Import

user data

from

any website

Frequently
Asked Questions

• OK, tell me what is Reclaim Protocol again?

  Sure. Here is what matters. If you use the Reclaim SDK, you can ask your users to prove certain identity and reputation they have on other websites. For example, you could ask the user to login into their bank and prove their bank balance. You could ask your user to login into Uber and prove that they've taken more than 50 rides this year. All of this happens without compromising security and without needing any change on the bank's or Uber's side. Not just Banks and Uber, you can connect to any website on the internet. Over 250 already.

• What does Reclaim Protocol do?

  Reclaim Protocol creates digital signatures, known as zero knowledge proof, of users' identity and reputation on any website. These digital signatures are computed completely on the client side. Meaning, it is private and secure. When the user shares this proof with your app, you can be certain that its authenticity and integrity haven't been compromised.

• How does Reclaim Protocol work?

  Great question. Glad you asked. Reclaim Protocol makes HTTPS verifiable. At a high level, the HTTPS request and response is routed through a network of HTTPS Proxies. These proxies provide their digital signatures to the responses sent by the websites. The user's device then generates a cryptographic proof using the encrypted response and the digital signature. This proof is that of the data that was present in the response like their bank balance or Uber rides count. If you want to learn more, you can see this non technical explanation or this technical whitepaper .

• Does Reclaim Protocol do an MITM attack?

  Well, ofcourse not. Else, we'd be in jail. But the question isn't irrelevant. Reclaim uses HTTPS Proxies that forward the users' requests and responses. These are requests that are encrypted on the TLS layer. The HTTPS Proxies on Reclaim Protocol Network do not have access to the keys that decrypt these requests and responses. To perform an MITM attack, the proxies need to have the decryption keys. You can also see a more detailed cryptographic argument here.

• What are the trust assumptions here?

  As of today, all the nodes on the Reclaim Protocol Network are run by a single corporate entity, us. So, you need to trust us that we won't provide digital signatures for requests and responses that were never made. However, soon (TM) we will be having decentralized nodes in a way that makes sure no one is capable of providing signatures for events that never happened. Here's how .

  Also, you need to trust the corporate entity that publishes the client software. This one isn't a hard trust assumption. If you don't trust the published software, you could also clone the repo and publish your own software.

• If the software is open sourced, why do I need to pay?

  You're right. You can use Reclaim Protocol without ever needing to pay anyone. You can clone the repos and run the network and clients yourself. You need to pay us only if you want to use the software we publish and maintain. We keep the softwares stable and always upto date. Additionally, we provide a suite of developer tools and managed services to make your development and dev ops as cheap as possible.

• Do my users have to install an app or chrome extension?

  No. Users can tap on a button on your app or scan a QR code on your website and they'll be guided through generating the proof on their mobile device. They do need to use their mobile phone but they don't need to install any app. Reclaim client software uses Appclips on iOS and InstantApps on Android. So, no - user doesn't need to install anything. You can try it by tapping the "Try out the demo" button on the top right of this page. You'll see what I mean :)