Ask HN: Sharing Phonegap localstorage data between devices?

1 points by chany2 ↗ HN
Working on a sensitive data app. The concept is that the content can be share between users or devices.

- Initial Approach: The content can be stored in the "cloud" or on my server similarly to Dropbox; anyone who have permission can access the data - distribute down to multiple users' devices.

- Second Approach: Since the data is considered very sensitive, it is recommended to be stored on the user's mobile.

1) So a copy of the data can be stored in the primary user's device.

2) The Unique Data ID and list of users (no content) can be stored on a database table in my server as reference.

3) Next user registered, calls upon my server; find the Data ID.

4) Extracts the copy from the primary user's mobile. Sends to the next user.

Problems:

- The primary user's device can be offline / out of battery; The next user will not get a copy.

- Any additional security issues in between?

- Missing any nuances that might make this inappropriate?

- Alternative approach?

5 comments

[ 3.5 ms ] story [ 18.6 ms ] thread
If your data is so sensitive that you do not want to store it on a central server then why not consider the PGP approach?

User 2 sends a request to user 1 (who has the data) sending his or her public key and asking for the data encrypted using the public key. User 2 then decrypts the message using his private key and makes his own local copy.

How do you communicate data changes between data holders - a version control problem perhaps?

^ One researcher recommended similar approach, the data stored centrally, and give other users access keys as the means of granting them permission to read those data. However the issue here, don't I end up 'storing' that access key as well? Unless its a password-type, where user have to remember and manually enter it every time...

He also suggest taking a push model (the central storage) rather than pull model (device storage).

I am still debating, and researching. Any other thoughts?

If you read up on the PGP idea you will see that storing people's public keys is not an issue - they may be broadcast to the world. The clever bit is that they are combined with a private key (that you do not store or exchange) to encrypt and ultimately decrypt any given message or data.
I would recommend you to use PouchDB, its a similar approach, but in this case you use CouchDB as a database, it can be used offline and it syncs http://pouchdb.com/
This looks promising! Will definitely check it out.

This sounds like an example of Path where you can Like something offline, and will sync when you have internet access.

However doesn't solve the "who stored your data" privacy concern.