[Cryptography] Cubbit

sebastien riou seb.riou at nimp.co.uk
Mon Jun 1 18:32:10 EDT 2020

> Jerry Leichter <leichter at lrw.com> wrote:
> Anyone looked at/into Cubbit (cubbit.io)?  This is a "distributed cloud"
> implementation - you buy a piece of hardware that joins all the others to
> form a distributed file storage network.  The site has a basic overview of
> the approach which says all the right stuff - they encrypt locally with
> AES-256, split the result into chunks, Reed-Solomon encode, then
> distributed the pieces across the hardware boxes.  Meanwhile the AES key is
> encrypted based on a password and also distributed so that you can access
> your stuff from anywhere.  They use a Bittorrent variant to allow fast
> access to multiple chunks in parallel.

Interesting! I have been toying with that idea for years, always saying
"let's start tomorrow"...
They say the right things except:
- The price tag, it is a no go for most. As our world becomes ever more
digitalized a serious solution for personal data storage is needed for the
masses. That said if all other aspects were satisfactory I would not mind
(make it work, then optimize...)
- They do not mention anywhere that the code will be open source. This is a
show stopper for the client obviously, but also for the nodes as we just
have to trust their words about the sharding and replication. Even a
motivated individual will not be able to verify experimentally as there is
no way to know/force the nodes which store one's data.
- As John already noted, there is a coordinator node. I don't think the
money will be the problem, at this price level they could operate it
profitably with selling modest amounts every month. As those boxes will not
be eternal, at some point there will be recurring purchases. What I don't
like in this centralized coordinator node is that it is a single point of
failure and that it is controlled by very few people. It is definitely a
great target for someone who wants to ask for a ransom. An authoritarian
state which does not like all that encrypted storage may take it down.
Trump may come up with a surprise decree impacting it in some way (I won't
even try to think about something plausible, this is a futile exercise).

 Peter mentioned storj.io, which has plenty of open source :-). But:
- Apparently no centralized coordinator but it is somewhere, else how they
would be able to charge customers and pay node operators ?
- It is not aimed at consumers, no GUI client as far as I can see, just
libraries and a CLI
- If that happens and they get big, mega node operators will emerge in
countries where the energy is cheap (and probably dirty), so all my data
may actually be centralized nearby a volcano or at least within the same
country (a country is usually rather large but shit happens, a war could
break out in that country).
- they are the marketplace, so they may increase their cut at will.

In short the ideal spec from my point of view would be:
- the form factor of cubbit so that ordinary people all over the world can
put some capacity online without having to read any documentation. you plug
it, pair with your phone and that's it.
- lower price, think in the same ballpark as raspeberry
- no centralized coordinator
- developed by people who are not in this for the money:
    - open source as much as possible so that third parties can develop
clients, make and distribute alternative node hardware or even setup an
alternative network.
    - no marketplace, simple relation between the capacity you put online
and the capacity you get.
- and then all the good stuff about crypto/sharding/replication of course.

If someone find that vision interesting, maybe we could be two or three
saying "let's start tomorrow" and then it could actually happen!

Meanwhile I would be interested if anyone could recommend a usable client
for personal use of storj.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200602/784034f2/attachment.htm>

More information about the cryptography mailing list