Who maintains the custody of data in Web 2.0?

Since 2010, it is estimated that over 38 Billion user data records have been exposed due to breaches, poor security, or human error.

That’s 7,000 records per minute for 10 straight years. If you have a digital footprint, you’ve probably been hacked, and if you feel like there is nothing you can do about it, you’re not alone.

With Web 1.0, if your data was breached, there’s a good chance it was your fault. Most of your data - browsing history, word documents, photos, music, financial information - was stored on your local drive. You had full custody of your data, and were responsible for securing it.

Web 2.0 changed all of that. Businesses and organizations could now deliver unprecedented convenience, functionality, collaboration, and availability to end-users. They were also able to reliably enforce software licenses, capture value, and accelerate development cycles and product distribution. Web 2.0 provided a lot of upside for all.

There was a downside: Organizations were now responsible for storing and securing end-user data, and should something happen, were liable. For end-users, participation was predicated on trust; either trust the organization with my data, or get left behind.

With Web3, we have an opportunity to redefine who maintains the custody of data, without compromising functionality, convenience, or accessibility.

Blockchain, decentralized storage, and other decentralized services such as hosting, resolving, and finance are the building blocks for remodeling online data custody.

Guer’s protocol empowers this data custody model in Web3 through Trustless Security, Smart Contract Access Management, and Decentralized Storage Integrations.

We firmly believe that we need to bridge blockchain, decentralized storage, and other decentralized services. This bridge is effectively Web3’s transport and session layer.

The Protocol

The protocol has one ultimate focus:

Enable applications to bring services to data, rather than require custody of data.

For this reason, we have focused on developing three core microservices, providing Web3 the means to:

• Connect securely with data stored on decentralized storage networks,

• globally manage who can access that data, and in what capacity, and

• securely store data on whichever is most suitable without loss in compatibility.

Session-Layer Security

Most importantly, Web3 needs to secure data in transit, in use, and at rest, without any centralized attack vectors or points of failure. That means no total dependency Certificate Authorities, DNS Resolvers, or other infrastructure services.

We have developed a trustless, decentralized method of identity verification, key generation, and key distribution using Ethereum and networked Trusted Execution Environments (TEEs).

This handshake enables any two parties with an Ethereum address the ability to securely communicate, without any dependency on third parties. By using networked TEEs, we introduce hypervisor-safe, bare-metal security for all devices.

We have also modeled using the same tech stack to facilitate decentralized proxy re-encryption for secure content distribution.

Smart-Contract Access Management

Using solidity-based smart contracts, content uploaded to decentralized storage networks is assigned a unique token which manages access to that data, effectively “owning” that data. We call these Autonomous Non-Fungible Tokens, or aNFTs.

Each aNFT is capable of verifying incoming requests, initiating the handshake process, and facilitating any necessary network fees.

Decentralized Storage Integrations

Both the security and access management systems are network agnostic, and as such, are compatible with IPFS/Filecoin, Arwearve, Swarm, Sia, Storj, and Archon. By integrating at access management and security at the infrastructure level, the protocol encourages interoperability and composability.

More information can be found at our webpage, Guer.co

GUER <> APOLLO

Our goals for participating in the APOLLO fellowship are two-fold:

• Get the protocol production-ready and in the wild, and

• Become investment- or grant-ready to continue building Web3-first transport layer services.

Currently, the project has working proofs of concept for each microservice, including some early demos and prototyping. Organizationally, we have been busy honing our message, establishing relationships and partnerships with the community, and preparing to go to market.

Technical Development

As a benchmark, we are taking an open-source application, such as Etherpad or Draw.io, and integrating our protocol to securely work with them. Our goals are to:

• Enable the application to store files on IPFS

• Securely connect to IPFS using the handshake protocol

• Manage access to the stored data, both in-app, and on-chain

We chose these applications because they are easily hosted, and could eventually be hosted and virtualized in a decentralized manner. As open-source projects, they can also be developed by the community into a more robust application.

At the conclusion of Apollo, we hope to have a fully-functioning instance, demonstrating the protocol is ready for production, and to be used by other dApp developers, or even Web2.0 applications.

Organization Development

As mentioned, our second goal is to be “investor-ready”. We strongly believe that the work and research we’re conducting is important for Web3, and require resources to continue this development. Through discussions and interactions with other fellows and mentors, we hope to identify:

• A fair, sustainable, low-friction revenue/fee model,

• Best customer/segment for pilot deployment,

• Further validation of concepts, and

• other community needs in the transport layer space.

Thanks for reading! If you’re interested in learning more, shoot us an e-mail at info@guer.co or subscribe!