In this article, you can read about Alter, a new decentralized application built on Secret Network. Alter is a blockchain-based communication service, fully private and decentralized. I will give a brief overview of Alter, then go through some aspects around privacy, issues with web 2.0 communication applications and what issues Alter could potentially solve.
According to the official website:
Alter is the most secure private and secure messaging app built on blockchain technology powered by Secret Network's Private Smart Contracts and ECDH encryption
In other words, secure, private, encrypted blockchain-based communication. Secret Network's programmable privacy guarantees private communication and file sharing in the application layer of Alter. This will enable concerned users - individuals, communities, teams, organizations, and businesses to communicate over truly private messaging, and share files with no prying eyes. There are even plans to enable private cloud storage for even greater utility around file sharing and collaboration in groups. Think Google Drive or Dropbox.
Public and private keys are used when logging in and interacting in Alter. These keys together with Secret Network contracts provides the necessary security and integrity of data to guarantee privacy.
The scope of Alter is advanced, but the product is in its infancy. Currently, there is a scaled-down UI which allows users to interact using email. Since Alter is a new and closed dApp (Alter-to-Alter), the emailing in itself does not provide much business value, nor value for users.
For Alter as an email service to be valuable, there needs to be a considerable user-base. For example, if I use Gmail it is easy for any other Gmail, Hotmail, Yahoo, or any regular email address to send email to me, and vice versa. Users of regular email are in the billions. Alter on the other hand at this stage, as a closed ecosystem, have a very limited number of users, and it is difficult for me to connect with them. The privacy features on its own won't do me much good if I don't have people to email.
However, the user-base of Alter will grow and the value of Alter long-term, both from the perspective of business value and user-value, does not lie in the use-case of emailing. The scope of Alter is to develop it into a private communication platform similar to what Slack is, paired with cloud storage capabilities like that of Dropbox. A complete communication and file-sharing application, on-chain, and fully private.
Alter at this stage of its product lifecycle can be considered a proof-of-concept, or minimum viable product, rather than a communication tool ready to be used by an army of individuals concerned with the lack of privacy in web 2.0. But it is the start of getting there. They are well on their way though. Last week, they announced that they have raised $1 million in seed funding. The funding was secured by SAFE Note (Simple Agreement for Future Equity), this is essentially a legally binding promise allowing an investor to purchase a specified number of shares (or tokens) for an agreed-upon price. The disclosed VC (Venture Capital) participants includes:
The funds raised as part of the seed round will be used to further the product development effort and scale the organization. To further improve their efforts, two private sale rounds will be executed, one A and one B. Where existing users of Alter have access to invest. In relation to this, a governance token coined $ALTER will be launched.
Email along with modern communication platform like Slack, Microsoft Teams, and Discord are used by almost all the internet population - some 4.66 billion active internet users. Aggregated, there are hundreds of millions of messages and emails sent every second. All of these applications are subject to data breaches, with huge attack surfaces and increasingly sophisticated hackers seeking to exploit.
When it comes to email, Gmail and other popular email services are not truly encrypted despite posing as it. Google's standard method for Gmail encryption is TLS (Transport Layer Security). As long as the person you are emailing with is using a mail service that support TLS, the messages will be encrypted. However, there is no guarantee that anyone outside of the communicators can view the messages. The TLS encryption only makes it extremely difficult for anyone to look at the messages. Then there is Google themself, they have the ability to see messages associated with your Gmail account. This is primarily used to scan your email for spam and phising attackers. Google also harvested the data gathered from messages (along with your other internet habits) for targeted ads, fortunately they stopped doing that in 2017. Without TLS, if you use Gmail and correspond using a mail server that does not support TLS, the messages are not encrypted. In another display of privacy as a privilege as I've written about before, paid Google Workspace Account could opt to only allow messages with TLS encryption to be sent or received - something that should be a default feature if the company was concerned about privacy and data integrity.
Earlier this year, some hackers managed to breach EA (Electronic Arts) Slack. A cookie from a data breach was used, allowing the hackers to pose as an EA-emlpoyee and gain access to EA's Slack. After gaining access, they stole valuable source code for different games and tools. This attack brought to light the vulnerabilities in business communication technologies. Security practices are vulnerable, and once breached it's easy pickings as these communication platforms lay more or less wide open after entry.
Another incident which was reported on earlier this year related to Microsoft Team, where a vulnerability was discovered which would allow a malicious actor to access communication channels, view emails, messages, send emails and messages, and steal OneDrive files.
The concerns and vulnerabilities above are not limited to the applications mentioned, privacy online is a global problem, agnostic to any one application. A problem that relates to a basic human right, which is the right to have privacy. As such, it is a critical problem that can potentially compromise the safety of individuals and organizations.
Considering that Alter uses privacy preserving technology built on top of Secret Network contracts, where only the communicators in a chatroom can access using private keys. No one else will be able to access that communication without the key. Alter would not store any information related to the key, which further reduce risks of key being compromised in case of data breaches. Think of the key as a seed phrase used in your wallet, something that is used alongside regular security measures.
That's two ways of data handling and user input, which would improve upon current solutions used in web 2.0.
Visit their website and if you want to read more about Alter, check out the Alter Whitepaper.