Encrypted Spaces: An architecture for collaborative applications

brianwmunz

"what the server can see to support rich queries" is the whole ballgame, right? Anything queryable is metadata that can leak or be subpoenaed... membership, access patterns, query frequency. For the activist/journalist threat idea, that's usually the sensitive part.

ebb_earl_co

“Users verify cryptographic proofs to ensure that servers behave properly.” If this is one of the defining tenets of this data system, is it not DOA? See also: the PGP key-signing parties that never were…

krunck

So it seems this is a system where the server only does encrypted storage and minimal processing on plaintext that it is allowed to decrypt. I was hoping it was a FHE implementation where the server does computation on the encrypted data. Still waiting for that.

rozzie

In its day (1997-2005) Groove was quite a sophisticated architecture and implementation of encrypted collaborative workspaces, using a decentralized P2P architecture augmented by optional store-and-forward relays that enabled fully offline use. For endpoint authentication it supported direct peer key signing, or org-signed certs, or any combination. Arbitrary collab apps could be built on a blockchain-like signed/encrypted transaction log with decentralized global ordering and automatic rollback, transaction insertion, and play forward. The most used apps were file folders, discussions, chat (with PTT), calendars, sketchpad, collaborative browsing, and more. Interestingly, for several years, it was a "killer app" for those who needed confidentiality: USAID and numerous NGO's, US DoD, joint and coalition forces operating in Iraq, all the three letter agencies trying to collaborate across silos immediately post-9/11. Quite a testament that decentralized architectures truly work when security is paramount. And also, concrete proof that even after immense investment, there is little appetite for decentralized solutions in enterprise and consumer domains.