Preamble

We beleive it is an unalienable right that each human has sole ownership of their personal data. While this is uncontroversial, the current state of our digital world is incompatible with this simple, obvious truth.

The architecture and conventions of the internet today dictate that our data is everywhere. The vast majority of websites today forbid any personalized interactions unless we provide our email address, and create an “account”. Still others require our phone numbers, mailing addresses, credit card numbers, and more, and more, and more.

Where is our data stored? Everywhere. Who has access to it? Too many. How long does it stay out there? Probably forever.

This is wrong.

Auth For Me is a new way to think about how we internet, and how our data exists out there in the world. We start with these simple principles:

  1. Websites don’t need to know your email address. They need a way to ask to send you an email.
  2. Websites don’t need you to “log in” with an email address and a password. They only need a trusted way to recognize you, each time you visit.
  3. Websites don’t need your phone number. They need to ask you if they can call or send a text message.
  4. Websites don’t need your mailing address. They need to graciously beg you, hat-in-hand if they can send you mail.
  5. Websites can’t ever sell, trade, transfer, or lose your data, because they can’t keep it.
  6. And so on and so forth with credit card numbers, SSN, driver’s license, passport, birthday, height, weight, favorite color, and your dog’s name.

In short, the internet doesn’t need to have any of your data. It just needs a way to send you stuff.

The Vision

Auth For Me will change the conventions of the internet, putting privacy at the forefront of all web interactions, ensuring you will always control what websites and companies have access to your information. You will have control of your data. You, and your children, and your children’s children’s children.

Baby Steps

Step 1: Killing the “Sign Up”

This ubiquitous act of “sign up” or creating a “login” for every website we visit must go. According to Dashlane, The Average Person in the US has 130 password-protected intenet accounts. That study was from 2015, and we can imagine the numbers have grown. To protect our security, we’re expected to create a unique, secure, and unguessable password for each account. The new “best practice” is to create a longer “passphrase” of 15 or more characters for each login. Because that’s impossible, we just don’t. The tech savvy among us use a secure “password keeper”. The rest of us write our passwords on a notepad and shove it in a drawer.

Login fatigue is a growing problem. As we are forced to create more and more logins and accounts, we become complacent. We create passwords like “password1” (or “password111” if a website forces us to chose a longer one). The answer here is to create fewer passwords, fewer logins, and to stop giving our email outo to every website we encounter.

Here’s how Auth For Me can help:

  1. Download the browser plugin (for Firefox) and the mobile app.
  2. When a website asks you to create an account, use Auth For Me to fill in a unique, temporary email address and a strong password that it’ll save in your secure vault.
  3. You’ll never have to remember that email or password, we’ll keep it for you.
  4. You’ll be able to delete that temporary email whenever you like, and you’ll never hear from them again.

Step 2: 2-factor Text/SMS

Since 2014, many websites have been moving to 2FA, or two-factor authentication. Simply put, 2FA requires two “proof factors”: something you know (an email addresss and password) and something you have (your cell phone). This login process ensures you can only login if you have posession of your cell phone (or you are a highly motivated hacker who understands how SIM cards work). In any event, 2FA websites are going to take your cell phone number, and send you a text every time you try to login.

Of course, once you provide your real phone number, 🤷. Auth For Me can help here, too. We’ll provide a new, unique phone number that site can use to send you a text, and you’ll always get that text right away. But whenever you’re ready, we’ll delete it and that site can never contact you again.