The "Ether" between Agency and Responsibility
APOLLO WEEK #2 - Agency in Web3, Custody as a Protocol, and an Apollo update!
If you believe that redefining your digital footprint matters in Web3, please consider supporting our Gitcoin Grant! If not, please let us know why!
Over the past few years, individuals have grown increasingly aware of their digital footprint - the data they create and leave behind as they live out their digital lives. This awareness has been fueled by:
Regulation, such as GDPR and CCPA
Documentaries, such as "The Great Hack" and "The Social Dilemma"
Shared experiences, such as the 2016 US Elections
Personal experiences, such as identity theft, or invasive targeted advertising
Whilst we have not quite achieved a degree of persistent outrage, the pressure is building as concerns become more serious and more widespread. "Take back the web" is becoming a more commonplace sentiment, but the advantages of incumbent "big tech", and the sheer technical complexity of digital infrastructure limits our ability to actually "take back" anything.
Our Web3 community in many ways isn't "taking back" anything, but rather rebuilding. Beyond fresh eyes on the tech stack - everything from communications protocols to hosting - there is an emphasis on codifying the principles guiding this new development. The evolving ethos, while far from homogeneous, centers on decentralization, which distributes the burden and benefits of the network across all participants.
As part of this new design, there is an opportunity to empower participants - end-users, organizations, service providers - to provide them greater agency. This agency in many ways is freedom: to trust, to choose, to store, to secure. This agency is also responsibility.
So, broadly speaking, is agency a desirable trait of digital existence in Web3?
Freedom's Fine Print
The collective answer is almost ubiquitously, "Yes." The more difficult question to then pose is, "How much agency, how much freedom?" In the brick-and-mortar world, most societies agree freedom is important, but that does not leave individuals free to steal, murder, or harm each other. Web3, in many ways, is about navigating similar shades of grey for our digital lives; that is, building the next generation with clearer intention and foresight, or understanding of our constraints and incentives.
With Web2.0, we've become accustomed to digital coddling. We have shed many of our responsibilities, assumed by centralized organizations. We no longer worry about storing or securing much our data. When our identity is stolen, our banks refund our cash, typically regardless of our digital behavior which may have enabled the theft. It is unclear if the average digital individual wants these responsibilities back. What would be the benefit? For some, security at the cost of privacy is a square deal.
As designers, developers, and engineers, is it responsible to require non-technical participants to secure and store their data? To actively manage their permissions? To understand how their behavior may put others at risk? How much responsibility does the system bear as opposed to the participant? As a community, how we can best encourage supporting and educating each other?
A Framework for Flexibility
Unlike some other posts, this one in particular is less prescriptive and more reflective. Much of how we arrived at our current protocol was in an effort to empower users and organizations in Web3. We believe the best answer to "How much agency?" will forever be, "Well, it depends".
By enabling universal access management to data, using smart contracts as a vehicle for decentralized computing, we provide a programmable framework within which both user and organization can determine the right blend of agency, responsibility, and liability, likely rooted in trust and competency. Unlike Web2.0 systems which depend on roles to achieve scale, our smart contract system is Instance-based (IBAC). This results in a much more granular approach to permissions, one where custody and agency can be appropriately set within context.
Maintaining the smart contracts and their functions are worthless if the system doesn't actually control access. With addressable content storage such as IPFS, anyone with the address can access data. Client-side encryption limits your ability to share access and utilize data, while obfuscating the address limits its usefulness. In order to secure that data and actually manage access to the content, we needed an equally decentralized encryption service. For this reason, we have researched and developed Web3-native methods of encrypting data in transit using smart contracts and trusted execution environments.
Custody As A Protocol
Most of the protocols in Web1.0 and Web2.0 assume some underpinning of client-server architecture. Web3 is not only decentralized, but it also encourages P2P networks for communication; this is fundamentally different. End-users can rely on decentralized networks, rather than servers and services, to store, secure, and share their data. For Web3 to achieve its full potential, we need to build Web3-native standards and methodology.
By focusing on custody as a protocol, and not as a platform, application, or other layer of the stack, Guer provides a universal language for clients and networks to share custody and access of data as needed. As a protocol, we enable interoperability.
Guer envisions a Web3 where end-users can choose from a variety of "Data Custody" clients, much like an e-mail client, built in compliance with our open-source protocol. These clients serve as more than just a file explorer, and also empower average users to manage which applications and users have access to their data, and under what conditions.
Just as you would with a desktop application, permissioned Web3 dApps would integrate this data custody protocol directly into their UI for a familiar user experience. Just as you would "load" data from a local directory, the application would "load" data from the network. Once the end-user is finished with the application, the user's data is saved to the network, and the stateless application returns to neutral.
This is all made possible by Web3: Ethereum/Elliptical Curve Keys as Digital Identity, Turing-complete blockchains as a global means of computing, and Decentralized Storage. Guer describes a universal means to bridge these technologies and redefine data custody.
Much of this article was inspired by the discussions and readings fostered by GitCoin's KERNEL*/*APOLLO program, specifically the week 3 module, available here.
APOLLO WEEK #2 UPDATES
If you’re more of a visual person, and would like to watch a brief overview of our protocol, you can find one here:
Technical Updates
As mentioned in previous posts, our big-picture technical goal for APOLLO is to become production-ready, and for testing set out to:
Find an open-source Web2.0 Web Application
With limited modifications, enable it to be Web3 compatible (i.e. work with Metamask)
Use our protocol to connect that application with decentralized storage, and manage access via Ethereum + Encryption
Last week, we looked into both EtherPad and EtherDraw. After experimenting with both, we determined that quickly adapting EtherDraw to be Web3 compatible would be easiest. Those modifications were completed over the weekend,
For this week, we're focused on:
Using EtherDraw's load/save functionality to import/export content to IPFS
Associate EtherDraw-created content with user's Ethereum address
Use Access Management protocol to control data retrieval and use
Once these are done, we'll move on to:
Integrating encryption of content, both in transit (handshake) and at rest (proxy re-encryption)
Multi-user experiences, sharing and collaborating with data
Migrating from test TEE environment to networked TEE
We're hoping by next week to have some video demos ready to share, followed by a public demo running on testnet.
Project Updates
Likewise, our goal as a project is to be investment- or grant-ready, so that we may continue developing this concept of Custody as a Protocol. In addition to creating a GitCoin grant, we participated in the kick-off call last Friday. A few takeaways:
We need more succinctly capture the essence and implications of our protocol, our current messaging is not suited for a 2 minute pitch
As we continue to discuss our project, we need to more clearly define our initial customer/audience. "dApp Developer" or "Web3 Developer" isn't specific enough
As such, this week will see time dedicated to the creation of a 2-minute and a 10-minute pitch + deck, with abbreviated diagrams illustrating system context, and technical functionality. In the meanwhile, we will continue to explore and apply for grants, such as Filecoin's Wave 5 of community grants, as well as consider the ESP.
Your feedback is important! If this update has piqued your curiosity, but you a) don't fully understand what we're building, b) don't think it is useful, or c) otherwise has thoughts, we'd like to know! Shoot us an e-mail at James@guer.co, or on twitter @_belaguer, or through GitCoin chat: belaguer