I want this for all the reasons they list, but it seems there are huge unanswered questions for anything beyond a permission-less static page. Imagine you are developing a modern web app in the locked open paradigm. Is all system data distributed, including private user data and passwords? The only solution I can come up with is homomorphic encryption, which is not performant enough and still probably leaves a huge timing/structure analysis attack area if anyone can download the database. If I make any mistakes on the database security, the entire DB is already pre-leaked to the world? The final dencryption/encryption happens in client javascript, which is a whole other hornets' nest. Besides that, the implication is that I write my entire system stack in client javascript that is exposed to everyone, including any proprietary algorithms or credentials? Even if that was ok, and the system can live in the user cloud, where does system processing that is independent of user activity (scheduled tasks, etc) happen? Again, I want all of these problems to be solved, but they are nontrivial.
"homomorphic encryption, which is not performant enough"
It is fast enough on a per viewer basis, and in a DHT downloading the database doesn't mean it was all encrypted w/ one key. Each user encrypts his data as needed, or common groups of users encrypt data for each other with each others keys.
"If I make any mistakes on the database security"
This is why encryption is the underpinning. Sure you can still leak your private key like you can leak an SSH key today.
"in client javascript"
Nobody would use a distributed network where this was the case. In many cases (i.e. MaidSafe) they are developing a browser plugin for client side to communicate with the backend.
"where does system processing that is independent of user activity (scheduled tasks, etc) happen?"
Many of these now-being-designed systems have a pay-for-computing concept. Granted several (not all, unless you want to be limited by a single-file-line blockchain forever) have to agree on the results. Give some computing for other computes and get some. As for "scheduled task" timing issues are inherently difficult for these systems and I don't expect the "system" to trigger a job but rather a user to trigger it. Introducing timing into these distributed networks can be hairy.
The real problem that needs to be tackled is a way for the common human to hold his private key in his memory or some other non-digitally-retrievable way.
Thank you for the thoughtful responses! I am still getting my head around some of this, so I love hearing solutions I have not thought of.
"common groups of users encrypt data for each other with each others keys"
I agree, but I think this can quickly lead to massive multiplication of data without careful cryptographic gymnastics. It puts more pressure on the application devs to do it right or more pressure on the network in terms of data if you don't.
"Sure you can still leak your private key like you can leak an SSH key today."
If I leak an SSH key, I can revoke it and only data that attackers have already grabbed is out. In the described paradigm, everything is already out to everyone. It is all or nothing. That might not be a difference from a theoretical point of view, but in practice it is.
MaidSafe is very interesting, thank you! It seems like more of a shared cloud, which is halfway between present cloud computing and the completely distributed utopia described in the article. It solves pretty much all of these issues, with the cost of being a less-centralized network rather than a fully distributed network. Awesome work, I hope they succeed!
You can also change any sensitive data you have. Also, the distributed/open web should not be one without moderation, just without mandated moderation. If I wrote a distributed social network, I would allow the user to choose a moderated "room"/"group" if he wished. This can facilitate deletion of items, but in many distributed systems, they are never deleted anyways. Be it a mostly immutable DHT or the "right to be forgotten" or whatever it is, in decentralized systems you cannot tell people what to do with data you put out there, you can only encrypt it. IMO, we'll still need the public auditable web for acts requiring responsibility for security failures. Users cannot be trusted with their own security nor can they be trusted to determine a bad actor from a good one.
MaidSafe is fully distributed. Each user is a node (i.e. "vault" or "persona" or whatever the proper name is).
