Business

Raising the privacy bar: Tiki app aims to hand ownership of personal data back to the individual

Published

on

A new mobile app aims to put users back in control of their personal data by allowing them to control and monetize who has access to their information.

Tiki – which is aptly named, since it was conceived in a Tiki bar – is the brainchild of Mike Audi, a data scientist whose background is in building data solutions software for large companies.

The app, which is set to launch in June, allows users to see what information is held on them, and block access to certain data sets or data handlers. It also allows them to make money on whatever data they’d like to share, according to the developers.

Since CEO and founder Audi first dreamt up the idea in December 2020, more than 10,000 people have signed up for access to Tiki across 185 countries, with 100,000 sign-ups predicted by the end of May.

Ahead of Tiki’s official launch, Audi spoke to The Daily Swig about the journey towards creating a user-centric platform that hopes to change attitudes towards personal data security.

Privacy problems

Recent years have seen multiple data privacy disasters, with high-profile cases such as the Facebook/Cambridge Analytica scandal changing the way that even less privacy-conscious individuals feel about the avalanche of personal data that’s being collected and held on them by third parties.

“It just compounded to the point where in the last year it really became clear that the issue with user data is that users have no say in their data,” said Audi as he discussed the reasons behind Tiki’s creation.

When it comes to personal data, the Tiki app aims to give control back to the user


“It was really kind of that simple – until somebody does something about it, users are simply at the whims of companies and governments to make choices around our data, and us as users were left with no say in it.

“And, I mean, we’re not asking for a lot, just basic things – you should be able to see what data is collected on you, you should be able to control how it’s used, and if it’s sold, you deserve to get paid for it.”

Users can log into accounts through Tiki via publicly available APIs, the first of which will be Gmail. Once their account is linked to Tiki, the app will serve up the data and supply the tools needed to control it.

According to the developers, Tiki users can block or grant access to all companies or organizations, or mix and match who they do and don’t want to see your personal details.

Digging in

A glance at Tiki’s architecture demonstrates the level of detail the small team behind the app has been working at.

Audi told The Daily Swig that user data is never held on its servers or cloud storage. Instead, the data is stored on the user’s phone, and any data they choose to share will be anonymized before it is sold to businesses, with the user being paid for doing so.

By keeping the data on the user’s phone and never storing it on Tiki servers, this reduces the points of failure to one: the device itself.

This prevents risks such as a data leak from Tiki itself, said Audi.

The app’s code has also been open-sourced to invite scrutiny from the global developer community.

More uniquely, Tiki’s developers said they are also in the process of building a custom blockchain to create an audit trail, meaning that users know everything the app has ever done with their data.

Audi said: “You can see where your data is, how it’s being stored, how it’s being secured.

“And it has to be custom because we’re going to cross 100,000 users in May, given our current trajectory – and no one’s ever created a blockchain for 100,000 users.

“The largest blockchains out there are 10,000 nodes or so, so we had to be different to solve that problem.”

According to founder Mike Audi, Tiki won’t hold any user data

The blockchain won’t have features such as smart contracts and proof of stake, as traditionally seen in the cryptocurrency space.

Audi explained: “Decentralized consensus is all we need [to create] a constant trail of what happened for each person.

“Any data on our blockchain is also end-to-end encrypted, using that same RSA key to privately encrypt the data, and then we use the elliptical curve to sign that data.”

No personal data is ever put on the blockchain, said Audi, and all data is anonymized first.

Next steps ahead

A trial run is currently being conducted with 500 users before the app’s official launch in June.

The team aims to have one million users by the end of 2021, a figure which Audi said he hopes will entice more companies to opening up their APIs.

He told The Daily Swig: “With one million users on a platform, there’s a lot more control that we can bring to the users.

“There’s a lot more availability, there’s companies we can go and negotiate with to get more access to more data… it’s a journey, and it starts with the users.”

Source: https://portswigger.net/daily-swig/raising-the-privacy-bar-tiki-app-aims-to-hand-ownership-of-personal-data-back-to-the-individual

Click to comment
Exit mobile version