Closed larrysalibra closed 4 years ago
The implementation for this is probably similar to #138.
@larrysalibra Do you want to prevent server processing of data completely?
We had years of pushing cloud computing and many many libraries and tools to make life easier while putting processing on the server-side. Take image processing as an example; we can not easily put OpenCV in every user mobile phone. Even if we can, battery life and network usage will be problematic.
I think this issue contains two parts, privacy and data ownership. Data ownership will be easily done with bounding servers to do the write with a separate encryption key for every call and clients verify that. But client-side encryption will exclude almost all cloud computing and leave us with cloud storage. I love to see if we can find a way to do cloud computing, just like Blockstack did with solving identity and storage.
@larrysalibra how would you expect devs to declare this info? How would you test and score it?
@larrysalibra suggestion from @zone117x is that we can ask apps to attest to the following: all user data encryption and storage with Gaia is handled client-side.
Edited with add'l context from @zone117x in case it helps inspire: A technical reviewer could watch the network logs and see if a data write action (e.g. typing into the doc and waiting a second for it to save) results in only network requests to gaia. It could be partially automated by using extensions like adblockers to blacklist all network requests except gaia.
Sounds like this isn't a change to rules or testing, just adding some info on app registration that allows NIL to test easier and faster. Moving to review and also adding to App.co backlog. @markmhx can you please ref this issue in an App.co ticket.
Reviewing for use of gaia is challenging. Our current standard is that apps that write any data to gaia receive full marks. Even with this very low and simple to meet standard, it's not always clear if an app doesn't use Gaia or we are unable to find that app’s use of Gaia.
Proposal: As part of the monthly app mining submission process, developers should explain how Gaia is used by their app . Reviewers will follow those instructions to verify Gaia usage.