[jerry292]

I read you use IPFS. To my knowledge everything on there can be encrypted however not private. Is there a specific way you get around that.

[brendoncarroll]

Yes. WebFS doesn't actually use any of the file/directory functionality provided by IPFS, or any encryption features. We only use the get/put block functionality. Everything is encrypted in WebFS before being posted to a Store.

The data encryption keys are generated using a secret and the hash of the data being encrypted. That key is stored in the reference to that data. This continues recursively to the superblock which is not encrypted.

[mirimir]

Can one use Tor onions as stores?

[sp332]

Tor is a network layer. It doesn't really store anything.

[mirimir]

True. But Tor onions are servers.

[sp332]

I've never heard of an onion service called just "an onion" before. I don't know enough to say if that's wrong, just that I was confused.

[mirimir]

Sorry to be confusing. It is commonly used, in some Tor communities. But yes, "onion service" is clearer.

[duskwuff]

Not in any sense that's relevant here. They don't host content.

[mirimir]

I have no clue where you're coming from.

What sort of content do you say Tor onions can't host?

"Tor onion" just means that a server is (ideally) only reachable as an onion URL, which is only accessible via the Tor network. There is the limitation that Tor only handles TCP. Otherwise, one can route anything over Tor. In my experience, that includes HTTP(S), FTP, Tahoe-LAFS, SSH, RDP, Mumble, OpenVPN and tinc. And others, if I spent more time remembering what I've played with.

[mirimir]

What do you mean by "private"?

I mean, if it's securely encrypted, does it matter if others can see it? And indeed, if it's online, you must assume that others can see it.

My privacy concern is about IP addresses. So I'd want to use IPFS with Tor onions as stores.

[jerry292]

Well I fear even if the information is encrypted alone once quantum computing breaks modern AES encryption standards that’s going to be a yikes. So I’d be more comfortable with encryption as well as access controls.

[brendoncarroll]

This is a legitimate concern. WebFS is designed for the p2p storage use case. Persisting data with p2p storage means that it can live forever. All the secrets in WebFS are randomly generated and there are no user supplied (potentially weak) passwords.

w.r.t. quantum computing: it is possible for WebFS to use symmetric cryptography for all remote data. Although, many Cell implementations in the near term will likely use elliptic curves or RSA.

[mirimir]

I guess. But access controls really just keep the punters out. Any serious adversary will just track down the stores. And even if they're on dedicated servers with FDE, keys can be obtained from RAM.

[brendoncarroll]

Just to clarify: All data is encrypted on the client, going after a server backing a Store will get you encrypted blobs. Encryption keys would not exist on the server in plaintext.

[mirimir]

Sorry to confuse the issue. I meant the keys for the Store's FDE, not the WebFS keys, which never leave the user's machine.

I was addressing jerry292's concern about access to the encrypted data in Stores.