Text about (Text)info false type=Textid=11name=aboutfile_type=text id 11 features false DefaultActions intentions false
My goal with this project is to enable people keeping control over their data.
In conversations you often hear: "I am not a computer specialist", "I have no clue" as excuse for what we did wrong. We have a high amount of complexity resulting from bad design.
The best example: id cards: Id cards are supposed to simplify many applications on one card but how many do we wear? And what if one is lost? The recovery and lock protocols are lengthy.
Next example: logins: For every shop website you have to log in. Guess what? People use amazon and other shops are dying out.
Bonus: because there is no validated identifier apps and shops increasingly rely on phone numbers. That's bad because it excludes people without phones and phone numbers are very vulnerable to hacking.
My solution for this mess: structured, verified, decentralized data which is heavily protected
And here how I try to achieve it:
- server architecture: less vulnerable to loss. High uptime (>99%).
- Multi-Factor authentication: don't restrict people to 2-Factor. Allow people to select their protections and give a feedback how strong the protections are
- Recovery=Login Design: many people abuse recovery mechanism for regular login. So treat them like this. This enhances the overall security.
- Segmentation: shops should not be able to see all of your data. And you should not have to look through a long list of permissions you don't know what they include.
- simplicity: my data format is simple and structured. This means it is hashable. Requesting data takes only one GET request line. This should be compatible to nearly every computer system of the last 20 years.
- anchors: a unique, secure identifier which can be one of multiple identification methods. Including PGP. Advantage: it is really future proof.
- verifiable: by hashing the structured data and validating hashes against trusted providers, it is possible to prove, that the data are correct and the server is allowed to serve them.
With the little more complicated verification protocol it is even possible to verify that the client could authenticate on his server. This means replay attacks are not possible anymore.
- creating an ecosystem
= vivid community with commercial and non commercial products
- Reducing dependency on legacy, lock in technology
- reducing id cards to one paper with QR code