An important question we have to answer at AeroFS is how to keep track of file changes and maintain consistency without using a server. For example, when a file is changed, the system needs to guarantee that all other computers receive the change. In a server-based system, the computer that originates the change can simply tell the server about the change, which in turn tracks which computers have received the change and which have not. Without the server, however, keeping track of such information is extremely difficult, especially if any computer can goes offline or lost contact at any time.
We have developed a series of decentralized technologies to address these issues. As a result, AeroFS does not need a central server to keep computers in sync. However, in striving for a good balance between user experience and user privacy, we do maintain minimal information on our servers, so that even if all the computers belonging to a user are offline, the user can still set up new computers and join shared folders. The information stored on our servers includes:
- The secure hash of the user's password, so that the server can verify the user's identity independently.
- The user name, as well as the name of the user's computers, so that these data can be shown on the new computer's user interface immediately after setup.
- Permissions of the folders shared with the user, so the computer can start syncing the folders with correct permissions immediately after setup or joining the folders. Shared folder names are also kept so AeroFS can show them on the user interface.
User data and even their metadata such as file names and directory structures are encrypted “end-to-end”. That is, computers establish direct, secure connections using each other's security certificates, and send all data and metadata through these connections. This differs from the traditional approach where both peers establish a secure connection to a third-party server in the middle, which decrypts the data from one computer, and re-encrypts and forwards it to the other. End-to-end encryption guarantees that no “middle-men” are able to tap into the conversation at all.