back to article Got a few spare terabytes of storage sitting around unused? Tardigrade can turn that into crypto-bucks

Storj Labs, which in March launched decentralized storage network Tardigrade, is releasing an app to allow users of QNAP's network-attached storage devices to generate cryptocurrency revenue from their unused hard disk space and bandwidth. Tardigrade consists of storage space provided by storage node operators (SNOs), which is …

  1. Peter2 Silver badge

    . . . And if somebody gives you a court order to produce the encryption key for the data stored on your device under section 49 of the (de)Regulation of Investigatory Powers Act 2000?

    Just wondering. You know, since failing to do so results in a 2 year prison sentence, and 5 years if related to national security.

    Seems a little risky to me for the possible gain of a couple of quid a month.

    1. talk_is_cheap

      The court order goes to Tardigrade, not the person storing the data block(s). The end storage node is just holding a large number of encrypted data blocks with no way to unencrypt them. Even Tardigrade can not unencrypt the data, but they can remove them from the system and provide information regarding the creator of the blocks.

      1. MatthewSt

        Unless the request is unrelated to tardigrade. If the authorities suspect you of something _and you happen to be running a tardigrade node_ then you'll only be able to decrypt part of what you're obliged to

      2. Peter2 Silver badge

        . . .

        I'm not sure you understand the problem. Say I store this sort of stuff on my home server. A ramdom person reports me for having $illegalStuff. The police get a search warrant, and come and take my server away.

        They then turn around and take a drive image, point to the fact part of the drive that's encrypted and demand that I give them the encryption keys for the data, or do 2-5 years in prison. I explain the data is not mine and I can't give them the encryption keys.

        Your then arguing with a bunch of policemen who are more adept at using handcuffs than the finer points of encryption schemes and a judge who has a hundred other cases to do that day and is probably no more technically savvy. Their response is likely to be "encryption key or prison".

        Now how much do you trust Tardigrade to provide the encryption key? 2-5 years in prison enough?

        I personally wouldn't.

        1. Anonymous Coward
          Anonymous Coward

          Had the joy of being raided thanks to a house mate and an example of why not to keep your pc in a shared space.

          The Polices own experts don't understand the last accessed date on a file can be amended simply by right clicking it and clicking properties in Windows, they left my Raspberry Pi with its OS SD Card on the coffee table.

          Also like to destroy file tables at the root of the drive when they can't find what they want and apparently don't have power protection (Took 5 overnight attempts apparently) or cooling (SMART readings were not pretty on return) when scanning or imaging drives.

          1. Anonymous Coward
            Anonymous Coward

            That sounds like a right mess.

            Going by what you're saying, if the data on those systems was altered at all once it left the suspect's / owner's hands, then it is very likely that continuity of evidence has been irreversibly compromised and its provatory value will be particularly scarce if any.

            Mind, faced with a competent judge or an expensive lawyer IT evidence tends to have very little weight anyway and would normally be used just for corroboration. It is very difficult to build a strong case from it.

            But one thing that allegedly happens in places where the police are poorly trained and/or poorly supervised (UK and France, notably) is that the plod try to play judge & executioner: "he must be guilty though we can't prove it (or we just don't like him) so let's teach him a little lesson by fucking up his stuff". Yes it is a sad state of affairs.

        2. Anonymous Coward
          Anonymous Coward

          By no means an expert but I do have actual academic qualifications in IT forensics. Since you present a hypothetical case there are too many variables to give a useful answer. A lot depends on the specific circumstances: the exact nature of your case, jurisdiction, down to the individuals who end up involved in it.

          With all that said, if I were dealing with your case after getting to the point in the forensic process where I actually start looking at your data I would:

          * First, read carefully the scope of the court order under which powers I am acting and discard anything that does not clearly fall under it. Here is one of those points where things can go wrong already; some courts are better than others at understanding the nature of things and the limits of legislation. I would probably seek clarification if an order seems overly broad in scope. In no case will I go fishing for data, that is not forensics.

          * Assuming that the encrypted blob somehow falls under the scope of my order, its nature will very soon become evident from both intrinsic and extrinsic characteristics and clues. I will know that it may not be your data and that you may not have access to it (of course, if in scope I may investigate whether you are a user of this service and whether there is a chance that you might actually be hosting your own data, though I expect that to be a pretty big coincidence). If I determined that that data is not yours, this will be reflected in my report and no more questions should be raised about it.

          As I said, too many variables and this being a hypothetical case you could always come up with some contrived circumstance where you would be wronged through no fault of yours, but in practice this is no reason to stop using this service. By the same token, you have no clue what is inside all those compiled programs that your computer likely came with.

  2. Malcolm Weir Silver badge

    Tardigrade doesn't have the key, either. Only the owner has the key, and that's neither you nor Tardigrade.

    The core of your assertion fails because it's not actually the "you versus plod", but rather your brief versus the DPP's, and as a matter of fact the plod would have to show that they have:

    "reasonable grounds—" .. "that a key to the protected information is in the possession of any person,"

    (RIPA, Section 49, Section 2, subsection (a)).

    Your suggestion is that the "reasonable grounds" requirement is trivial to show. It isn't -- Apple is the poster child for this, as they have backups from millions of phones and tablets to which they have no access, due to not having the key, and the plod having no reasonable ground for believe they do.

    1. Anonymous Coward
      Black Helicopters

      Nicer plods?

      Here, across the pond, our plods have far fewer restrictions (or ethics) and having encrypted files which you refuse to unencrypt would land you in jail.

    2. Peter2 Silver badge

      Apple is helped by being one of the most powerful multinational companies since the East India Company with more money and lawyers than most governments, and afaik not having any data in a UK jurisdiction.

      I think that your looking at the average plod/judge and not a crowd of IT Professionals. As far as plod/courts is concerned i'd be quite concerned that they'd consider "the data is on your server" to be reasonable grounds for giving you an order to produce the keys. Ok, so you say the data belongs to "Tardigrade". They say "well, we don't have the key either".

      I suppose it depends on how confident you are that the courts are going to say "oh, never mind then" to that response rather than jailing you because you haven't provided it? I think that you are a lot more confident in how tech savvy and reasonable the courts are than I am.

      I'd say there is something like a 50% chance that they'd jail me. I think you think it's what, a 20% chance?

      I see things in this light:-

      Possible risk:

      1) Getting jailed for 2-5 years by tech phobic police and judges.

      2) Losing your job since employers aren't obliged to continue employing me if i'm in prison, and after a replacement is in place for 2-5 years would my current employer be willing to fire the replacement to give me my old job back that i'd no longer know how to do because in 2-5 years significant changes will have occurred that I won't understand?

      3) Getting a criminal record that will show when any employer does a criminal records check running the risk of making you unemployable.

      Possible reward:

      ~£5 a month

      Now would you personally be willing to assume that risk for that reward? Personally, I don't think it's rationally worthwhile in the UK. Your view of course may differ and i'm happy to agree to disagree. :)

  3. John H Woods Silver badge

    interesting ...

    ... I have a couple of TB of RaidZ2 knocking about ... It's on a BSD though. At the moment it is Wake-on-LAN to save on electricity but if someone else could contribute towards the cost of keeping it online, I could fix the minute long latency to start it up!

  4. Anonymous Coward
    Anonymous Coward

    I have had the dubious pleasure of dealing with plods IT experts, who required a cctv unit to examine for evidence of a misdemaner. We helpfully reset the password to the factory standard of 1,2,3,4 but received notice that despite their best efforts plod were unable to access the valuable footage. They were informed of the password but it transpired plod destroyed the unit trying to get inside and access the footage.

  5. Kevin McMurtrie Silver badge

    To many Reg readers signed up?

    I signed up for hosting and a few MB per hour is coming in. With all that talk about recommending 8 TB I thought there'd be more traffic.

    1. Anonymous Coward
      Anonymous Coward

      Re: To many Reg readers signed up?

      If they're like most startups, likely they exaggerate everything tenfold (marketing reasons and/or unchecked optimism), but congrats for actually going out and trying it. That's the only way to form a proper opinion. :-)

  6. cloudguy

    Only the data owner has the key(s) to decrypt the dispersed erasure-coded data

    If anyone is going to be served a warrant for their data, it will be the person who stored the data using the Tardigrade platform. The person who stored the data is the only one with the ability to decrypt the data. This is the person who must be compelled to hand over the data law enforcement has a warrant to obtain. Neither Storj, the Node Operators or the Satellite Operators have any ability to produce data in response to a warrant. The storage network is a globally dispersed network of decentralized nodes. There is no coordination among any of the storage nodes that are storing erasure-coded shards of the encrypted data in question. If law enforcement takes a Node or Satellite they will not get any data from them. The Satellites only store meta data and the Nodes only store an erasure-coded and encrypted shard of the data. The Tardigrade platform can survive the removal of Satellites and Nodes. Law enforcement will never know which nodes contain the encrypted shards of data they are trying to obtain under a warrant. Law enforcement can only focus their action on the person who stored the data because that person is the only one who can produce a decrypted version of the data.

    1. cloudguy

      Re: Only the data owner has the key(s) to decrypt the dispersed erasure-coded data

      Note to my previous comment: As mentioned in the article, Storj can remove data from the Tardigrade platform. They cannot produce the data in response to a law enforcement warrant for the data. Only the person with the encryption key(s) can produce the data, but if Storj was informed that there was a copyright infringement concerning certain data it can remove the data in question. All demands or warrants to produce the data have to be directed to the peson who has the key(s) to decrypt the data.

  7. Kevin McMurtrie Silver badge

    Long-term followup

    After a few months I dropped out of being a storage node. Storj charges their Tardigrade customers for storage size and download size only, which is an incentive to use it as a continuous backup service. I was seeing 60 to 140 GB daily of free inbound traffic that never added much to the total storage that pays. Five months of this amounted to 4TB of storage that paid a few dollars a month, but in a questionable cryptocurrency.

    See https://forum.storj.io/c/sno-category/10

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like