Right now, most of the world's data is locked up in web2 servers and there is no trustless way to use this data on-chain or anywhere else. Here is where our protocol comes in.
-
Let's say you want to prove you have access to a certain gmail account to everyone. The only way you can do that is by either:
- sharing a screenshot of your gmail account (of course, this is easily spoofed)
- share your password (A bit obvious why this wouldn't be a good option)
-
Let's look at google's people API for a second now.
- Its get people API lets one fetch their email address via an access token
- Imagine, if you could make this API request and prove to everyone that you made this request to Google's servers -- you could prove, without a doubt, that you own a certain email address.
- Example of a request & response:
- request:
GET /v1/people/me?personFields=emailAddresses HTTP/1.1 Host: people.googleapis.com Connection: close Content-Length: 0 Authorization: Bearer {secret-token}
- response:
HTTP/1.1 200 OK Content-length: 382 X-xss-protection: 0 Content-location: https://people.googleapis.com/v1/people/me?personFields=emailAddresses X-content-type-options: nosniff Transfer-encoding: chunked Content-type: application/json; charset=UTF-8 { "resourceName": "people/12323123123", "emailAddresses": [ { "value": "[email protected]", "metadata": { "source": { "type": "DOMAIN_PROFILE", "id": "12323123123" }, "verified": true, "primary": true, "sourcePrimary": true } } ], "etag": "%EgUBCS43PhoEAQIFBw==" }
-
The Reclaim protocol allows you to fire an API request to gmail proxied through a "attestor" node that observes the traffic sent & received.
-
The protocol enables you to hide certain packets from the attestor (which contain your password or API secret -- in the eg. above it'll be "{secret-token}").
-
Once the attestor observes that the response from Google's servers matches the response you claim to have received, it'll sign your "claim" to the email address.
-
This signed claim can then be used to prove to anyone that you have access to the email address without revealing your password or API secret.
-
Thus, trustlessly prove you've access to an email address. Of course, one has to still trust the attestor to not collude with you -- but we solve this by decentralising the attestor network.
Read the whitepaper here