Browser Extension Developers

What is the advantage of using blockchain technology here?

The primary function of blockchain technology is disintermediation. This means that many functions which previously required a trusted, slow and expensive intermediary to be done — for example, money escrow — can now be done peer-to-peer, quickly, and at no cost, relying on mathematical certainty instead of human corruptibility. The word "trustless" is often employed to describe many use cases. It doesn't mean you can't trust a process, it means you don't need to — math doesn't lie.
Another important function is censorship resistance. This means eliminating the power of an intermediary to pick and choose who gets to do what. If a bank doesn't want to serve you, they won't. The blockchain has no such qualms — it's open for anyone to interact with as long as they follow the rules. This helps make the Protocol independent from Fractal in the long run, enabling the community of token holders to evolve, operate and govern it. It also helps maximizing the economic utility of a data economy by letting service providers focus on service quality instead of whether they trust Fractal or not — and by enabling much smaller actors, traditionally too small to boast trust credentials, to participate meritocratically in the economy.
Blockchain technology provides the bedrock on which to build custom economies. Money is a powerful coordination tool, and blockchain gives us the ability to employ economic strategies to incentivize the right behaviour. It lets the protocol reward those that further its goals, and punish those that don't. It helps us bootstrap a multi-sided network with liquid, valuable currency to distribute value in form of incentives. These incentives are transparently described and operated in open-source code, and since blockchain if a public, cryptographically tamper resistant ledger, anyone can inspect its inner workings to their satisfaction.

What information is stored on-chain vs. off-chain?

At this stage, we only use the blockchain to:
    store anonymous, untraceable proofs that data exists;
    store token balances and incentive transactions.
User data lives off-chain and is stored on their device. There is currently no way for this data to go anywhere.

What transaction cost will be incurred?

We don't yet have a precise answer but these will be negligible (on the order of a few cents per week).

Does my user need to understand blockchain?

Short answer: no.
Long answer: it depends. Users will be rewarded with tokens. If they want to sell them in an exchange, they need only to open an account and can make a transaction with a couple of clicks. Engaging with more advanced blockchain-based products such as DeFi is possible but entirely optional.
Eventually, we plan to have users pay for internet services they use with these tokens. That is likely a few years away.

What are the cashflows (who gets paid, who pays, and for what?)

Initially, the protocol pays users and data collectors by transferring newly minted FCL tokens to them. When we launch a buy side integration, data consumers (e.g. DMPs) will pay in FCL to see or use data. 100% of these payments will go to these users and data collectors.
Fractal doesn't charge any rent. Our only revenue comes from selling small amounts of tokens from our treasury. This perfectly aligns Fractal's behaviour with the Protocol's objectives — our revenue depends only on the Protocol being used.

How can I be sure my users retain their privacy?

User data lives off-chain and is stored on their device. Since the data sharing functionality won't be ready at launch, there is by definition no way to invade the privacy of users. We have open bounties for violating the privacy of test accounts to encourage the community to assist in strengthening our code.
Once data sharing is available, it will only be done with user consent and according to their rules.
All our code is open source and can be inspected at any time. If we ever take a privacy stance you or your users don't agree with, both you and them can always choose to stop working with the Protocol and just take home your rewards.

Which choices can my users take with regards to their privacy?

At launch, no choices are needed because no data is ever shared. It lives off-chain and is stored on the user's device.
Once we launch data sharing functionality, the user will be able to set preferences regarding whether to share data, what kind, with whom, and under which conditions (e.g. plaintext sharing vs compute-to-data).

Why do users need to verify their identity/pass liveness?

Because the Protocol is decentralized, anyone that contributes data can receive rewards. This creates an incentive for people to try to game the system — and they will. Since, at launch, these data are hard to analyze for accuracy, and it's hard to tell bots and users apart, we use identity verification as a qualifier for payments. This keeps bots at bay, and helps ensure our incentives are distributed fairly and effectively to those providing real data, instead of enriching malicious actors.

What information on my users is collected?

At launch, our SDK automatically collects users' browsing activity, and pays the corresponding incentives — even though there won't be a way to share it.
Shortly after launch, we will have a mechanism for users to add arbitrary to their data set, and accept/reject requests from other parties attempting to add to their data set.

Who has access to the information stored on my users?

You do, via our SDK — although you shouldn't access it without user consent and a reason to do so.
At launch, no data sharing functionality will be enabled. Once it is, websites and other parties can request user data according to the user's preferences — if conditions are met and the user accepts, data will be shared with this party.

Can users revoke consent?

Yes, our SDK provides that functionality.

How (if ever) is data deleted?

Since all data is stored locally, it can be deleted at any time. Users may need to keep some secure hashes of the data for specific use cases.

Why do I get paid in tokens?

Blockchain technology provides the bedrock on which to build custom economies. Money is a powerful coordination tool, and blockchain gives us the ability to employ economic strategies to incentivize the right behaviour.
For this to function, this custom economy needs its own currency. Just like with any other currency, both demand and activity (velocity) contribute to its appreciation, meaning that paying in tokens helps increase the value of the token.
Additionally, the traditional finance stack is prohibitively complex and costly to operate. The protocol will operate with a large volume of micropayments, and we don't need traditional finance to slow us down and eat into anyone's revenue.
Finally, it's also because is the currency that we hold the most — we created value when releasing this token and this is how we can use it. Fractal doesn't charge any rent: our only revenue comes from selling small amounts of tokens from our treasury. This perfectly aligns Fractal's behaviour with the Protocol's objectives — our revenue depends only on the Protocol being used.
Note that, while we recommend we hold on to them, you can sell your tokens in centralized or decentralized exchanges at any time.

Can I be paid in another token?

No. If you would like another token, you can swap your FCL for another token (or fiat currency like Euro) at a centralized or decentralized exchange at any time.

How to you assure the security of identity data?

Fractal ID has securely verified almost a million identities over the last 4 years, and despite several attempts it's never experienced a breach.
We implement HTTP Strict Transport Security (HSTS) and we keep our Content Security Policy (CSP) rules tight. All data in transit is encrypted. Data is stored with Amazon Web Services (AWS) in their Ireland region, and all data is encrypted at rest. Database access enforces TLS connections and is only possible from within our Virtual Private Cloud, not the Internet. Only specific well trained people are granted PII read access on the database.
These data aren't shared unless the user asks us to, and we don't sell user data.

Doesn't blockchain mean data will never get deleted?

Data stored on a blockchain cannot get deleted, which is one of the many reasons we don't store user data on chain. Instead, user data is stored on their device.

What if I don't want an entity, i.e. my direct competitor, to have access to the data I collect?

At launch, no data sharing functionality will be enabled. Once it is, we will include mechanisms to allow you and the user to determine who has access to data.

What extension permissions does the SDK require?

The SDK requires the following extension permissions to operate.
Permission
User message
tabs
Facilitates navigation to fractal.id for use cases involving identity credentials.
None, because we also request host permissions
storage and unlimitedStorage
unlimitedStorage allows the SDK to locally store user data over 5MB. storage is a requirement for unlimitedStorage
None
host permissions
We need it to expose the SDK's API to websites that use it
Read and change all your data on the websites you visit
Last modified 1mo ago