A Farcaster host stores a user’s data as signed blobs and makes it available on the web. It is a simple, static file store which updates the blobs when instructed by the user and makes them publicly available on the web at a fixed URL. An AWS S3 bucket, IPFS node or even a set of linked Github Gists can serve as a host. A host should not be confused with an application which is a higher-order construct that may include a host, client and other services.
To be a valid host for a user:
- The registry entry for the user should map to a URL controlled by the host.
- The host should return a directory at that URL, which is a JSON object signed by the user.
The host directory is a signed blob that acts as a table of contents for the user’s data. It is a top-level data structure that includes:
- addressActivityUrl - a pointer to a json file that contains a user’s casts
- avatarUrl - a url to an image file that will be used as the user’s profile picture
- displayName - a non-unique display name chosen by the user
- proof - a url to a json file that contains a user’s address verification
- timestamp - a user generated, unverified timestamp which can be used to resolve conflicts.
- version - indicates the version of the directory
The directory contains some metadata about the user, and links to other resources that may be stored on the host or anywhere on the web. A single host can host many users by having multiple directories at different urls. An example directory for the user Bob would look like this:
The on-chain registry and off-chain host architecture makes it easy to change hosts or self-host. Let’s say that Alice owns a Farcaster name and has been using a third party:
- Create a new addressActivity and proof JSON or copy it from the old host.
- Create and sign a new directory and point it to the newly created files.
- Upload the directory to the new url
- Make a transaction to the Registry’s
modifyfunction with the new URL.
Everyone following Alice would be listening for
modify events on the smart contract. As soon as they received one, they would:
- Ask the smart contract for her new host directory URL.
- Fetch the directory from the URL and find the addressActivityUrl
- Fetch the addressActivityUrl, which contains all her messages as signed blobs.
Farcaster requires that every JSON object on a host be signed by a user's private key, which protects them from spoofing attacks. Malicious hosts and external attackers cannot pretend to be a user unless they are able to get access to the private key, which is not stored on the host.
Users are still vulnerable to data loss if a malicious host or external attacker deletes their messages. It's easy to mitigate this by maintaining a backup copy, and since the data is public this can be a service performed by anyone. An application could continually scrape and backup all public data on the network and charge users a fee for recovery.
addressActivityUrlis a legacy name that should be changed to
proofis a legacy name that should be renamed to
- Strict versioning and deprecation rules are needed for directories or clients will have to support all versions.
avatarUrlmust have some strict definitions around what types of images are permitted on the network.
- the numeric versioning system should be replaced with a schema system
- the directory should include the address of the username to make verification easier