I came across the personal goals and streaks tracker Nomie, which runs as a progressive web app in your browser.
Most notably, instead of rolling its own authentication service or implementing a social login, it authenticates via the decentralised service Blockstack. Similarly, while you can store your data locally, if you are syncing it across devices, the app implements Blockstack’s distributed storage system they term Gaia.
Blockstack was familiar because of their 2019 security token offering, the first of its kind not restricted to accredited investors because they received a Reg A+ exemption from the SEC. But this is the first time I came across a service that actually used it. The website has a gallery of applications that use its auth and storage service.
I am trying to understand Blockstack’s approach to authentication and storage better. While authentication is no longer handled by the app developer, it is also not completely outsourced to another centralised party in the way a Google or Twitter login is. According to the documentation, Blockstack authentication happens entirely client-side:
The identity address private key is derived from the user’s keychain phrase and is the private key of the Blockstack ID that the user chooses to use to sign in to the app. It is a secret owned by the user and never leaves the user’s instance of the Blockstack Browser.
This private key signs the authentication response token for an app to indicate that the user approves sign in to that app.
While user data is stored off the blockchain on what Blockstack calls a decentralised storage system named Gaia, which is an abstraction layer above traditional ‘cloud’ storage services:
Transactional metadata is stored on the Blockstack blockchain and user application data is stored in Gaia storage. Storing data off of the blockchain ensures that Blockstack applications can provide users with high performance and high availability for data reads and writes without introducing central trust parties.
I understand the principles well but not the actual implementation, and will publish follow-on posts as this improves. In general I am uncomfortable with the fact that Blockstack does introduce its own identity, and implements its own blockchain instead of using existing large ones. However,
… the Stacks blockchain stores only identity data. Data created by the actions of an identity is stored in a Gaia Storage System. Each user has profile data. When a user interacts with a decentralized dApp that application stores application data on behalf of the user. Because Gaia stores user and application data off the blockchain, a Blockstack DApp is typically more performant than DApps created on other blockchains.
Broadly, this is a great example of how decentralised ledger technology, or DLT, makes trustless systems possible. The application developer is free to focus on the core value proposition instead of bothering with housekeeping. At the same time, neither the application developer nor a third-party identity or storage provider have access to your identity or data. While it is up to the application developer to ensure that the data is in an open, published format, this blockchain-based approach does appear to leave ownership of the data with the end user.
Entities like Blockstack are important to the development of the ecosystem. Whatever their downsides, they’re making it easier for app developers to plug DLT in their services than it is today.