Dr. Corey Petty, Security Lead of The Status Network, a collection of privacy solutions, doesn’t like saying the word “decentralization” for decentralization’s sake.
“What we’re doing or trying to do within the blockchain decentralization peer-to-peer ecosystem is find out where power is concentrated and try to distribute that across multiple parties, such that any individual or group of individuals don’t have overwhelming power across the rest of the ecosystem,” he told me.
He says blockchain systems take traditional trust mechanisms and distribute them as best they can. “When you’re talking about a messaging platform, for instance, like our messaging service, passing messages requires a decentralized system, because we don’t want to rely on any central server to be the central point of failure,” he explained.
If Status ceases to exist, and the team loses the ability to develop the product, the network should still carry on and be able to be developed by anyone who wants to do so.
“Or if some of the servers that we run on behalf of the network, for some reason or other, get destroyed or burned up, anyone who would like to continue the network should be able to just run their own and can do the same thing,” he said. “And so we build stuff in such a way that there’s no reliance on any central third party or we try to reduce that as much as possible.”
That’s the idea of decentralization. “You shouldn’t have to rely on Status to use the Status Network or build on the Status Network in any way, shape, or form,” said Petty, who has a Ph.D in Chemical Physics from Texas Tech University. “That’s an important thing, especially as we’re seeing a lot more surveillance, people losing their original mottos, like, ‘don’t be evil.’”
When you build stuff with this infrastructure or architecture in mind, you have to do it in such a way, where you relinquish your ability to choose to be evil. A truly decentralized system ‘can’t be evil,’ said Petty. The team doesn’t have the power to do these things. “That’s the only way these systems actually work.”
We don’t own our digital identities on the internet, said Petty. “You ask the vendors in applications that are the custodians of your identity to do things on your behalf, and you hope that they are good custodians of that information.” But, bad players who’d like to get access to that information can, because they can’t secure it appropriately.
“When you build systems that aggregate information and store them in a central place, it makes it much, much easier or more appealing for people who would like that information to attack it, and then get a tremendous amount of information on a relatively small amount of work,” said Petty. “And, that’s an inevitable conclusion or an emergent property of that particular internet architecture whenever you build things that centralize and aggregate information.” It puts a tremendous amount of power and responsibility into the custodians of that information.
“The concept of building things in a more distributed or decentralized manner, is trying to move away from, not only the ability of people to manipulate and take advantage of information, but, also, to mitigate security implications of when that information gets compromised, and the amount of damage that can be done when a specific part of it gets compromised,” said Petty. “You see that time and time again, in a myriad of ways, whether that be Equifax
In these instances, not only does value become compromised. So too does information, and personally valuable information, about us users. There are a few target audiences for such privacy-focused applications.
“People need access to a messaging platform to give them very strong guarantees and confidence in the fact that they’re not being surveilled in any way, shape, or form. This gives them the freedom to say what they need to say without ill effects based on them saying it,” said Petty. “This could be a tool for under-served people across the world or people living under more tyrannical regimes, where the very fact of journalists saying something puts their life in danger.”
The messaging protocol borrows elements of the Signal protocol, specifically its double ratchet algorithms for perfect forward secrecy, which protects past and future messages should encryption keys become compromised. “We’ve just further decentralized that because we don’t have central servers,” said Petty, noting how his team is trying to make such a platform more accessible, and minimize the information required to get started. While a version of the Signal protocol is used for perfect forward secrecy in 1-to-1 messages and group chats, Status’s P2P messaging protocol, Waku, provides all other security in the network.
For instance, you still need a phone number on Signal, which ties a tremendous amount of personal information about you. “We don’t want that as a requirement for being able to say something to those you need to say it to,” said Petty. “We want to be able to allow someone to add that information, if they want to, and selectively disclose it to the people they’re talking to, for maybe an attestation or proof of who they are. But, it shouldn’t be a fundamental requirement.”
Over the past ten years, people learned how much personal information they’ve had to give up in order to use traditional apps. “People have started to realize that all of these free products they’ve become used to using for convenience sake, or for communicating with loved ones or sharing their pictures, have ended with them being the product.”
People are starting to wise up and realize that they don’t like that, says Petty. “And they need different solutions to opt out,” he said. “And we’re going to be one of those solutions. We are one of those solutions for people to opt out of being the product of a company, letting them enhance their lives without compromising what we believe to be the fundamental human rights.”
Get The Best Financial Tips
Straight to your inbox
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.