In May 2019, Tide.org announced it would give a Bitcoin to anyone who could hack into their decentralized blockchain database of usernames and passwords. They were even so kind as to offer hints and help. However, over the course of three months and more than 6.5 million attempts, not one hacker managed to break through their security. Why? Splintering.
What is splintering?
Splintering is a pretty groundbreaking approach to password protection. The encrypted passwords are split into tiny pieces and then distributed across a decentralized blockchain setup. This means that for a hacker simply cracking one password is tough – so tough that in 6.5 million attempts it wasn’t achieved even once – so cracking a whole set is perhaps not impossible, but certainly a much bigger hurdle to overcome for bad actors. This is an important factor, as it is often the case that once databases of credentials find their way onto the black market, all of the passwords have been decrypted.
In order to test how well splintering worked, Tide.org used a database of credentials harvested from LinkedIn in a previous breach. The most common type of attack, a so-called “dictionary attack”, was 100% successful at breaking into this database. Odds that, after splintering, dropped to a mere 0.00072%. An improvement of 14,064,094%. It’s no surprise, then, that splintering is so potentially exciting!
In a blog post on the topic, Tide.org’s co-founder Dominique Valladolid says:
“The Tide Protocol is intended to be a global standard to power a sustainable personal data ecosystem. It will help organizations maintain privacy compliance, mitigate risks posed from data breaches and improve their trust with consumers to do better business. It enables data seekers to access permissioned, highly-relevant and motivated audiences. Most importantly, it puts consumers in control of their data, who has access to it and why, and — if they agree to trade it — share in its monetization.”
When it’s released, the open source project will be distributed free.
As the above quote hints, the Tide Protocol is only a small piece of what Tide.org is trying to achieve. While this blockchain innovation could significantly improve data security, they have their sights set on even bigger goals.
Co-founder Dominique Valladolid also said, “we believe personal data is everyone’s business and that we can ultimately make privacy profitable.” And this is the full vision of Tide.org: to put the true value of your data into your hands, instead of letting companies benefit from it. Across their website, bold statements such as “$Billions are made selling our personal data. Your share? Likely $0.” and “Privacy is more than a human right, it’s your asset.” can be found.
They describe themselves as a “not-for-profit, community-driven foundation creating a new global personal data economy.” It certainly sounds lofty, and the case-studies on their website make for a compelling case. Whether or not this is pie in the sky, or a true data revolution in the making, we’ll be keeping an eye on this project from now on!