Remembered most important privacy (GDPR also) issues and if they can be solved by the system or by the application, excluding anonymity or pseudonymity which isnât a privacy issue as long as they can be easily done:
0- We are excluding those privacy leaks from any kind of security issue, considering that security itâs way enough or not really a privacy concern;
1- first of all, privacy isnât a security issue, but an app-level matter of design (also Holochain architecture supports. E.g. modularity, separate DHTâs for groups, and so on);
2- Canât be solved: then, assuming that every agent have their own source-chain which is definitely a block-chain, then itâs normal to not really can scrub data within, just not available, and that is specific to a distributed network (very scalable);
3- Canât be solved: also is that even suppose to purge (data, not header) and withdraw (even header), even validated by another entry already valid, it cannot really scrub any data, just hidden it and hinder it at the conductor level, no access from the app-level. Just by hacking the conductor, instructing others that malicious conductor is a regular application, with the same code hash;
4- Canât be solved: remained data deleted or purged-withdrawn will actually stay there until completely restore again into a new version (of DHT),
5- Canât be solved: yet been distributed the bad actors can still steal othersâ data prior to being detected by posting something and being warranted as malicious. But here also can be done by hacking the conductor (again). Or even read them another way, however, a motivated individual could look in the database that holds their local shard of the DHT; thereâs a chance that it holds the deleted data theyâre looking for.
6- It is normal to be so: finally being open to all and F/LOSS (e.g. a big social network) what can you really prevent? excluding the deleting own data before propagated to anyone else by bridging.
7- Actually not needed: Whatever it could be GDPR is meant to create fiduciary responsibility for organizations who are in a power asymmetry with the people whose data they host (IOW: protect users from big companies). It doesnât have anything to say about people sharing things amongst themselves â AFAIK, it doesnât have the power to compel someone to flush out their email archive. So itâs good the feeling that distributed systems occupy an awkward middle ground between personal interaction and client/corporation relationships, as long as the community (actually developers) have their own interest and concern to protect their own data to be used in various bad scopes.
Itâs bad to say it, but here are weak reasonings for not being privacy (GDPR) compliant:
A- Excluding bad actors which can read othersâ data or those who will be warranted at the first try, if they did not actually delete the data;
B - Reasons as that an agent holds a little amount of data, even it would be more bad agents, they cannot find so much, as long as from a graph database;
C- Many privacy issues cannot be solved completely, in respect of 0- that is not a security issue. Or that they are too complex (excluding social issues, big communities, big events where a lot âknows too muchâ vs pseudonymity)
D- But in general, distributed tech is a blind spot in GDPR. Itâs got the peer-to-peer qualities of human social interactions, but the vast data distribution power of big platforms. Even in Holochainâs DHT agent-centric approach, even with its higher security.
E- That it depends on social, not on tech (excluding those kinds of issues when someone saw it and remembered it or even had stolen it because was granted before)
F- Reasons as low chance to happen from GDPR compliance verifications, as encountered all sorts of issues, mostly that nobody really knows all the issues as they wonât be fixed until court issues happen.
G- worse than this, most in centralized systems: even if there were an obligation to actually scrub the bits from your hard drive, thereâs no verifiable way to prove it to the satisfaction of the person who asked you to delete the data, as long as theyâre centralized and can have a lot of hidden backups to share to other entities for financial purposes. But actually not addressed to really distributed networks. But even so, this may change with future CPU features but isnât available right now, and also the centralized system cannot prove that they deleted everything.
Finally: Cross-CMS privacy group was formed to share common functionality however just looked and doesnât seem much has progressed in 3 years.
So, Holochain seems to be 99.9% privacy compliant with higher security and at the discretion of the application level atomicity. And even near GDPR compliant, as itâs not needed to protect ourselves from ourselves, in respect to developers code, and not even so, as long as a really open for community and for developers large distributed.