Your data rights are being violated. This is the fact that most of us know at this point, thanks to the Facebook–Cambridge Analytica scandal, Twitter privacy breach and other similar incidents of the past years. In 2020, people are starting to realize that their data shouldn’t be up for grabs. But how do we win it back? And what’s the core of the problem? In this article, we discuss several important aspects of the global data privacy problem, and show how Memri addresses them.
Data privacy is in the DNA of Memri, an open source digital assistant designed to help people make the most of their data. While eliminating all data privacy problems is a global strategic goal that we most likely won’t handle alone, our solution solves parts of the problem and is aimed at empowering users by giving them control over their data.
So, where is your data exactly?
The average internet user spends 2 hours and 24 minutes on social media, messaging and business communication apps each day! Facebook, LinkedIn, Instagram, Zoom, Slack, and the list goes on. Each of these services has their own rules for how this data can be used. Over the years, our data ends up in the different storage silos unique to each of these services, and here is no way to move data from one silo to another, or perform basic search across them.
What does it mean in practice? Under European or Californian privacy laws, for example, you can request all the data a company has about you and download it. If you try it though, you’ll end up with thousands of pages describing every step you made on this app. Now, you used your right to download your data, you have it, but you still can’t use any of those gigabytes of information. There’s just no way to import it in a single place and actually make it work for you.
Why would you need your data from different apps?
Every week we attend multiple events, send hundreds of messages, make notes and take pictures. While you can separately access your calendar, messaging history and photo album, there is currently no way for individuals to create a network of connections between this information. All of those are important parts of your digital self that get lost easily, or just pile up all across different applications, and are often hard to find when you need them.
- Let’s say, you attended a business event, where you took pictures, made notes, and sent follow up emails. Imagine having all this information linked to a calendar event for convenience of use, so you don’t have to desperately try and find that important contact from the cocktail party!
- Your mom asked to you to check on your grandma. You have a super busy day, a yoga class later in the night, the message gets lost in the chat — and you simply forget to (but we know you love your grandma!). Imagine simply clicking a button inside the messaging app to set a reminder for once you’re out from your yoga class.
- Your friend wants to buy new sneakers, and you saw that perfect pair while surfing the internet a month ago or so. We all know the “pulling up the archive” trouble while searching through your browser history. Imagine being able to search for images of sneakers in your browser history so you don’t have to spend ages of browsing to lists of url and find the sneakers much more intuitively.
Pretty cool, isn’t it? That’s exactly what we are building at Memri.
How does it work at Memri?
The center of the ecosystem is the Memri personal online datastore (or pod). The Memri pod is your personal server which consists of:
- A graph database we built with SQLite. Our unique setup requires a single database per user, with built-in encryption and high performance. Native graph databases don’t support these features or consume an unnecessary high amount of memory.
- A Rust server to controls your data. The data is served to front ends (like the iOS app), imported from other services (like Gmail and WhatsApp) and enhanced using machine learning (for instance, to summarize the important information from a message thread). We use Rust as it is as a safe language, which increases security when handling your data. Additionally, the low memory footprint and good performance reduces the cost for the user.
What makes it secure?
- Software
We follow the “not your keys, not your data” principle. Remember that massive Twitter attack, when hackers got control over Barack’s Obama’s, Bill Gates’, and other public accounts? That happens when the corporation has internal tools to access you data. At Memri, your data is encrypted, and only you can access it. Authentication to the datastore is implemented using a private/public key pair that only you have access to (and your friends and relatives that you can give parts of your spare key to). That means that we don’t have keys to your data — and that wherever you run the pod the hoster is not able to read your data from disk or while it is being transferred to you. - Legal backup
We have made all our development open source under the Memri Privacy Preserving License. It is based on Mozilla Public License but with an additional privacy clause requiring that everyone using this software (including us) must do everything in their power to protect the privacy of their users. Memri privacy license prevents us, as well as anyone else, from taking data from users and selling it, and we like it that way. We will never be in the business of selling people’s data. Still, we are thinking about how to create tools that users can opt into if they do want to monetize their data with specific parties for specific purposes, without compromising their privacy. - Hosting
As Memri is completely open source, you can host it on your own hardware — the safest way to run the pod. We understand self-hosting is not ideal or simply too much of a hassle for many users. We’ll offer hosting ourselves and you are free to setup it up to be hosted by third parties.
You can learn more about our approach here.
