Should a dapp creator be able to see user data?

A product decision question:

Should a decentralized app(dapp) owner/creator be able to see the data uploaded by the users of the dapp? (This can be done optional, the users can be given liberty to share data or not).

What are your opinions?

Ideally, users shouldn’t upload anything to the dapp creator. That’s either centralized or federated by definition. IMO, Solid has a good model here (except that it’s federated instead of decentralized).

In Solid, apps are just local webapps. Every user has a general-purpose, trusted “datastore” service (kind of like an email provider). Apps store data in these datastores and communicate by writing to each others datastores.

Ideally, dapps would operate in the same manner except that they’d:

  1. Communicate peer to peer where possible.
  2. Use untrusted (or semi-trusted) services.

I’d expect dapps to need:

  • Data storage & retrieval (usually encrypted). E.g., Filecoin or a pinning service.
  • Offline messaging (kind of like email,
  • Consensus (e.g. blockchain or something faster in case of a closed system).

I think stebalien covered it well.

From my perspective it depends on the use-case. Is it about their private data? If so, then this means that they are most likely encrypted and in such a case you would have to compromise the encryption in some way and that seems like a bad thing to do.

1 Like