[tahoe-dev] Stupid question: How can I keep my own data private?

Ravi Pinjala ravi at p-static.net
Sun Feb 20 13:28:31 PST 2011


On Sun, Feb 20, 2011 at 1:02 PM, Jim Dorrington
<jdorrington at compuguide.info> wrote:
> Having spent the past three days reading up on Tahoe-LAFS and successfully
> installing it on Ubuntu, I’m afraid I’m still nowhere near achieving my
> goals, perhaps because I may have misunderstood it’s purpose.
>
> Simply stated I would like to be able to backup and retrieve my data from
> “the cloud”.
>
> Currently (before Tahoe) I compress and encrypt about 500MB of critical data
> and then upload this to a conventional online storage service provider on a
> weekly basis.
>
> I would like to do this with Tahoe-LAFS, but having experimented with the
> Test Grid, I must have misunderstood how it works because I found that,
> while I was able to upload and download my own data, I was also able to do
> this with other people’s data!
>
> I assume they can do the same with my data as well.
>
> How can I keep my own data private?
>
> Do I have to create my own “Grid”?
>
> If not how do I locate and join a grid where my data is private?
>
> Many thanks.
>

Currently the security of Tahoe is tied to the secrecy of URLs, which
contain key data in the form of "capabilities" (that's why they're so
long). Anybody who knows the URL of your data can access it, but the
flip side is that if you keep the URL secret, you have a very good
assurance that your data is private (because your data can't be
decrypted without the capability encoded in the URL).

--Ravi


More information about the tahoe-dev mailing list