[HN Gopher] Launch HN: Spruce (YC W21) - OSS for User Owned and ...
___________________________________________________________________
Launch HN: Spruce (YC W21) - OSS for User Owned and Provably
Authentic Data
Hello HN, My name is Wayne Chang, co-founder of Spruce Systems,
Inc. (https://spruceid.com). Spruce builds open source software
that allows for the signed issuance of data to users that can then
be verified. For example, transaction histories, educational
qualifications, and reputation from online platforms. I grew up on
the Internet like many of you. I spent a lot of time on IRC where
people frequently tried to dox others, and grew a profound respect
for privacy as a result. When your online identity is a big part of
who you are, it means a lot more when someone violates your
privacy. Online identities will become a lot more of who everyone
is, as we've seen especially over the past 12 hectic months. Today,
we don't have the right tools to assert control over our own
identities or data, and we're trying to change that with Spruce.
When you download your data from Google Takeout, you get a big .zip
file that can't really be used for anything but backups. The same
is true with Facebook and LinkedIn. Most services don't have
automated data export and are only required to provide data when
you ask. Using new standards from W3C called Verifiable
Credentials and Decentralized Identifiers, our software allows
statements about people, places, and things to be issued as a
package, linked together, digitally signed, and cryptographically
verified. For example, employees can receive digital proofs of
employment to get a mortgage. Gig economy workers can port their
ratings from one system to another in a way they control. Data sets
can travel along with signed statements that they have been
stripped of personally identifiable information. By allowing data
to move out of silos and increasingly into the hands of their
owners, we can loosen the grip of a few large companies in owning
everything. These standards are already being adopted by big
players open to data portability including Microsoft (issuance via
Active Directory), Workday (portable work histories), the Digital
Credentials Consortium (MIT/Harvard/UC Berkeley diplomas and
coursework), and the World Health Organization (privacy-preserving
vaccination records). This technology could fundamentally change
how we interact digitally. Instead of advertisers profiling people
behind their backs, people can just present their credit card
histories from Yodlee to get better offers at competitors. In web
services, users can upgrade their accounts if they prove they
belong to certain alumni networks. Businesses can reduce fraud and
improve conversion while users regain control of their information,
like if 1Password could store structured documents and also
demonstrate their authenticity, untampered from their origins. At
Spruce, we've built a cross-platform Rust library called DIDKit
that supports the use of Verifiable Credentials, Decentralized
Identifiers, and many adjacent specifications in a neat bundle.
Through customer feedback, we have grown the list of supported
platforms to include Java, C/C++, and Node.js, with many more on
the way. We further embed DIDKit into a Flutter application called
Credible that runs on Android, iOS, and in the browser through
WebAssembly/asm.js. It's all open source under Apache 2.0. We make
money by selling commercial tools, project roadmap commitments, and
support contracts. A great place to start is by building the
DIDKit CLI tool and running the example credential issuance and
verification shell script on your local GNU/Linux or MacOS machine
(also works with Windows using WSL 2).
https://spruceid.dev/docs/didkit/#quickstart
https://spruceid.dev/docs/didkit/example--core-functions-in-... We
invite you to leave feedback about our engineering approach,
platforms you'd like to see supported, and interesting use cases
that would benefit people if their data were more portable and
provably authentic. You can find our repos here: DIDKit:
https://github.com/spruceid/didkit Credible:
https://github.com/spruceid/credible Docs:
https://spruceid.dev/docs/
Author : wyc
Score : 44 points
Date : 2021-02-27 16:07 UTC (6 hours ago)
| vector_spaces wrote:
| My concern is that making it more technically feasible to export
| data this way means that more institutions will withhold access
| to services until you hand over your data now as a matter of
| process -- for example, American immigration authorities who've
| been in the news the last few years requesting (really, coercing)
| access to Facebook accounts.
|
| The use case you mentioned involving gig workers is a bit scarier
| to me, to be honest. The lives of lower waged and gig workers are
| already beholden more to ratings than they probably should be.
| Should we make it easier for entire groups of companies to
| blacklist someone (for who knows how long) just because they had
| a bad experience with one?
|
| Congratulations on the launch regardless
| coderintherye wrote:
| Congrats on launching. It's been great to see DIDs and VCs taking
| off from all the great work of the W3C working groups.
|
| How will you monetize your product? I've long followed Evernym
| and Bloom who set out to tackle part of this problem, but both
| have seemed to struggle to gain traction and customers. Can you
| afford to build on this long enough until a market forms that
| allows for monetizing it?
| wyc wrote:
| Thanks for your support! The big question for all companies in
| the VC/DID ecosystem is of course timing. I think it's a fatal
| mistake to create products that require the coordination of
| multiple stakeholders from the outset, so we are avoiding these
| in the beginning. We are instead focusing on solving for use
| cases that are simpler to coordinate, such as a Shopify
| storefront offering discounts to influencers who prove they
| have over 10,000 Instagram followers on their public account.
|
| As per monetization, we sell commercial tools that give the
| look and feel of SaaS management (uptime monitoring, data
| schema management, integrations with proprietary enterprise
| systems like ERPs) but allow customers to keep the workflows
| and sensitive data in their own clouds. It's still early for
| Spruce (we started full time around last fall), so we are still
| very hands-on with customers discovering and working through
| their pain points in implementing credentialing workflows.
|
| Finally, I think technologies like DECO
| (https://www.deco.works/) are truly going to change the game of
| verifiable data exports en masse, but I don't expect a
| production worthy implementation for at least another year or
| two. They could drastically simplify implementations of user-
| centric data workflows by reducing the requirement of
| coordinating multiple stakeholders to just one or two.
| hudixt wrote:
| Love you're using WA and it's Apache2.0. I do get the sense of
| idea but felt it's not clear on it for whom it's targeted,
| business or consumer?
|
| If it was for consumer and integrated with existing tool, I would
| love to try it. Had pain point where even big zip file would
| quite good amount of time to generate. Not sure if FB, google
| does that to introduce friction in the process.
|
| On Dev front, why would companies like Google, Uber, Linkedin be
| willing to adopt this standard?
| wyc wrote:
| Today we work with engineering teams who have direct data
| interoperability and verifiability requirements, such as giving
| their users the ability to transfer their status on one
| platform to a partner's platform. Airlines and credit card
| companies already work together in this way, but these
| partnerships are currently expensive to setup and coordinate.
|
| We found that the non-JavaScript tooling in the ecosystem was
| still nascent and wanted to do something about it friendlier to
| enterprise environments and security teams. We are using DIDKit
| as a base for adding this functionality to consumer-facing
| products, and hope others will find it convenient for this as
| well, so I look forward to giving updates on direct consumer
| use cases soon.
|
| As per adoption by large tech/enterprises, we believe that as
| companies consolidate their data into warehouses, they will
| want (or need) to start sharing with partners, governments, and
| users in an auditable way. Some have compared Verifiable
| Credentials to the shipping container for verified data, and I
| don't think it's too off the mark.
|
| We think these standards could also prove to be very
| straightforward ways to comply with data interoperability
| requirements imposed by laws like GDPR and CCPA. There will
| probably be more requirements in this direction if the US and
| EU decide to further regulate large tech companies.
| csoreff wrote:
| Love the work you're doing on Tezos!
___________________________________________________________________
(page generated 2021-02-27 23:00 UTC)