

Ask HN: Sharing Phonegap localstorage data between devices? - chany2

Working on a sensitive data app. The concept is that the content can be share between users or devices.<p>- Initial Approach: The content can be stored in the &quot;cloud&quot; or on my server similarly to Dropbox; anyone who have permission can access the data - distribute down to multiple users&#x27; devices.<p>- Second Approach: Since the data is considered very sensitive, it is recommended to be stored on the user&#x27;s mobile.<p>1) So a copy of the data can be stored in the primary user&#x27;s device.<p>2) The Unique Data ID and list of users (no content) can be stored on a database table in my server as reference.<p>3) Next user registered, calls upon my server; find the Data ID.<p>4) Extracts the copy from the primary user&#x27;s mobile. Sends to the next user.<p>Problems:<p>- The primary user&#x27;s device can be offline &#x2F; out of battery; The next user will not get a copy.<p>- Any additional security issues in between?<p>- Missing any nuances that might make this inappropriate?<p>- Alternative approach?
======
bdfh42
If your data is so sensitive that you do not want to store it on a central
server then why not consider the PGP approach?

User 2 sends a request to user 1 (who has the data) sending his or her public
key and asking for the data encrypted using the public key. User 2 then
decrypts the message using his private key and makes his own local copy.

How do you communicate data changes between data holders - a version control
problem perhaps?

~~~
chany2
^ One researcher recommended similar approach, the data stored centrally, and
give other users access keys as the means of granting them permission to read
those data. However the issue here, don't I end up 'storing' that access key
as well? Unless its a password-type, where user have to remember and manually
enter it every time...

He also suggest taking a push model (the central storage) rather than pull
model (device storage).

I am still debating, and researching. Any other thoughts?

~~~
bdfh42
If you read up on the PGP idea you will see that storing people's public keys
is not an issue - they may be broadcast to the world. The clever bit is that
they are combined with a private key (that you do not store or exchange) to
encrypt and ultimately decrypt any given message or data.

------
samcasas
I would recommend you to use PouchDB, its a similar approach, but in this case
you use CouchDB as a database, it can be used offline and it syncs
[http://pouchdb.com/](http://pouchdb.com/)

~~~
chany2
This looks promising! Will definitely check it out.

This sounds like an example of Path where you can Like something offline, and
will sync when you have internet access.

However doesn't solve the "who stored your data" privacy concern.

