6

Show HN: A Decentralized, End-to-End Encrypted Alternative to Dropbox

 2 years ago
source link: https://news.ycombinator.com/item?id=29637188
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Show HN: A Decentralized, End-to-End Encrypted Alternative to Dropbox

Show HN: A Decentralized, End-to-End Encrypted Alternative to Dropbox 53 points by arpitagarwal 3 hours ago | hide | past | favorite | 33 comments Hey folks,

We are the team behind Slik.

Over the past year, we have been hacking on SlikSafe [1] a Dropbox alternative where all your data is first encrypted on your own device and then stored on decentralized storage.

Some features we're most excited about are -

  - multi-device data sync,
  - auto-backups via desktop apps,
  - search your docs by name or contents with end-to-end encryption,
  - easy sharing via email, QR-code or private-link,
  - Password-less login using MetaMask/Phantom
We leverage storage providers IPFS and Storj for global redundancy, reliability, and immutability.

You can use our web app [2] and macOS app [3] today. Our desktop app for Windows is currently in beta, and will be launched in early Jan.

You can read our WhitePaper [4] for the technical implementation, or see a quick demo [5] of the product.

Would love to hear what you think.

Arpit, Charvi

[1] SlikSafe: https://www.sliksafe.com

[2] Web app: https://app.sliksafe.com

[3] macOS app: https://sliksafe.com/downloads

[4] WhitePaper: https://sliksafe.com/whitepaper.pdf

[5] Demo video: https://www.loom.com/share/abe133c4ce874655a952a30601e99408

So, how does this compare to a solution like Bittorrent Sync?

And, perhaps more interestingly, why would this become popular where BT Sync failed to live up to the hype?

Furthermore, storage can be paid for by crypto. Does this mean the storage is linked to some kind of cryptocurrency, or is there some kind of central payment system that converts crypto into actual value in the system?

s.gif
It seems btsync (Resilio) has had minimal development over the last few years. I used to be a huge fan but had to stop using it since I kept hitting weird SQLite errors and all support channels seemed dead
Congrats on the launch! Your implementation of sharing from the whitepaper scares me. The second that the private key travels anywhere it's no longer safe in my opinion. This is why Signal uses the double ratchet and 1password has their own sharing. Unless I missed something.
s.gif
Great point! We integrated the QR-code and link based sharing into the app to provide a seamless experience for users.

However, we also have an email sharing solution already integrated into the app which uses public-key cryptography. This is protected from accidental leaks as you correctly pointed out.

Thanks for the feedback, we would update our WhitePaper with the details from above, and also indicate that to users in the UI - so that it scares people less! ;)

Isn't it impossible to really delete something from ipfs? I'd think that would make this dangerous, as any security flaw would be impossible to fix retroactively. Everything before the flaw would be compromised and can't be reencrypted safely.

If a passphrase was lost, the security of every past file would be at risk.

This is what has kept me from approaches like this in the past.

s.gif
Yes, that's one reason I'm really not sold on storing private data on IPFS and similar services.
s.gif
You can unpin it, and it will eventually be removed from other non pinned sources.
s.gif
Can you really delete anything from NSA servers? Or from Internet in general?

For me the problem with IPFS is - it is just not interesting enough. It's not a storage solution, it is distribution and caching mechanism. You can't really upload to IPFS, you can only publish via IPFS - the same way you publish via HTTP.

s.gif
I am quite confident that the NSA does not have a complete image of the encrypted data in my self-hosted Nextcloud instance. With IPFS they wouldn't even have to do anything, if they sometime in the future were able to break the encryption.
I don't need that. I can just set up an SFTP server and rsync my files to it.
s.gif
There's the standard Hacker News response I was looking for
Congrats on the launch, looks really slick!

I'm trying to decode the trend for decentralized services. If you have a sec:

Q1: In your case, why did you opt for decentralized storage?

Q2: Which benefits do I get as a consumer that I wouldn't if this was encoded, but centralized with a lot of redundance?

Don't take me the wrong way, really trying to understand where this is all going.

Cheers

An e2e Dropbox alternative would be great. Though for it to actually count as a Dropbox alternative (to me) it would need:
  1) a Linux app
  2) an Android app
  3) on-demand syncing, aka "smart sync"
s.gif
Syncthing doesn't do smart sync. The library of stuff I want available is larger than can fit on my phone.
s.gif
Has iOS just not been implemented yet or is there a technical hurdle?
s.gif
There was a propriety implementation a few years ago (written in Rust of all things), but I think it's dead.

I think the bigger problem is that both iOS and Android are doing everything they can to deprecate the concept of a filesystem. Android has a history of killing filesystem features, receiving tons of developer backlash, and then hacking in workarounds with reduced performance. I think the writing is on the wall.

In my experience, porting general purpose tools to Android is a nightmare.

Hopefully something like pinephone gets good enough before things are too bad.

seems v cool and I hope y'all are successful (although I personally prefer to pay for things with regular $s). After reading the marketing site though I'm unclear on whether decentralized storage in this context is the same as a CDN(content delivery network)?
If you are offering a Web App doesn't that imply that you're storing a set of Encryption Keys? If you are does that not allow you to access any files stored with Slik?
s.gif
According to their whitepaper the encryption keys stay on the device and can be only recovered with a seed phrase which Slik has no access to, allegedly. There is no source code to verify the details, but they use AES-GCM. That either requires hardware support or a technique called bitslicing to be secure, but it runs on the client, which is fine. The confidentiality of the data however might not be protected because the storage can see the access pattern of the chunks. This is not even theoretical, keyword recovery can be trivial because of a search protocol.
s.gif
We could definitely expand on the search protocol in our WhitePaper, thanks for the input! However, we provide client side search and not server side search, thus, our servers have no idea of what the user is searching.

The keywords (along with other file metadata) are also encrypted using the user's key, so analyzing access patterns of the chunks, would not be possible for us.

s.gif
Client-side search is secure if the client downloads all the metadata, and then nothing else based on the result. The access pattern is simply which and how many encrypted chunks are selected. If they are selected based on a search result there could be a statistical correlation.

Not that every leakage is critical, for example if you write chunks when the user uploads a file the client just leaked that an upload happened, it also leaked how much data was written. Depending on the use case this might not lead to sensitive information leakage. It however might, for example if a hospital has an app that let's you download information about your disease an adversary could leak which disease you have without compromising the encryption.

The most advanced technique of hiding which chunks are accessed, or whether they are written or read is called ORAM. ORAM makes chunk accesses indistinguishable, however this technique has a logarithmic overhead, it fails to hide how many chunks are accessed, and it is also hard to design a search protocol on top of it that does not create patterns in the ORAM accesses, which can be also analyzed.

A practical solution is a search protocol that tries to decouple the results from the accesses.

https://www.researchgate.net/publication/356077294_Access_Pa...

This paper is just an idea, I'm designing a different protocol that is more efficient, but requires persistent client cache, which is just becoming a reality for web clients.

s.gif
> thus, our servers have no idea of what the user is searching.

Until you all are coerced by some legal authority to code a passphrase intercept into the client ala ProtonMail, right?

s.gif
To explain this in detail -

The encrypted file metadata (and the search indices) are downloaded at once. It is then decrypted using the user's key on device. The user then performs a client side search to get the relevant file-ids. The file-ids are then used to retrieve retrieve the file from the decentralized storage.

s.gif
Great question - we just keep the encrypting keys on the user's device and in-memory. The keys are encrypted using the user's seed phrase that is only known to the user, and not to Slik.

Feel free to read more implementation details in our WhitePaper - https://sliksafe.com/whitepaper.pdf

s.gif
How do you prevent yourselves from serving a version of the web app that sends the user’s seed phrase to yourself?

(A malicious employee could do such a thing, or you could be legally obligated to do so in order to continue operating in certain jurisdictions.)

s.gif
How is this problem specific to web apps?

How do you prevent yourself from serving a compromised iOS/Android/Mac/Windows app? Same answer.

s.gif
Well, for traditional Linux desktop apps, the distribution audits the code + ships the binaries.

For app store based distribution, the developers can set up a deterministic build, and end users can verify the checksum of the package matches the developer’s published source code (signal supports this).

s.gif
Isn't this a promise of open source? User doesn't have to get a binary from someone, they could, build from source (given experience+time)
s.gif
Even for closed source apps, reverse engineering efforts (for sufficiently popular binaries) often find backdoors. This sort of auditing only works because each end user gets the same binary blob. (And if not, there’s a reasonably high likelihood of detection.)
s.gifGuidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK