Hydro AMA Recap
Yesterday, we held an AMA and we were blown away with all of the amazing questions. If you want to check out the whole thing, you can see it here. If reddit isn’t for you, we thought it would be best to highlight a few of the best questions and their respective answers for you.
From lawale4me
What distinguishes the 2FA from TOTP and HOTP standards?
Anurag’s reply
TOTP and HOTP have a shared secret between you and the website — if you can prove that you have the secret, then the logic goes: you must be the correct accessor since nobody else would have that shared secret. This relies on you trusting the website not to lose your shared secret; if a third person were to acquire a copy of the secret, either by phishing you or by hacking the website’s database, they could pretend to be you. Client Raindrop is more similar to U2F authentication which replaces the one-time password with public key cryptography. This way, the website does not need a copy of your private key to prove that you are the correct accessor. The reason that U2F couldn’t be a standard for authentication for most consumer apps prior to our solution is because it would be a pain for an end-user to have to provide their entire 60+character public key to each website with whom they want to sign up — USBs and other ways of passing the info to websites aren’t as simple and intuitive as OTPT. If you ask someone to store a mapping of your public key to a username, that would normally defeat the purpose, as a hacker could change this mapping and pretend to be you. We store this mapping on-chain where it can be verified. This way, you only need to pass your username to the website, and then anyone can confirm that any message signed with that public key belongs to the owner of that username, and the mapping is immutable.
From ljb1187
With your past and current experience with Hedgeable, what business practices and skillset have you developed over the years that you are taking forward and utilising towards developing solutions for the Hydrogen platform, and Hydro itself?
Shane’s response
For those who might not know what you’re referring to: Hydrogen is an evolution of an earlier company called Hedgeable. Hedgeable is an online investing app, while Hydrogen is a technology platform.
I was one of the first team members at Hedgeable, and I think the experience in building that out has been invaluable. It gave us a lot of insight on how to build fintech products, how to read the market, how to adapt to a changing environment, how to deal with financial/securities law, and how to grow a user base organically.
At Hedgeable we focused intensely on product innovation as a way to attract new users (i.e. offering things that other people didn’t have the ability or vision to offer). One example of that was Hedgeable becoming the first retail investing platform in the world to offer bitcoin as an asset class alongside traditional investments (back in 2014). We pride ourselves on how strongly we strive to innovate, which has brought us great success in the past and is something that will continue with Hydrogen and Hydro. Part of what drives our decisions now is the notion of “what technology do we wish existed when we were building Hedgeable?”
Outside of product experience, I think one of the greatest benefits has been the relationships we made in the financial sector — many large financial enterprises were already aware of Hedgeable (because we were disrupting them) and that has made conversations much easier at Hydrogen.
From barkb4rk
What is the priority once the 2FA app is released and deployed?
Noah’s response
We’re getting really excited about the next phase in our roadmap: Snowflake. Snowflake is going to tackle identity management on the blockchain. Our initial product is going to empower users to own their own data, and allow companies that users approve to receive their information in exchange for Hydro. This will involve some really interesting token dynamics, encryption protocols, and another kickass mobile app! Check out the link for more information on our entire roadmap.
From ljb1187
In future, do you see yourself merging Atom + Hydro + Ion solutions together? A big talking point nowadays, for example, is how powerful IoT, Blockchain and AI solutions can be when they are combined. IMO with Hydro’s skillset and experience you could potentially be the first provider of these multifaceted blockchain/ai/fintech API solutions for real world business use cases.
Andy’s response
That is our longterm goal. We believe that combining all of our different products allows for the most wholistic platform solution for a finance application that is available today.
Teajaytea7 asks
What is the plan to get exchanges and other various financial services to begin using Raindrop over google’s 2fa or Authy?
Shane’s response
We are approaching this from 2 angles:
For startups and companies in the crypto space (like exchanges, etc.) we are focusing on innovation. These companies are already interested in blockchain, and a solution that uses new tech like this in a simple and intuitive way is a great pitch for them. By implementing Raindrop, they can lessen their dependency on huge central points of failure like Google, while also introducing cool new features like easy account recovery on a new device.
For large financial enterprises we go with more of a platform-focused pitch. Hydrogen offers many solutions that can help these institutions in a variety of areas, and once we get this conversation going it becomes natural that they turn to Hydro for blockchain-related features and solutions. Since this is all wrapped together in an ecosystem, Hydro benefits from the value of other products like Atom and Ion, and vice-versa.
Lexidoge asks
What are the biggest challenges that the team is currently facing.
And most importantly, do all the employees really get unlimited snacks and how often do you all bowl?
Anurag’s response
A lot of people get intimidated by the idea of adding blockchain functionality to their businesses; it can be scary to embrace a new and upcoming technology. It’s one of the reasons we started our Blockchain in the Real World series on Medium — we’re trying to overcome the prevailing mindset that blockchain is a big, scary, unknown for businesses and demonstrate the easy value-add a well-built blockchain product can provide.
Lots of snacks, and a well-stocked fridge! I usually grab a greek yogurt and/or some coconut water in the morning, have a nice healthy bowl for lunch, and have a kind bar or a bag of chips in the afternoon (with a few chocolates throughout the day!) we haven’t gone bowling since I joined in March, but we’ve gone to a comedy show and had a cooking competition which Mike won!
update! We just added bowling to the calendar for next month :)
From Buffsalad
Why would your clients use public blockchain versus private databases? What is their benefit, what is their incentive to use public blockhain? Do you think that financial auditors will value public blockchain data as more reliable than data in private systems? I’m an auditor myself and we put in tons of hours during the interim periods to validate that data from systems is reliable and uneditable by the client, hours for which the client pays. Running systems on block-chain might eliminate those hours? Do you have (larger) clients that are interested in implementing Hydrogen Protocol services?
Noah’s reply
That’s a great question. We think that private databases have a lot of use cases, and they’re not going away anytime soon. Our goal with Project Hydro is to provide blockchain-based “power ups” that can augment existing systems. Our security offering (Raindrop) is predicated on the fact that users are storing their data with some third party, and simply offers an additional security layer on top of this database that logs access requests, confirms identity, etc. on the public blockchain. From an auditing perspective, we are researching solutions going forward that will publicly and immutably log attempts of companies to access user data, but not contain the data itself. These are the types of tools that we think companies will be very interested in adding to their existing technology stack.
From lvseg
Hi guys, first I’d like to say thanks for taking out the time from your extremely busy schedules to enlighten the community via this AMA, some of the questions and answers here are just so beautiful that I might make prints and frame them, lol. So here’s my question, you said smaller players (e.g) exchanges have to stake Hydro to implement Raindrop on their websites as a way of ensuring they act as good actors. Can you explain the actions expected of a good/bad actor in this sense and what would happen to the stake if a website is a bad actor. Second question is, for a medium/large player (e.g exchange) that has millions of users daily, how much Hydro would such a player have to stake to implement Raindrop as 2FA on their platform? Thanks!
Noah’s response
Surely you can’t mean /u/HydroAndy, /u/HydroAnurag , or /u/HydroShane’s answers…😉.
Regarding staking: we don’t have an explicit slashing mechanism (at least for any of our existing products). In the context of Client Raindrop: we architected the smart contract such that other apps could integrate into the authentication protocol, but in order for them to do so, they need to stake (lock up in a smart contract) some amount of Hydro. This is akin to requiring that these apps have “skin in the game” and make them less likely to e.g. spuriously sign up users, maliciously collect user private keys, etc., as this would harm the value of the Hydro ecosystem that they’re participating in, and are staked in via the token. In terms of staking quantities, this will depend on the rate of adoption. I can tell you that for a third-party integrator, they’d be required to hold no more than .5% of the total HYDRO supply as a hard upper bound, but in reality it would probably be much less. This upper bound is visible in the smart contract, and is meant as a good-faith effort to appease people who don’t even trust us!
