I'm getting a strong early 00s vibe - the time when P2P was getting traction and people were trying to use it this way and that way. Good ideas, interesting tech, but ultimately just a collection of solutions, frameworks and platforms in search of a problem.
When the excitement subsided, it turned out that nobody really cared about things to be p2p per se. Nobody cared how it was done, only that it did what they needed. In some cases p2p was the answer, i.e. BitTorrent and the original Skype, in very many others it wasn't and a centralized solution was simpler, cheaper, more reliable or more user-friendly.
Diode Drive appears to be in the same spirit. As a technical person I appreciate the solution, but it doesn't appear to be solving any tangible problem in some dramatically better way that also maps onto a better user experience. This is based on the 8 minute "How Diode Drive works" video behind two "Learn More" links.
If I got it right, then the idea is that N people can come together as a "trusted group" and use each other as nodes in a storage cluster. They can also share out files from the storage with outsiders and these files will be delivered from one of the nodes in the group.
If that's correct, then I'd argue that this is in fact a solution in search of a problem, competing directly with a good old dedicated storage box, e.g. an on-premises NAS that is accessible from the Internet in some way. I can see Diode Drive being used as a stop-gap solution while a proper one is put in place, but that's about it.
But I may be missing something. I hope do. But on the surface this is eerie similar to the projects of the p2p glory days from 20 years ago.
I see several use cases for something similar to this, especially now that 'firefox send' has been discontinued.
sharing homemade pics and videos that include nakedness or even controversial things are not best done via the big tech centralized solutions. Same with sharing non-homemade videos or music.
Other use cases come to mind for sensitive business comms and others.
I did not watch the video you mentioned about how it works - but scanning a few pages about the product I did not see anything about end-to-end encryption - so this product seems to not check off the needed boxes to do well what I think the use cases could be.
I also checked the pricing and feel that it does not lend itself to my trust cases either - free is nice but no skin in the game for sensitive things? I also generally do not invest in monthly/yearly pricing schemes - I like an option to buy once and use version X forever with self hosting options.
So my initial curiosity about the title and considering use cases is left with disappointment - although I do think something similar could be made and sold.
Interestingly "bitwarden' is also currently in the top couple pages of HN and it sounds similar, but looking into it - it's not.. but it does mention E2E - and mentions a self hosted option - although my initial poking around makes me think it's not for files just a passwd manager.
So that's 0 for 2 for me today, thinking by looking at the headlines someone may have created a friends only auth / E2E dbox / Firefox send replacement.
Use cases exist, and the big name options are not as private as many would like / use. I know reasons.. but still one can hope :)
The entry plan is free - it is pretty capable and should fulfill most use cases to replace Google Drive and Dropbox for individuals. If people need things like password-protected shares and team-member permissions management, then an upgrade is required. The model is pretty typical for SaaS, but we are certainly enabling MORE capabilities for individuals than perhaps typical because we believe a solution like this is really needed by everyone.
In terms of buy-once, use forever, Diode doesn't have a great consumer-buyer model for that "yet." However, the Diode Network is open to deploy new apps to, and the free Diode Drive plan can be extended with external tech. Gotta pay the bills somehow :-).
I'd like to suggest more prominent mention of the E2E stuff.. the bitwarden site currently has a big bold E2E as the top left block under the header block.. and on the send page there is a prominet block about security and blah blah that you can't miss these even if you are scrolling/skimming fast..
I looked for that info on your pages including the /resources/download/ and the home page. Did not notice any mention of encryption.. in transit, at rest, anything.. I even stopped the scroll and read the paragraph under heading "Private File Sharing " - the top left / 1st info block under the cover/heading block..
At that point I wrote it off as not having E2E.
glad that it does - and certainly after the latest Msoft Exchange hack - One might think that every business would demand all emails and similar web transfers are encrypted at rest and in transit.. I certainly look for such.
My experience with free is that it's either bad for privacy or the company is not real legit and is going to change at some point drastically, so I don't get caught into those traps I avoid getting invested into them. From google to rtMedia - free transactions either fail / die / change or they profit by slaying your privacy or time or something eventually..
I certainly prefer to buy once to own software and consider paying for an upgrade after a year if new features are added.
I get it that it's a legit and, common, and profitable way to earn and keep earning by getting business on a monthly / yearly fee.. Not my preference, but it works..
I would want to know what happens to any data if the fee stops being paid if I considered such a thing - and what backup plan there was if the company shut down as well.
I appreciate your work and you taking the time to respond, I hope you are successful in making at least parts of the world more secure and private! Whether I can afford it or not I think it's great!
If you stop paying, the only thing that happens is you lose the ability to use certain features (e.g. password protected public shares) - data / file access is all the same across plans. Also, since the files are actually all resident on systems you own/control, you have a second layer of assurance there.
We'll give some thought about how to support a perpetual license path - it may be sustainable given certain assumptions.
Well, as far s I understand it, Diode Drive "competes" with OneDrive and DropBox, not with on-premises NAS.
There is a reason OneDrive and DropBox exist and are widely popular, they don't seem a "solution in search of a problem".
As I understand it, the idea of Diode Drive is to be just as easy to setup and use, but without trusting Microsoft or Dropbox the company with your files.
For individuals and small businesses not having an easy access to sysadmin skills, setting up (and securing!) an "on-premises NAS that is accessible from the Internet in some way" is a no-go.
And having a regular file that automatically syncs is far more convenient than syncing files by hand, entering passwords, etc etc.
Disclaimer: I know nothing about Diode Drive other than what I gleaned from their website.
Hey, cofounder here, thanks for the interest. We just released our beta and I'm happy to answer any questions / take them to improve our site/docs. Here a couple of answers on questions I'm seeing in the comments right now:
Privacy: The clients are operating peer-2-peer and their communication is end-2-end encrypted. Meaning you and your peers host the data. The relay servers if needed are never and can never see your data.
Unlimited Storage: As it's a peer to peer system, there are no 3rd party servers storing any of your data. So it's limited only by your clients capacity
Open Source: The relay network servers are open source on our github site. The GUI client is closed source, you pay for the convenience. We might open source a pure command line client in the future.
I think this is a great business model. I also appreciate the willingness to open source at least some form of client, since that will help build trust (at least with us more technical users) that you're actually doing the encryption right.
As a technical user though, I'd be absolutely terrified of data loss as an early adopter of these sorts of systems. (And note: it's not just about server-side data loss, it's also about all the bizarre ways clients can interact with the host OS/filesystem and the crazy number of edge cases that pop up there.) That's one of the big things keeping me on Dropbox: I know their platform is battle-tested. I wonder if there's a way you can provide more assurance about this?
There are similarities for file sync between shared devices, but one of the big differences is that Diode Drive also enables sharing files with anyone by sending them a link (even if they don't have Diode Drive installed). Any of the sync'd devices that has the file can serve the share.
Hey cofounder, I really hate your name. I sure hope you don't get popular and be another company polluting the language unnecessarily by co-opting common words.
The same question can be asked of literally any useful goods made available for sale. Presumably you don’t shop at grocery stores because they might feed a murderer, or allow plants to grow at your house because they could provide oxygen to criminals.
The question can be turned around. How do you sleep at night supporting centralized information services, knowing they’re an enabling technology for despots?
> The same question can be asked of literally any useful goods made available for sale. Presumably you don’t shop at grocery stores because they might feed a murderer, or allow plants to grow at your house because they could provide oxygen to criminals.
This is absurd, anyone who claims this is a valid argument is fooling themselves.
Your argument is equally absurd. Should we stop selling screwdrivers as well because they might be used to stab someone? The practical uses for such a tool far outweigh the dangers it presents to society.
Do you treat the developers of FTP, SCP, Samba, NFS, Firefox Send, or Dropbox this way?
By the way, pedophiles use the internet. How can you sleep at night knowing that the fees you pay to your ISP are enabling people to molest children?
Syncthing - As per their website what it does is to synchronize files between two or more computers in real time, which are usually owned by you so the storage limit is the highest storage you have on a single computer
Diode Drive - A privacy-focused alternative to Google Drive or Dropbox - share and collaborate without uploading to the cloud.you have unlimited storage and files can be shared with a link with anyone and yes that blockchain nonsense
Syncthing is pretty great and for us an inspiration technically, but we also believe it's too difficult for the non-technical population. But we're targeting a reduced easy to use UI. We're trying to get as near as possible to the convenience of Dropbox/Google while being peer-2-peer and end-2-end encrypted.
We're using the blockchain to register unique usernames, drive addresses and store drive memberships (public keys) so there is no central database required to keep the system up and running. The goal is to provide the convenience of a centralized system, without a centralized system. That said we still have to improve convenience... beta as it says
Hey theon144 - one of the differences seems to be public shares. Diode Drive is able to share files with anyone/everyone even if they don't have Diode Drive installed. (send them a link)
e.g. If you need to send a file to someone and it is >25MB, not easy to do with email - Diode Drive makes it easy without having to upload the file to the cloud.
Downloading a binary from internet and running it doesn't make it a better practice. That's what everyone does though. So no idea why you are complaining about curl and pipes.
Encouraging people to blindly trust something they've never heard of before and curl into a shell to install software does not inspire confidence in a project's security practices.
Your thing is too new to be officially packaged for debian, centos or whatever? Okay fine, at least put up a link with a sha256 signature for the stuff you're distributing, and some instructions on a more traditional method of downloading, verifying, extracting a .tar.bz2 or .tar.xz file, and then installing it.
Yeah we're hoping to be packaged soon. In the meantime the safest way to install the diode cli is to clone the repo http://github.com/diodechain/diode_client and build it yourself.
This indeed is interesting.
But few things I wonder as it mentioned as an alternative to Dropbox/Google Drive.
- partial syncing/online. Is the client(s) capable of having files not on all devices? (Eg. My desktops with 2TB and a laptop with 256gb I'd like to have shallow copies until I need a file).
- mobile apps. Media Auto upload. This is another thing I see still lacking.
Absolutely! Both items actually have come up during our alpha and we're going to add them. Roadmap is not up-to-date but we have started collecting feedback and feature requests here: https://github.com/diodechain/diode_drive_feedback/issues
Respectfully, in 5 minutes of just being a human using a website your questions are generally answered. Being skeptical is fine, but at least be honest about giving something the time to read it's resources - they have even have a page of useful pages that I found within that first 5 minutes: https://support.diode.io/article/wu3yct3hbn-further-reading
Respectfully, I have tried, but I wasn't able to find the answers either. Your link, in fact, addresses none of the questions raised by the parent comment, the "About" page (https://diode.io/resources/about/) seems broken, and the rest is (to me) rather inscrutable crypto jargon.
Go to the link in the title, scroll down the bottom of the page and the Privacy link is right there, like it is on most website footers. The client is Go open source on github, the security is discussed on the Smart Contracts/Ethereum page and all of that network stuff. That's 3 out of 4 questions, the last one is an opinion.
I can't even see what the end user experience is from the website. All it seems to want you to do is install a random thing without really showing you what you can expect.
Hey there - we'll be posting some videos soon - agree it is not a great experience to have to click or install something without understanding what will happen. Thanks for the feedback.
Backup story? Client side encrypted, but in the cloud would be my preference. As long as the cloud and my house don’t fail at the same time, things are all good, and there’s no privacy trade off.
Yeah, definitely. Today you have to setup two instances at different locations yourself for backup. That has the advantage that you have full control, but it can be tedious. We would like to make that process simpler in the future
It seems like this a big stretch of the truth on their part. If you have let say 30TB of data hosted in the cloud and wanted to use this. Not on would you need a RAID yourself so we're talking probably 4-6 high capacity drives at around $500 a piece, but additionally you'd need around triple that to match the redundancy of cloud storage. Additionally you'd need someone capable of setting up a shared file system and fiber between all the access points. We're talking probably around $12,000 upfront and monthly bandwidth costs of $750. That or you can get unlimited storage from Google for around $120/mo, maybe much less. Many people still only pay around $12/mo.
Many users already get unlimited storage from Google for much less, but their new Workspace plans require an Enterprise account for unlimited storage which cost $20/mo. but it may require at least 5 users. So you're right, it would be $100/mo, but potentially less. I'm still on GSuite so it only cost me $12/mo.
Correct - storage can be done on a PC or a server system - https://support.diode.io/article/vr156n18cf-is-diodedrive-un.... I personally run some of my personal Zones with a raspberry pi connected to a USB drive as an always-on backup. Enterprise implementations would use whatever server (or private or even public cloud) based storage is appropriate for them.
Is this a prank? Privacy, security and reliability by obscurity? PKI is not broken but instead challenged in depth on all implementations. Blockchain and many other buzz words used for this concept stay empty as long when the source code can not be inspected.
You're using the Diode CLI clients, it gives direct and raw access to the relay network. If you want to try "Diode Drive" you've to get the download link above that.
Although the username is just an alias to a public key, it is almost unavoidable to have to use one's username (for example to join a Zone). So, we have support for multi-user single-app coming so different profiles can be applied to different zones so you can use "nikolay" for friends & family, and "myprofessionalhandle" for work stuff, and "myincognitohandleN" for other stuff.
I empathize - blockchain's benefits do suffer greatly from the behavior of many practitioners. It is wise to carefully evaluate...
However, doing even certain simple things, like securing time (https://eprint.iacr.org/2019/579.pdf), benefit from hardened consensus. Our background is in high reliability IoT infrastructure, so we got here not by bullchain hype, but by discovering and leveraging certain unique technology benefits that directly contribute to allowing solutions like Diode Drive to exist.
Nothing wrong with using the CLI, but the CLI is a more general purpose tool for exercising / leveraging the Diode Network, while Diode Drive is tailored to file / folder sharing/collaboration/backup. The CLI doesn't yet support all of the file-specific capabilities implemented in Diode Drive.
I am an early adopter and I've tried tens of thousands of products and services during launch. You should put a much bigger effort on the UX. I'm really confused and if I'm confused, the regular folk will just not wanna touch it with a ten-foot pole!
Thanks for the feedback, we 110% agree - a UI update is coming in the next 2 weeks that is a first step. Please shoot us any specific feedback you have! https://t.me/diode_chain
Questions I have for this is, does it have a file locking feature so two people cannot open the same file in a project? Think AutoCad. Also, would this work with Revit collaboration? I obviously work in architecture.
Sounds like a great product. But I hope you have a good security POC - won't be long before bad guys are hosting malware on those sharable links. I'm going to sign up, but just wanted to warn you.
Those are mostly about using a pool of 3rd party storage for decentralized cloud-based storage, and the "clients" for them are more suited to a patient and tech-savvy person.
Diode Drive is a small app that can run on almost every system, and doesn't use unknown 3rd party cloud-based resources - it uses only the systems you control (or trust) for its resources. So it has benefits in terms of intentionality, regionality, and compliance. Also, since Diode Drive is implemented on the Diode Network, there are many adjacent capabilities it can support.
When the excitement subsided, it turned out that nobody really cared about things to be p2p per se. Nobody cared how it was done, only that it did what they needed. In some cases p2p was the answer, i.e. BitTorrent and the original Skype, in very many others it wasn't and a centralized solution was simpler, cheaper, more reliable or more user-friendly.
Diode Drive appears to be in the same spirit. As a technical person I appreciate the solution, but it doesn't appear to be solving any tangible problem in some dramatically better way that also maps onto a better user experience. This is based on the 8 minute "How Diode Drive works" video behind two "Learn More" links.
If I got it right, then the idea is that N people can come together as a "trusted group" and use each other as nodes in a storage cluster. They can also share out files from the storage with outsiders and these files will be delivered from one of the nodes in the group.
If that's correct, then I'd argue that this is in fact a solution in search of a problem, competing directly with a good old dedicated storage box, e.g. an on-premises NAS that is accessible from the Internet in some way. I can see Diode Drive being used as a stop-gap solution while a proper one is put in place, but that's about it.
But I may be missing something. I hope do. But on the surface this is eerie similar to the projects of the p2p glory days from 20 years ago.