Public data in Gun can be read by anyone. They may not have a full copy of the database, but if someone knows your public key they can request everything under your account. This is by design and makes account migration much easier if someone needs to reset their password.
Private data in Gun can also be read by anyone, but the difference is that it's encrypted. It should only be possible for users who you've shared data with to decrypt your messages. RSStream doesn't create much encrypted user data yet, but it does support a mechanism for encrypted data recovery.
The recovery method built into the application is to listen for public key changes on accounts you already follow. This is possible because account codes don't change. If someone you know needs a password reset and creates a new public key, you know that they've lost effectively all the encrypted data on their account. What you're able to do as a contact is re-share your copy of any data you previously encrypted for them. This is done automatically because RSStream knows what data was previously shared and now has their new public key with which to encrypt the same data. If all users do this they will effectively restore all previous conversations.
Here's what the code looks like for that:
const updateAccount =(account, accountCode)=>{if(!account)returnlet check ={
pub: account.pub,alias: account.alias,
name: account.name,ref: account.ref,
host: account.host,}// Check this account against the users list of contacts.const contacts = user.get("public").get("contacts")
contacts.once(async c =>{if(c)delete c._
let found =falsefor(const contactCode ofObject.keys(c ??{})){if(contactCode !== accountCode)continue
found =trueconst contact =await contacts.get(contactCode).then()if(contact.pub === check.pub)break// If the public key has changed for this contact then store their// new account details and re-share encrypted data with them to// help restore their account.
contacts.get(contactCode).put(check, ack =>{if(ack.err) console.error(ack.err)})
gun
.user(contact.pub).get("epub").once(oldEPub =>{if(!oldEPub){
console.error("User not found for old public key")return}
gun
.user(check.pub).get("epub").once(epub =>{if(!epub){
console.error("User not found for new public key")return}const shared = user.get("shared").get(contactCode)
shared.once(async s =>{if(!s)returndelete s._
const oldSecret =awaitGun.SEA.secret(oldEPub, user._.sea)const secret =awaitGun.SEA.secret(epub, user._.sea)for(const key ofObject.keys(s)){if(!key)continueconst oldEnc =await shared.get(key).then()let data =awaitGun.SEA.decrypt(oldEnc, oldSecret)let enc =awaitGun.SEA.encrypt(data, secret)
shared.get(key).put(enc, ack =>{if(ack.err) console.error(ack.err)})}})})})break}// Add the new contact if we referred them.if(!found && account.ref=== code){
contacts.get(accountCode).put(check, ack =>{if(ack.err) console.error(ack.err)})}})}// Listen for account changes to add new contacts, update existing contacts.
gun.user(pub).get("accounts").map().on(updateAccount)
Encrypted user data
Private data in Gun can also be read by anyone, but the difference is that it's encrypted. It should only be possible for users who you've shared data with to decrypt your messages. RSStream doesn't create much encrypted user data yet, but it does support a mechanism for encrypted data recovery.
The recovery method built into the application is to listen for public key changes on accounts you already follow. This is possible because account codes don't change. If someone you know needs a password reset and creates a new public key, you know that they've lost effectively all the encrypted data on their account. What you're able to do as a contact is re-share your copy of any data you previously encrypted for them. This is done automatically because RSStream knows what data was previously shared and now has their new public key with which to encrypt the same data. If all users do this they will effectively restore all previous conversations.
Here's what the code looks like for that: