I know getting to launch ASAP is important, and that it has already been suggested that mutability might come later, so I’m not trying to break in open doors.
I’ll elaborate some on the topic here, and I’m looking at it based on what I think humanity will need and adopt, rather than what technology would be great, because I think that is the root of the question, not the technology. The necessary technology will be possible to achieve when we are clear about what properties the system shall have.
The viewpoint I am taking here now does not necessarily reflect my ultimate opinion, but I will take on this hat now and plow through it because I find it useful to lay it out (side by side with other viewpoints). That doesn’t mean I make argumeents I don’t believe in, but I do not necessarily consider them to be the ultimate truth (as well as being simplified and extrapolated to make a point).
What I will argue for is this:
Data that has not been uploaded to the network as public, should always have the possibility to be mutated. Only the public data should be immutable.
Appendable data is not something I oppose, on the contrary I think it is a very logical solution. Moreover, erasing data that [intentionally] has been made public is not possible to fulfil while maintaining the properties desired for the network.
Imagine you are a group of dissidents working together, you have access to very sensitive material that you upload, encrypted, to the network.
One of the members gets caught, and while the others are certain there will be torture and an eventual compromise of the keys, there is simply no way to re-encrypt the data, since the old data is always there.
That makes the network a pretty bad option, for a use case that was supposed to be among the most(?) important ones.
As I see it the argument put forth against mutability is (among others) this:
- If any one else than the owner(s) of a key, has [at some point] gotten the key, the data is now supposed to be regarded as “public”, and for that reason it would be destabilizing to allow mutation on it.
I think this is an incomplete line of thought. If the group of dissidents is increased with a new member, also given access, has the data suddenly become “public”? Where is the limit on number of people and relationship to the original data/owner for it to become public? The reality is that there is no such clear definition.
If you write something in the sand, and let everyone see it, people are not going to be fooled to think that what you wrote in the sand is persistent in any way.
If we have a data type which is commonly known to not be persistent, to be sand, then no-one will be surprised when the waves erase it.
We don’t go around worrying that people should be writing important historical data or patents or book keeping on the beaches, do we? Why would we worry when we transfer that into the digital world?
Yes, maybe it makes it technically easier to develop now, solves problems with caching, performance, CRDT this and that, but I would say those are not important things. They are important, but not in the same ballpark of importance. They are implementation details.
Yes, this could be the only network where everything is permanent. But is that a higher goal than everything else? The purity of the manifested idea, over the actual utility? It seems like such an imbalanced notion.
I mean to say that the goal is not that all data [that we want secure] should be permanent. The goals are - among things - that there should be secure access for everyone, that you should be the sole owner of your data.
I think we have started to tilt into that the network is the owner of your data.
When your data is not only yours, then you do not have the “right” to modify it. BUT, when is it not only yours? That is not a question that can be solved by technology, so we only have a couple of blunt options:
- Some seem to argue that it is the moment you upload it to the network.
- I would say that the only rational thing, is that it is the moment someone else has access to it AND acts on that by copying the data. By copying, they MAKE IT theirs.
We don’t want the situation that the data is immediately not ours when we upload it to the network. If you cannot control it, it is not yours. A fundamental rule has been broken. It is a pseudo-ownership.
If you receive keys that decrypt some data on the network, you cannot be sure that the data is permanent, and if you truly consider yourself as an owner of the data (now that you have been given access to it), then you need to copy the data - in fact that is the action required to manifest your opinion that you are also an owner of the data. And the only way you can ensure, that the data is there for at least as long as you want, is to copy it and upload with your own encryption. The only way to ensure that the data is there forever, is to publish them unencrypted, or (maybe slightly less sure) to forget the private key, and publish the address + public key.
This moves the point of no return from uploading the data to when you share the [keys to the] data. This makes the definition of ownership a dynamic case by case process including the humans being exposed to the data, instead of a static decision taken by the designers of the network here and now (take a moment to reflect what that might mean in a bigger picture…). If you consider yourself an owner when you see it, then you need to act on it, and make it yours by copying. (It could even be built into apps that they immediately copy everything it reads, so you automatically take ownership of what has been shared with you - and… what ever of it you didn’t really want … you can delete afterwards, if you happen to care to. Less dedup you might say, but hey, is the goal to save disk space, or to be aligned with human needs?)
I.e. as long as only you have the keys (and you still haven’t been caught and tortured), you know that this data can be made inaccessible for ever. As soon as you share the key, you no longer know this for certain. We need to trust people to know that they won’t be scribbling their checks, their will, and the cure for cancer, in the sand on the beaches. And we need to be understand that in this life there is a need for death as well as for life. And some things must die. Or be deleted.
Why is it necessary that we cut the power of our own data into half, by forbidding us the right to manage it? Don’t look so much to the technology, look to the actual human need. The network with beautiful pure clean perfect logic, but not serving human needs, that is not a useful network - it is just … a perfect implementation of some useless idea (in the broader sense of 100% world wide adoption, not for specific use cases).
The actual goals, the actual use cases, what are they, and what do they require? Is it shown that everything permanent is an absolute requirement for them?
I do not believe for a second that the network cannot fulfill the goals when some well specified part of it is mutable. It might be harder to get it to work. But since when did we start take the easy way instead of the necessary way?