We are in the early stage of transition from Web 2.0 to Web 3.0, and IPFS and Filecoin are trying to help us return the control of data from traditional centralized service providers to its real owners through decentralized storage.
With the various leaks of sensitive information, it brought about the concern of [privacy] issues. However, the privacy issue is not directly solved by Filecoin, but needs to be spelled out in the Lego universe of the Web3 world by stacking technologies like differential privacy, zero-knowledge proof, and privacy computing.
On April 27, Apple iOS 14.5 was officially released, landing the strongest new privacy rules in Apple’s history. The new system version will go fully online with App Tracking Transparency rules, which restrict apps from reading the user device’s advertising identifier, IDFA, to protect user privacy.
Immediately afterwards, Facebook announced that it was encouraging iOS 14.5 users to enable tracking so that its apps would remain “free”.
On May 15, with Twitter’s update, the app began asking users who upgraded to IOS 14.5 to enable ad tracking under Apple’s app tracking transparency rules.
The value of each of our private data is evident!
Web 2.0: Privacy as a luxury, happy to have, but not the highest priority
The Internet has become an essential part of our daily lives, and the process of data interconnection has given rise to misuse and privacy violations of personal data in the Web 2.0 era, as well as the more sensitive issue of commercial privacy.
In Ling v. Jitterbug, the plaintiff used his cell phone number to register and log into the Jitterbug application without any other contacts in his phone’s address book, and recommended a large number of “possible acquaintances,” including classmates and friends he had not contacted in years.
The court found that
Names, cell phone numbers, social connections, and geographic locations are personal information and constitute infringement without the plaintiff’s consent.
In fact, in the era of big data, users’ personal information is very dangerous, not only in this case, but also in many products that infringe on users’ information.
Therefore, on May 25, 2020, the Third Session of the 13th National People’s Congress adopted the “Provisions of the Civil Code of the People’s Republic of China on Privacy and Protection of Personal Information” and officially published the full text on June 1.
The current network is riddled with various privacy leaks, which is a problem destined to be solved in the course of the advancement of digitalization.
According to a McKinsey survey, 71% of respondents said they would stop doing business with a company if it leaked sensitive information without permission. As the public becomes more aware of personal data protection, technology companies have introduced “end-to-end encryption” (E2EE) solutions.
However, experts believe that E2EE is not enough because it still has man-in-the-middle attacks and backdoor programs. For example, WhatsApp end-to-end encryption has been the subject of “backdoor incidents.
While end-to-end encryption ensures that network prying eyes cannot read message content, and even if third parties cannot access encrypted data, personal and corporate data is ultimately controlled and stored by third parties.
In contrast, Web 3.0 communication protocols are distributed and secure, and do not require third-party storage of data. This will be a set of protocols on top of the Internet, which translates directly to the Internet Interconnection.
Web 3.0 should be a data-centric data era, and Ta’ s set of protocols should be implemented with the goal of interconnection of data. Realize the location, circulation and transaction of data.
Filecoin: Decentralizing Google
Data is an asset, and this has become a key feature of the shift from Web 2.0 to Web 3.0. Another problem arises after users have established sovereignty over their own data. Although data is well and firmly in the hands of users, it does not have any value at this time, and only when it is circulated and processed by algorithms, arithmetic fillers, etc. will it have some value.
Distributed storage of data and files is essential to data ownership, and personal information is no longer controlled by giant companies. Instead, all users, personal data, applications and connected devices are decentralized. There is no doubt that this is a core element of privacy protection.
Filecoin is one such decentralized storage network built on the Interstellar File System (IPFS). As the world’s largest distributed storage network, it bears the infrastructure of the next generation network – storage, which can well carry the next generation Internet and the civilized information of human beings permanently .
This decentralized storage method will break the monopoly of the Internet giants on data, and the data generated by users or enterprises will no longer be served, managed and “protected” by one entity.
The network is also making great progress so far, having surpassed 5EiB in just six months since its launch and still growing at a rate of 30PiB per day. As the Filecoin ecosystem continues to flourish and more miners join, Filecoin is well positioned to store even larger amounts of data.
We are already seeing some traditional centralized cloud service providers (e.g. AliCloud, SevenNiuCloud, AWS, etc.) gradually participating in blockchain-based decentralized storage projects like Filecoin.
Imagine a scenario where the storage nodes in these projects are filled with a bunch of Internet giants from Google, Ali, and Baidu one day.
Although each node belongs to a centralized entity, it is this one entity that forms a decentralized network. Thinking about it the other way around, the process of joining this network is to gradually decentralize oneself.
Privacy in Filecoin/IPFS
While we look to IPFS or Filecoin to take back ownership of our data from centralized service providers, neither Filecoin nor IPFS networks have a native privacy encryption layer, although they enable redundant, geographically distributed storage of data.
A number of readers have this misconception about IPFS – when a user stores a file in an IPFS system, the system generates a hash of the stored file, and if the hash (also known as a CID) is not public, then the contents of the storage are not public.
However, the fact is that when a user stores a file on an IPFS network, the hash value generated by the system is potentially distributed to any node in the system, and later use is required to retrieve the file through the node.
If the file’s hash is not shared with other nodes, no one will know that the file is stored in the system and other nodes will not be able to retrieve it.
The IPFS protocol is designed to be highly modular, and Protocol Lab wants to leave more diverse and customized privacy solutions to the developers of IPFS and Filecoin.
The data on an IPFS or Filecoin network without privacy protection does not belong to a centralized organization, but it still does not fully belong to the individual user.
The reason for this is that the user lacks control over the privacy of the data. privacy in Filecoin/IPFS we can divide here into two categories.
One category is where the data in IPFS itself does not affect privacy, and the mapping to a specific identity creates privacy issues.
The other category is where the data itself contains private information that needs to be protected.
The documentation for ipfs.io gives some solutions to the privacy problem.
Building a private IPFS network
Private IPFS networks provide the highest level of privacy, protecting content from being seen by uninvolved parties. A private IPFS network works in the same way as a public IPFS network, the only difference being that it allows only nodes in the network to see the information.
Nodes that access a private IPFS network require a private key. Therefore, when building a private IPFS network, the most important thing is to protect the private key from leaks.
If you are storing files on a public IPFS network instead of using a private IPFS network, it is recommended that you encrypt the contents of the files before uploading them. Although this does not prevent the hash from being broadcast, even if someone gets the hash they will not be able to see the original file.
Using a gateway
Gateways can also come in handy for protecting data privacy. When users retrieve content, they can use gateways to hide their true identity.
By using a gateway to retrieve in a public IPFS network, other nodes will only see the gateway retrieving the content and not the user retrieving using the gateway.
More specifically, the following theoretical and technical frameworks can be used to address privacy issues in decentralized storage.
Decentralized identity + differential privacy
Multi-party secure computation
Trusted hardware: TEE
In the era of Web 3.0, data will become an important means of production, just like land in the agricultural revolution and capital in the industrial revolution, and also an important asset.
Although there may be challenges such as platforms, protocols and distributed applications that are difficult to be regulated, data privacy protection is an important issue that cannot be ignored now and even in the future.
The decentralized property of Web 3.0 can better protect user data privacy as well as improve personal data autonomy.
In future articles, we will bring you technical details and solutions for privacy issues in the decentralized storage market.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/web-3-0-era-privacy-is-no-longer-a-luxury/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.