Introducing Spaces: App-Specific, Private Data Storage
Spaces are app-specific data stores that improve user privacy. Now available in 3Box.js version 1.3.
Secure, Distributed Data Storage for Your App
Spaces are now available in 3Box! Spaces are namespaced key-value stores where applications can store user data and content specific to their app. Spaces provide apps with greater security and privacy guarantees for user data management, and users with greater levels of control and consent over how their data is requested and used.
Previously, a user’s 3Box had a single public and private store where all data from all apps was stored. Now with the addition of spaces, a user’s 3Box can support a very large number of independent stores — basically one for every application that keeps data in their 3Box.
What kinds of data will application developers want to store in a space? Any piece of user data or content that is generated by their app, but that they don’t want to keep on an app-managed server, in browser local storage, or on the public blockchain ledger. This might include things such as user preferences, usage history, private documents, files, off-chain transactions, and much more.
Spaces free your app’s data from web2 silos and allow you to keep it instead with the user. This user-centric model of data management is at the heart of web3 and makes data sharing and collaboration possible without compromising user privacy, security, or UX.
Increased Privacy for Users
Before spaces, a user’s private data from every app was stored in one communal 3Box private store. If a third-party app wanted to read data from or write data to that private store they could request permission from the user by asking them to sign a general 3Box consent message.
"This app wants to view and update your 3Box profile."Once approved by the user, the app could then read all private data in that store — which included all private data from all apps. Although this all-or-nothing data permissions model was a pragmatic first step which allowed us to ship a working product, it was obviously not going to be the sustainable approach for how privacy was going to be managed on 3Box long-term. Spaces now offer a better solution.
With the addition of spaces, each app is capable of storing public and private data in their own separate location within a user’s 3Box. Private data within an application’s space is encrypted with their unique encryption key that is not used by any other app. This move from a single encryption key used for all private data stored in 3Box, to specific encryption keys for each app, allows the private data that your app stores in 3Box to remain inaccessible to other third-party apps and services unless the user provides them with distinct, explicit permission.
This explicit permission is given to third-party apps by the user when they sign additional consent messages specific to the spaces that are being requested. For example, if App A wanted to access data stored in the spaces of App A and App B, the user would have to sign the general consent message mentioned earlier to sign in to the service using 3Box, and then they would need to sign two additional approval messages — one for the App A space and another one for the App B space.
"This app wants to view and update your 3Box profile.""Allow this app to open your App A space.""Allow this app to open your App B space."
By making consent more explicit, spaces improve user privacy by giving users even more awareness and control over how their data is accessed and used. More consent is required for apps to access more data.
Spaces Feature Overview
- Apps can now store public and private data in a key-value store specific to their app, called a space
- Permission to access data stored in a space must be specifically given by the user
- Spaces provide apps and users with improved privacy, security, and control of data on web3
- Data stored in a space can be anything, but spaces are particularly useful for more sensitive user data and user generated content, and other things that don’t need to be stored on a server or the public ledger
Getting Started with Spaces
Update to the latest 3Box.js version 1.3.
Learn more about 3Box.js on Github.
npm i 3boxHow To Build With Spaces
We worked hard to ensure that building with spaces was as easy as possible for developers, with minimal changes to our API. Simply call openBox as you would for general 3Box authentication, and then request to open the spaces that you would like to access.
For now you will need to know the name of the spaces you want to interact with as we haven’t constructed a global registry of namespaces yet. If you have thoughts or feedback on the below, join our Discord and let us know how we can improve.
- Import 3Box into your project, and call
openBox
const Box = require('3box') const box = await Box.openBox(<user-ethereum-address>, ethereumProvider)
2. Now that you got the box object, you can open a space.
const dappStorage = await box.openSpace('myDapp')3. You can now use the space object dappStorage to set, get, and remove public and private data from the myDapp space.
await dappStorage.public.set('displayedTreasure', 'Magic Emerald') await dappStorage.private.set('preferedWeapon', 'Holy Sword')console.log(await dappStorage.public.get('displayedTreasure'))
console.log(await dappStorage.private.get('preferedWeapon'))// Output:
// Magic Emerald
// Holy Sword
Watch the Tutorial
Here’s a screencast of 3Box team member Joel Torstensson demonstrating how the spaces feature works, using the example found in the 3Box.js repo. You can try this yourself by going to the 3Box.js Github repo and running the example.html file on your local machine.
👋 Join the 3Box Discord to chat with the community
📫 Sign up for the 3Box newsletter to receive these in your inbox
3️⃣ 3Box provides social infrastructure for web3. Integrate 3Box.js to instantly make your dapp more scalable, social, and human. Visit 3box.io to create your profile or github.com/3box/3box to dig into the code.
