yaku introduces a private workspace leveraging IPFS for secure peer-to-peer communication, emphasizing user privacy and data security. Users are required to be at least 18 years old or have parental consent, reflecting the platform's commitment to responsible use and compliance with legal standards. The application is experimental, highlighting its innovative approach to encrypted communication but also noting the absence of guarantees for uptime or functionality. Users are responsible for managing their workspace credentials and content securely, with lost credentials resulting in irreversible access loss.
yaku adheres to a strict data minimalism policy, ensuring that only the anonymous Chat-Id and Session-Key and no other personal data such as the Private-key or content shared by users is collected, stored centrally, or accessible to the platform decrypted. This approach extends to a cookie-free and tracking-free environment, enhancing user privacy. Data encryption via Aes256Gcm-Siv on IPFS and the absence of access to decryption keys by the platform safeguard user data against unauthorized access.
Adhering to our terms ensures a secure experience. We advocate for the careful management of passwords and encrypted content, emphasizing the importance of encryption and secure storage for maintaining communication privacy. Users are advised to follow specific steps for secure application use, including password generation, secure storage, and cautious sharing of secret links. To illustrate, consider a sample key segmented into three critical components:
Sample Key: @AdverselyLearningWorm84:B/F0ZaOZkUoNd5jcsuGk4GZPLZeWPdfcOPApN3neHIM:8ea33a2549d6d25cf840978c90f9a6a5302f602d45bb7f64d07404735e0359cca59f4be8ffa5ed32e7e864dd50bb5ba62049105e80291eaed0e46e13bb904753
It is crucial to note that even if an attacker gains access to the workspace-ID and session-key, they would not be able to decrypt the data without the private-key. This layered security architecture ensures that each component plays a vital role in maintaining the overall integrity and confidentiality of the system.
Our Sync-Up process ensures secure password synchronization using WebSocket connections and ephemeral sessions. When an Initiator starts the process, a unique ticket ID is generated and shared with the Recipient. Both parties must be online and connected to the WebSocket server using this ticket ID. The WebSocket server facilitates real-time communication, ensuring the password exchange happens instantly without storing any data.
The security of this process is further enhanced by the following measures:
By leveraging these security measures, the Sync-Up process ensures a secure and efficient password synchronization between the Initiator and the Recipient, minimizing the risk of unauthorized access and data breaches.
Our platform uses the decentralized power of MultiversX to ensure secure and private notifications. Each workspace is linked to a MultiversX address, with this association remaining encrypted.
Every message in the workspace triggers an MultiversX transaction, which then sends a notification to the xPortal Wallet. Users just need to add their unique notification ID to the xPortal Wallet as a read-only account. This ID can be easily copied by clicking the lime green connection button in the workspace.
Encrypting the association between workspace and MultiversX addresses ensures that only authorized users can access this information, protecting your data from unauthorized access.
By using a single root MultiversX address to send notifications, we make it much harder to link members of a workspace, enhancing your privacy. This more decentralized method means there's no central server that could be compromised or used to track your activity. Notifications are sent securely and anonymously, ensuring no direct association of workspace members.
We leverage the strong security features of MultiversX and advanced encryption to provide a secure, private, and decentralized notification system. Our commitment is to protect your privacy and data, keeping your communications confidential and secure.
The platform recognizes potential hurdles such as network delays inherent in IPFS technology, the complexity of managing secure links, and the critical importance of encryption key management. However, it also values the power of community collaboration. We are actively working to encourage our community to share their workflows and solutions using the hashtag #xoelx. This initiative aims to transform onboarding into a community-driven event, fostering a more inclusive and supportive environment for new users. By leveraging the collective knowledge and experience of our community, we hope to streamline the onboarding process, making it more accessible and efficient for everyone involved.
yaku represents a forward-thinking attempt to utilize decentralized technology and advanced encryption for a privacy-centric communication platform. It calls on users to contribute to its evolution through responsible use and feedback, navigating the complexities of digital communication security while championing privacy and user autonomy.