Design goal¶
The Nano ecosystem is designed with the goal to provide an easy to use data sharing platform with unparalleled security and privacy. This high level of security and privacy is based on the unique way of handling each message which goes through Nano’s network.
Nano’s network is not peer to peer, but rather a hybrid server-client network.
The Nano system has centralized Clarabot servers which act as proxies for the data sharing network. The Clarabot servers provide robust security for the clients in the network. Without the right permissions, no Nano user is able to snoop into the files of a different Nano user. The hybrid server-client network also makes it possible to cache the separated, encrypted data streams for a shorter request round-trip-time.
Privacy is guaranteed despite the centralized servers. The servers do not store the user’s data, they only relay it in a safe and secure manner.
The user stays the owner of their data.
Layered Cryptography¶
At the time of registration, multiple keys are set-up for the user by the Nano client for different purposes. It’s crucial to choose a strong password for the user account. Without a strong password Nano won’t be able to provide you with the highest level of security. We encourage every user to read the password policy in the getting started chapter.
Using a strong password allows Nano to set up a durable security fortress around the user’s private data. The security implementation consists of multiple layers of different cryptography methods. This gives your shared data unparalleled security within Nano’s collaborative file sharing system.
For an in-depth tour through the different cryptographic protocols used in Nano’s system, please refer to the cryptography chapter.
Transparent implementation¶
The security keys for the user are created client-side on the user’s device. This promotes a zero knowledge principle within the Nano system. The sourcecode for this client side implementation is made publicly available for independent verification.
Zero knowledge¶
The central servers work on a strict Zero Knowledge principle. Zero knowledge means that beside the owner no other user can access the transmitted data. Not even the Clarabot servers have the ability to decrypt the transmitted data. This ultimately removes the risk of userdata exposure in case of a central server breach.
End to End encryption¶
End to end encryption means that no sensitive data leaves the users’ local machine in clear form. Everything goes through cipher processes before it’s handed over to the messaging pipeline, only to be decrypted by the receiving end. Because of this process, there is no way to decidedly alter the data being sent without the receiving end noticing.
The end to end encryption combined with the zero knowledge design means that no other parties - not even the servers at Clarabot - are able to access the user’s data. This serves as a building block to facilitate secure dialogues between users, and by extension, group of users.
Handling of Unencrypted data¶
Some limited data of a user account is not encrypted, for example the user’s email address. This data is required to be kept unencrypted in order for the servers to provide certain services. The handling of this information is in accordance with the rules laid out in the general data protection regulation (GDPR).
Please refer to the privacy statement on other technical data management like IP addresses, billing addresses, etc.