I’m testing Storj DCS (web version) and it looks great!
Congratulations (to all devs) for the great product!
Considering the use of Storj DCS (web version), I’ve got a few questions about erasing and persistence of files on Storj’s network:
For how long do my uploaded pieces (files) last on Storj DCS (Storj network - P2P nodes) - i.e. file persistence/availability - while I’m using my free 50GB account?
If 2FA is activated, is 2FA asked when anyone tries to Reset account Password?
Are all my uploaded pieces (files) instantly erased from all P2P storage nodes after I had clicked “Delete” button (Objects Upload Children screen) for each uploaded file of mine?
Are all my uploaded pieces (files) contained inside a Bucket (or Object) instantly erased from all P2P storage nodes after I had clicked “Delete” button (on Bucket Management screen)?
This isn’t entirely correct, the nodes that are online process the delete right away. Garbage collection is only responsible for cleaning up pieces if a node missed the deletion.
Keep in mind though that even when a node is offline and it takes a bit for the piece to be deleted, it will be only a small part of an encrypted blob. There can be no information pulled from it.
Deletes are asynchronous, this means they get processed right away by the satellite and nodes, but the response doesn’t wait for all nodes to have finished. As soon as the satellite has the information it needs, it returns the call and starts the deletion process on nodes. This greatly improves performance for deletes for customers. But getting a response doesn’t guarantee the files are already completely gone. (this is more a matter of miliseconds to seconds than minutes though)
I support your initiative (implementing that functionality) because allowing password reset without 2FA confirmation might open a possible surface for a skilled attacker…
Definitely, we still have some notable security holes. MFA is actually a very recent feature (past 6 months, I think), so it’s not surprising that this slipped through. In any case, this is a high priority task.
Yes it’s possible, but via support request. You must have an access to both email addresses and will be required to register both on HelpDesk platform, this will prove that you are the owner of both addresses. Then your old email address could be replaced with a new one.
This process could be updated in the future though.