Goobox, a zero-knowledge, end-to-end encrypted file sharing service built on Sia
The Sia Network has been quietly growing at a steady pace lately, recently crossing the 300TB of used storage mark and currently sitting at roughly 337 TB. While looking for the reason for this recent growth boost and evaluating the technical baseline, i decided to write down my learnings as independent articles about the Sia network and it’s different participants. If you like this one, you will probably also like the previous one.
As decentralized storage projects mature, actually working products built on top of them are being released. During one of my recent research days, i was contacted by the Goobox team.
This article documents my initial research about the different offerings and background about the Goobox project.
As usual, all my public work is available for free. I didn’t receive anything for my testing.
Before i present the impressions from my first few tests, let’s get some terms out of the way.
What is Amazon S3?
Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.
While S3 is aimed at developers, the service can be used pretty much by anyone looking to store data. S3 became so popular among developers, that a lot of free, open source and paid alternatives exist today. Check the official documentation if you want to learn more about the technical details.
What is Sia?
Sia is one of the few legit projects in crypto that simply keeps on developing and expanding their offerings. While it still has a lot of room to improve, it is likely the leading decentralized cloud storage platform.
The Sia network is special because it has no signups, no servers, no trusted third parties and is the backbone for a data storage marketplace that aims to be more robust AND affordable than traditional cloud storage providers.
What’s in a Goobox?
Goobox is advertised as “A zero-knowledge, end-to-end encrypted file sharing service that utilizes decentralized cloud network Sia for its storage layer.” The team has multiple products on their roadmap and mentions “Google Drive, WeTransfer, Dropbox” as direct competition for their products.
Just like Filebase, Goobox looks to abstracting away the complexities of interacting directly with the network (e.g managing Siacoins, syncing, staying online etc). Their Goobox S3 API is available for testing in form of a 14 days trial period. The file-sharing service, which offers up to 4GB unlimited file transfers, is available for free.
Questions for the team:
Before digging into the actual setup i wanted to get a few answers from the team to see how they related to the Sia project and what their long term goals for the products are. I follow the Sia (and Storj) projects for quite a bit already and some team member names definitely rang a bell.
That’s why i sent these questions to the team a couple of days ago and the answers were kindly provided by the Goobox team via email.
Question: What is your long term vision for Goobox?
Answer: Decentralized cloud storage although potentially revolutionary in the struggle against data centralization and all the problems that come with it, requires a level of usability keen to that provided by centralized solutions. The long term vision of Goobox is to enhance security and reliability of the cloud while still giving people the ease of use and removing the friction to use p2p storage networks. This is an iterative process of piece by piece.
In the long run, Goobox should provide easy access to decentralized storage networks, which will allow persistence of files for the coming decades.
Question: Goobox seems to have a direct relationship to Minebox (Minebox IT Services GmbH). What happened to the project?
Answer: Minebox software(IP) was taken over(acquired) by ClearCenter Inc.
Vlado Petrushev was the main shareholder in Minebox IT Services GmbH, he is now investor in Goobox, advising and supporting with his years of experience in decentralized storage networks.
We will make an official statement about our legal structure and our shareholders by the end of summer.
Question: How do you imagine your average user / how will he interact and use your services?
Answer: Our “average” user can be anyone with a Synology NAS to small business customers. The end goal is to let our users interact with the service(s)(file-share and S3 API) like they do with any traditional providers like AWS or WeTransfer.
The difference here is that our service has more reliability and security features centralized solutions lack.
Question: What is the currently recommended way to use goobox?
Answer: You can use Goobox for zero-knowledge file sharing or store files in the S3 compatible API using a variety of tools from Duplicati to Minio.
Question: What new features are on your roadmap in the next few months? (Goobox Pro, API etc)
Answer: We are working on (1) completely new redesign of the UI, (2) expanding file-sharing (user-based file sharing), (2) increase S3 software compatibility and functionality (e.g. Synology NAS backups), (4) increase decentralization. We are also planning to integrate AI and machine learning into our system to manage the Sia back-end & nodes.
Question: How can I verify my files are actually on Sia?
Answer: You can’t. Sia doesn’t offer a way to check files with public hashes so even if we give you the Sia path, you won’t be able to verify this. We know that this is important for the Sia community so we are thinking of ways to do this. One way would be to give a customer access to an entire Sia node with seed, though, this would imply that the cost of buying storage on Goobox would increase dramatically. On a side-note since Goobox is also focussing on onboarding outside of the Sia community, it is still a question if this is something people outside of Sia are interested in.
Question: What does your infrastructure look like (in layman terms)?
Answer: There are three layers on a Kubernetes cluster: load balancers, API handlers, and Sia nodes. The API handler converts requests/responses defined in S3 API spec to/from requests/responses defined in Sia API spec.
The handler also provides caching and access control. Splitting API handlers and Sia nodes provides flexibility and scalability. If requests from users increase, we can increase handlers. If stored data increases, we can start more Sia nodes.
Sia nodes are currently backed-up offsite, once seed-based file recovery is implemented we are going to secure the seed in an offline secure vault to ensure even if we go down the files remain intact and secure.
More details about the architecture can be found in the following article on the Sia blog.
Question: What is your relationship with Sia / NebulousLabs?
Answer: We have active communication with Sia about development and technology and they are very supportive for Goobox, since we make easy for developers and people to use Sia, abstracting all the complexity. We imagine that in the near future we will make this relationship official, with a partnership agreement.
Question: Does it make sense to tun sia node and use goobox at the same time?
Answer: Actually, you can run Goobox on top of your Sia node with our Goobox community Sync app (open source on GitHub). We do think that it makes sense to use both. This is especially the case with File-sharing since Sia doesn’t have file sharing yet and end-to-end encrypted file sharing on Sia through a Web-UI is quite handy, even if Sia later supports it natively.
Same goes for Sia S3 because you can access it from anywhere, which is not the case for a normal Sia node. We are thinking about licensing our architecture so that people that have a desktop can run their own S3 API on their own Sia nodes (like Storj does), though it will take some time to figure this out.
Question: A lot of the projects work seems to be open source (https://github.com/GooBox). Are there any proprietary components?
Answer: Yes, the payment stuff is proprietary, followed by the back-end for File-share since we are using custom encryption algorithms made by our lead engineer Junpei Kawamoto. Also the S3 API is closed. We could eventually open the code and licence it like mentioned above for the S3 API. Goobox community-GUI is open source though (our first app on Sia).
Question: Would I be able to restore my data if you went out of business tomorrow? Can i run this myself if i want so?
Answer: Only if we give our customers back the Sia snapshots/wallets, with seed-based file recovery a step closer since you could restore the data from the seed (we have to figure out how we give users access to this seed), but with Sia file-sharing definitely!
So we have to wait on some Sia-core components for this.
Question: Do you have a free plan for testing?
Answer: Yes, we have a 14 days trial period for the Goobox S3 API.
Our file-sharing service offers up to 4GB unlimited file transfer for free.
Question: How did your international team meet?
Answer: We have met online, and some of us know each other for some time since we have been long-time community members of Sia and Storj. Our team works from Europe, Asia and Canada.
Setup & using Goobox
After this baseline research, i wanted to see how they actually implemented the first iteration of the product. I know the standard Sia experience very well and was keen to see how a commercially oriented service built on top of the Sia network would look and feel like.
Since the team published an article how to use their AWS S3 compatible REST API as a remote disk only a few days ago, i decided to focus on their file-sharing product for this review. I still want to point out their cost calculator, a feature that any potential customer will surely enjoy!
For those interested, this is the article i am referring to:
File-sharing with Goobox
Goobox offers a generous free 4 GB option for file-sharing, i picked that one for testing. There is NO sign-up process and you don’t need to install anything! The 4 GB limit is not per user, but per file “bucket” shared.
Open the file-sharing uploader
Add your files on the uploader page by dragging them to the left (black) panel. You can assign a password, but you don’t have to. You can also decide to include the password (in cleartext) in the URL, so the password input field is pre-populated on the downloader page.
Upload your files
Files are uploaded and encrypted one by one. After you have uploaded the desired set of files, click the “Encrypt & Transfer bucket” button.
Just like with other file-sharing services (or pastebin), you get a url to share with some popular web services. Please take a note that all data will only be retained for 7 days.
Download files
All you need is to paste the generated url into a browser window. Depending if you provided a password or not, the password input field is pre-populated on the downloader page.
That’s about it! Very convenient and straightforward. Looks like this could become my new preferred way to share files with co-workers and friends!
Conclusion
Goobox is another valuable addition to the ever growing Sia network. There are quite a few interesting items on their roadmap that i’m looking forward to see in production. My prediction is that this is going to take the majority of 2019, but i have no doubt that decentralized storage is up to a drag race in 2020.
Until then, there’s a lot to play around with. The free 4GB file-sharing product is awesome to share files fast and anonymously. Even though encryption is included already, my recommendation is to encrypt ANY VALUABLE DATA before uploading it on the service to be on the safe side.
The Goobox API service with S3 compatible apps (such as Duplicati and Mountain Duck) covers many of Sia’s use cases. And while running a local Sia node is cheaper than using an API service, it requires around 16GB RAM and checking balance and allowance. With Goobox S3, people can use Sia without maintaining their own Sia node.
This is also what one of my next articles will be about after this initial introduction to Goobox. The S3 use case is very powerful and comparing the various decentralized options against Amazon S3 itself (and potentially a competitor) regarding costs and performance for 1–2 example project(s) should provide some valuable insights.
One of my main take-aways is that even though Sia is used as base-layer for Goobox, just like with Filebase there is no way to tell for users if the data is actually stored on the Sia network at all. The different teams rely on Sia’s fundamentals here and i hope the Sia team listens to their requirements as outlined by their customers from real workd usage. I think the Goobox team did a fantastic job so far and i’m looking forward to see what they’re up to next. With direct competitors like “Google Drive, WeTransfer, Dropbox”, they still have a long way to go and i will keep a close eye on them.
Pro/Con Goobox
Con: Not able to verify Goobox is actually using Sia.
Pro: Attractive pricing for their S3 API with a great cost calculator. A free 4 GB option for zero knowledge file-sharing that requires no setup and provides a pastebin like experience.