Private data - how private is the state of public/private canisters

Short question. I am new here and wanted to understand how private is the data stored in the state of a canister?
In the FAQ I did read " The Internet Computer supports both open and private canisters, …".
What are the features of private canisters? Can anyone point me to documentation or examples using private canisters?

I am used to Ethereum, where anything that is not encrypted is completely public, state, transactions, and code. How does Dfinity compare to this?

1 Like

Hi @CJentzsch, welcome to the Dfinity forum - great to see your name here!

We’ll update the FAQ question to further clarify; at the present there is no system-level feature for private canisters.

At Genesis, the system API provides entry points to canisters via public methods. Consumers of your canisters will only be able to access state marked as public. However, node operators could theoretically inspect the state of canisters on the physical machines they are hosting.

Of course, any data encrypted prior to ingress by a canister remains encrypted.

The team has ideas around privacy enabling canisters and subnets but those are on the post-Genesis roadmap.

Is there any particular feature that you are hoping to see?

4 Likes

This post was flagged by the community and is temporarily hidden.

Thanks for your response.
I understand that features such as homomorphic encryption are not there yet.
But is non-public data, such as the state of a canister which is not readable through public functions, private? In the same way as my data on AWS nodes are private?
I am not talking about the level of privacy where even the admin of a datacenter has no access to the data, I just mean the level of privacy that the general public has no access to it (compared to smart contracts on Ethereum).

I invite you to read Add access control with identities :: Internet Computer

2 Likes

Yes it is in that regard, you have full control over who can query your data at the point of entry into your canisters, you can check the caller and make decisions in your code on whether or not to return data.

1 Like