​Google’s Upspin rethinks secure file-sharing for the cloud

Google has released a set of protocols and APIs that aim to give users more control of files stored in the cloud.

Google engineers have unveiled Upspin, an experimental open source project that may offer a better way for developers of consumer-focussed apps to enable secure file-sharing on the internet.

The people behind Upspin — Google software engineers Andrew Gerrand, Eric Grosse, Rob Pike, Eduardo Pinheiro and Dave Presotto — are suggesting a global name system for all files stored on the internet, regardless of the cloud provider it's stored with.

They say that global cloud providers, Google included, make it too hard to share files and believe that it's experimental Upspin project may be able to achieve that while shielding user data at all times from cloud providers.

The main problem of sharing on the internet that Upspin is trying to solve, according to the project’s overview, is that users have little control over their own files once they’re stored in the cloud.

They point out that users are limited to public or private sharing, and in any case, have little choice but to provide access to the cloud provider.

“If one wants to post a Facebook picture on one’s Twitter feed, one does that by downloading the data from Facebook and then uploading it to Twitter. Shouldn’t it be possible to have the image flow directly from Facebook to Twitter?”

“This “information silo” model we have migrated to over the last few years makes sense for the service providers but penalizes the users, those who create and should therefore be in charge of their data. There are surely advantages to hosting all one’s photos on a network service rather than maintaining the archive oneself, but those advantages come with a significant loss of control.”

They describe Upspin as a layer of infrastructure that runs in the network and on devices it’s connected to.

Upspin’s makers stress that it’s not an app or an official Google product, but a framework that other developers can build on. For now, however, Upspin is hosted in Google's cloud platform.

The answer Upspin offers is to give every person and device on the network its own global name, which consists of the user’s email address, followed by a slash-separated path name, such as “ann@example.com/dir/file". This becomes an Upspin username. They note that it is possible for a single email address to be assigned to multiple entities.

These usernames could make files stored on the network available for sharing by adding “read” permission to a specified directory, which could be shared with other addresses. Besides files, it may also be used share access to other devices, such as sensors, seemingly to support connected things.

“Add to that proper end-to-end security and a coherent sharing model, and a future with uniform, secure, ubiquitous access to data becomes feasible. Download and upload, unauthorized access, siloed data, even email attachments could become relics of the past,” Upspin’s creators write.

The Upspin system consists of a key server to store user’s public keys, a storage server, and a directory server.

While Upspin’s makers admit it does look like other global file systems, such as the Keybase filesystem and Camlistore, Upspin has a different purpose.

“Its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world,” write the Google engineers.

They point out that a unique aspect of Upspin’s design is the separation of directory and storage servers.

“This separation has a number of properties, most important of which is that it guarantees that the directory servers are not granted any access to users’ data beyond knowing where it is located. Directory servers never even see user’s data, even unencrypted data, other than file names and access permission information. A user’s data need not even be hosted by the same organization that hosts the user’s directory.”