The Design Problem ¶
For example, in Fall 2019, a change in export law required that US companies block users connecting from certain countries. Without warning, some US companies effectively cut off account access for people connecting from these regions. Companies also give data to authorities – for example, Yahoo! collaborated with China to incriminate political dissidents in 2005. These acts set a dangerous precedent, where knowledge can disappear, becoming inaccessible permanently, or be shared with third parties without warning. This is a power dynamic that creates information security vulnerabilities and is especially dangerous for vulnerable populations with sensitive information.
In a decentralized world, users can choose their provider, and where their data is stored. However, it isn’t always clear how or why to make this choice, and how best to offer this choice to users.
The Design Solution ¶
A physical beacon is as an ‘always-on node’ that operates in a particular jurisdiction. In peer-to-peer and federated contexts, there could be many physical beacons that are synchronizing and backing up the data on the internet.
It is good for grasping a concrete aspect of the network for those who might not understand the conceptual aspect of it.
Use this in conjunction with Network Health Indicator to show which physical beacons are currently online. Include concrete information about these locations, such as their IP address, city, country, provider name (e.g., URL), and latency.
Why Choose Physical Beacon? ¶
- When users want to control the physical location of their data.
Best Practice: How to Implement Physical Beacon ¶
- Show users when data has been replicated fully to at least one physical beacon. This helps them know when they are able to shut off their device.
- It should be easy to manage active beacons and transfer data from one beacon to another through a user interface.
- Make an easy “out-of-the-box” setup experience for new physical beacons.
- Hosting fees to beacon operators can help sustain infrastructure when users do not want to setup and maintain the beacon themselves.
Potential Problems with Physical Beacon ¶
Physical Beacon can expose a new attack surface or become a point of failure. To avoid this, consider using end-to-end encryption and synchronize with beacons in multiple locations.
The Take-Away ¶
Physical Beacon can be useful when it’s important that data is stored in a particular physical location (or many physical locations) for improved data resiliency & archiving capabilities.