# IPFS Sync for user data or app state A recurring request is an out-of-the-box solution for using IPFS to sync user data or application state between application instances in order to reduce or remove the need for companies to store and manage that data on their own servers. ## Threat model As with any solution for user data management at rest or in transit, the application design must reflect the level of threat. Approaches we've seen: * Public data: Publish directly to the IPFS network * Private data: Encrypt and publish to the IPFS network * Critical private data: Create an IPFS private network Note: All applications are different. Being able to construct privacy and security models that meet the specific needs of your applications is a feature, but requires more care and design work up-front than using the HTTP web's one-size-fits-all privacy and security model. ### Public vs Private Networks The IPFS DHT is a public network. Using means non-zero number of participants in the network can see your traffic. A common pattern for data that isn't meant to be public is to encrypt it before publishing to the IPFS public network. However, if the threat model demands zero exposure of the data, encrypted or not, to public networks, then using a private network is likely the best choice. This is where IPFS nodes are connected only to each other, not to the public DHT. ## Architecture Given a scenario of one user account sharing data and app state between desktop and mobile, a basic implementation will likely need: * An IPFS node of some kind at each app instance * A way for the nodes to either connect directly or find the data each shares TODO: * QR code key exchange * encrypted content on public network approach * IPFS private network approach ### Identity / Discovery ## Approaches ### PubSub IPFS is built on top of libp2p, which provides a pubsub API. This allows you to publish message to a specific topic, or subscribe to messages with a given topic. Pubsub can be used for application coordination. Scenario: * Desktop and mobile apps share keys based on user's account * Desktop app encrypts user data, adds it to IPFS, gets CID * Desktop app publishes CID to a topic derived from a shared secret * Mobile app subscribes to topic, receives CID of user data, decrypts for local use ### IPFS Cluster ### OrbitDB Tabcat: > not that i know of unfortunately but this is a great usecase. with augmentation orbitdb would be great at this and is basically meant for cases like this. in my mind the area orbitdb needs for this is extensions for device identity and connectivity, and handling private data. > > the hardest of the two would probably be keeping the user data private if needed. it seems like the best way to handle this is with encryption since all of the state is uploaded to ipld/ipfs. optimally you would want mult-writer encryption with the ability to move to a new key when adding or removing write access to an identity. I'm hoping mls will fit well here but less sophisticated solutions for smaller groups, like in your case, could be done now. > > https://github.com/cypsela/sailplane-node optionally encrypts a collaborative 'filesystem' in orbitdb but i believe only allows adding and not revoking write access. > > I don't know anything about mobile development. ive read it can be tricky to run nodejs on mobile, maybe not? if it is difficult i would see about running the app and orbitdb in a webview and have it talk to some http apis for native storage and ipfs. the main bad part of the browser env seems like persistent storage and networking. > > actually https://berty.tech/ wrote an implementation of orbitdb in go for use in mobile. it looks like it is still being worked on https://github.com/berty/go-orbit-db but im not sure if it is compatible with the nodejs implementation, i should check on that. > > What is Messaging Layer Security (MLS)? - Messaging Layer Security (MLS) > Messaging Layer Security (MLS) is an IETF working group building a modern, efficient, secure group messaging protocol. > > GitHub - cypsela/sailplane-node: collaborative file system on ipfs - GitHub > > collaborative file system on ipfs. Contribute to cypsela/sailplane-node development by creating an account on GitHub. > > you would create the account store on one device and join it from other devices by scanning a qr code or pasting in the address ### Ceramic * ships identity + sync out of the box ### Textile * ships identity + sync out of the box? ### Jimpick's CRDT work * ??? ### SwarmDB * https://github.com/swarmbase/swarmbase ### Fission.codes * JS + automerge + IPFS * has a go-ipfs impl as well ### Other?