On day 1 of blockchain's existence there was no concept of stealth transactions. That's still true of Bitcoin and most other crypto projects including BitShares.
At some point privacy became a concern and
stealth was born.
Bytemaster and others have discussed the implications of BIG DATA in the hands of those who wish to manipulate you.
Shouldn't we be thinking about ways we can improve our privacy and restrict access to
our data to only those we authorize to see it?
I am not proposing we reinvent BitShares to lock down access tightly. I only want you to consider privacy as we build new features and add improvements. For example, Alfredo's new ES history plugins, which were created to solve 2 major problems:
- Heavy RAM use, which also slow restarts / replays
- How to provide a flexible way to query blockchain activity
These are indeed significant problems that the ES plugin will address. The ES feature will make it easier to access historical data - by ANYONE, friend or foe. It does NOT allow for anything to be accessible thru ES that is not already available thru other API calls, it just makes it easier & faster to obtain the data. It is an alternative access method.
In reading over Alfredo's docs for ES, it occurred to me that we should consider protecting the data contained in this ES database. If it is far quicker and easier to use the ES plugin than to code the required API calls to obtain the data, ES will become the tool of choice to mine user data. If this is true the ES plugin represents a significant value, and may be worth considering it as an FBA to gain that advantage.
My chief concern is that our efforts to improve BitShares should also increase freedom, not reduce it. It's the opposite perspective from a fintech regulator, who sees every hidden transaction or means of obscuring them as chipping away at his ability to do his job. He wants as much info as possible, and doesn't care about intruding on people's privacy. I look at every transaction that a regulator knows about as chipping away at my freedom.
Will google be able to create a search robot that uses this new ES facility to build it's own proprietary DB it can then sell to 3rd parties?
I commented about this concern on
github and Telegram:
What security mechanisms exist to protect this data from prying eyes? Can anyone query ES to get MY history for example? The blockchain is wide open, so perhaps such security concerns didn't cross his mind.
What about stealth transactions? Can they be categorized and queried thru ES (
for example to create a list of accounts that have used stealth)?
Graphene uses a modular API, and these APIs can be protected with a json API key. I am wondering if you have defined a new API that could utilize that protection, and wondering what protection of MY account history will be provided from 3rd party inquiries. Could I for example query ES to see what accounts may have used ES to query MY history?