I spoke with the founder of a biometric ring company last night.
I have always been curious to try one, but I absolutely do not want to surrender my data.
After we spoke he understood my concerns and asked me if I could help him implement a solution. I genuinely have no idea where to begin with that.
Is anyone reading this technical enough / interested in talking with him about possible solutions? #asknostr
yeah. you. youre the perfect person to do it. just based on this note alone.
Thanks brother. The reality is I have lots of desires for what the product will do, but little conceptualization of how it would work or what would be required.
If he gets me in touch with his technical guy I may be able to get something going.
In any case I sparked the thought in him. He wants to be the first company on the market that protects their biometric data.
thank you β€οΈ excited to hear what comes of it.
How complicated it is depends on how their infrastructure is built. I know everything fitting in the phone app is unreasonable for the features of a modern tracker. With that constraint, the ideal privacy option for a health tracker in my mind is this.
They offer a docker container that emulates their server infrastructure.
When I log in I have the option to point to their cloud or my server.
I have the option to share with their cloud also if I want to for features that truly require their compute such as the AI assistant that Oura offers. Only features that truly can't be self hosted should be cloud only.
Existing customers should have the option to export their data from the cloud to their computer including deleting cloud data if desired.
Even if none of that is possible short term, more plain English disclosures and agreements with granular control over who saw my data would help.
I am a hesitant customer of Oura. It truly helped me with a long term health issue I was having and I believe that market can help others like me. I do have concerns about the privacy issues of giving them all that data but I chose to take the risk because I was having an issue I couldn't figure out. I'd be happy to help if I am able.
Yeah I like this solution because it doesn't force complexity on people who don't want it, but provides flexibility. I'll forward it to him.
Thanks for taking the time to respond π€
The only safe solution is to not store or transmit any biometric data.
Rather, the device should encode and hash the data, then securely transmit that to be stored on servers.
Biometric data alone is pretty benign.
It's when it's connected to your identity or location that it gets concerning for me.
Nostr proves that you can be identified without needing to provide any personal information. It would be trivial to use an nsec/npub for users as an option to log your biometric data.
I like the idea. Wouldn't know how to implement it in code though. Also all the data would be public and that's probably not great.
The example I gave him was that it would be pretty easy given enough time to match someone's biometric data with their identity through phone calls, texts, credit cards, flights. If it were public that would be much easier.
I'm not saying you need Nostr or relays to communicate the data but you can use the same private & public key logic for sign up & login.
It can all still been hosted privately on someone's server. What they aren't hosting is your phone number or email address.
Ah I see. Interesting application of nostr.
I wonder if we'll see more private uses of the tech at some point.
I'll mention nostr to his tech guy if I get in touch with him
#ZKproofs
