We're the team behind Sia: a new type of cloud that is private, personal, and keeps the users in control. We've raised over a million dollars to wrestle control of the cloud out of the hands of corporations, and back into the hands of users. AMA /...

What's wrong with the other cloud service providers? Apart from Dropbox and google drive I've not actually used any.

The thing that bothers me the most about most cloud storage services is that it's a single corporation in control of all the data. For example, Dropbox can see all of your files, delete them, change them, and you'd likely never know. At the very least, if they are scanning your photos for evidence of criminal activity, you aren't likely to know.

And then you have 'invasion creep', where companies like Facebook will increasingly strip away your rights. At first the ToS says 'we will never look at your data!'. Then later the wording is changed to 'We will never share your data with others!'. 3 years and 300 million users later, the terms have somehow worked their way to saying 'We reserve the right to sell your images, own full copyright, and never give you any credit for them.' And yet they aren't losing marketshare.

And that makes me really uncomfortable. You also have these single, gigantic sources of failure. For example, in one strike, a single hack, someone was able to get access to the nude photos of a huge number of celebrities. It's a single point of failure, and it makes for some super juicy targets. Hackers love single giant databases with millions of personal photos, videos, etc.

With Sia, the only person with access to the data is the person who uploaded it. The encryption happens on the machine doing the uploading, and the keys are never shared with any sort of central server. None of the above problems exist with Sia.

It's also really competitively priced. For consumers this is maybe not such a big deal, but we're less than 10% the cost of Amazon S3, and for businesses with massive volumes of data we can be saving them tens of millions of dollars per year in infrastructure. And that's exciting even if you don't care about the privacy pieces.

Pardon my ignorance, but if encryption is done client-side would a person be able to access their data if their computer died and they had to buy a new one?

Currently, you need access to the metadata. There's a small-ish (about 1/1,000,000 the size of the full data) metadata file that you need to fetch and decrypt everything. If you lose that file, you will not be able to get your files back from Sia.

We have a plan, though it's not implemented yet, to make it possible to recover all of your Sia data using just a master password. Basically, you store the metadata itself on the Sia network, and then you protect that with a master password. We use a few other tricks as well to make it fully possible, and expect to have that in a release within the next 6-9 months.

Once that's in place it should be possible to recover all your data from any device, using just the password.

Do you plan to make it more expensive when that happens? I am interested but I'd like to buy it when the master password is set up.

Prices are set by the hosts, there's no control or mechanism through which we raise the prices.

We just write software and help the network grow :)

When file sharing is enabled, who will pay the cost of bandwidth, and how? (For example, the situation where a renter shares a file that gets 1 million downloads.)

The downloader pays the cost of bandwidth. If someone uploads a file and unexpectedly gets 1 million downloads, it will not cost them because each downloader will be paying their own way.

For sites like YouTube, we can also set up a cookie-based payment. YouTube would give you a cookie that basically says 'Good for 300MB' or similar, and you would give that to the host to make the download. In this case, YouTube would have full control over the creation of cookies and would be able to stop any malicious behavior, the host can still get paid, and the user doesn't even need to know that they are actually doing a Sia download when they watch the video.

For sites like YouTube, we can also set up a cookie-based payment.

"can" as in "could theoretically implement this in the future" or "currently are capable of this?"

We have the designs needed to implement this in the future. If we put it as the next thing in our pipeline, I'm estimating it'd take 3-5 weeks to implement. We would have to extend the host-renter protocol, which means it wouldn't be usable until enough hosts had upgraded, which would probably take an extra 2-4 weeks.

You can't do it using today's software. I'm expecting us to have it implemented by the end of the year, though before we get that far we have other priorities.

How exactly would YouTube be able to identify malicious behavior?

The same way that they identify it today. YouTube already has to pay for all the bandwidth that they consume to funnel content to users. Sia would actually be able to do that for them for much cheaper than what their current costs are.

Where do you see Sia in 3 years?

I think that realistically in 3 years Sia will be used almost ubiquitously among privacy focused communities. I think we will also be seeing the first major names such as Netflix announcing that they will be migrating their content distribution to Sia.

Most people at this point will be comfortable with Bitcoin, and will understand that Sia is the data-version of this, even if they don't use it themselves.

The tech itself will be miles ahead of where it is today. We've only been in development for 2.5 years to date. Speeds will be universally regarded as unbeatable, scale will be billions of terabytes, and anyone using Sia will have access to their data from any machine by using just a master password.

What do you think of Swarm, Filecoin, Maidsafe, etc?

I try not to talk too much about our competitors, because there's is some very obvious bias here. But generally, I feel that Sia is the only platform that has a really strong grasp of the security implications of decentralized systems, and similarly I feel that Sia is the only platform that was designed from the ground up with performance in mind.

To the best of my knowledge, Sia today is the ONLY platform where you can actually upload an encrypted 200 GB file to a decentralized network and expect it to still be there next week. All of the other platforms either require some sort of central server to coordinate things, or otherwise just doesn't have the scale or incentivization.

My favorite thing about Sia is its independence. If right now Nebulous were to shut down all of its servers, users would not experience problems. The forum, the website, and the blog would disappear, meaning you might have problems getting help, however your files would keep uploading, would stay online, and you could keep using the application itself just the same, as though nothing was wrong.

is your company named after the singer Sia Furler ?

Funny story. We picked the name expressly because there were no search results, other than some obscure javascript stuff and some singer who had relatively little popularity.

Then, like 3 weeks after we had committed to Sia, sure enough the word 'Sia' is trending and generating massive buzz because of her new music video. The one with an 11yo in a nude suit.

Sia the singer has of course done very well since then, and it's been annoying for us. But we chose to keep the name anyway, and we continue to be happy with it.

Sia has been making music for more than a decade, under that name and with other groups, like Zero 7.

This is true however she was not really a searchable name until her Chandelier video, at least as far as I remember.

Btw, you guys talked about a surprise.. Care to share it?

Next week we will be announcing an opt-in leaderboard for storage. Users can compare how much they've uploaded and compete to rank on the ladder. The top new users each month will get prizes like T-shirts.

This leaderboard is completely opt-in, and the only information you provide to the leaderboard will be evidence of how much data you have stored with each host. The leaderboard won't know anything about how many files you've stored, their names, etc, and again it is fully optional that you participate.

Is there any stats on how much data is stored on the network as a whole? I saw something on your slack that it was only around 10-15 TB, but I can't really find any authoritative sources.

There's really not any good way to measure that, as it were. Sia does everything over payment channels, including uploads.

Payment channels are both a scalability and a privacy upgrade. It allows many uploads and downloads and payments to happen in a single blockchain transaction. A downside of this though is that, on the blockchain, the amount pretty much always reads '0'. So when you upload 50 TB of data to our network, there's actually no way for us to reliably track that.

It's one of the disadvantages of private, decentralized systems.

We do however have the ability to monitor how much money people have allocated in total for storage. And as of this morning, that was more than 35 million siacoins.

edit: the leaderboard of course will give us a better idea, but users have to choose to share this information with us. So at best, it gives us a lower bound on how much data the network is storing. I'm guessing that most of our business clients will refrain from using the leaderboard, though they will probably be a massive percentage of the total data consumed.

Have you got any corporate clients?

Nothing we are able to announce yet, however having corporate clients is both a short term goal and a long term business strategy for us. We are in the process of forming relationships with several corporations, and hope to have some big announcements in the next few months.

When you get corporate clients are they going to be paying in dollars or siacoin?

Depends on the corporation, and the specific deal, and also depends on what are lawyers say is safe for us to do.

If corporate clients are willing to pay in siacoin, it's very simple for them to use the network. They can hire us on support contracts if desired, or if they aren't having any trouble they can just use it themselves and not even notify us that they've begun using Sia.

If siacoins are not compatible with their internal policies, we will be able to work with them anyway to get them operating on the Sia network, though the specific process will probably vary by customer.

"What does Sia offer? What makes it unique and worth investing? Elevator pitch... I never read up on it and obviously didn't invest. Juuuust curious."

Someone in a crypto-investing slack asked these questions^{^}

Our website I hope does a good job of explaining Sia. If not, we'd love some feedback.

Generally, our targets are not speculators/investors - our focus is users. Siacoin the cryptocurrency is a necessary component of the Sia network - it's how we penalize hosts if they don't store your data as promised. Without that, I feel that Sia would be vulnerable to a large number of attacks. Happy to expand on this in another top-level question.

But essentially, the siacoin itself is designed as a security component to the network, and while it's also a speculation instrument by side-effect, increasing the siacoin price is not a primary goal of ours. That said, I do expect it to go up substantially if Sia usage goes up substantially - you need siacoins to use the network, and there is a fixed supply.

Hey guys,

Great what you guys are doing! I was wondering, Kim Dotcom is launching MU2.0 soon. Will he be (solely) using Sia? Did you guys have any contact over the last few months?

Edit: is it one of the 3 announcements? :) "We have 3 announcements / events coming over the next 3 weeks."

The first was the release yesterday, the second is the AMA today, and the third is the leaderboard coming next week.

We have not been in contact with Kim Dotcom despite our best efforts. We're not really sure what he's building, but I suspect that it's not actually decentralized, merely instead it is bitcoin based.

I guess we will see though.

Sia's pricing for storage right now is very low relative to its competitors, but not many users are actually storing files on the network. Looking at SiaPulse there's 931 TB available but only 0.82% of that is in use. Without anyone to purchase storage, the hosts have no incentive to continue participating.

What do you think is limiting the number of storage buyers on the network and how do you plan to address it?

I believe that the 0.82% number is actually incorrect. There are hosts on the network with as much as 50% utilization today, and most non-new hosts have at least 10% utilization.

That said, you are correct that as of today there is a windfall of supply compared to the demand, and we are working hard to correct that. The biggest reason for this up until today I feel was that the software was very slow for uploading and downloading files. Until our release yesterday, it would take more than a week to upload a single 20GB file. The release that is out now can do that at much faster speeds.

I also think that general awareness among consumers is very low. We are working to introduce Sia to the world and to get people excited about it.

What’s the timeline (and technical roadmap, if you can share any of that without compromising state secrets) for recovering both coins AND files with one’s wallet seed?

Until then, Sia is simply remote data storage. (Albeit one with nifty bells/whistles.) Because users must still backup important data in some other way/shape/form, e.g. on a local hard drive, Dropbox, etc.

Less than a year, though you aren't going to see it in the next 3 months. We've spec'd out everything that needs to be done to make it happen, but the implementation is expected to take a few weeks and we have a few other problems we need to solve first.

We understand that this is a significant issue though, and it's very much on the roadmap.

What's it like working together? Are you guys bros, and name call each other blaming or abusing Each others mom? Or do you guys go to work like every other blue collar job?

We all live in the same house actually. This has pros and cons. We're all great friends, play smash together, watch movies, tv, anime together, etc.

But also, when there's a tight deadline for a release, like this past week, you end up all working until 4am. We all work our own schedules, but some weeks that more or less means you're fielding work questions the whole time you are awake.

I think we've gotten to a good rhythm at this point, we have regular meetings to discuss work/life culture and make sure we're giving each piece a healthy serving.

As we grow, we will probably get offices for new people to work out of. I personally would like to keep a culture of dev teams that live together, though this would not be a requirement except for certain teams that already live together. We will have to see though, I am certain that there will be big changes even as we grow from 3 full time to 6 full time employees.

How big is your sales team and how long do you think it will take to close enterprise clients?

Edit: More questions:

• Is the speed fast enough for a site like Twitter (or a bit smaller) to transition from S3 to Sia? If not when will it be fast enough?
• Do you forsee the price increasing from $2 / TB / month because of market conditions?
• What is the goal amount of GB you want stored by the end of 2017?

We have 1 person directly focusing on sales, and another focusing on general user acquisition things. Enterprise sales cylces can be slow, and we expect to be able to close some enterprises within 2-3 months, and others to take 9-12 months.

We have several in the pipeline though, we will certainly be doing deals more frequently than one or two per year.

edit: for twitter, we could store their raw data like images and stuff. I think, properly configured, it would even be fast enough today, though you'd need the file sharing pieces that we haven't added yet. I expect that price to maintain $2/TB/Mo, indefinitely. I believe it's currently actually lower than that. I think a good goal for data storage in 2017 is 100 million GBs, or rather 100,000 TB.

How do you see minebox.io impacting your business?

We are very excited about Minebox, as Minebox users will both be utilizing the network to store their data and also increasing the quantity and diversity of hosts on the Sia network. This is a huge benefit for the network's health.

We're also excited in general about the product, and believe that Minebox is a natural evolution to the traditional NAS.

Isn't this counter-productive to cloud-based storage? The whole point of the cloud (vis-a-vis storage) is consolidation of storage aggregates using multiple SAN devices. The backend provider eats the cost of the redundancy (typically 1 drive in 16 for a RAID5 storage aggregate). If your technology splits the storage among multiple providers and adds redundancy on top, isn't the end user paying for that redundancy instead of the backend storage provider?

I guess what I'm asking, is, doesn't Sia's architecture remove (or at least reduce) the economy of scale that makes cloud-based storage cost-effective?

You make an interesting point. The primary innovation of Sia is to remove trust from the equation, and that comes with some tradeoffs. When you are storing your data across dozens of untrusted nodes, you have to handle the redundancy yourself. However, there is nothing stopping you from uploading to a single host if you trust them 100% to maintain the durability of your data. But there are also tradeoffs to that approach; specifically, if your data only resides in one datacenter, you can't download it in parallel, and the latency is a function of your distance from that one datacenter. Splitting the data across multiple hosts allows for parallel uploads and downloads and evens out latency numbers, much like a CDN.

One of the things we value about Sia is that it makes pricing very transparent. You pay for exactly what you use, including both storage costs and bandwidth costs. There are no pricing tiers, and you are never "locked-in" to using a particular host. Our vision is a competitive marketplace for storage, where hosts compete purely on what matters: availability, latency, bandwidth, price.

I can understand paying a premium for trust. But who holds the cryptokeys to my data? Is is JUST me, do we both have it, or is it stored as a hash using my authentication creds?

How is the distribution handled? Is data replicated from the master copy in near real-time, or do I run the risk of updating a file in LA and having my friend download a previous version in London because we're accessing the data from different storage locations? (Obviously, I don't want your proprietary distribution details, but many a doctoral thesis has been written on geo-diverse data synchronization). How do you guarantee data integrity across multiple storage backends?

How does Sia handle the loss of a single storage backend? What about multiple backends? What happens in the event of data corruption on one of the mirror copies? I know it's a near statistical impossibility, but what happens if multiple backend copies get corrupted?

It's all open source, I don't believe anything is proprietary.

That's correct. All of the code is open source. We have a github repo for both our daemon and our graphical client, from which you can build the latest releases yourself.

Sia uses Reed-Solomon coding to achieve the same properties. The most recent release has an 8-of-32 redundancy scheme, though as we continue to iterate on the software we expect to eventually reach numbers closer to 30-of-50 without sacrificing data security.

Doing it this way gives you massive geographic redundancy as well as a high tolerance to disk failure, host failure, trust failure, earthquakes, nuclear warfar, etc. In terms of reliability, there's really no comparison (modulo potential bugs in the software).

This also means that we can have hosts focusing on achieving 95% reliability instead of 99.99999% reliability. This will likely result in cheaper drives, cheaper setups, etc, and overall stronger customization for the end-user.

Napkin math suggests that the long term cost of Sia at scale (assuming drive prices don't decrease ever again) is around $2 / TB / Month. This accounts for power, servers, rent, etc.

Time will prove or disprove that math.

Why should I trust you?

Sia is open to everyone for review, and to the best of my knowledge nobody has found any damning problems or any reasons to raise red flags. If there are any specific concerns you have with our platform or design, we'll happily respond to them point-by-point.

How would you explain what you do to a dumb guy?

We store data in the cloud, but we do it in a way that is far more secure and far more private than traditional cloud storage. It's also a lot cheaper, especially at enterprise scales.

Do you guys have a plan to increase open source contribution?

We do!

Up until now, Sia has largely been it's own community. Our last AMA was on the siacoin subreddit. Largely this was because we felt that the software was not ready for us to show off to the rest of the world.

Sia as of our most recent release is very usable, has a thriving community, and we think it's time to start spreading the word to other communities who are interested in decentralization. We have a plan for reaching out and getting people excited, especially among related open source projects such as Tox, Beaker, and even projects like Tor.

First of, I really like this project, and you have done an excellent job so far. It is good to see constant progress.

A couple of questions:

Do you plan to offer an easy way to buy Siacoin?

Seems to me critical mass of users is important. Leaderboards is one creative idea. What else do you guys have in mind PR wise? Do you have a dedicated employee committed to marketing (or plan on hiring one)?

Thank you for doing this AMA!

We would love to offer a direct way to buy Siacoins. I'm sure we'd make a killing on the margins too. Unfortunately, between money transmission laws and credit card fraud, there's not a good way for us to do that.

We are working on making easier to acquire Siacoins, but that will most likely be through partnerships with existing exchanges rather than something we offer directly.

We have a few ideas for PR, and two nontechnical employees who are helping with brainstorming. We'll be targeting decentralization communities, specific publications, and doing fun things like this AMA to try and grow our userbase. If you have ideas that you think would be awesome, we'd love to hear them.

What are you most excited about for Sia in 2017?

Oh man where to start.

I'm excited about the enterprise deals that we are working on. I'm excited by the thought of having true decentralized storage for my data (this is already available, but it's so new and it still excites me a lot). I am looking forward to being able to backup my entire life with a single seed, in a decentralized way. I am excited for the filesharing capabilities that we are working on.

We are expecting 2017 to be a big year for Sia, and for decentralized storage as a whole.

Obliviously improving the Tech. is always on your mind but as a company what are you priorities in the near future?

Our top priority right now is the usability of the network. The current release has a few warts from the early days, for example it takes about 15 minutes to unlock the wallet and about 45 minutes to form file contracts. We've got an improvement in the pipeline to make unlocking the wallet almost instant.

Up until our release yesterday, files were also very slow to upload and download. Now, downloads are fast and uploads are extremely fast. We're really pleased to have accomplished that.

We're also aiming heavily at scalability. The blockchain protocol has been designed to support millions of TBs per person, which is necessary for some enterprises. While the protocol can do that just fine, today the user software really can't keep up with that much volume. For the most part, we just need traditional engineering to get more scale, and that's something we'll be focusing on.

Finally, we've started adding more adversarial conditions to our testing framework. We're adding active attackers and giving them lots of money and storage, and trying to set up situations where people are willing to throw away tons of cash in an attempt to disrupt the network. Sia is already very strong against most forms of attack, but we will be taking it that extra mile over the next 3 months or so.

In the more middle term, we will be adding support for filesharing and content distribution. The Sia of today can't really be a backend for YouTube, however the Sia of 12 months from now will be able to do that.

What kind of contracts do you use to enforce network rules? Are they like bitcoin scripts?

Sia has a whiltepaper which dives into this pretty well. https://sia.tech/sia.pdf

How large do you see the Sia storage network getting in 2017 in terms of storage capacity?

Well, I believe that the storage capacity of the network is already really high, well over 10,000 TB. Most of that capacity is simply not plugged in because the demand is not there - it'd be consuming electricity and headaches, and not providing any revenue.

A better question would be to ask where demand will be at the end of 2017, and I really don't know, but I'm hoping that we can push the growth of our network. At this point, we've crossed the biggest usability hurdles for most users.

I think my personal target would be 100,000 TB total in use on our network by the end of the year.

How much data does Sia have stored on the network right now?

It's difficult to measure, but I'd estimate we are close to 100 TB at this point.

Is Sia ready for the real business applications now or very soon? If yes, what actions will Sia team take to attract business to be built on top of Sia?

Ultimately it comes down to the scale of the business. Sia is not yet ready for customers like Steam or HBO, but if you are a smaller business with double-digit TB of data, then Sia should be interesting to you today :)

We are already pursing partnerships with a handful of storage-related businesses, and in the long term we believe that businesses will provide the lion's share of revenue for our company.

If you had to combine forces with another crypto project, what project would it be and why?

That's a fun question. If I had to pick just one project, it'd probably be IPFS. They do a lot of things that we don't, and we do a lot of things that they don't. Together, I think you'd have a powerful foundation for some amazing stuff.

Do you have any concerns about individuals using your servers for illegal activities and/or being shut down by the government as a result, like megaupload v1?

We have spent some time looking into this, and while it varies by jurisdiction, the general answer is that as long as you don't know what is being stored on your machine, there's no problem nor legal obligation. In the event that you do discover illegal content on your host, there is a way to remove it, though you will incur the "bad host" penalties for any data you do remove.

Dropbox has to deal with the same exact problem, and so far they have not gotten into legal troubles for hosting + distributing illegal files, even though they have users who have done as much.

How is the health of sia at the moment? Any chance we see Mobile wallets soon such as on ios?

I am not quite sure what you mean by health, however there are a lots of hosts on the network spread across approx 3 major geographical locations. There is far more supply than demand, which I think is not fantastic, though it means that prices are insanely low. At one point it was only like $0.25 cents to store what would cost a full $25 on Amazon.

We have not seen any security events nor do we have any reason to believe that there's something dangerous on the horizon. If you put files on the Sia network, you're almost certain to be able to re-download them.

Can I use it for porno? Legal porn tho.

It wouldn't be a very private cloud storage platform if we had some way to detect and ban porn.

In short, everything is encrypted and done from your own computer. You can think of us sort of like selling a hard drive. What you put on it is your business, and it's not even possible for us to snoop, let alone take action about it.

Im rather new to sia. What is your opinion on the quote: "cloud storage coins should stay low in value, so the price on cloud storage stays low as well and wont be as expensive as for example amazon cloud storage" ?

Hosts set the price of storage themselves, and can adjust it whenever they want. If the coin price goes up, the hosts can adjust their price down, and the ones that do will get more business.

Ultimately the cost of storage should be independent of the price of the coin.

A primary stated objective of Sia is to be utilized by 3rd party developers. To this end, is compatibility with Amazon S3 being given the highest possible priority in the roadmap (it’s as high as it can be, technically speaking).

If not, why not, what is more important?

Is there someone currently on staff who has the knowledge/experience to implement S3 compatibility? If yes, who? If not, is there a plan to acquire said talent in the near future?

Sia has really only been usable at all recently. And until our release on Thursday, upload speeds were capped at about 1.5mbps sustained, which is pretty much unacceptable for any interesting development project.

I think there was a pretty easy argument to be made that improving speeds should have taken priority over S3 integration.

S3 compatibility is also not perfectly aligned with Sia and its needs. For example, in Sia you need to pay in cryptocurrency. This makes the equation a lot different. S3 compatibility is on the roadmap, and we do have the talent required, but that talent is currently focused on other features.

We have some integrations coming up that do not require S3 compatibility, and we'll performing those first.

Hey guys, thanks for doing this!

I am a newb to Sia and doing some due diligence as I have heard very good things about the project.

So I have four questions to start.

1. ELI5 the tech please. I am a bit technical but not enough to read through the documentation and understand without help.
2. Can you elaborate as to the roadmap and plan for the project?
3. How much funding does the core team have left to pursue development? Or rather, how much time till funds run out?
4. What has been the reception been like from enterprise firms you have pitched too? Can you name a few?

Thanks in advance!

1. check out the "learn more about Sia" link in the OP, it's got some great, accessible info

2. Hopefully the rest of the thread at this point has some good answers for this

3. We have enough money to last a while still, even without revenue. However we also have deals in the pipeline which should get us revenue, and we are expecting to make minestones which would be required to raise another round of VC funding.

4. Unfortunately have to keep the names tight until we have deals closed. But, the reception has been very positive. They like our technical team, like the idea, think that blockchains are sexy, and also believe that there's a business use case for them. Our biggest hurdle is usually the current scale of the network. I expect to be making some good announcements related to this in the coming months.

Do you have plans to build api libs for other languages currently only nodejs?Java Python C .NET

The Sia API is a standard HTTP API, so you should be able to use it from any language that supports making HTTP requests. That said, we do have an official sia.js library, and a community member recently started working on some Python bindings as well. You can check those out here:

sia.js: https://github.com/NebulousLabs/nodejs-sia siapy: https://github.com/lolsteve/siapy

API Documentation: https://github.com/NebulousLabs/Sia/blob/master/doc/API.md

I have a Java library too: https://github.com/javajared/Sia-Java

Wow, I had no idea that this existed, thanks for sharing!

How easy would this be to hack?

Depends on what you mean by "hack." Computer security is a big field. One sort of attack would be to try and steal a user's data. Another attack would be to try and steal their money. Or the attacker could just try to disrupt the Sia network as a whole. Can you narrow down what sort of attack you have in mind?

I think one risk, may be remote arbitrary code execution weakness in the host software. (I do understand it hard to estimate such risk). But if you find one there is money to be made.

We've done our best to write code that is safe against this. That said, I ask myself the same question all the time. What if we missed something?

The good news is that user data is safe regardless, because the host has no power to snoop on the user or see what sorts of files are being uploaded. So the worst you could do is find a vulnerability that is common to all hosts (hosts run on all operating systems, so hopefully not an easy task) and then you wipe out the entire network all at once.

Even then, ideally we'd be able to get an emergency patch out within a few hours and have the hosts back online quickly.

We definitely think about these things, and I think we've done a great job for the most part. At some point in the future we will get an actual security audit on our code for greater certainty and confidence.

It also helps that we use a modern language, golang. A lot of pitfalls that you'd see in C or C++ have been eliminated by superior language design.

I'm glad you brought this up, it's important to acknowledge the full scope of potential problems.

How much time has it taken you to develop Sia?

Sia has been under development for about 2.5 years at this point. The first year and a half were just me and my cofounder, and we were basically coding 80 hours a week. The past year has had 3 full time devs (I guess at this point I'm closer to a part-time dev though - I am now doing a lot of sales, growth, and company management stuff) as well as some interns.

Does Sia protect against targeted attacks, where a malicious actor reads my contracts and DoSes all of my individual storage providers? (Or even worse, wipes their hard drives!)

If that is something you are paranoid about, you can use anonymity software such as Tor to disguise your contracts and make it difficult for an attacker to tell which hosts have your data. And even better, the attacker won't even know that you are who they want to target.

Data contracts also typically last 12 weeks, and are renewed every 6 weeks. To execute the DOS attack you describe, the attack would need to persist for 6 weeks straight, which is a long time, especially if some of your hosts are major hosts or have decent DDoS protections (some do).

Hey guys, thanks for doing this AMA. I have been a long time follower of SIA since its early wallet version's and always thought it was a great idea. I am glad to see SIA is becoming more well-known since then. I only have a few questions for you guys.

First, How well is SIA handling large amounts of data(perabytes and beyond for example)? I remember seeing this as a problem when I first started looking into SIA and would like to see if you guys have made any headway on it.

Second, how do you see SIA performing in competiton with Storj and other similar companies in attracting high level clientele(e.g. large corporations)?

Third, is SIA being devleoped to be complaint with privacy laws(e.g. HIPAA, FERPA) to lower the chance of liability for users?

These are my only questions, thank you in advance for putting on this AMA and answering my questions(if you get to them) and glad to see SIA has been getting better since the last time I took a look at the wallet.

Dictated but not proofread.

-kob93

The blockchain itself is not an issue at all for Sia when it comes to scalability. This has a good discussion on the scalability limitations of Sia: http://forum.sia.tech/topic/93/trust-spheres-and-scalability

Basically we use a payment channel style updates to allow data to be uploaded a virtually unlimited number of times on a single transaction. The individual nodes will need to track all of their data and manage the metadata, but 1 PB of data only has about 8 GB of metadata associated with it. That's definitely manageable on a consumer machine. To scale further (if needed), you can also store the metadata on Sia.

We also have significant improvements lined up to scale from 100k users to billions of users, but we're less focused on those because we are not at that level of growth yet, we'd rather be focusing on more immediate things like evangelism and usability.

I try not to openly compare us to Storj and rather try to let the technologies stand on their own. But in my biased view, Sia has both much better security properties, and also much better performance properties. In terms of price, Sia is something like 1/8th the price of Storj. I think you will also find technical teams preferring Sia to Storj after reasonable investigation. But both companies are very early. Other competitors really don't have a working product yet, so it's hard to compare. But among all that I've seen, I believe that Sia has the strongest architecture, especially when considering decentralization and attack surface.

For privacy laws, we have left our architecture ready to comply with as broad of a set of laws as possible. For example, it is easy to set up geographic restrictions on the hosts you choose. It is also easy to blacklist or whitelist specific hosts. Encryption and data protection, as well as strong redundancy were all day-1 features in the designs. The general EU data laws will be easy to comply with.

I could see trouble if regulators require the individual hosts to have certain certifications, but that's what the whitelists are for. It hurts decentralization, though only for data which requires the certified hosts. We will cross that bridge when we get there, but we are prepared for it and have been thinking about it for a while.

Are you guys hiring for a sales team?

you can send applications to [email protected]

What kind of speeds/bandwidth can we except? and will there be provisions to allow for different levels of speed.

For example if I want a cdn style storage for images, can I make sure my files are stored on fast connections with SSD drives?

On the release that's out today, you can expect speeds between 70 and 150mbps when uploading, and between 20 and 50mbps when downloading. Startup time is about a second I think.

In the future, upload speeds and download speeds will both be able to saturate any consumer connection, including gigabit connections. You will be able to easily select hosts that are faster or ping-time closer to you, with startup times being under 100ms.

SSD drives should not matter in this case, disk drives will be fast enough for any sort of content fetching and distribution. If you can find a measurable difference though, it would be simple enough to use that measurement when selecting hosts to figure out who is using drives that are fast enough for whatever application you have in mind.

thanks, and what about linear ordering for streaming buffered video?

Files should already be downloading in linear order, as long as you wait long enough before opening the file you can probably get away with watching a video while it downloads already today.

[[Movie-Streaming -- When?]]

As one of the biggest markets for privacy is uploading Videos or Movies like when you live in an unfree country and people want to tell their opinion about the government Can we expect a streaming function for sia coin and When could that be finished?

It's something that we intend to have complete before 2018. If all goes well, we may have it as early as July.

Guess the secret was the 1m usd? Congrats!

Q: How about building in a price reward for hoster with a high SLA. It would bring more stable network to all of us if the hosts had 98.5% or more uptime?

5x redundancy and the client preferring stable providers nullifies needing higher SLA.

imo SLA below 95% are pretty unserious providers. Rewards system needs a review.

95% is all that's needed because the redundancy is so superior.

I've run over the math a few times, and really 98% is the upper limit of where hosts are useful. If you are above 95%, you are doing about as much for the network as possible. 99.99% uptime of course is still useful, it's just that it's barely more useful than 95%.

That said, we really need hosts to be above 90% uptime for them to be useful to the network.

And, we actually do have penalties today for hosts with low uptime. They aren't as strong or as formal as we would like, but that's one of our primary goals for v1.2.0.