Appendable Data discussion

  1. what are the requirements to run safe? like a few MB RAM/HDD?
  2. for privacy: just do as encrypted swaps on linux (1. get the encryption key from an RNG 2. mount an encrypted filesystem as the swap partition 3. “forget” the encryption key on shutdown, or in this case whenever you want, eg logout)

So much of this debate revolves around “we can’t delete data because in order to do that, data must be linked to an owner”. That doesn’t need to be the case though does it? If data is marked as “deletable” we know we can’t “trust” it in perpetuity. However, with the deletable tag and a zero knowledge proof where only the owner has the proof answers, it could be deletable correct? The actual data, not just the map, then you can delete things even if shared with other users.

After writing this, now I’m wondering if this messes with deduplication. I guess that’s the next snag?


Yeah, if we use a “perfect” encryption that is absolutely bug-free and can’t be broken ever (quantum computing).

also how would “DNS” work with AD? With MD you we could hash the name, then use the hash as the network id for the MD.

Maybe it should be hidable at the app level then? Facebook is also not deleting anything you post, they just hide it from you. (at least that one copy, anyone else could just upload their copy of that image)

How is this possible, SD is content-addressable, so there’s no way to publish different content at the same ID?

I would just store the pointer to the newest version of the A(L)D at that time, so it would need to iterate just from that version to the current version, also it would be following the A(L)D links, so no real data would need to be processed.

It would even work with ID only for the data structure it self, by storing it as a DAG (git is doing that).

1 Like

Yeah, if some one else would download “your” data and upload it as “his” data, then that date would get deduplicated (as in content-addressable data, the hash of the data is it’s id). So that person would be added as a new owner.
a) if we impl the network that way, that an owner could delete his “owned” data, everyone could delete anything he wants, by downloading and reuploading that data, thus gaining the “ownership” over it
b) or we impl it that way, that all owners would need to agree on a delete (making public data non-removable, as the owners on such data would pile up pretty fast)

I know that is tongue in cheek a bit, but for reference self-encryption is quantum resistant.


The following is probably not that easy or even possible. And probably already discussed in the past on this forum.
But anyway: what if stored chunks on the network could have a ‘deletable’ flag/field.

For each data chunk that you store on the Safe Network:

  • if chunk doesn’t exist yet:
    • if chunk of type ‘private’: set ‘deletable’ flag
    • if chunk of type ‘public’: don’t set ‘deletable’ flag
  • if chunk already exists: unset ‘deletable’ flag

And if you want to delete a file: go through all data chunks and only delete the ones where the ‘deletable’ flag is set.

Or something along these lines.

Edit: an owner field is probably necessary to prevent others to delete your private chunks.
In that case the presence (or being not empty) of an owner field can be the ‘deletable’ flag.


yeah +1, but this.

just merge the private/public type into one field deletable, and set it on the first upload as you like. Public data would get non-deletable pretty fast anyway. there is no private/public type in the network, it’s transparent to the vaults.


Just looping back on this. If we assume AD is mutable, then it will be more difficult to cache. With this in mind, it would probably be optimal for apps with lots of mutable data to create their own, single, custom index, rather than rely on AD. The rational being that downloading just one slow mutable index, followed by lots of fast immutable loads would be preferable to downloading lots of slow mutable indexes along with the same immutable data.

Keeping the number of mutable downloads to a minimal will surely be faster and more scalable.

I don’t disagree with you that Facebook still maintains that picture of you that you deleted of you passed out drunk. I specifically said that in my post. That wasn’t my point. My point was that the picture will still be addressable. It will still be out there viewable by the public. Someone could easily make another app that simply archives all changes to the “SAFEbook” app and displays all content without any hidden elements. Archiving the addressing is a lot cheaper than archiving the entire site and having to re-upload deleted content.

By not allowing the user to delete the actual data, the SAFE Network will take a huge PR hit right off the bat. Not being able to control ones own data is antithetical to freedom of the individual. One takes a risk when publishing something to a publicly viewable space that that may be copied and forever in the archives of some lonely basement dweller, or government intelligence agency. However, to the user, the illusion of control is still a great pull. One needs to feel like they have recourse if they mistakenly hit a wrong button or stop paying attention and accidentally upload something they intended to remain private. To remove that ability is to doom the network before it even starts. I can already hear the pundits blasting SAFE as a place where control of your data is no longer an option, regardless of what the truth actually is.

SD is an old data structure that allowed users to choose its ID. It doesn’t exist anymore and was replaced with MD.

1 Like

We can attempt to make this as easy as possible. We’re looking (as ever), to improve data APIs and wondering what sort of helper function might make sense on SAFE. A function to createMessage or what have , from a WebId could potentially automate this, and so hopefully help on this front. (Although would ‘all’ apps ever do this? Or use RDF etc… probably not, but I think attempting to make it harder NOT to do it should help at least.)

I’m not sure I follow here, @neo. Do websites need to be signed? Only if you want to prove consistent authorship perhaps. But even if not, we should (as i understand the intentions thus far), with AD (ALD… whatever we’re calling it) be able to view a complete history of changes to the PNS Resolvable Map (if we go that route), so we can see if/what has changed there re domain resolution (and onwards to page changes etc).

So I’m not sure that signing is needed, unless we want to prove that content was added by key X.

(Although if I’m missing something, there’s still scope for requiring various data in the PNS system, so things could be added if required)


When you make data public, it is no longer yours to restrict. It is a public good.

For the scenarios you talk about, such as sharing data with friends or family, i suspect you would not make it public at all. Instead, you would create a new persona for said group and distribute both the public and private keys associated with it. Then everyone in the group could read or write data securely to the group.

Alternatively, you could just share the private key to view the content, but keep the public key secret. This way, trusted people can view your content, but only you can create it.

From a UI perspective, it would be just like a regular invite to a group and would be trivial to manage.

Of course, people could copy your content, give away the key(s), etc, but this is the same as with other social media apps too. Moreover, you could change your keys and redistribute to the group should new restrictions be applied (removing someone, for example).

What we need to realise is that public on SAFENetwork is public in an all encompassing way. If you make something public, you lose ownership and control of it. Therefore, other ways to share with groups (like the above example), would be better where this is a concern.


Again, you are making an ideological argument to a practical problem. Do you really think people will accept a network where they can mistakenly upload something into a publicly viewable space that can never be deleted? I’m asking these questions because I think people often get caught up in their ideology and technical details that they forget to think about the every day Joe, the people that would really take this from a cool idea, to a worldwide ubiquitous network.

Think of a person in an oppressed country that needs to stay anonymous for their safety. If they accidentally publish something that identifies them, with no recourse to remove it, they could put themselves in danger. We are talking about billions of uneducated and not very techy people all over the world. THEY are the important ones, not us savvy technical users.


How do you stop someone putting the same thing on bittorrent or IPFS?

1 Like

I’m not sure I understand your point. Those are file sharing services, meant for that purpose. It would be relatively difficult to accidentally upload something to either one of those, but particularly bittorrent. I assume people that start using them understand what they are using them for. If SAFE Network is aiming for the usability of bittorrent, I’m going to go ahead and sell all my coins now.

SAFE Network will hold apps, presumably replacement apps for things like Facebook, that everybody will interface with each other on. If someone clicks a wrong button and accidentally uploads a file to an app they didn’t mean to, they have lost control of their data, which I feel is the opposite of what the network should be aiming for. If someone happens to capture that data and republish it before they delete it, then bad luck, but at least if there was a deletion mechanism, there is a chance someone could rectify a potentially life altering, or at least horribly embarrassing mistake. I’m just afraid implementing this will kill the network from ever gaining traction with the average user.


They are relatively censorship free and can store data whether people like it or not. A bully may upload a video, for example.

If we are just talking about apps, they would be unlikely to let people publish public data by accident. They would direct users to private (encrypted) groups, etc.

Actions have consequences. You can’t undo the past when others have witnessed it. I may regret saying or doing something and would like to rewrite history, but in this reality we cannot. If I am caught doing something illegal, erasing it isn’t an option. Public immutable data will be similar; it takes persistence of data a step forward and people will have to respect that. If they do not want to endanger themselves in this way, they should use apps that don’t share their stuff as public data.

I think you are misunderstanding me. I’m not trying to push for censorship or stopping someone from uploading something, but a users control of one’s data. This is essentially what SOLID stands for as well, which is being heavily integrated, so the sudden ideological shift has me confused to say the least.

Apps can certainly easily allow you to publish public data by accident. Uploading a profile picture to a Facebook or Instagram replacement as an example. Select the wrong picture when you aren’t paying attention? I guess your grandma will see that picture of your hairy balls you sent to your doctor for a consult. You seem to wholly underestimate just how nontechnical people can be.


Or they can group together and fork SAFE to make a version that suits their needs.

Facebook and Instagram on SAFENetwork can be apps which don’t write public data, as i described above.

If I accidentally send a picture message of my balls somewhere unintended, I am also sod out of luck.