Skip to content

Identity recovery v2

Eventually, user loses device and jumps to another. Because SSB is non-cloud, it can't re-authenticate easily. And because this is always an accident, users are not prepared for when it happens.

Manyverse needs to guide user and warn when something is amiss. This is an existential issue that demands a multi-pronged solution, because eventually users lose their device, and they likely won't return if they have to start from scratch.

The use case we're following here is "I lost my phone and I want to recreate my authentication in a new one". Assume a user will always go thru this story at least twice in their lives.

1. device protection

First we need to prevent others from authenticating as user, on old device

  1. App should detect if device has enough protections 1
    1. if yes, it says nothing
    2. if no, app should ask for in-app protection (think financial apps) and warn user of the danger if they don't allow

1: protection can be biometric, pin, faceid, etc

2. Creating shards

We're the sum of our relationships

  1. App should set a minimal dark crystal configuration
    • Suggestion: 3 shards reconstruct you, 5 people are asked for redundancy
  2. App suggest possible users (mutual follow, etc)
  3. App complains if conditions are not met

Note: Shards are based on Dark Crystal's secret sharing. Learn more about Dark Crystal technology

3. Managing shards

  1. For every new configuration, app should send user the list of new shard-friends
  2. this uses list should be outside app and app should periodically remind user of where it is
  3. app should detect user inactivity or change of relationship and suggests new friends to share shards (this is very sensitive)
  4. to discuss
    1. how secure can this list be? just names? name ssb id? what?
    2. do others know your shard-friends? should they? can they infer it? (secure group persona)

4. Blessing new account

  1. app should inform new users how to recover old accounts, via onboarding
  2. user creates new account
  3. user connects with shard-friends and asks to bless this new account (can we do inside ssb? do they have their id? how secure is this document?)
  4. once enough shard-friends bless account,
  5. to discuss:
    1. how do we retrieve connections?
    2. can shard-friends carry gossip too? how do we facilitate that?
    3. how sensitive is gossip file?

Open questions

  • who can validate this flow? it's critical so the closer to foundations, the better
  • loose design flow
  • explode it into different epics, organize dependencies
  • approve epics
  • list how to go from loose design flow to design deliverable
  • who approves design deliverable?
  • what are the design variations? (smaller and larger screens? old and new devices?)
  • how do we craft copy?
Edited by Nicholas Frota
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information