Sure!
We are using Blockstack for authentication; it is a platform to have your identity safe with the help of blockchain.
Scalable? It is easier as all the works are done in the client-side, so no server pressure there, and your data will be stored on the storage provider of choice although we have a default one with 10GB free storage for all the news users. (Always encrypted!)
In the future, we will provide extended options like self hosting for enterprises.
Yes. But it gives us the power of making sure everything is encrypted and accessible from anyway, and no one beside you can access your data! As for storage, it is configurable, and you can move it anywhere. But you have 10GB free plan if you join us now.
Not at all. Your identity is encrypted with the master key just like when you make a BTC wallet. You can save it and use it even if our servers go down; you can have or use another node.
Also, you can choose or make another storage provider to host your docs. We are cool; we want to give people a more secure option ;)
As we keep hearing about data breach news of big companies like Dropbox or WhatsApp, it is harder for us to keep trusting them with our file and personal data, and it made us think about finding a better way. We believe the best way to keep data secure is not having them in the first place. That's why we choose the server-less solution, in another word, blockchain.
Here is a link to our launch on Product Hunt that was #1 of the day! You can find more info, images, and gifs there:
https://www.producthunt.com/posts/arcane-docs
Please hit me up with any question and I will be happy to answer.
We use Blockstack for authentication. It is made on Bitcoin blockchain to store your private key that will be used to encrypt all of your stuff.
Making the master key will be done just the first time, and after that, every file gets a new password from the master one.
No matter what, all the files will be encrypted, so you always have control over your data — something like ProtonMail but for Office.
Just providing a bit of background. The private key is _not_ stored on the blockchain; only the hash of the public key is. And even then, there are a couple of layers of indirection between the Bitcoin transaction itself and the storage of your (app-specific) public key. Specifically, one Bitcoin transaction registers a batch of ~160 username/public-key-hash/profile-storage-URL bindings, and from there, the profile storage URL resolves to the user's list of application-specific public keys and application-specific storage URLs.
Pertaining to questions of scalability in other threads, 160 usernames/transaction, when operated at 8 250-byte transactions/block (about 3.4% of Bitcoin's capacity), works out to ~184,000 user registrations/day (about the same as Twitter). Moreover, usernames can be resolved to public keys and storage URLs while the underlying transaction is being confirmed, so users don't have to wait to start using applications. All other user state is stored off-chain in the user's chosen storage provider, managed by a Gaia hub (Gaia being Blockstack's storage system: https://github.com/blockstack/gaia).
With what key are you encrypting someone else's private key? And who holds this master key?
I would love it if you could link a technical deep dive into how Blockstack fundamentally works because I've gotten very few answers from both implementors and founders, and their existing documentation isn't at all helpful.
You (the user) hold the master key. It's generated for you when you sign up for a Blockstack ID. From there, the authenticator generates a per-ID, per-application key-pair via BIP32 -- each app key is a hardened child whose path is generated from the key that owns the ID on-chain and the hash of the application's DNS origin.
Authentication happens completely client-side. The Blockstack authenticator registers itself as a protocol handler for the "blockstack:" protocol, such that when you click a sign-in button, you will be redirected to your locally-running authenticator (or to a hosted version of the same, if you don't have the authenticator installed). The authenticator stores your master key, and will derive the ID- and application-specific key-pair for you when you select the ID to sign in as.
Once you sign in, the authenticator redirects you back to the application. The authenticator passes the app the Blockstack ID and application-specific private key via the URL string (encrypted with an ephemeral ECDSA key generated by the app on sign-in), and the blockstack.js library fetches and downloads the user's profile to learn the storage endpoint(s) as part of completing the sign-in. In so doing, the application learns the storage endpoint to which to GET and POST user data, and learns the key to use to sign/encrypt it and to authenticate to the user's preferred storage (access to which is mediated by a Gaia hub that the user selects when onboarding).
Agreed that a deep dive with protocol diagrams would be handy. We're working on it! :)
Each of your documents has a different key generated from your private key and are encrypted in your private hub with ECDSA encryption. So no server can compromise your data.
I would like to see a preview before signing up. Is that possible based on the current app structure?
Being someone who is working on building a text editor myself, I know how many small details make or break the user experience. While the privacy focus is nice, I won't sacrifice the user experience.
Proving that the app state is up to par would be an instant factor to make me switch.
App idea: iOS/Android/PC/MacOs/ipad/linux clients to encrypt/decrypt documents on Google Docs.
Just encryption -- you don't need the whole blockchain.
Not sure there is a way to do that with Google Docs, though. You need a layer between them. You can use Google Drive of course, but then the client has to come up with all the clever features Docs provides.
That would be interesting, especially if generalized to support lots of different storage options - Google Docs/Drive, Dropbox, Github gists, pastebin, etc.
Your identity is on the blockchain and that is decentralized so even in that case you or anyone can run a separate node to handle them.
Also all the auth library is open source so anyone can work on that.
Many things are free to sign up for. Heck, I regularly sign up/join any Show HN-featured site.
But there's zero reason for any site not to offer the tried-and-trusted email and password, even just as as a fallback option, especially these days where trust in online stuff is seemingly at an all-time low.
Google, Facebook, et al., companies with massively larger, dedicated security departments swore up, down, and sideways that "everyone's data" is "secure" and "encrypted" ";)"
Give users the option to hide the controls. You already let people hide the formatting, but in order for me to want to use this to write, I would need the ability to hide the top bar ie
There are some reasons to be skeptical of Blockstack in particular. They make a lot of claims, pump cash into apps without disclosing it's actual source (they claim it's from sales of a subtoken, but aside from a blog post, I can't actually find any evidence of that) and in general have built a JS heavy library that is setup for easy code injection.
None of these apps need a blockchain. None of these apps gain any benefit from a blockchain. Just, I dunno, don't use a giant universally observable blockchain that suffers from the majority issue in order to store private data? Seems easy enough.
> None of these apps need a blockchain. None of these apps gain any benefit from a blockchain.
The blockchain serves as a "shared source of truth" for everyone's name/public-key/storage-URL bindings. So as long as you trust that the blockchain doesn't get re-orged, you may assume that your Blockstack node will independently calculate the same such bindings as everyone else's node.
All other application activity (rightfully) happens off-chain, via commodity Web infrastructure.
Thanks! I was thinking the same, but it is reasonable to be defensive to new things. And it helps us to find out how we can provide better info for new users and welcome them more appropriately.
blockchain and silicon valley don't really play too nice together, which is why you see so much chain dev done outside of the valley in places like Seattle, NYC or Switzerland.
SV is stuck in its silo's, content to be spymasters of their peers for the five eyes.
Yes, it really is compared to other places. I don't have the time or energy to dig up a comprehensive list, but the tip of iceberg would be Berkeley & Stanford blockchain research groups, Blockstream (HQ in BA), Cosmos (engineering lead in SV), Dfinity (Palo Alto, SanFran, Zurich), Protocol Labs (IPFS, Filecoin, HQ in SV), O(1) Labs (HQ in SV). Just a small sample of some of the highest quality technical projects in the industry. And several of the largest cryptocurrency VC funds are based there - A16Z Crypto, Paradigm, Polychain, Metastable Capital, and a bunch of others.
SV's tech industry is far from dominated by blockchain as it may be in other places, which may make blockchain seem relatively small there. But it's a bigger and more robust scene than most other places.
Huh, you make some really great points. I didn't realize some of those products were based out of there.
> SV's tech industry is far from dominated by blockchain as it may be in other places, which may make blockchain seem relatively small there.
That is also a great point! I didn't even think about that, thanks for the eye opener.
With that said, it does seem like this place is extremely skeptical of blockchain. I figure its the SV legacy types that probably lurk around here still.
I actually did a blockchain at Berkeley online class. It was great, I think it was through Coursera iirc.
The encryption key is on the blockchain, but not your files, and you can choose whatever storage provider you want when you sign up. So you are free to remove all your fills, and they will be erased entirely, although they are heavily encrypted and you are the only person that have the keys.
