Escaping leaky nets

It hurts whenever some service asks your private data. And in pain is everyone: the one, who is not concerned about the security, and a cypherpunk, for whom each such a requirement is like a red flag. The subject becomes even more poignant when you are asked to provide a photo/video of you. It feels like you are being robbed, and they are stealing your sense of privacy. But what’s worse — your data can be passed to third parties, making you feel nude and defenceless in the world, where walls have eyes.

In this material, we will consider the problems of the biometrical data storage and explore how they can be solved with the combination of SMPC technology and the open-source approach.

Pixel hunting

Digital nets of IT-giants gather more and more data from the user trying to solve the puzzle of him and use this complete picture “to provide better service”. They suck out everything from him so he couldn’t hide any secret in the room. But even if you use the Internet very rarely, you may have heard that nets of Google, Facebook, and other huge IT corporations are full of breaches. In the past, they had been not able to provide the necessary level of security for their clients’ private data, which led to multiple leaks. Names, bank cards info, emails, phone numbers, passport info, and other sensitive data was leaked and afterward traded somewhere / uploaded for the public. And to access it all you need, ironically, just to google it.

Now they want your biometry in their leaky nets. Of course, “it is the measure of making your account on the platform more secure”. But how many times has your account on any service been hacked, comparing to the number of hacks of those companies? The problem is not in security measures you can employ to secure your account — it is about the ability of companies to keep your data safe. The subject they fail abysmally.

And this is not to mention the provision of your data on a commercial basis to third parties for increasing their marketing campaigns’ effectiveness. Yes, it is written in “Terms of Service”, but users are forced to accept them — otherwise, they will lose connection with their friends, relatives and colleagues.

According to European laws, all services must delete biometric data from their servers after 30 days since they got them. But with the current power and authority, which will only increase, — IT-giants are the law. Users must protect their data themselves, by demanding from those companies the highest available security level for their data and transparency of its deleting process. But they can’t hear you from the low. At the same time, many users don’t care how their private data will be used — they are ready to provide everything by request.

You can provide your biometry to access the device or social network, but doing the same for financial services is another matter. Users must be conscious of this subject and not allow leaky nets to capture their biometry. Search for alternatives.

Anonymous shelter

With that said, although biometry is a good way to provide the highest security level, users should look for the best way to keep such data safe — not to store it. Spatium shares that vision.

The storage of users’ visual data is worth a lot and related to high risks. We are not interested in building a negative reputation around the service. That’s why we don’t store biometry at all: data is processed locally on each party’s device — only hashes are collected.

Biometry is used in conjunction with the SMPC technology for secrets generation. Data can be gathered from the camera on the mobile device with installed Spatium Software Wallet app or with a fingerprint sensor in Spatium Biometric Wallet. Generated secrets are encrypted and separated between the funds’ owner and parties he has chosen and processed independently. None of the parties can get access to money without funds’ owner consent. Biometric data are deleted after each interaction with the system and generated from scratch with each new session. With this approach, the secret is always with the user, copies are not stored anywhere, and he can access his funds from anywhere securely and conveniently.

Distribution of secrets between parties, chosen by the user, opens a road for unique features. One of them we previously called Hybrid. It can be used to share the responsibility for the funds’ safety with the entity, able to provide professional-level security for the secret on its side. As the security provider has only its own secret with the specific set of permissions, it can’t perform any action with funds without the user’s consent. Beyond funds safety, this solution provides users with a convenient way to manage funds: since a user and the security provider are connected (via the authorization and the split access to funds), it becomes possible to implement solutions for instant deposits/withdrawals/trades performing right from the users’ wallet with on-chain confirmations processed afterward. We will discuss this feature in-depth later.

Users are free to install the Spatium Software Wallet app on any supported device (desktop, smartphone, watches). At the same time, to achieve the highest security level, users can use Spatium Biometric Wallet. It is a hardware wallet in the credit card shape with a fingerprint sensor. This solution also doesn’t store any biometrical data, has open software and provides easy and convenient access to funds.

We believe that the open-source approach is one of the keys to the solution to problems mentioned above. That is why our repositories will be opened for the public. Moreover, Spatium solutions already have been completely audited and tested by open-source code reviewers as well as professional security companies.

Untraceable motion.

Centralized systems have shown that they are not capable of storing users’ private data safely. Such sensitive material as biometry must be managed in other ways. The combination of biometry with SMPC technology and open-source approach can lead to the creation of platforms, where the problem of data leaks will be eliminated, while users will be provided with secure, flexible and convenient solutions to manage their funds.

In the next article, we will provide more details about how we manage biometrical data.

Spatium develops solutions to store and manage digital assets powered by SMPC and biometry. In our technology, the private key is replaced with the encrypted set of secrets, stored on behalf of funds owner’s devices, individuals and institutions, chosen by him. Even if some of the parties are compromised — funds will stay safe. Such an approach dramatically decreases the risk of theft and provides a previously unavailable level of flexibility and unique benefits for everyone on the market: no single point of failure, easy recovery, no need in backups, blockchain agnostic, access levels differentiation, instant crypto/crypto and crypto/fiat exchange, fully compliant solution, support of dApps and DeFi services, etc.