Strange Loop

Prevent phishing and impersonation with trust loops

Phishing and impersonation attacks are the most harmful side-effects of digitizing our identities, our work, and our relationships. It is the inevitable consequence of a central name list where anyone can present any name and picture to everyone. How can we build systems that are resistant to these attacks? How (and in what context) is this system best integrated into collaboration software? How can we best balance simplicity, security, and usability?

In this talk, we offer an alternative data model for structuring identities and relationships that is resistant to phishing, impersonation, and machine-in-the-middle attacks — without sacrificing usability. Instead of "I authenticate, therefore I am," we posit that "We collaborate, therefore we are." In other words, users exist in a collaborative application only in the context of a relationship with another user. We encode these "trust loops" into a distributed data storage layer that is synchronized between devices.

We will a prototype called Backchannel which is a local-first address book that puts these new distributed systems primitives into practice. We used an iterative human-centered design process to improve the security of the system without sacrificing usability. Backchannel users can offer strong proof that their collaborators are who they say they are, even over long periods of time and across multiple devices.

Karissa McKelvey

Ink & Switch

Karissa is an expert in open source software development, security, and Internet architecture. She researches technical architecture design and its impact on usability, safety, and resilience. Her contributions are depended upon by at-risk users including human & environmental rights defenders, journalists, and civil society activists. Her background is in political sociology and data science, and she loves making weird musical art that touches funny bones. She is a maintainer of Decentralization Off The Shelf.