Sia has no central server or authority that controls the network. It is a peer-to-peer system, comprising Hosts and Renters that may be located anywhere in the world. This means that the laws, rules, or regulations applicable to a Host or Renter in one location may not apply to a Host or Renter in another location.
Many Hosts are interested to know what liabilities they might incur by storing Renter data. Unfortunately, given the breadth of the Sia network, and the myriad different locations of Hosts and Renters, it is not possible for the Sia Foundation to identify all applicable laws, much less to give any legal advice regarding whether particular activities may be permitted under any specific law. Addressing these requirements is something that Hosts (and Renters) must do for themselves.
Nevertheless, the Sia Foundation recognizes that many Hosts do not have the means to personally investigate this matter. Accordingly, we have prepared this document to provide high-level guidance for Hosts on the Sia network. Much of the information here may strike you as basic common sense, but there is little harm — and possibly great benefit — in spelling it out explicitly. We therefore strongly suggest that all Hosts review and abide by these best practices.
The golden rule of hosting on Sia is: Do not knowingly facilitate illicit activity. From this, we can derive two concrete best practices:
- Limit your knowledge: Do not access Renter data (or metadata) except as necessary to fulfill the terms of your contracts. For example, do not manually inspect the files containing Renter data in your Host's data directory, or scan your incoming traffic for a particular hash.
- Limit your facilitation: If you do learn that your Host is facilitating illicit activity, take immediate steps to prevent it. For example, if you receive a takedown request that identifies offending sectors on your Host, you should comply with it by deleting those sectors. Again, this is not legal advice. If you want specific guidance for your jurisdiction, we recommend contacting an attorney.
The Sia Foundation develops and maintains Sia node software. It does not provide the Sia storage network itself. Hosts, Renters, and others running Sia nodes make up the Sia network. Anyone can download the Sia node software and become a Host or Renter. The Foundation does not control Hosts or Renters and, in fact, has no means of identifying them other than the information publicly available to all parties, such as the IP addresses that Hosts publish to the Sia blockchain. As a Host, you operate independently. The Sia Foundation cannot act on behalf of Hosts, nor is it in a position to offer Hosts assistance in their dealings with Renters.
When a Host agrees to store data for a Renter, the Host and Renter enter into a smart contract defining the amount of data stored, for how long, at what price, and the other terms of their arrangement. The Sia Foundation is not a party to these smart contracts, as Hosts and Renters engage directly with each other as peers. As a Host, you are responsible for setting the terms of each storage contract you enter into with a Renter, and for fulfilling the requirements of that contract.
Hosts are expected to provide true and accurate information to Renters. When announcing and advertising themselves to Renters, Hosts should not provide information that is false, deceptive, or misleading. Hosts are responsible for ensuring that the information they provide to Renters remains updated and accurate. Hosts should not seek to deceive Renters regarding the storage services they provide or the level or quality of those services.
Hosts are responsible for resolving any disagreements or other issues directly with Renters. The Foundation cannot be asked to act on behalf of Hosts or Renters, or to assist in resolving disagreements or other issues. The Foundation will not be responsible for such disagreements, nor their resolution.
The Sia Foundation is not responsible for the actions of any member of the Sia community, whether Host or Renter. Each member of the Sia community is responsible for their own actions, and for ensuring that their actions comply with applicable laws and do not cause any other member of the Sia community to violate applicable laws.
Court orders, subpoenas, warrants, and other legal or governmental requirements to provide information or take action vary by location, with each governed by different laws and dependent on different facts. While these types of legal requirements are generally infrequent, they should not be ignored. Should a Host receive such a court order, subpoena, warrant, or other type of legal or governmental requirement, we recommend consulting legal counsel.
Hosts should also not normally have access to information about the identity of Renters, other than their IP address. However, if a Renter’s identity becomes known to a Host, the Host should not disclose that information (or the IP address) to any third party absent a legal requirement to do so, such as a court order, subpoena, or warrant.
Whether encrypted or unencrypted, Hosts should not take any affirmative action to access or view Renter data or metadata stored on their servers, except as necessary to accomplish the transmission, protection, or storage of that data. The same holds true for Renter data while is it in transit to or from a Host’s server. In other words, with respect to Renter data and metadata, Hosts should limit their activities to hosting.
Sia encourages Renters to encrypt their data. However, Hosts should be aware that Renters may choose not to do so.
Each Host is entirely responsible for the systems it uses to provide storage to Renters. Hosts are expected to operate and maintain their systems at a high quality of service and in accordance with all standards advertised to Renters and agreed upon in any storage contract.
Host systems are vulnerable to denial of service attacks and other external threats which could prevent Hosts from fulfilling the terms of their storage contracts. It is the responsibility of each Host to maintain reasonable security measures designed to protect its systems from such threats.Document version date: Jul 25, 2023