In the next decade, web services will be everywhere, living in more places than just your browser, and reason over every intimate detail of our personal lives. Our private lives have become a public commodity and as web services evolve to become more personal, to live everywhere, we need to rethink how we control our data.
Today, there is no such thing as private web data.
If it lives online, somebody owns it. The web provides free services in exchange for personal data. This business model is obsolete and puts users at odds with web services. Users must hand over personal data in exchange for services to interact with one another in their daily lives. Service providers must manage sensitive data that risks their business if improperly stored, processed, or disclosed. This is problematic and should not have to be this way.
Tomorrow, the web will become private-by-default
Over the past decade, new technologies to protect user data have become practical. For the first time, users have a choice. They are not constrained to giving up control of their data, and data breaches no longer have to be an inevitable price to pay. And for the first time, web services can use privacy-preserving technologies to protect users while expanding the possibilities of their web experience.
Becoming zero-knowledge
Unlike web technologies today, zero-knowledge cryptography presents a foundation for the web that is secure, compliant, and fair. New web standards built upon this technology offer users choice and will mitigate the impact of data breaches.
First, zero-knowledge makes web services secure
For example, rather than risk leaking a user’s password, users can now hash their password on-device, without ever having to send their password over to any web service. Not only does this keep user data on-device, it reduces access control overhead and eases the legal responsibility that web services must bear today.
Second, zero-knowledge makes web services compliant
For example, brokerages today not only learn the complete history of a user’s transactions, they also learn when a user performs a trade. Access to this data allows brokerages to sell valuable information to third parties, choose to deny service to specific users, and even front run their own users on exchange. This is a serious and unsolved problem. Users should not have to hope their brokerage behaves honestly, and regulators should have proof that brokerages adhere to their standards.
Third, zero-knowledge makes web services fair
Web services should not have to possess users’ data in order to provide a valuable experience. Users should be able to interact with web services blind to their personal information. For example, if a brokerage cannot learn their users’ data, they cannot target any one user — whether to deny them service or offer an unfair price. The choice of handing data over should be one that users get to make.