One of the goals of a service offering privacy, is that they should build their system so you don’t have to trust them. This is not easy, but it’s worth watching the organizations who do so.
I’m happy to announce that we’ve got ID hashes working, which is the first major step in ensuring that users no longer have to trust that me or anyone in the organization can access your information! Not only does this mean you don’t have to trust my team’s access to your data, you don’t have to trust any of our vendors either as none of them can access your personal information.
Your personal data is no longer stored in plain text in our database, so once your ID has been guarantored, it is hashed, and if (when) our database is ever compromised, your personal data won’t be impacted.
This is the second stage in our TUTT (trust-us-through-technology) roadmap.
The next two steps take a lot more resources, which means we need more paying customers to get there.
Stage 3 in our roadmap will be enabling encrypting the user’s government issued ID with PKI (public key infrastructure) which means that the user gets full control of the private key used to encrypt their ID. Enabling PKI means no access is possible to a user’s guarantored ID without the private key of the user being used to decrypt it. The downside of this means if the user loses their private key, they have to get their ID guarantored once again, but we have ideas on how to minimize that risk.
The final stage on our TUTT roadmap will be when we can open source the code base for full transparency. This will require independent third party audits by multiple independent third parties, but we’re excited to get to this place and we hope you are too.