From 18e985fbd3d93a958adfa1260c5844c1dc3a443c Mon Sep 17 00:00:00 2001 From: Joe Hand Date: Thu, 2 Feb 2017 10:30:37 -0800 Subject: add a security & privacy faq section (#38) --- docs/faq.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/faq.md b/docs/faq.md index e49044d..d89d62e 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -44,6 +44,34 @@ Yes. See [datproject/dat-desktop](http://github.com/datproject/dat-desktop) on G Yes. We are currently developing the serialization format (like .zip archives) called [SLEEP](/sleep) so that third-party libraries can read data without reimplementing all of hyperdrive (which is node-only). +## Security & Privacy + +### Is data shared over Dat encrypted? + +Yes, data shared over Dat is encrypted in transit using the public key (Dat link). When you share a Dat, you must share the public key with another user so they can download it. We use that key on both ends to encrypt the data so both users can read the data but we can ensure the data is not transferred over the internet without encryption. + +### Is it possible to discover public keys via man-in-the-middle? + +The public key is hashed, creating the discovery key, before we share it over the network. Whenever peers attempt to connect to each other, they use the discovery key. This ensures that the public key is never sent by Dat over the network. + +Data is encrypted using the public key, so it is important that this key stays secure. + +### Can anyone download my data? What if I don't share the key with anyone? + +Only someone with the key can download data for Dat. It is the responsibility of the user that the Dat link is only shared with people who should access the data. The key is never sent over the network via Dat. We do not track keys centrally. It is almost impossible for [keys to overlap](http://docs.datproject.org/faq#are-the-dat-links-guaranteed-to-be-unique-) (and thus to guess keys). + +### How does Dat make sure I download the correct content? + +Dat uses the concept of a [Merkle tree](https://en.wikipedia.org/wiki/Merkle_tree) to make sure content is not tampered with. When content is added to a Dat we cryptographically fingerprint it and add it to the tree. On download, we can use the tree to make sure the content has not changed and the parent hashes match. + +### How does Dat help to improve transparency? + +Dat uses an append-only to track changes over time. An append-only log shows all of the changes for a given Dat since it was shared. We use this for version control but it can also bolster transparency for a dataset. Any changes to a dataset will be tracked and you can see what changed and when. + +### Privacy and Security Versus Bittorrent + +As a peer to peer network, Dat faces similar privacy risks as Bittorrent. When you download a dataset, your IP address is exposed to the users sharing that dataset. This may lead to honeypot servers collecting IP addresses, as we've seen in Bittorrent. However, with dataset sharing we can create a web of trust model where specific institutions are trusted as primary sources for datasets, diminishing the sharing of IP addresses. [Read more](https://datproject.org/blog/2016-12-18-p2p-reader-privacy) about reader privacy in the p2p web. + ## Under the Hood ### Is Dat different from hyperdrive? -- cgit v1.2.3