TEA Project: Unstoppable + Private Apps

Tea Project Blog
5 min readJul 14, 2022

--

Who’s watching when you use your social networking apps?

There was recently a concerning story that BuzzFeed broke about how TikTok’s parent company ByteDance had been accessing US user data. This was not only went against their stated service agreement, but the data collection was being conducted in China. It has long been the fear of US politicians that China’s government would start analyzing US user behavior on the app. Beyond just giving the Chinese government a blueprint of how young Americans’ think, they also worry that China could use this data to force ByteDance into making their AI-matching algorithm more manipulative.

According to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users.

What’s also troubling is how US staff didn’t have permission or knowledge of how to access the data on their own. This suggests that Bytedance privileged their China offices to have access above their US offices.

ByteDance sought to correct this data leak through an initiative to ensure that all US user data stayed within the United States:

Project Texas is key to a contract that TikTok is currently negotiating with cloud services provider Oracle and CFIUS. Under the CFIUS agreement, TikTok would hold US users’ protected private information, like phone numbers and birthdays, exclusively at a data center managed by Oracle in Texas (hence the project name). This data would only be accessible by specific US-based TikTok employees.

But what if we don’t want centralized servers hoarding our private data going forward? That’s a solution that the TEA Project is offering, a move to Web3 decentralized hosting where private user data is decrypted only within a protected enclave.

And there’s also this revelation:

A director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.”

In the TEA Project, no one “super user” has access to any user data running within the protected enclave of a randomly selected hosting CML. We can certainly conjecture about some possible breach points in the TEA Project tech stack:

  • Could a miner look into what’s running inside their node? That wouldn’t be possible as it would require them to have the private key to the onboard TPM chip of their mining machine.
  • Could IPFS itself be breached? IPFS is emerging as fundamental “pipes” for the emerging Web3 ecosystem, so the entirety of Web3 would be in serious trouble if IPFS was somehow compromised. But even if there was discovered a way to hack into IPFS and decrypt in transit, the perpetrators would still need to know where to look for where the data is heading to. That information isn’t available to human in the TEA ecosystem.

The Best Solution is No Human Involvement

One of the takeaways of this TikTok situation is that if the data is valuable and humans can breach it, they will eventually find a way to access private user data. Humans are very complicated creatures with various motivations. Do you really want their whims to decide whether your data stays safe or not?

There was recently the issue where Salesforce employees wanted to withhold their software from the NRA because of their stance on gun control.

Whatever your politics, we believe that human’s shouldn’t be dictating who has access to any particular app. Even if you believe in this particular issue and that the NRA shouldn’t have access, you can now see how the other side is criminalizing period tracking apps for birth control purposes. It’s a never-ending battle of censorship once human political factions get involved.

TEA Project: No Humans Have Any Knowledge of What’s Running Inside

The TEA Project tech stack is designed to run autonomously and are therefore “unstoppable”. Sure there are miners needed to provide the fundamental architecture and developers to build the TApps, but once those factors are in place the TEA Project provides a secure, inviolable environment for both code and data to execute.

The TEA Project’s layer2 <-> layer1 host layer communication ensures that the enclaves haven’t been tampered with and that the execution environment is safe from any prying eyes. The TEA Project philosophy is that if the execution environment can be trusted, then the computation result can as well.

We know how TikTok works and how their practice of storing private data on centralized servers leads to all sorts of privacy concerns. Let’s contrast that to our flagship social networking app on the TEA Project network, TEA Party.

When using the TEA Party, we can ask who besides the user enjoying the app knows anything about this user’s data?

  • The developer deploys their code and when accessed by the user it’s done so on a random node. The developer doesn’t even know where in the network their code is running so even if they could somehow access the machine they wouldn’t know where to find it.
  • The miner who’s been chosen to run the user’s operations will not be notified when the code + data are running in their node. They’ll only know after the fact when they’re paid for their hosting service. And even if they could hack into their machines, the on-board TPM would notice this and they’d be kicked out of the network when they’re checked during the next round of attestation.

What do you think of our “zero-knowledge by humans” design of our tech stack? Let’s continue the discussion in our Telegram: https://t.me/teaprojectorg

-

--

--