Appendable Data discussion

I’m on board with the idea of the ability to delete private data, I think that is desirable from a privacy perspective, but the ability to delete public data is fraught, and problematic.

Suddenly I can be compelled to take down information from the network that is being utilised by and informing world. This could be through legal obligation, social pressure, or other forms of coercion. And we’re back into the realms of DMCA takedown notices, book-burnings etc.

7 Likes

Only if they know who you are. There would still be the possibility to publish things permanently if done anonymously. Or if you throw away the keys.

I think that if deletable public data is technically possible, it will be done sooner or later, if not otherwise then forking. It’s the way people are used to think the internet is working, even though it is not. Maybe there is room for two networks, one with permanent only public data and the other with permanent and impermanent.

Anyway SAFE with undeletable public data is much better than no SAFE at all.

Yeah, but in many instances it’s desirable and right that I would want to publish my identity, or that of my organisation, alongside my work. Think about journalists, authors, and academics the world over. That’s part of the history and context of the work too, it’s important to inform the reader.

It is technically possible; but also most probably, as I’m arguing, undesirable.

1 Like

Exactly. I should say in this convo, actually selecting data to delete and doing that is a huge area for the network and one reason it took us so long to make sure it is possible. Now before everyone shouts, just do it, I think this convo shows many aspects of not doing that straight off the bat.

  1. Perpetual data (AD and ID) is valuable
  2. It can be used to allow data to evolve with history
  3. We can allow apps to show latest versions of evolving data etc.

All this if the data is published, i.e. the data map is available and open. We know private data does not have available and open data maps, they are stored with the user of the network part in session packets and part in encrypted chunks on the network. So they can delete data at any time, simply by not having access to data maps.

So what does delete data mean to us (right now). It means removing the ability to read obfuscated and encrypted data that could have formed human readable data. That is what we mean by delete, we mean remove the ability for anyone to read the data in an understandable form. Sort of like me saying here is a binary 0 it is part of some file, you can read the zero, but you still have nothing. In our case you don’t even know what file of how many other zeros and ones you need, never mind how to arrange and decode them. So delete and keep it incomprehensible is a very similar thing.

Another thing this thread will show, is if we keep putting the you cannot delete published data as the story then what can be built? Well everything the internet current can do for a start! I would argue.

Then when we finish this debate, launch knowing we can have delete on the network, will we ever need to use it? I am not sure, but lets see. I can see a ton of debates and I could see both sides, but I think poking this dragon enough will show even with immutable chunks and Append only data lists of pointers we can have everything we need.

I caveat this by saying there may be a place for owned immutable data, that is never shared to anyone except the owner who can delete it, no sharing, no caching etc. But even there I am not convinced as it probably did not ever need to exist on the network.

8 Likes

Maybe there is misunderstanding? I am not wanting to get rid of permanent public data as a possibility. It would be really great for newspapers, books… that are even nowadays published with permanency as a goal. But I am against having to make all the public data permanent, like personal websites, Facebook -type of thing etc. They should be deletable as a default. Like they now are, effectively speaking. I know people who have deleted their Facebook account, and even though it is kept in the basement of Facebook, it is effectively deleted from their social context, from their realms of addictive behaviour etc. This should be possible in SAFE if it is planned to be replacement for current internet.

Scientific papers, magazines, newspapers are all proofread many times and the bar for publishing is considerably higher, than it is in this forum or Twitter… I would not like to raise the bar of all the public activity to the level of printed word. It would kill creativity. I want a chance to be a bit foolish, not to think all my choices for decades to come.

1 Like

Firstly that would be very bad in itself don’t you agree?

Secondly, it isn’t true. ‘Deleted’ facebook data is potentially available to anyone that facebook knowingly share it with, companies, employees, governments, and unknowingly too through data breaches etc. We can hope it isn’t used but I think where facebook, Google et al are concerned it is clear we should assume the worst.

1 Like

Have I succeeded in a minor way to show the importance of keeping ID in history? Or you added bit just to satisfy me so I quieten down a little :stuck_out_tongue::stuck_out_tongue_winking_eye:

Are these session packets only existing while one is logged in. Or are they longer term in ADs? I’d expect they need to be a part of the account structure ADs/Immutable data. And since they can be deleted then that implies ADs? If in ADs then history is kept so a retrace of history will reveal that map again, wouldn’t it. And thus the implications if account details “rubber hosed” out of the user by court or otherwise.

3 Likes

You are definitely right. I am not arguing against that. I am just saying that my ability to control my “public persona” is better with the current model, than it would be in SAFE. Check my reply to @JimCollinson above.

Except they aren’t, are they? Where are you hosting your personal website? Squarespace? Amazon Servers? Is is cached by a CDN? How can you be sure it’s really deleted… you can’t, it’s not in your control.

And let’s not forget about the Internet Archive.

And then there is of course anyone who cares to take a copy, or perhaps tries to put words in your mouth, or rewrite/distort what you said and then deleted, by modifying a screengrab.

With permanent versioned history of public data the at least it is transparent, upfront, open for anyone to observe and be informed.

4 Likes

These are binary blobs users create for login. They have little structure, but hold data maps (to a tree of other data maps)

If they hold the data maps for private data then they have to survive across logins don’t they. So where would the datamaps be held (or the pointer to the data map)

You are right. But, as I have said before, if I delete something (Facebook, website…) I’m often not looking for absolute solution, but meaningful decrease of accessibility. That possibility would be greatly lessened, when the history is open to everyone. If I delete my Facebook, it is not accessible to my friends, and that is enough for the goals I have for deleting it.

But I have to admit that I don’t understand the technical side of this all nearly well enough. Maybe there can be Facebookish app in SAFE that doesn’t allow others to read “deleted” profiles. And while it still would be possible with another app, the lessening of accessibility could be reasonable enough for most non-critical cases? (Though I still would like to have the possibilty to delete public data.)

3 Likes

This is what you open when you login, you decrypt this blob. (simplified). The actual datamaps can be in there and in immutable data chunks.

yeah, both should be allowed, AD (lower creation/update costs, due to better cacheability and maybe as an incentive) for public website with “time-travel” & diff feature and MDs for more personal stuff, like social profiles, comments…

ADs could also count into some sort of “trust score” of a website.

You could then opt into using ADs for such a content? But it’s a complex topic…

Ah so this is not an AD then???

No, but you can have AD where each entry is an encrypted pointer etc. So lots of space to play.

2 Likes

So, if we are happy with that level, i.e. his social context, then app level “deletion” should be enough, and that is fully possible within SAFE. So all social platforms that reference your data, you tell them to not reference them.
Ah, as you also say further down:


This is the part that I think is very interesting, and that my brain is still chewing along at :slight_smile: I am still not groking it, I get the feeling that it should be possible, but I also get the feeling that when extrapolating, I will need to create new accounts, since I run out of ways to practically reference things with the old ones, and need to put yet another layer above. And by doing that, I also get the feeling that I will need to duplicate data alot as to keep it feasible to access (i.e. keep doing snapshots of the streams, keep storing current state over and over, at new places in streams that are closer for me to reach, as the streams grows).

Might be so. But I don’t trust my imagination to be so good, that I (currently) dare say “probably”, and then actually impose that limit.
I might be able to say “probably” (and feel that it is good enough approximation) as a result of throrough dragon poking, and no more energy to poking dragons.

When it comes to waste of energy and storage, we are getting close to the discussion that went on a while ago, about ever increasing storage needs, and well…: with increasing storage capacity, it is actually a misconception that we would be increasing energy waste by keeping old data (since the better capacity, implies that it is not as costly, i.e. wasteful, to store that amount of data anymore). As capacity grows, what was once wasteful, becomes simply a very small expenditure. In which case it is perfectly justified, since the other complexity - to avoid the extra storage - might be consuming more energy in the long run. Complexity is expensive.
Now, there is no end to caveats, and storage capacity might not grow the way it has “forever” (i.e. not for as long as we would need it to for the above to be OK).

5 Likes

So this referencing is also going to be appended public information? There is a public data appending as follows

  • “Toivo hopes Facebookish to reference his data”
  • “Toivo hopes Facebookish to not reference his data”

So the genuine app would respect the latest state, but another app (Phasebook) could use the previous states?

Edit (or append):

And yet another app (Completebook) would put together all the data I have ever published in the SAFE -equivalents of Facebook, Grindr, Twitter, Foursquare, Google, Maps… At the moment somebody probably does that somewhere (if they have obtained the data) but at SAFE anybody could do it anywhere, because all this is open to everyone?

Append 2:

Maybe that is ok, as long as you have your own private Completebook -profile showing what can be known about you based on your history. We should have better idea what kind of analysis can be run on our public data and be able to run that ourselves.

4 Likes

I don’t think you would use public data for a safe facebook app. I certainly have my profile restricted to family and friends, for example.

So, it is more likely that you would be sharing a form of private data with a specified group. You could change the keys on said group to allow people to be ‘removed’ from it.

I say this as it limits the impact of the problem. Genuine public data is likely a different, less private, data.

Except, you can’t do that with 100% immutability. Anything you uploaded and encrypted with a key, can be decrypted and read with that key. Forever. There is no “change the keys”.
So, that is one of the main problems I stated. You can never change key of stuff you encrypted.
It is a pretty common practice to once in a while change keys. That simply cannot be done.
The account you have created, with everything important you have, you can never change password on it. So, to decrease the risk, you’ll have to (again… i.e. like now) have 1000 passwords, so that not everything is compromised when one password is.

Well, if you have private data, and you need to have it private between 3 people, and then only 2, you can not remove it. And that need, to block some access that once was possible, I think it’s fair to say that people will have reasons to want that also in the future.

2 Likes