Privacy Policy
Your Sovereign username is 'pseudonymous'. This means it is unique but is not related to any other identifier like your phone number, email address, or payment mechanism - typically information requested by other messaging systems - which would otherwise compromise the legitimate privacy of your identity.
Sovereign collects no personal information whatsoever. Sovereign does not use cookies. Sovereign stores no third-party data anywhere and uses no data for any purpose.
Security
Three very important questions you should ask of other messaging systems that all claim to provide you privacy and security through encryption:
1.
Did I use a secret, known only to me, to generate my decryption key locally?
2.
Can my identity be compromised?
3.
Do I have complete sovereignty over my content?
In Web3, authentication is done with cryptographic keypairs - one public and one private. You can think of the public key as the equivalent of your Web2 username and the private key as your password.
Consequently, to assist you to migrate from the familiarity of Web2, Sovereign creates a 'psuedo' private key from your unique username and password.
The resultant private key is as 'strong' as the Web2 credentials you are familiar with. However, real Web3 private keys are randomnly generated and actually so unique that there is more chance of you picking the same atom in the universe as getting the same private key as someone else, by chance!
The public key is derived from the private key in a one-way process. You can share your public key for identification and for encryption without risk of revealing anything about your private key.
You authenticate yourself by signing things with your private key. You also use your private key for decryption. You can imagine, therefore, how important it is to protect your private key? But, actually it's no more important than protecting your password in the Web2 world.
Due to the asymmetry in the keypair, there is no need for third parties to keep a copy of your 'credentials' for authentication and decryption. Consequently, there is no 'registration' process in Sovereign. However, this means you are solely responsible for your keys - there is no 'reset' function. If you forget your username and password (or private key derived from them), you are locked out of your account forever. It also means you cannot change your password because that would effectively create a new account.
In summary, your Sovereign private key, used for decryption and authentication, is created locally using a secret known only to you and not stored anywhere.
Once you log in, you can see your keypair in your settings (which also addresses the issue of data sovereignty in detail) but you don't need them to use Sovereign as they are stored in a temporary, secure wallet, which disappears when you log out or close your browser. Nevertheless, it is advisable to keep a copy of them somewhere safe so that you always have access to your data, even if the app is not available.
Before you can use the app, you will have to register your username in the Sovereign directory. This unique username is subsequently used throughout to identify you and validate your credentials. It's quite straightforward (a single button click when you log in for the first time).
There is a limited number of spaces in the name service and as they are unique, those who register earliest, will get the best names. Unlike other name services, there are no reserved names. If your choice of name hasn't already been taken, it's yours for the taking!