Immutability - does it change everything?


What good is temp data if it is cleared very quickly (maybe minutes or hours) due to spamming

It works whether its kept (fills up) or sacrificed (files last very short time). Temp files become useless

The big key is it was free.

Only takes a few datacentre machines with 10Gb/s connections to do a lot of filling.

The reason in the final network that this would not happen is the cost to store, especially when getting full. Free does not have any of these protections.


On phone, so difficult to quote big blocks, but it does sound like two different use cases. To summarise them:

  1. data which can be deleted/replaced by the user at their discretion.
  2. data which can be deleted by the network at its discretion.

I actually thought 1 was what MD behaved like previously, at least outwardly. Obviously the AD discussion has moved that on, so it is an interesting question.

For 2, I thought this had been discussed before, but perhaps it was about 1? Either way, the use case for 2 is similar to that presented by Freenet and IPFS - the network will freely distribute stuff while it is popular, but there are no guarantees about its permanence there after, unless re-uploaded as immutable data.

This could have a number of benefits/features:

  • economic for uploads which need not last forever. [This could also help poor users to get a message out, which could then be made immutable by others later.]
  • useful for the network to discard data which is not required to last (temp files/data), including data which can be rebuilt.
  • rebuilt data could include indexes, especially if the index reader could cope with loss and/or rebuild missing bits (free to upload changes anyway).
  • none technical, but gives SAFENetwork a platform to compete with non-permanent, free to use, data networks (I actually think this is rather important too).

For 1, I can see the benefits, but will stick to pitching 2 for the moment! :slight_smile:


Same here, I thought the final implementation was going to be truly mutable data

Yes, but in the context of user deletes it. And maybe able to set a count of events before deleting it either when needed (aka your idea) or when the vault wants to…

Temp data that can disappear from 1 second to 10 years or more is not so useful. What is the use case that is not solved by user deletes (or lives for at least x events)

your points in order you made then (in my opinion)

  1. I assume you mean free. Spamming can and will happen as was evidenced in one testnet. The spammers would attempt to so fill the network that temp files are being delete in a very short timeframe. ie earn hacking points (I would have tried in my young teens). Oh the other issue of free data is bandwidth multiplication. For every chunk uploaded there is at least 8 copies sent out to the vaults, then the consensus traffic. So at least a 10 times multiplication attack on bandwidth
  2. If charged for (cheaper for temp immutable files would be good) then spamming will not occur and the “live for x events” covers this
  3. The MDs will cover this and good model to charge the once off extra fee to create and then cheaper changes.
  4. Except spamming will be seen as worth it since there is safecoin manipulation possible by spamming. And we have already evidence that spamming will occur.


Thoughts on your points:

  1. This could be a concern. You could argue that temporary data may be discarded at churn events, reducing the impact. This is probably a higher cost than with IPFS, as their persistence model is far simpler afaik (i.e. a single node will seed it inisitially [and not indefinitely] and then cached copies are distributed). Providing the lowest level of redundency may be the best goal, so that temporary data is very short lived unless popular enough to be cached.

  2. If there was a cost, this would certainly help protect against spamming. It would cost more than free alternatives though, even if small. However, some sort of service level may then need to be maintained, adding complexity.

  3. I think we agree that these are different use cases. Free and discardable is quite different from more expensive and changeable.

  4. I am not sure this necessarily follows. While people may choose temporary storage over permanent storage (which they can do outside of SAFENetwork anyway on IPFS, etc), permanent storage will still take priority on vaults. Much like Filecoin aims to build a permanent storage model on top of IPFS, it feels like there is a place for both temporary and permanent data on the network.

I think we have to look outside of SAFENetwork for some perspective on this. IPFS is relatively successful already for temporary data. Filecoin looks to build a market place for permanent data on IPFS. Even in combination, they lack many SAFENetwork features (self healing/autonomous, anonymous, self authentication, etc), but they will be competing in the same arena.


Just to add a thought. Immutability implies two different things: it is unchangeable and permanent.

There are arguments to make data changeable. There are also arguments to make data temporary. To suggest that we don’t want just immutable data, is actually two suggestions wrapped together - we may want to change something and we may want something to only be temporary. Both are potentially important and each may have a completely different implementation.


NO immutable only means cannot be changed. Perpetually is another attribute applied to chunks.

I cannot tell you why IPFS does not get spammed, maybe its no challenge to the hackers thus no hacker points. But its worth it in SAFE’s situation. Even if only for points, but also because you can manipulate SAFEcoin by it too. And the bandwidth amplification makes it easier to choke up SAFE. Consensus would be needed before allowing any chunk to be deleted.


It may be due to it not being as contentious so far, and nobody with sufficient incentive. Or maybe it was too big for a single actor to attack before anyone was motivated. Ask the question the other way - why did SAFE get spammed and by who?

I expect us old timers have our theories about that. :wink:

As always it will be about cost v benefit, and if significant damage could be done there’s a big benefit. We would need to show that it really wasn’t feasible through analysis.

I’m open to that idea. If the network can handle a large scale spamming attack like that, maybe temporary data could be free, or at least very very cheap.

Maybe the question is more, what would an effective price point be? And if there is a pricing mechanism, it could be dynamic.

Such a mechanism could in effect make it free unless the network was being stretched, and the fact that the network could cope this way would make spamming pointless and keep temporary data free of charge.

So if there was a dynamic price for temporary data, it could in effect be free. Bingo :partying_face:


Deletion is a form of mutation.

I’ve countered some of these points above, so I won’t reiterate my views.

It follows that IPFS will be targeted after Filecoin is introduced by the the SAFECoin logic. I am not convinced it will.


Only if you define it that way.

Immutable data cannot be changed (mutated). Deletion is removing it. If you deleted part of it then thats mutation, but deletion of the whole chunk is deletion not mutation


Might be easier to think of not data mutation but network mutation. So Put Delete and Edit all come under that and would be chargeable due to the fact they are mutating. Delete is a really weird form of mutate though, I agree, and even in the pay to mutate the network, which appears very reasonable, at first. So delete, mutates, but it eventually gives the network less work? therefore should that mutation be charged (as the network does work to delete it) or rewarded as the network does less work in the future ?

Swings right back to pay once, store forever model. Even in house we always equate delete to reward, not payment, but for a minute posit the fact it is a mutation and will cause work (well beyond a Get for instance). Should it really be rewarded, if not then removing access to the data map is a delete, just netowrk has some junk it can do not much with that we currently can imagine anyway.
/Saturday morning brainstormy thought


I see ‘temporary data’ mentioned a lot in the posts above. In my understanding a concept of time (guarantees) is very difficult to provide in a decentralised network. So I’m more interested in solutions where the owner of a ‘deletable’ data chunk decides when it can be effectively deleted. The ‘Network’ then decides when it will effectively be deleted. If the owner has indicated that a data chunk can be deleted, he knows he shouldn’t rely anymore on the chunk being there. On the other hand he also shouldn’t rely on the chunk not being there anymore (immediately).
About the costs: at creation of a ‘deletable’ data chunk: the same or more then a non-deletable. At the time that the user indicates the data chunk may be deleted, he gets something back (depending on the costs of storing data at that moment). Or maybe later, if and when the data chunk is effectively deleted.
Another payment idea: no payback for every deleted chunk, but a kind of ‘lottery’-system, like how the Vaults will earn their Safe Coins.

I’ve also a question concerning the recovery of big ‘self-encrypted’-files. For example, if only 1 data chunk with index = x is deleted, what can’t be anymore decrypted from the rest of the file? Only the neighbouring data chunks (e.g. x-1 and x+1)?


Well, you initially asserted it was untrue, not that it depends how you define it.

To describe it a different way, deleting something is the same as changing it to nothing. It is still a change (mutation) that the observer will witness.

The implementation may be different, but I’d argue that is another debate. At a high level, they are all just changes.


Well the zeitgeist must be here, because I am lately seeing lots of articles popping up about immutability and data hoarding:

We should have a presence at /r/DataHoarder/
They seem to be the prime demographic of core early adopters


And DeDuplication will free up all those old drives and give all of them that extra square foot of space to enjoy.