Are access grants meant for groups of users?

I’m a bit confused about what the access grants are for.

I’m used to nextcloud where I made two clouds.
One small one for all the files I would want to have quick access to on a new computer,
and a large one for everything else.

I assumed access grants would be like that, but I feel like I’m quickly discovering that the structure here is different.

Anyone with given URL can have an access encoded in it. If you revoke an access, the URL will stop to work.
You can generate an URL to the known path only if you have an access grant from the satellite UI or from the uplink share command

If you use sharing option in the Nextcloud, then it would be shared via your Nextcloud instance not from the Tardigrade itself.

1 Like

So it’s everyone can read the file hosted on storj or no one can?

No one can without URL or access grant.
For example, if even I would know the path to your object, but do not have an access grant - I will be unable to create an URL for access (but I can for mine object with the same path and generated URL will not match yours, because they have a different parent access grant from different projects and accounts).


I’m sorry. I worded that incorrectly.
The question should have been:
So it’s “Everyone can read the file hosted on storj or no one can, there’s no in between.”?

Currently. I’m able to access download a song file without having to log into my tardigrade account.
My aim is to sync my French music and Japanese music folders to my phone so I can still listen to them while I am away from home, but I want to decide whether or not I want let the world to know that I sometimes like to listen to Mini Moni Telephone Ring Ring Ring (my introduction to Jpop) for example.

I was wondering about a Tardigrade desktop client as a Nextcloud replacement,
but this sounds as though I could simply the use Nextcloud client as a Tardigrade desktop client.
Am I correct in this assumption?

There is, you determine who you share access grants with and you can assign different rights to different access grants. You have very granular control.

Setting aside the fact that I think you just voluntarily did, just because you can share the access grant with everyone doesn’t mean you have to. Think of it of authentication passed through the URL. This is also why the URL is so long. As long as you keep the access grants and URL’s to yourself nobody can get access to the data.

1 Like

I mixed up ‘I don’t want everyone to know’ and then ‘I want to decide whether or not’.
And yes that was voluntary. I thought I’ll just pick an example that is funny, I’m not too afraid to admit, and others can relate to might be embarrassing.

How can I read those files without URL? Can I do this using a Nextcloud Desktop Client?

This sounds like “security through obfuscation only” for URLs.

What makes you say that? This solution exchanges secure access grants over a secure channel (the URL of an https request is always encrypted in transit, just like any form would be). It uses industry standard encryption and authentication technology.

I think you’re just hung up on exchanging authentication information through the URL. But there is nothing wrong with doing that over an https connection. You should be aware though that all the information needed to access the data is embedded in the URL. So don’t share it with anyone if you don’t want to. But just like it’s impossile to guess someone’s private key, it’s also impossible to guess someones access grant and with that it’s impossible to guess the URL that would contain it. If you consider this obfuscation, by definition any encryption or authentication scheme would be obfuscation.

There are many ways through either Storj uplink or uplink libraries, compatible third party software, AWS compatible gateway using AWS library or compatible software etc. I have not used nextcloud yet with Storj, so I’ll leave that question to someone else.

1 Like

I was under the impression that you were saying before, that as long as someone doesn’t know what the URL is, someone can’t access it.

Well, that’s a yes and no kind of situation. Let’s look at an example link.

You don’t need anything other than this link to watch that video. Because the access grant is part of the URL. When you’re sharing a URL like this, you’re sharing the access grant along with it. But the only way for anyone to know this URL is if you’ve given it to them. There is no other way to obtain the URL and I think you’ll agree there is no way you’re going to brute force a URL like this. :wink:


Yes, you can with your Nextcloud server configured:

You also can do not host the Tardigrade S3 Gateway for the Nextcloud server, but use a Gateway MT (hosted solution as a service) instead:

But keep in mind - the Gateway-MT uses server-side encryption unlike Tardigrade S3 Gateway (you should host it yourself alongside with the Nextcloud server and it uses a client-side encryption).

If you need a client for Tardigrade, you can use FileZilla (but you cannot share links from it at the moment) or integrated web-interface of the Tardigrade S3 Gateway on http://localhost:7777, you can share links from it, but you then should expose it to the internet with SSL via reverse proxy for example.
Another way is to use experimental web interface:

1 Like

Okay, that sounds a lot better than I first imagined.
How much RAM does the Tardigrade S3 gateway use?

Depending on load. The requirements you can see there:

1 Like

2 posts were split to a new topic: How safe is it to store cryptowallets on storj compared to for example metamask?

4 posts were split to a new topic: Storj doesn’t cut files into chunks like Maidsafe does?