[tchaffee]

Should anything truly private be stored in the cloud? I have never seen a solution that doesn't boil down to trusting someone. The claim is that the code is open source. But I don't know how I would verify that that's the actual code they are running on their servers. I also don't understand the payoff. For information that's not truly private (like your music collection) but that could possibly be data mined, then a very basic level of privacy you get from something like Dropbox should be enough, right? What does this service offer that other cloud storage providers don't offer? For information that's truly private, why would I risk it becoming eventually available to hackers by putting it somewhere in the cloud? What am I missing?

[lotharrr]

The data is encrypted on your client before it leaves your computer. You're relying upon the servers to hold onto your ciphertext (i.e. availability), but not to keep it secret (confidentiality). And the client can detect changes to the ciphertext, so you aren't relying upon the servers for integrity either.

You have to trust the client code, for sure, but that's something that you're at least nominally in a position to inspect and verify. https://github.com/tahoe-lafs/tahoe-lafs

[tchaffee]

I'm a programmer. And I still don't think I'm in a position to verify if something is cryptographically secure. It's quite possible that a client has been built with an extremely subtle backdoor already in mind. One that crypto experts won't find for years.

[thinkloop]

Yes, but it's like when you're at a cafe and need to go to the bathroom so you ask the random guy next to you to watch your laptop. Sure he could steal it, but you reduced the attack vector to just him.

[tchaffee]

It's a reasonable analogy. To use your analogy I'm suggesting you don't trust anyone with your laptop and bring it to the bathroom with you. If something is truly private and / or valuable information don't put it in the cloud. I'm not alone in that thinking. When it comes to storing people's digital currency you hear about things like cold storage. For very good reason.

[stdcli]

You can use gaia hubs, which are user owned stores, to host your data wherever you like. Gaia focuses on user owned data, and leaves the work of network consensus and replication to the identity associated with your gaia hub: https://docs.blockstack.org/storage/overview.html where the identity is defined here: https://docs.blockstack.org/core/naming/introduction.html

We have an Amazon EC2 AMI, and are working on others, but the idea is you could bootstrap the docker-compose on any VM you like, or a rasberry pi if you want even: https://github.com/blockstack/gaia/blob/master/hub/README.md

There are IPFS driver requests and now requests for drivers to support privatestorage by Least Authority as well, if you also want to replicate your data temporarily across some nodal network.

While gaia fundamentally does not require using the comprehensive Blockstack API, we are working on tutorials to abstract the use of only gaia without Blockstack. They are designed to be functional independent of each other, in the same way people can use Blockstack authentication without gaia, the reverse can be true: https://docs.blockstack.org/storage/overview.html

Currently, I want it to be even easier than just bootstrapping a docker-compose in gaia for users to host on their own machine, or rasberry pi or what have you. We are working on that as well as cloud hosted solutions.

I would like for people to be able to launch a vm with a preinstalled image locally on their own machine, not just google cloud, amazon, Digital Ocean etc. The groundwork for a secure and minimal VM is mostly in place. We need to set up more instructions for this but feel free to launch the docker-compose and give it a whirl in your environment of choice if you don't want any of the cloud AMI's we currently offer.