BrightID 2021 Q2 Roadmap
Here’s what the next three months look like for BrightID.
Let’s go into each of the six milestones in a little more detail.
🔬 Node discovery. How does a client (for example the BrightID app on your mobile device) know which node in the BrightID network to connect to? After this milestone, clients will be able to find out about other nodes from a small list of hard-coded “seed” nodes. If seed nodes trust other nodes, they’ll be added to the list. Then clients can use a “promise race” and other data to find the best node to connect to.
👩🔬 Anti-Sybil: Stronger connection types. You may have noticed there are different connection levels in BrightID. Different connection levels create different graphs of users. The goal is to have a verification that uses the very strong “recovery” connection level, which real people only assign to others they trust enough to help guard their BrightID against theft or loss.
🕵🏽♀️ Blind signatures. Currently, BrightID nodes store mappings between anonymous identifiers used by apps and BrightID identifiers so that an app can query about someone’s unique verification using their own identifiers. (BrightIDs are not shared with apps.) While this structure makes it less likely that a data leak could reveal information from one app to another, we can do even better. With blind signatures, we can remove this mapping completely. This simplifies the architecture and makes the system even more immune to data leaks.
📲 Client portability. We’ve already created the necessary features in the node API for a user to install BrightID on multiple devices and backup or recover their BrightID using another device, but would be hard to implement this without an example. We’re going to build a web version of BrightID that supports these features so that others can use it as an example to make their own BrightID clients.
💉 Anti-Sybil: attack modeling and injection. We’ve already created a great platform for modeling sybil attacks and comparing the results of different algorithms or parameters. In some approaches to sybil-resistance in social networks, there is a manual review step, and the algorithm is used to prioritize accounts to review. As a pseudonymous network, BrightID prefers an automated way to define the line between sybil and honest users. We can do this by automatically injecting modeled attacks into the real graph and measuring their rank against previously measured nodes.
🛡️Node Security. BrightID nodes have already gone through a hardening process, with sensible rate limits in place by default, but we want to take another pass at this. We also want to create API contract tests to make sure our node API and reference docs match. We will also audit the use of digital signatures and secure message passing.