0

If all our identities, our data (emails, pictures) are on distributed ledgers/blockchain, can the use of distributed ledgers/blockchain stop data exfiltration for good?

Nathan Aw
  • 1
  • 7
  • 12
  • 3
    I'm not sure I understand how using a blockchain to store information would help to prevent exfiltration of that information. By nature, all information in a blockchain is decentralized and open. Can you please clarify how this would work? – mti2935 Mar 16 '21 at 17:15
  • There are something called "opaque blockchain", where the information is not open. – ThoriumBR Mar 16 '21 at 18:11
  • @ThoriumBR but then does the use of a distributed ledger offer any control against exfiltration? Or is the ledger merely medium in this case? – schroeder Mar 16 '21 at 18:14
  • Nathan, this looks like yet another "will [buzzword] solve [major, complex, multifaceted threat] for good?" post. Please explain how you think this technology might be useful for this purpose. – schroeder Mar 16 '21 at 18:16
  • 1
    @schroeder No, the ledger is only the storage. It does protect just a little (you own your data), but you lose the key, everyone have your data. – ThoriumBR Mar 16 '21 at 18:42

2 Answers2

3

Not at all.

The ledger is public, but information on the ledger does not need to be cleartext. It can be a collection of encrypted blobs. So Gmail for example would become a bery large blob of encrypted blobs, and only the owner of the respective private key would be able to decrypt his blobs, and nothing else. The BlobMail.

Having data public everywhere would help on accessibility, but not on stopping exfiltration. After all, data is everywhere but not accessible for those without the key. And that single piece of information is the difference between no data leak at all, and all past data public immediately.

I explain. If I have a 10 year history on "BlockMail", all my emails are there, but encrypted and protected by my key. But as soon as my key is compromised, all my emails since always are public, because everyone have access to the ledger, and anyone with the key can access all history. Unlike when my email password leaks, I cannot change the blockchain, and I cannot change the key that encrypted those emails ten years ago.

You could even have a master key that generates a ephemeral key for every sent message, or change the master key from time to time, but it does not change the fact that the key is a single point of failure, and it fails hard.

So if the data is always encrypted and no key ever leaks, data is secure. But as soon as the key leaks, all data is immediately and irrecoverably leaked, forever.

And even if those difficult conditions are met, nothing stops anyone from compromising your computer and stealing your decrypted data and posting it anywhere, in cleartext.

In the real world, this blockchain against data leaks would backfire. It brings no additional security, makes failures catastrophic, and does not stop the ways people already leak data.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • Excellent answer, +1 - especially the last point, 'It brings no additional security, makes failures catastrophic, and does not stop the ways people already leak data'. To your point, it's hard to see how storing encrypted blobs in a blockchain offers any significant benefit over storing encrypted blobs on a distributed network of servers, such as a CDN. Blockchains were designed to provide decentralization and immutability, not privacy. – mti2935 Mar 16 '21 at 18:50
  • @mti2935 you can store your data on unused space on lots and lots of computers, and pay significantly less on storage, like the Freenet wanted to do. You store the data on the nodes, and only the metadata on the blockchain, and prune the blockchain from time to time to keep it small and without stale data. – ThoriumBR Mar 16 '21 at 18:53
-3

Yes, information on a blockchain is public to everyone, and if it's already public information, there is no reason to exfiltrate it.

user253751
  • 3,885
  • 3
  • 19
  • 15
  • 2
    Not all blockchains are clear. Some are opaque (data is encrypted and only the owner owns the key), some are permissioned (only pre-allowed entities can access the data). – ThoriumBR Mar 16 '21 at 18:12
  • 2
    Or you could simply store encrypted data – schroeder Mar 16 '21 at 20:41