| This is amazing, great work! I love that it does everything in-browser. A handful of questions: Your currently uploading to a gateway and are considering moving to your own gateway backed by filecoin. Have you considered ditching the gateway and using the libp2p WebRTC and/or WebSocket transports to upload directly to the network via the browser tab? Where are you hosting this and how are you protecting against "supply chain attacks" where your hosting provider (either maliciously or through their service being compromised) injects additional JS that exfiltrates secrets? Have you explored managed/trusted upgrades to the existing user's apps through browser storage and a service worker? I don't know of any surefire ways to protect against the first delivered page being compromised, or a compromised browser environment, but could you lock down the upgrade path for the app for returning users by moving it outside of the page load path? (Not just a question for OP, I've been wondering about this for a bit now, it's kinda critical path for delivering P2P experiences to a browser tab - you need a way to minimize trust of the server hosting the HTML/JS files otherwise it can trivially exfiltrate your secrets) What is the migration path off of this? If I have this metadata file, how do I use it locally to fetch my encrypted files directly from the IPFS pinning server without having to return to your site? How does multi-user access work? What do you think the path to beating Google Drive on UI/UX is with P2P software? --- We are working on a very similar problem to this right now, using the guts of IPFS and some stuff borrowed from Secure Scuttlebutt et. al. to manage encrypted files, identities, and capabilities. We also have a way to encrypt a file once and share individual per-user encryption keys on-demand bound to the user's private key. This lets the decryption keys be mirrored by nodes (i.e. put it on IPFS!), without the corresponding private key the decryption key is worthless. Next we are exploring UCAN for managing capabilities and granting access. And an overlay network to power it all. I'd love to compare notes with you. Do you want a job? There is an open spot on my team working on exactly this stuff. Our goal is to make an SDK for building these exact types of apps. Salary bands max out at $250k. Fully remote team, nomad friendly, 4 day work weeks. Time is spent roughly 50/50 implementing stuff and reading research papers (like Filecoin, IPFS, Scuttlebutt, etc.). We have an open interview challenge for the team that gives some good insight into what the role is and what a "day in the life" will be like: https://gitlab.com/webai-open/network/interview-challenge |
I have used libp2p a while ago (for another app), at that time libp2p WebRTC was not ready yet. Now that you mention it maybe I should check them out again.
Currently I'm hosting on Vercel. I tried not to put too much thought into making the app 100% secure but rather only secure enough for a "normal" user (making file upload encrypted by default is what I think needed to make IPFS usable for them). There are potential problems that you listed there that may or may not be solved by offering a frozen versions of of this app on IPFS itself. No idea how to solve compromised browser env / hardware. It's really a rabbit hole.
About migration, I will add a simple Python snippet to fetch the files so you don't have to visit the site.
Multi-user access: I think the hard part is to allow revoking access. Once someone has successfully decrypted and read the file, they already can download and keep a copy of it. So the only thing I could do is to stop them from continuing accessing the file through ThirdCloud services (maybe just by revoking a particular share key). The tech you are doing seems to be about signaling nodes to revoke the share keys (or more like "revoking by default" - only give access after checking back with your main node)?
Have not thought much about UI/UX. I just like the fact that my files now are now 100% not locked down (while still being super convenient to access). Remind me of the time when I keep an offline collection of mp3 songs and can upload them to different mp3 players (but now I don't have to upload because it's already in the cloud). Maybe letting ThirdCloud having an extension ecosystem is the path?
--- About the job, have reached out to you on LinkedIn. Not sure how this turns out but would just love to say hi.