Resolving data privacy challenges by use of a decentralized stack

You may have heard about the recent scandal with Telegram — one of the most secure messengers. This is more about the human hassle, but one moment made me concerned: a former system administrator claims that his message history was temporarily deleted by Telegram’s founders (restored after the issue was publicly exposed).

This means something very simple: whichever secure protocol you have, if it is being controlled and supported by particular people, there is a risk when you cross the road to these people. It doesn’t matter who controls the project, whether it’s an important authority within a company or anonymous team. The risk is still there.

The decision about whether to trust an app to keep communications private should never depend on the trustworthiness of one person. The Outline

The fundamental vulnerability of the current web is that there is always at least one entity that controls all of the data. If this entity is hacked or angry, everyone has a problem.

That’s why decentralization of data access should be one of the important steps to creating Web 3.0. Fundamental things like data privacy should be controlled by the laws of nature, not by the most vulnerable entity within nature: people.

Centralized Privacy Problem

Today you stick with products that own your data. You choose Android or iPhone instead of Amazon phone not only because of great UX but also because of the ecosystem that has been built around those brands. You choose Gmail, Facebook, or Dropbox because they build an experience around your data — which they exclusively own. The more well-known the brand you trust your data to, the more value you get back because of its ecosystem.

Let’s consider your address book — the basic thing that pretty much everyone has, which represents our place in the world of people. All communication apps are more or less built around your contacts list: phone book, email, messengers, video-conferences.

These apps rely on platforms (like iOS and Android) and in fact gain value by using the data stored on these platforms. You have a messenger app that stores data on its centralized servers and platforms that store basic data for the app on its own servers. The platforms try to close up their ecosystems and share as little data as they can so that users will trust them and stick with them.

What would happen if, despite all possible security measures, a human makes a mistake? The Telegram CEO is angry at you, a Google devops engineer pushes the wrong button, or a corrupt government of some country has decided to nail you. Your contacts are lost, compromised, or misused.

The Decentralized Way

The essential difference between current proprietary market architecture and decentralization is the philosophy of data handling.

By replicating and storing user data across an open and decentralized network rather than individual applications controlling access to disparate silos of information, we reduce the barriers to entry for new players and also create a more vibrant and competitive ecosystem of products and services. USV

A modern company tends to be thick: a data cycle closed up on itself, giving a minimum of data away. and thereby keep users tied to its brand.

Sensitive data can be stolen on any step. Even using SSL, raw data is accessible for app’s owner or cloud database provider.

A decentralized app is built on openness and tends to be thin. It can be integrated with other apps with the help of decentralized data lakes in order to generate value, and then can be put back under the owner’s permission. For each data operation, the decentralized app pays some fee to the network, data owner, or another app. Thus, it treats data as a valuable asset and seeks to add more value to inbound data in order to similarly monetize outbound data.

With business logic hosted on the public blockchain, a decentralized app operates on public data or private data. Private data gets encrypted on user’s devices and goes directly to a decentralized database.

Going back to the messenger example, there will be a network of nodes responsible for encrypted storage of messages (Database). Other nodes will try to deliver messages to a recipient as fast as possible (CDN), perhaps through an additional layer of security (SSL). Each node that participates in this process is part of the decentralized app (Messenger itself, SSL app, CDN app, Database) and should get a micro-reward for this work.

Data control shift

The main advantage of decentralization of data storage is giving control back to users. If people stop trusting a central authority to store their data, apps will have to take on the job. Once data is freed to be controlled by a user, it will be easily reused by other apps and shared among products.

From a 10,000-foot view, this is similar to Google Drive or iCloud, which allow data to be shared with apps with your permission, but without a central point of failure. You will be able to control and share not just documents or contacts list, but lots of data which is yours by default: health tracking, location, financial transactions, social media posts, etc.

Such a shift requires that data storage have certain properties: distributed storage, total encryption, granular access management.

Apps of the Web 3.0 won’t be able to usurp private data and put it at risk in central repositories. They will build services around the data storage ecosystem, where a user knows everything that happens with her data.

Decentralized Uber doesn’t need to know the rider’s exact location to provide great service; this should be only between the rider and the driver. Decentralized Equifax doesn’t actually have to put millions of people at risk by storing non-anonymized personal information in a central cloud.

We are building Fluence to help the developers of these new applications resolve these privacy challenges and focus on creating value for their customers.

Join us on Telegram group or Twitter to stay in touch.