it's effectively parallel processing. Only a very small subset of nodes are involved in a transfer from Lisa to Sally, and a completely different set of nodes would handle a transfer from Tom to Fred, and so on. No bottlenecks in the secure transfer of coins or data.

SAFEcoin tokens are pretty much plain vanilla data objects, which means you can do the same thing with any other data, such as create other secure tokens for other applications.

Sounds like the killer app for child pornography.
Like all technology, it can be used for good or evil. Same as it ever was.

Instead of going dark, you could have also said "Sounds like the killer app for circumventing national firewalls in authoritarian countries". or "Sounds like the killer app for securing confidential data from hackers". or "Sounds like the killer app for untraceably moving value between people at scale".

Y U NO create a browser addon or something? Also, TOR installs its own browser and I'm pretty sure I saw another privacy project doing this in the last year. Installing a whole new browser is too much. I already have 3 or 4 installed. #browserbloat
AFAIU, Tor has its own browser because it includes various privacy and anti-tracking features that can't be implemented as add-ons. Without these, your connection might be anonymised, but your browser can still be tracked between sites and sessions.

They work with the Firefox team to try and push many of these back into FF.