Auth5

Guarding Your Digital World, Deflecting the Web's Watchful Gaze.

Comment

Auth5

Auth5 website: https://auth5-f1y.onrender.com/

Sample application that Integrates Auth5: decentralizedsocial.onrender.com

Inspiration

Unseen, yet omnipotent, the digital world is riddled with a perilous secret: the pervasive leak of Sensitive Information. Data breaches happen every day. They compromise millions of user account credentials, leaking usernames, passwords, and other sensitive information 2022 was a big year for data breaches, with 422 million people affected by an average of 4.8 breaches per day. The types of private data leaked in those breaches is alarming:

  • 1,560 breaches leaked victims’ names.
  • 1,143 breaches leaked victims’ social security numbers.
  • 565 breaches leaked victims’ home addresses.
  • 465 breaches leaked victims’ medical histories.
  • 443 breaches leaked victims’ bank account numbers.

Data breaches are expensive. The average global cost is just over $4 million. But in the United States, the average cost of a data breach soars to $9.44 million. Costs vary by industry, too. In healthcare, for example, the average data breach costs $10.0 million, while the average breach in hospitality costs $2.94 million.

Picture this: with just a single nugget of information, a malevolent force can lock onto a person, manipulating the shadows of the internet to orchestrate phishing attacks, unravel private details, or breach the impenetrable walls of online fortresses. The magnitude of risk lies not just in the leak itself, but in the devastating power this data wields—a key to unlock lives, manipulate identities, and cast a haunting shadow over the unsuspecting victims of the digital age.

What it does

With Auth5, say goodbye to sensitive data leaks. Auth5 is a third-party authentication system within the Web5 framework. It emphasizes user privacy and control over personal data when interacting with web applications but compared to regular Web 2.0 3rd party Authentication, We:

  1. Don't have or store your personal data
  2. Ensure None of your Personal Data is shared with websites you authenticate with.
  3. Ensure your data is only accessed by web users you grant access

Instead of storing your sensitive information on vulnerable website databases, you store your information on your decentralized web nodes and declare permission rules. When requested by anyone on the internet, We fetch this data from your DWN and send to the requesting individual based on your defined permission rules. This data can range from your Personal Identifiable Information (PII) to your Health records or Bank and financial records.

How we built it

Auth5 utilizes a microservice architecture consisting of an Expressjs API for interacting with the web5.js SDK and a django application for authentication and management of data access.

When user A visits user B's page on a website that integrates Auth5, user A is redirected to Auth5 for authentication. On successful authentication, user A is redirected back to user B's page on the website. The website files (HTML, CSS and Javascript) are sent to user A's browser but without user B's sensitive information. A request is sent to Auth5's django application for the required sensitive fields. The django application checks if User B has granted User A permission to view the requested fields. If yes, A request is sent from the django application to the Express API. The Express API fetches the requested data from the user's DWN and returns it to the django application. The Django application then returns a response with the required fields to User A's browser, otherwise null values are returned for any unauthorized fields.

Challenges we ran into

I initially encountered issues while using the Web5.js SDK. I tried running multiple Web5.connect() on every request to a single running server but it always failed from the second request. I later learnt I could run just 1 Web5.connect() on a running server.

Accomplishments that we're proud of

I am proud of the architecture. I pulled it off despite it's seemingly complicated nature. Building a 3rd party authentication system isn't a basic task.

What we learned

First, I got introduced to the concept of Web5. Secondly I learnt I could achieve more than I believe I thought. I never thought I could build an application this complex.

What's next for Auth5

I plan on implementing more rules for accessing user's sensitive data e.g permission based on IP address location and also include support for other data types like photos stored on user's DWN. I also plan on optimizing the speed at which data response is returned to the requesting user.

Share this project:

Updates