Small Grants SecureSphere: Decentralized Password Management and Breach Monitoring

Name of the organization or individual submitting the proposal: Hani from SecureSphere

Describe your project: SecureSphere is a groundbreaking project aimed at providing both individuals and businesses with an advanced password management and breach monitoring solution. Leveraging decentralized storage technology from the Sia network, SecureSphere ensures unmatched security, privacy, and data ownership.

Our MVP includes a mobile app and browser extension that combine cutting-edge encryption protocols and real-time breach monitoring to help users safeguard their credentials and sensitive information. This project addresses the urgent need for robust protection against data breaches and unauthorized access in today’s digital landscape.

Key Features of the MVP:

  • Encrypted password storage powered by client-side encryption.
  • Real-time monitoring of data breaches with proactive alerts.
  • Cross-platform functionality with a seamless mobile app and browser extension.
  • Utilization of Sia’s decentralized storage network for secure password management and rentals.

This small grant proposal focuses on creating the MVP to validate the concept, with plans to expand into a full-fledged platform post-MVP. The full project will include enhanced features tailored to privacy, encryption, and enterprise-level protection, ensuring users have a comprehensive shield against data vulnerabilities.

How does the projected outcome serve the Foundation’s mission of user-owned data? The goals of SecureSphere align closely with the Sia Foundation’s mission of advancing user-owned, private, and accessible data storage:

  1. Promoting Data Ownership:
  • Encryption occurs on the user’s device, giving them sole control over their sensitive credentials.
  1. Leveraging Decentralized Storage:
  • SecureSphere uses the Sia network for password storage and rentals, eliminating the reliance on centralized servers vulnerable to breaches.
  1. Fostering Innovation:
  • Open-sourcing the password storage functionality empowers developers to integrate decentralized storage into their solutions, fostering a vibrant ecosystem.
  1. Expanding Sia’s Use Cases:
  • This project showcases Sia’s potential in data security and credential management, broadening its market relevance.
  1. Ensuring Accessibility:
  • The cross-platform approach ensures SecureSphere is user-friendly and accessible to a diverse audience.

Grant Specifics

Amount of money requested and justification with a reasonable breakdown of expenses: We are requesting $9,800 to build the MVP. The funds will be allocated as follows:

  • Task 1: Encryption and Secure Storage Integration – 3 Weeks
    • Development Resources: $2,800
    • Develop client-side encryption and integration with Sia’s rental storage for password management.
  • Task 2: Password Manager Core Features – 3 Weeks
    • Development Resources: $2,600
    • Implement password generation, search, and secure sharing features.
  • Task 3: Breach Monitoring and Notification System – 2 Weeks
    • Development Resources: $2,200
    • Integrate a breach monitoring API and develop the alert mechanism.
  • Task 4: User Interface Design – 2 Weeks
    • UI/UX Design: $1,600
    • Design a simple and intuitive interface for the browser extension and mobile app.
  • Testing and Optimization – 1 Week
    • QA Testing: $600
    • Conduct thorough testing for functionality, security, and usability.

Total: $9,800

We cannot provide grants to residents of jurisdictions under increased FATF monitoring, those that have active OFAC sanctions, or those that fail our bank compliance tests. We also cannot provide grants if your payment bank account is located in those same locations. Please review the following list.

Are you a resident of any jurisdiction on that list? No

Will your payment bank account be located in any jurisdiction on that list? No

What are the goals of this small grant?

  1. Deliver the MVP:
  • Create and test a working prototype with essential features for password management and breach monitoring.
  1. Demonstrate Practicality:
  • Showcase Sia’s decentralized storage capabilities in protecting user credentials.
  1. Encourage Community Adoption:
  • Provide an open-source password storage library for developers to build upon.
  1. Validate Market Demand:
  • Engage with early adopters to gather feedback and improve the product for a larger-scale rollout.

Potential risks that will affect the outcome of the project:

  1. User Adoption Barriers:
  • Users may hesitate to transition to a decentralized solution.
  • Mitigation: Simplify the onboarding process and create educational content.
  1. Technical Complexity:
  • Achieving seamless storage and breach monitoring integration may require extensive testing.
  • Mitigation: Allocate adequate resources for debugging and optimization.

Development Information:

Will all of your project’s code be open-source? Yes, we will open-source the password storage functionality to ensure transparency and foster innovation, aligning with the principles of decentralization and user empowerment.

Code Repository Link: The link will be shared upon commencement of development and grant approval.

SecureSphere aspires to revolutionize data security by ensuring every user and business has the tools to protect their digital assets effectively. This MVP is a vital step toward a future where privacy and encryption are fundamental rights rather than optional features.

Email: [email protected]

I am glad to see someone try to finally tackle a password manager :D. Its something I really want to see!

Question: will you be trying to talk to renterd directly or use S5/IPFS. My opinion is this makes the most sense if you were to build on S5 and be a companion app to Vup in a way, because it would be less useful currently if every user had to manage their own renterd instance too.

And while I personally think starting with an extension & mobile app is fine, I would love to see this as a desktop/webapp 1st as I personally use Bitwarden/Vaultwarden, and I kind of feel it is a good product to take inspiration from. Another one which you may have seen is https://liso.dev.

Another thing to consider is building with https://webxdc.org/ in mind since Vup (from @redsolver) will be supporting this.

Overall this is just some feedback/ideas to help.

Kudos!

1 Like

Thank you so much for the feedback and ideas! It’s great to hear that there’s enthusiasm around a password manager with a focus on security and privacy.

Regarding your question about S5 vs Renterd, our plan is to offer both options to users during the setup process. This way, users can choose the storage solution that best fits their needs and preferences. For example, S5 (Sia) will be available for those who prioritize decentralization and full control over their data, while Renterd will provide a more streamlined, user-friendly option for those who prefer a simpler experience. We want to ensure that users have the flexibility to choose what works best for them.

As for the desktop/web app, I completely agree that it’s a key next step after our MVP. The mobile app and browser extension will be our first release, but we have plans to expand into desktop/web apps to offer a more comprehensive solution.

Regarding liso.dev and other competitors like Bitwarden/Vaultwarden, I’ve already analyzed these projects, and our approach will be focused more on privacy encryption and breach monitoring. After the LastPass breach, I was motivated to develop a more secure solution that goes beyond just password management. This project has been in my mind and research for over a year, and the MVP is just the beginning. I’ve worked extensively as an IT consultant for banks, so security is at the core of everything we’re building. Our ultimate goal is to bring Sia technology from individual users all the way to business-level banking solutions.

This is only the start, and we’re excited to offer a highly secure, privacy-focused product that leverages the power of Sia. We appreciate your support and feedback!

I think you got those inverted… lol. renterd requires you to run your own node, manage contracts/money etc, and S5 would enable cloud hosting (like Lume) and P2P syncing.

And I see the most value from this through S5 personally (and if integrated into Vup later, can possibly use its account system? idk). That is how I would be immediately using this once all legos are ready (I still have work to do myself).

And I moved to bitwarden after lastpass so I 100% get your POV.

Also, FYI, you might want to double check the grant request template as you missed some info. See Sia - Grants

Thank you for your feedback! I appreciate the clarification regarding Renterd and S5. You’re absolutely right—S5 offers cloud hosting and P2P syncing, making it a much more practical and user-friendly option for most users. Meanwhile, Renterd provides the control and customization needed for advanced users who want to manage their own nodes.

To address this, we plan to include both options in our setup. This way, individual users can benefit from the simplicity of S5, while businesses and enterprises with specific needs can leverage Renterd for maximum control. Our goal is to ensure flexibility while maintaining a seamless user experience.

I also had the chance to learn more about Lume, and it’s truly an inspiring project. Your vision of using P2P technology to tackle access issues and empower users with ownership of their data and content aligns closely with our philosophy. I’ll definitely explore if there’s a way we can leverage Lume within our solution. Integrating with platforms that share a commitment to privacy, decentralization, and user freedom is a priority for us.

As for your thoughts on Bitwarden, I completely understand its appeal after the LastPass breach—it’s a robust solution. However, our approach aims to build on this foundation by incorporating breach monitoring, enhanced encryption and decentralized storage (In the final product) to create a security-first tool that serves both individuals and businesses.

Thank you again for your insights—they’re invaluable as we continue to refine our approach and ensure that SecureSphere aligns with both user needs and the broader goals of the Sia ecosystem.

Thank you for the note! I double-checked the grant request template and couldn’t identify any missing information. If there’s something specific that I overlooked, I’d appreciate it if you could point it out.

We cannot provide grants to residents of jurisdictions under increased FATF monitoring, those that have active OFAC sanctions, or those that fail our bank compliance tests. We also cannot provide grants if your payment bank account is located in those same locations. Please review the following list.

Are you a resident of any jurisdiction on that list? Yes/No

Will your payment bank account be located in any jurisdiction on that list? Yes/No
Contact info
Email:

Any other preferred contact methods:
1 Like

I’d like to bring in some clarity.

It may look like answering those two questions about the residency and/or the bank with a “yes” would automatically bring the proposal to a rejection. And, unfortunately, it will.

The thing is that, if both questions are deceivingly answered with a “no”, and even if the Committee approves the proposal, it will surely become clear at the onboarding stage, so it ultimately will be a waste of time for both the Committee and the author of the proposal.

Speaking from my personal point of view, I regret that we have to do this, but at the end of the day, it is the legal entity of the Foundation who pays the money, and they have to comply to the laws.

Also you may want to ask Kino if you can’t do it yourself to fix the typo in your post title Small Grands (its grants, not grands :P)

1 Like

Thank you for the clarification. I can confirm that neither my residency nor my bank account is located in any of the listed countries, I added that to my proposal

Lume as a project has done several experiments in the past, but moving forward the project is more immediately focusing on hosting (long term goals are a long ways off). IPFS is already supported, S5 will be next. So, as long as a supported P2P protocol (these are actually plugins to the portal) is used for your app, a portal node can be used to host the data.

Kudos.

Thank you for the detailed explanation. It’s great to hear that Lume supports IPFS and is planning to integrate S5 next. This aligns perfectly with the flexibility we aim to provide in our app. We will ensure compatibility with supported P2P protocols, enabling users to take advantage of portal nodes for data hosting. This modular approach fits well with our vision for offering secure and decentralized options.

Update on SecureSphere Project

Happy New Year to the entire Sia community!

After extensive research and consultations with industry experts, I am excited to announce that SecureSphere will be my main and full-time project for 2025. Here are the latest updates on the project’s progress and future plans:

Formation and Team Expansion

  • I have begun the process of establishing a dedicated company for SecureSphere to ensure the project’s growth and sustainability.
  • I am actively seeking a UI/UX designer and developer to join the team and help bring our vision to life.

Expanded Vision Beyond the MVP

The initial idea has grown significantly, and we are working toward broader applications following the release of the MVP:

  1. Hardware Password Manager for Individuals:
  • A physical device that securely stores passwords.
  • Fully synchronized and backed up using Sia S5 decentralized storage.
  1. Enterprise Hardware Solutions:
  • Data storage and password management hardware tailored for businesses.
  • These devices will also leverage Sia’s decentralized network for synchronization and storage.
  1. Advanced Data Breach Detection System:
  • We are developing a system to scan the dark web, hacking forums, Telegram channels, and other sources for data breaches.
  • This system will compare detected breaches against data saved in the password manager.
  • Open API: While the system itself may not be fully open-source (due to legal and security concerns), we plan to offer it as an API for developers to integrate into their solutions.

Key Differentiators

  • Data Ownership: The use of Sia’s decentralized storage network will remain at the core of SecureSphere, reinforcing our commitment to user-owned and private data.
  • Future-Proof Vision: By integrating hardware solutions and decentralized technology, SecureSphere aims to redefine the landscape of password management and data security.

We are confident that these developments will make SecureSphere a standout project in the data security space. I look forward to sharing more details about the technologies, hardware devices, and our roadmap as we finalize the MVP and move forward.

Together, we can build a more secure and privacy-focused digital future.

Thanks for your proposal to The Sia Foundation Grants Program.

After review, the committee is requesting some additional information regarding your proposal:

  • You state in your initial proposal that all code will be open source, but then later in your update state that it will not be. Fully open-source code is a requirement for funding under the grants program.
  • Do you have any proof of past development work, like a completed project or Github repo?
  • In your latest comment, you mentioned that you will be working full-time on SecureSphere. Have you secured other funding to allow this?

We’ll keep this in the Proposed section while we await your response. Thanks again for your proposal.

Thank you for taking the time to review my proposal and for providing valuable feedback. I truly appreciate the opportunity to clarify and address the points raised.

  1. Open Source Commitment
    I would like to confirm that all the code for SecureSphere will be fully open source as per the grant program requirements. I apologize for any confusion caused by my previous update. I have consulted a legal expert to ensure that the project complies with GDPR and other relevant data protection regulations. Adjustments to the data collection policy will reflect this compliance while maintaining the transparency of the open-source commitment.

  2. Proof of Development Work
    While I do have a proof of concept to demonstrate my past development work, these projects are not open source. However, I am happy to share them privately with the committee for evaluation purposes. Please let me know the best way to proceed with this.

  3. Full-Time Commitment and Funding
    I am fortunate to have passive income that covers my personal expenses, allowing me to dedicate myself fully to SecureSphere. The grant funding will be specifically allocated to employee salaries and hiring freelancers to accelerate the development and delivery of the project.

Thank you once again for your consideration. I remain committed to creating a meaningful and impactful open-source solution and look forward to your guidance on the next steps.

As a follow-up to my earlier reply, I’d like to share my LinkedIn profile for additional context about my professional background and experience:

https://www.linkedin.com/in/hani-h-899bb181/

Please don’t hesitate to reach out if you have any further questions or need more details. I appreciate your time and consideration.

Thanks for the info @Hani.

However, I am happy to share them privately

Please send whatever you’re able to share to [email protected]. We’ll be re-reviewing the grant and your responses at the next meeting on January 21st.

Thanks for the update! I’ve already sent the email with the requested details. Let me know if you need anything else before the review meeting on January 21st. Looking forward to your feedback!

Thanks for your proposal to The Sia Foundation Grants Program.

After review, the committee has decided to approve your proposal. Congratulations! They’re excited to see what you can accomplish with this grant.

We’ll reach out to your provided email address for onboarding. Onboarding can take a couple of weeks, so prepare to adjust your timelines accordingly.

1 Like