Protecting Secrets on the Server

When building a decentralized platform that can be run by many different people on commodity hardware, we help move the Web from Digital Feudalism to a Free Market. But for any indie, do-it-yourself, mom-and-pop small business self-hosting their open source software, some aspects of security can become a major disadvantage versus the Big Tech monopolies, which spend millions to harden their security. Wordpress installations, for example, are notorious for their vulnerabilities to people installing various third-party plugins. They also target the lowest common denominator of hosting – which means, for example, that anyone can share the obscure URL of a “secret” file on a typical Wordpress site, and have others read it.

However, the difference cuts both ways. Let’s first discuss the security advantages of decentralization, and then discuss what Qbix is doing to address the major vulnerabilities, even on commodity PHP hosting environments!

The advantage of decentralization

By spreading the data out, and giving everyone their own private keys to sign transactions with, the Qbix Platform (together with Intercoin Platform for Web3) can help mitigate data leaks, improve privacy and security, and prevent data corruption on a large scale. This article goes into much more depth on how exactly that happens, and what is at stake:

Security for small actors

Wordpress, released two decades ago, has grown to power 40% of the world’s websites. Qbix is also open-source, also designed to run on the same commodity PHP hosting that powers 80% of all websites in the world today. But going to market two decades later than Wordpress, we are able to take advantage of a lot of new functionality that wasn’t available back then, and give it all to the little guy, out of the box.

Charging for Resources

Worried about your content being “stolen” and remixed, or even used for training AI models that will make your content obsolete? Worried about contracts of adhesion that the Big Boys are rolling out to train AI on your data, with no way to opt out? Qbix provides that way to opt out – just host everything on your own site, and only place teasers and trailers on the Big Tech sites, leading to your own site.

Unlike with Wordpress, Qbix works with modern web servers like NGiNX so you can restrict access to your gated content and community. You can have people buy a membership, or even a Web3 token, and Qbix will protect your data. Here’s more information on that:

Protecting Secret Keys

Many teams accidentally have someone commit the secret keys into the team’s repository, used for version control. They end up on GitHub and it can be a while before people realize it, by which time many non-technical customers would already have back-doors installed, content stolen, or have their accounts hacked and used to impersonate them on third party APIs.

From the beginning, Qbix Apps were designed to make sure all keys, secrets, and other private information is kept in the local folder, which is explicitly excluded from being checked into version control by .gitignore and .hgignore files that come out of the box with every project.

Securing Internal Communication

In Qbix, the PHP and Node.js processes sometimes pass messages to each other, over HTTP on various ports. Not everyone properly configures their firewall, so we need to make sure that no one impersonates an internal process. That’s why Qbix apps use internal symmetric secrets, stored in local/app.json, to sign and verify each request.

Securing Secrets Further

But we can go further. We can enlist the operating system in protecting our secrets. Python apps like Mercurial, for instance, use the “keyring” extension, which essentially stores keys to, and reads keys from, the operating system’s secure enclaves, depending on what operating system it is (Keychain in MacOS, something else in Windows, Linus, BSD, etc.)

Or consider a web server like NGiNX: it can be started by the root user, allowing it to read private keys for HTTPS certificates, which are only readable by the root user on the system. But then, it will spawn child server processes which run as the nginx user, handling requests, and keep the private keys in memory (RAM).

Qbix is now working on a system that will do the same thing. Today’s state of the art, done by nearly every other open source PHP platform (Wordpress, Joomla, Magento, etc.), is still to keep the secrets of a program inside local/app.json and have them read by the PHP scripts serving web requests. At Qbix, we are designing a PHP service that will run locally alongside your web server PHP. While the latter handles web requests, the former is designed to actually use the secrets, signing payloads and making API requests with secure credentials. But, before doing so, the PHP service will enforce quotas, memberships, etc. it reads from the database. The secrets can then be moved out of local/app.json and into local/secrets.json which can only be read by privileged users such as root. The PHP service would be started by the root user, read the secrets, and then securely communicate them to less privileged internal servers, that keep them in memory in order to do its job.

Nothing can be 100% secure, of course. Yes, there are vulnerabilities like Meltdown and Spectre that might allow a program to read memory of another program, but affects all systems, and CPU makers have now been working to address it. Similarly with the recent Zenbleed and Downfall vulnerabilities. Even Secure Guard Extensions have been hacked.

End-To-End Encryption

People who have private communications that they don’t want to expose even to the Qbix server can store non-extractable keys and use them to encrypt their communications. The situation is more complicated than that, because we need special techniques that guarantee the web site code hasn’t been tampered with, and won’t be “phoning home” secrets in plain text to any external web servers. We are planning to roll this out in Qbix Platform 3.0, in a backwards-compatible way that seamlessly integrates with the current Qbix Platform 2.0.

End-to-end encryption is an important subject and is becoming a global battleground between people and governments. You can read more about it here:

Not all organizations want to have end-to-end encryption for their apps. For example, when employees are communicating in the context of doing their job, the people who depend on their job deserve to have a way to know what was being said. Qbix has come up with ways to balance privacy with accountability, and that’s also coming in Qbix Platform 3.0. Stay tuned:

1 Like