The Reality of Digital Surveillance
What do you think about digital surveillance? Do you think it’s persecution which seriously infringes on people’s privacy or it’s just a necessary measure to ensure national security? Let’s take a look at a database leakage news in China earlier this month.
Database exposure is beyond your imagination
Earlier this month, security researcher Victor Gevers found and disclosed an unsafe MongoDB database which live-tracking the locations of about 2.6 million residents of Xinjiang, China. The records include individuals’ national ID number, ethnicity, nationality, phone number, date of birth, home address, employer, and photos, which undoubtedly provides a window for hackers to enter digital surveillance.
This database is owned by SenseNets, a private AI company that advertises facial recognition and crowd analysis technologies. A few days later, Gevers reported a second open database which tracks the movement of millions of cars and pedestrians.
Even worse, Gevers found that the server was vulnerable to several known exploits. In addition to this surveillance database, a Chinese network security company revealed that at least 468 MongoDB servers were exposed on the public Internet after Gevers and other security researchers started reporting. Among these cases: The database contains detailed information about the remote access console owned by China General Nuclear Power Group as well as the GPS coordinates of the bicycle rental. This creates an extremely insecure ‘safe’ state. Anyone with an internet connection can access this huge database.
Moreover, it was also found that all the chat records of ordinary people in mainland China, at least from 2018, were clearly recorded in the distributed database of the public network, so that the police could read and censor. After warnings to China NET-online, the access to these 18 databases was closed, but this takes two weeks. Data leakage problem not only discredit technology giants but also place people in a vulnerable position.
The significance of decentralized storage: safety and efficiency
Compared with the centralized cloud storage solutions, the use of decentralized storage for users’ identity-related data is safer.
Centralized storage allows users to access the same data in different devices by logging on to the same account. This brings convenience to people but also brings hidden dangers to personal data security. The loss of user data due to the Dropbox vulnerability and the massive hacking of iCloud accounts reveal an obvious problem that in the current centralized cloud storage architecture there exist systematic and unavoidable risks. There are major drawbacks of centralized cloud storage. For instance, the centralized system has systemic security risks and the ID information is shared between cloud storage service providers. Any breakdown of a centralized cloud storage service provider will threaten other service providers.
While decentralized on-chain storage solutions have avoided such problems from the very beginning of design. Taking IPFS as an example, the decentralized storage has no server that can be attacked or be traced. All data are divided into multiple parts, randomly stored in different nodes of the network. The entire network is safe and efficient for storage and transmission thanks to miners in storage networks.
The decentralized operating system Brahma OS first adopts IPFS when building decentralized storage service. With the progress of the decentralized storage ecosystem and depend on the needs of users, Brahma OS will provide a scalable storage management model at the Framework layer to support other popular mature and reliable decentralized storage technologies (eg Sia, Storj, etc.)
The significance of decentralized storage: the return of privacy
Driven by the interests, the users’ private data has been leaked, utilized, which can influence users’ life to vary degrees. By using the relevant blockchain technology, the user’s identity is no longer the source for commercial companies to get the user’s personal information.
When using the OS, both the data generated by the user intentionally and the data generated by the unintentional operation are valuable. This kind of data forms the basis of artificial intelligence analysis and is called factual data. With the same factual data, different user portraits can be generated when data mining algorithms are optimized. Moreover, all the personalized services we know today, such as online shopping recommendations, friend recommendations or voice recognition, rely on user portraits generated by factual data. These factual data of billions of users made it possible for the commercial empire like Facebook or Google to be established.
However, in the commercial closed loop of centralized services, users contribute their actions and factual data but do not get a financial reward. These data can be sold again. In a way, business models for systems and App vendors are now mainly based on the user privacy data without giving financial rewards to the users.
In Brahma OS, privacy issues could be fundamentally solved. Stealing and exploiting user privacy data would be extremely difficult. We are able to effectively use and exchange personal data while the data is personally owned and without exposing the users’ privacy.
All fees will go back to the user himself. The problem of requiring centralized storage and processing of users’ data will be prevented from the very beginning. Everyone holds their own data which is distributed discretely in a decentralized storage network. No one (or organization) can monitor the whereabouts and content of personal data or hijack the user data.
About Brahma OS
Official Website:https://www.brahmaos.io
Twitter:@brahma_os
Medium:BrahmaLabs
Community:
Official group: https://t.me/BrahmaOS
Chinese group: search BrahmaOS on WeChat to join the WeChat group
Korean group: https://open.kakao.com/o/gdqRKcQ
Japanese group: https://t.me/BrahmaOSJP
@ANNBrahmaLabs:https://t.me/ANNBrahmaLabs
Contact:
Korea:tina@brahmaos.io
Japan:ryan0911@naver.com
Other area:Lynn@brahmaos.io
