New 📦: Store Media Cache Wrapper
Proud to introduce another 📦 from the Acter shop: this time to allow your media files to be securely cached on the file system rather than in the internal database.
— Ben
It is common practice for Apps on mobile Phones to separate out the data important for the App to run from the data that is more volatile and could be downloaded again: usually referred to as "App Storage" and "App Cache". This is pretty useful as it allows the owner of the phone to clear the cache, data that isn't important for the app to run, to free up space and yet have a fully functional app.
Unfortunately, the way the current Matrix Rust SDK (we use internally) approaches storage is to have one singular store entity provided for the entire app that is responsible to store both message and state data as well as large files downloaded. The benefit of this is that whatever encryption you used for the state store is also applied to the downloaded files. However, most databases aren't designed to hold and deal with large binary data efficiently, but the bigger problem for us is that we can't easily clear the downloaded (cached) media without also purging the users highly important message and decryption data.
Introducing:
For the last few releases of Acter we have been testing out our new tiny wrapper for the matrix-sdk-sqlite-store we use internally, called matrix-sdk-store-media-cache-wrapper. It splits off the calls for downloaded media and instead stores them locally on the file system. Together with the outer layer providing a separate path to a system-provided cache directory means that any media downloaded is now living outside the main store. Thus allowing the user to clear the cached media, and only the cached media, while starting their app up after and have all their messages, state and most importantly encryption-keys available.
After weeks of having it run in production we are now confident to announce it stable for use to the wider public.
Is it secure?
Yes, of course. We are a privacy-first shop. For us privacy and user safety isn't an afterthought but a clear requirement from the start. This crate is no different: the file cache store we provide by default requires the caller to provide a passphrase (which is automatically generated upon first login for each device and stored securely in the system provided key store in Acter). With that and a Store Cipher
stored in the wrapper storage itself, it will encrypt both the data itself but even the filename it stores the file under. Thus keeping all your data encrypted-at-rest and if anyone would get hold of them they need both the passphrase and access to the same wrapper state store to decrypt the data.
Can I use it?
If you are using Acter and you have logged in within the last three weeks, are you already using it. If you have upgraded Acter but didn't re-login, all it needs is to log yourself out (destroying all local state) and freshly login. This is already shipped on all mobile and desktop releases since 1.24.2208 (released February 8th 2024).
If you want to use it for yourself for your own Matrix-Rust-SDK-based project, you are at luck as we just released it to crates.io earlier today for the usage with 0.7.0 of the Matrix-Rust-SDK or you can use it from our Github repo (but be aware that we irregularly upgrading to the latest matrix-rust-sdk main ourselves).
Going further:
- Matrix Chat with the Tech Team (if you need help with it)
- More about the Acter Tech Stack and our Open Source Projects
- For the matrix-sdk-store-media-cache-wrapper-create: