You can use save net to establish a secure link between two nodes, then allow them to communicate directly. Safe net is a great tool for ensuring both ends are who they say they are, then agreeing terms of secure communication.
What if server want to be hidden from all clients, including all goverments? What if clients want to be hidden too? Direct secured comunication between client and server is current internet over https. There is 0 anonymity.
If you want full security (network anonymity and encryption), you may have to take the latency hit of routing through safe net.
However, if you just want point to point encryption, you can use safe net to handshake, prior to connecting directly. Then, you don’t need to use https - you can use any encryption you wish, as both parties have confirmed cryptographic identify and have securely described the protocol to be used.
This way, you don’t need to communicate with an SSL certification authority (the safe network can confirm identity instead, in a decentralised way) and you don’t even need to use SSL/TLS protocols for encryption - your app can perform encryption with whatever algorithm is preferable.
WRONG… point number one - keeping track and being able to manage in a clear manner of all your SAFE apps using a cron in one place. I’m certain that if one applies some creativity, then one will discover other points.
Good to know that the existing cron will work though… still the arrogance of people here really amazes me sometimes. “pointless” eh? Well we might as well give it up and leave it to you infallible experts who think of everything.
BTW, maidsafe should probably be better at marketing/highlighting these use cases. Providing certification authority alternatives in a distributed way is a big deal - it is a business case in itself. If it wasn’t for safe net being crammed so full of innovation, I suspect technology like this would stand on its own merit.
I don’t appreciate your tone. You aren’t reading what I am writing and then call me arrogant for it. That is really not any manner to discuss anything. Why should I even want to help you if you act like this?
To clarify I did not say there is no point in creating a cron-like system in safe – I think there is a huge benefit in that actually, but distributed clock are also super hard and we are just at the beginning of figuring out how services can run on SAFE. Instead I specifically discussed that (highlighting added now):
There is no benefit putting cron into the launcher as it has no benefits over your usual cron (with the drawbacks that it won’t be as stable as the existing cron is). There is a clear benefit in having a cron-like system within the SAFENetwork itself, but that won’t be in the launcher but rather in some vault-like entity.
Multi-User crypto is anything but trivial and Alpha is just the first step into the direction of figuring this out. However, as @polpolrene pointed out there are some very interesting changes to the network (namely appendable data and the low level APIS) in the pipes and there is a big dedication to show case that you can build “user-generated-content”-apps (like commenting-system or youtube) with it (more on that soon).
It would be very helpful to learn more about what problems you are facing and what kind of apps you have in mind in order to build APIs and systems on top of SAFE that facilitate your needs, too.
I can give you a couple of examples of apps I’ve worked on.
The first one is a health-care program used by clinicians and therapists. They use it to record client information, schedule appointments, track goals and progress, upload and edit documents, and more. In this app it is critical that we only expose client info to the users that have access. Different users have access to different sorts of information. Clinicians can have temporary access to clients too – we can set a future discharge date after which they can’t view the client information. There are weekly “emails” that go out which summarize what documents and consent forms are due. There are tons of reports which aggregate and summarize all of this information.
I imagine it would be very difficult to build this with SafeNet. We can’t just send a glob of patient info to the client/browser, because the user may only have access to parts of it. Splitting it up would be a nightmare with how granular it needs to be. In some cases the user might only have access to aggregate/anonymous data – which means they would need access to every piece of data in the system in order to build the report, but they can’t actually see any of it. And then there’s all the time-based events (appointments, automatic messaging, discharge dates, etc.).
Another project I work on is for partybuses. Users can pick a partybus they’re interested in from a [online] catalog, fill out a form, and an email will go out to the owner of that bus. The owner then responds with a quote. The catalog is public, so that part would be easy, but there’s also a backend component. Owners can see all the quotes they’ve received and manage their inventory. These are companies, so a handful of users might have access to a particular set of data. I’m not sure if this is possible with SafeNet, but in this scenario a user enters the quote, but only the owner can view it (i.e., they have “write” but not “read” access). We also have super-users which can access everything, and reporting.
The more I think about it, the more I’m skeptical that we can just send lumps of data to the client and have them sift through it client-side. Even just from an efficiency stand-point – we wouldn’t want to send millions of records to the client just so that they could get a total. I think we do need some kind of compute service.
And this constitutes an “app”? Not what marketing wants you to call it, “Solution”, “Management Software” or “Information System”?
Real reason I’m posting, I came across this here in the forum once and because “MUMPS” triggered an ancient nerve I then went here to have a look and bookmarked it at the time. Just intuition. Instead of real experience in this field
We don’t do much marketing at our company – the app sells itself. People literally mail us cheques before we’ve agreed to help them. We build this software to help people though, not for profit. It’s different than in the states.
That VistA app does sound similar to ours. I think we service some different programs, and things run differently in Canada, but there’s some overlap too.
Actually, it has proven impossible to make such a system without safenet. The only way to truly protect the patient’s info is to have their patient profile stored by themselves. But this will be fought against fiercely because mining the data would be impossible.
Agreed, but I think it’s inevitable. The internet has definitely decentralized power compared to other media. Users control their experience and choose what they watch/read rather than having that choice be made for them by newspaper editors or TV channels, but it hasn’t gone far enough - users still don’t control the most valuable resource ie their data.
The move from fixed (PC) to mobile and the advent of social media were big changes in the life of the internet. I think this next one will be much, much bigger.
Another attempt, “privacy friendly”:
Welcome to the PEP project page. This project is about privacy friendly exchange of medical data for specific medical research purposes. The PEP methodology combines advanced encryption with distributed pseudonymisation, and distribution of trusted data with fine-grained access management. The first pilot project is a large scale Parkinson research project.
Fought by who? We’re writing the software. We can store it mostly however we want, but with the restriction that the data has to remain in Canada. Which unfortunately rules out SafeNet.
For the health-care software anyway. My other apps I can store the data however I please. Although, SafeNet will have to achieve critical mass before I can put any money-makers on it – I can’t exactly go telling my clients they have to download some piece of software and configure a proxy before they can access my app.
Maybe if we had a standalone installer that installed both SafeNet and my app in one swoop, then maybe it would fly – but even so, downloading and installing something isn’t as easy as hitting up a URL.
Edit: Oh… you mean the software-makers want to harvest the data? Because we want to mine their data? I don’t think we care about that. They pay a monthly subscription to us, we don’t make money from ads or selling user details. Anonymous usage statistics would probably be useful to improve the app though.
However, in other scenarios, sure. Social networks absolutely want to harvest your data. But why else would Facebook or whoever invest millions or billions of dollars in infrastructure and development if they weren’t getting a return? You have to pay for the software one way or another.
Why do you think Canada would require data to only be in one geographical location? The only real reason that makes sense to me is they want to keep patient data centralized, controlled (by the government), and easily accessible; basically in hopes of steering folks away from true solutions like SAFE.
There will never be a software solution that comes top down financially supported that empowers the individual to be the caretaker’s of their own health information. VistaA is the perfect example. The damn thing started out as the decentralized health program (obvious the creators saw the light in the 70’s) and they have been diminishing the quality of the project with each iteration of forcing the circle (decentralization) into a square (centralized server approach).
For me that is why I’m so excited about SAFE. For the first time I will be able to provide a better software solution (in every way) for patients and not have to ask permission. With little to zero cost for infrastructure it will only be a matter of time for all the crap out there now to crumble away by way of ridiculous costa, insecurity, and most important people demanding a higher level of ethical standards for software that affects people’s life’s.
There is also a legitimate reason that ignores the possibility of secure decentralised storage, and that is to keep it within the protective jurisdiction of your legal system. Once outside, it becomes much harder to enforce protective measures, or to track violations etc, as well as to abuse and exploit privacy!
Some countries are just waking up to this issue and unfortunately making it harder to use the superior protection of non-geographic secure storage: SAFEnetwork.
We will have to lobby for exceptions, or these intended protections will have the reverse effect.
The Maidsafeharbor Team.
I think the reason is data retention/release laws. If we host our data on US servers, and then those servers are seized or ordered by the US government to divulge information, that would include our client records. It’s the same reason that VPNs and Torrent networks are picky about what country they host in – some countries just have better laws around that stuff.
There will never be a software solution that comes top down financially supported that empowers the individual to be the caretaker’s of their own health information.
What do you mean? Why wouldn’t it be “financially supported”? SafeNet literally reduces hosting costs. If not for any other reason, it’d still be cheaper to host on SafeNet. Companies aren’t inherently evil. We don’t want to expose data.
As for people taking care of their own health information – that’s kind of worrisome too. Do you know how many people are going to lose everything because they forgot their password? What if they can’t access that info when it’s needed most and they die because of it? I nearly lost my Bitcoins, and I’m quite diligent about that sort of thing.
Multi signature shares will be useful for this sort of thing. 2 of 3 signatures to access data would let any combination of you, your doctor and a next of kin (for example) to access the data.
Note that multi signature support is already baked in the code. It needs some work to make it simple though.
Yes having selected next of kin that can start a reset access algorithm. The password solution for health information is your unique electrophysiological signal. Everyone alive has one (Minus a few folks with things like an LVAD).
As for the financially supported question…I used to think the computerized health industry had the same goal as I did…to find the most secure, economical, easy way to digitally deliver Patient Health Information…but after meeting with hundreds of experts in the field and also being a licensed practicing medical professional I have come to the conclusion that there is way too much money being made by keeping things insecure (money for security firms to be caretakers of data), non-private (At least for federal…all funding requires easy access by the federal government), overly complicated (Keeps the power of controlling PHI by non-medical companies with HIPPA certified servers for example and the legal liability for practices that chose to try doing it on their own). One perfect example is the US DOJ just signed a 10 billion dollar contract with a proprietary software company to build their new EMR system, when the VA system is open sourced, the highest rated system by all physicians and has 40+ year track record.
With all the technological development already out there to secure patient health information and give patients total control over their data…it is not by accident that zero effort has been put towards making it a reality; even though it is absolutely obvious that is the goal we should all be working for. The most common response I hear when this topic is disccused is right along with your response @mnpenner is the what about passwords angle on why people shouldn’t have control over their data…
What really excites me is all the predatory regulation/legislation written for personal health information is all focused (Has to be) on dictating how others control your data…so when a simple solution arises that gives total control to the individual…well there is not one law that will protect the whole broken health information industry. No permission needed.