Transporting data across a network is essential for any piece of software. However, most of the existing transport technologies and methods create multiple risks regarding data security, client anonymity and metadata exposure. Modern centralized applications are fast and convenient, yet, they achieve that at the cost of users’ privacy. We believe that making data security and user privacy a foundation of an open-source product (especially in web3) is essential for building trustworthy solutions and ecosystems with engaged communities.
This paper presents BAMM, an open-source layer 3 transport protocol that uses a distributed network of servers and an onion routing protocol to send end-to-end encrypted data with minimal exposure of user metadata across the transport network. Therefore, all products built on BAMM will employ a flexible and reliable data transport solution by default.
Building any web or native application is impossible without having a data transport solution. This immediately creates risks related to exposing both the transported data and clients’ personal data.
Freenet and Tor are some well-known and popular solutions for transporting data. These are commonly used both in centralized and decentralized products and usually focus on message encryption. While such methods are flexible and work fine for protecting message content, they completely leave out metadata security. They also don’t provide means for monetizing computing resources (unlike blockchain) which limits their growth but allows them to omit service node requirements for service quality and reliability.
Blockchain, on the other hand, has become extremely popular in part due to its computing resource monetization opportunities. We bring the key features of classic transport solutions to blockchain to enrich them with a huge monetization potential.
Another issue with most of popular applications is their centralized nature. Centralized applications, also known as “server-client” applications, are those in which data and functionality are controlled by a central server or servers. These applications often collect and store large amounts of personal data, such as IP or phone number, browsing history, and communications. This data can be vulnerable to breaches, either through hacking or through access by unauthorized parties.
Additionally, centralized applications may also use this data for targeted advertising or other forms of data mining, which raises privacy concerns. The collected data may also be subject to government surveillance, censorship, and other forms of control. This approach leads to the state- or corporate-level actors using metadata as a method of tracking user activity or even to security breaches due to the use of third-party services. Overall, the privacy problem with centralized applications is that user data is controlled by a single entity, which can lead to potential misuse and lack of control over personal information.
Decentralized applications, on the other hand, rely on a decentralized architecture, meaning that there is no central point of control or storage for the data. This can provide several benefits for privacy and security.
First, decentralized apps can offer greater protection against data breaches and hacking. Since there is no central server storing all of the data, it is much harder for an attacker to gain access to large amounts of personal information. End-to-end encryption can be used to protect the confidentiality of the transported data, meaning that even if an attacker were to gain access to the data, they would not be able to read it.
Second, decentralized apps can provide greater protection against government surveillance and censorship. With centralized apps, the company running the service may be subject to requests for user data from government agencies, or may be forced to comply with censorship laws. With a decentralized application, there is no central point of control, making it much harder for governments to monitor or censor communications.
Third, users have more control over their data. In centralized applications, the company that runs the service controls and stores the users’ data, which can be used for various purposes such as targeted advertising. With decentralized messengers, the data is distributed among the users, which gives them more control over how their data is used and shared, , which is a fundamental right in the digital age, especially in the web3 world.
Mobile phone numbers are often used as a form of authentication, especially for various online services, including messaging apps and social media platforms. This means that someone who has access to a person’s mobile phone number can potentially gain access to their accounts on those services. One common way that mobile phone numbers can be used to steal someone’s account is through SIM swapping. This is a type of fraud in which an attacker convinces a mobile phone company to transfer a victim’s phone number to a SIM card that the attacker controls. Once the attacker has control of the victim’s phone number, they can use it to reset the passwords for the victim’s accounts and gain access to them.
Another way is phishing, where the attacker sends a message to the user pretending to be a trustworthy entity and asking for personal information such as the mobile phone number and password.
BAMM is a response to these growing concerns. It provides means to move data across the P2P network securely, allows users to control their own content and metadata, and build independent communities.