Security Guidelines & User Privacy Whilst Using Inheriti Community Edition (Inheriti CE)

As you probably already know, our first live edition of Inheriti -the world’s first 100% multilayer, decentralized Inheritance platform- is web browser-client based driven, using JavaScript libraries that are built in order to give our users a secure way of transferring digital assets while holding custody of their assets. Nevertheless, as its client based, our users should take some security recommendations into consideration. If you desire to use a third-party platform which does not control your assets [Inheriti] and as such does not maintain the custody of your data, it’s up to you as the user to maintain full responsibility of the former. In this post, we will make some recommendations in helping you to achieve that.

1. Anti-Virus/Firewall

First of all, and really this is not a cliché, make sure you have a decent AV/firewall installed. Too many crypto-enthusiasts are dealing with crypto without having a firewall installed (personally, I advise using McAfee, Kaspersky or Sophos. Not that others can’t be useful or aren’t secure, I’m just sharing those with which I know large institutions work with, and with which I have personally experience with).

2. Browser

Use a web browser that has built-in sandbox capabilities, like google Chrome or a Chromium-based engine browser. Sandboxing is a technical term meaning to separate processes out into independent spaces to see how they function individually. Chrome handles its workload as a series of multiple processes rather than as part of one large browser process. Each time you open a Web page, Chrome launches one or more new processes to run the scripts on that page. Also, each Chrome extension and app runs in its own dcprocess. Chrome implements sandboxing through its multi-process architecture. Microsoft uses a Chromium-based engine for their own Microsoft Edge browser. Edge uses a similar engine, but this doesn’t mean that Microsoft is following the same security guidelines, as Google Chromes is licensed under proprietary software, also known as non-free software or closed-source software. For Inheriti this is very good, as we need a Chromium-based browser for our Community Edition, as this type supports our very own Chrome extension, Comet and the Webauthn specification which is needed to support our SafeKey FIDO2/SSDP devices. Now you can say Firefox also supports Webauthn and though you may be right, Firefox does not support Comet. We will come back on this later on within this article, see chunk size for SafeKey data transfer…

· 2.1 Google Chrome security flag & Sandboxing

Based on the Chrome version you are using (the latest will certainly have these enabled per default) make sure the following features/flags are enabled in your browser, but just in case type chrome://flags in the URL bar

Strict Site Isolation (please note that this setting increases memory usage by about 10%)

When you enable site isolation, content for each open webpage (tab) in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional boundary between websites.

If you want to read more In-depth about the sandbox functionalities of Google Chrome, please visit https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

· 2.2 Make sure your browser is updated to the latest version. At the time of this writing, Chrome was running version 84 which contains a number of fixes and improvements.

3. Comet Wallet Extension

In the Community Edition of Inheriti, we have integrated our own SDK’s which are written to support web3 (Thorify) and the standard connex interface APIs. The current Comet version that you can download does not pass the BDD tests for connex client implementation yet, but will be soon. This said, our Comet Extension 0.2.10.9 gives us a smooth and secure wallet/transaction signing and is working just fine. Inheriti is 100% decentralized through leveraging Comet.

Some advantages by using Comet for a Key management perspective:

· Private keys are stored on the client browser, we don’t own them

· Comet handles User Authorization

· Comet only provides account information after user authorization to protect user privacy. When Inheriti (or any other dApp) requests access, the user will need to authorize this action

· Account (blockchain) management and transaction signing is managed locally in Comet, and not Inheriti.

4. SafeID

As you certainly know, we have several decentralized applications (see https://safehaven.io for more information) so we’re in the need to create a one-stop centralized user management system in order for our users to create one login, to rule them all. SafeID (https://id.safetech.io/) provides our users with a one-time registration to be used across all Safe Haven & SafeTech platforms [SSO].

5. SafeKey Cold SSDP Related Data Storage & FIDO2 Device

SafeKey provides Inheriti the multi-layer approach that we are aiming for; Blockchain being the first and cloud the second. SafeKey provides the maximum decentralization that a platform can be in conjunction with providing FIDO2 functionality on the side. If you want to read more about our SafeKey and what it can do, please visit https://docs.safetech.io for more detailed information and how it fits in our platform. I do not go far into details within this post (as from a security point of view) -you don’t have to manage anything; we have dealt with that-. Nevertheless, a dedicated post will be written in order to highlight the why’s and the how’s of this magnificent piece of the puzzle [Inheriti eco-system].

6. What data do we store or own in the Community Edition as a company/organization?

SafeID:

  • ID
  • Username
  • Email
  • Last Name and First Name

Inheriti:

Your created protection plans…

  • Smart Contract Address (store factory)
  • Plan ID
    - Name (public to Beneficiaries)
    - Plan Description (public to Beneficiaries)
    - Plan Notes (private to Initiator)
  • Date of creation
  • Whether or not you are accepting shares

Plans including you as a shareholder…

  • Smart Contract Address (store factory)
  • Plan ID
    - Name (public to Beneficiaries)
    - Plan Description (public to Beneficiaries)
  • Date of creation
  • Whether or not you are accepting Shares

Beneficiaries:

  • ID
  • Name
  • Email

· Your Private Data: We do not hold ANY critical data besides the…

Passphrase to decrypt the validator’s share that is sent to the Merge Authority client browser, once the Dead-Man Switches’ conditions are met and the Private Key is loaded from the SafeKey.

(if you would like to know more in detail of how it works, please go read the simplified How-to (https://docs.inheriti.com/3%20Platform/#how-it-works-simplified)

Conclusion

· Use a legitimate and verified Anti-Virus/Firewall program

· Use a sandboxed compatible web browser & check your parameters

· Use Comet

· Use SafeKey

· & stay safe…

Much More is About to Come In the Standard & Business Edition of Inheriti