What is a zero-knowledge app?

Security and privacy are two different things, although they often work together. Security refers to protecting oneself, property, or affairs. Privacy is the ability to control who or what can witness actions or information. ‘Zero-Knowledge’ means the servers owned by service providers are never capable of viewing plaintext data; therefore, the data may never be compromised through internal mismanagement, prying eyes, or external bodies looking to gain access.¹ It means that user data is encrypted end-to-end so that service providers can meet their customers’ needs without having to be entrusted with their sensitive personal details.

 Why it is so important for us (and for you)?

At Tapeke, we like to be fun and lighthearted, but we also take the lessons that Satoshi taught us very seriously. Privacy is a basic human need. It’s shelter. People place a high value on privacy for many normal things in society for obvious reasons, such as medical records, special letters or diary entries, competitive advantage in business, or even just getting dressed. Personal and business financial data is some of the most sensitive information there is.

Rarely is the user given choice of how vulnerable their online data is or who can access it. The right to choose who sees our most personal information and activities is an endangered species. That’s why we built a zero-knowledge habitat for Tapeke where everything in your account is client-side encrypted, and any features we might add cannot violate the high standard we have for user privacy.

 Our approach

We were inspired to design Tapeke with user choice, privacy, and a killer UX/UI anyone can use. We are so committed to user-choice that we don’t even force you to provide an email address in order to use our service. We are not in the business of selling your tastes, preferences, and contact information. We are in the business of selling clean and wonderful Bitcoin accounting software. With the tools we have today, it’s possible to create apps and services that allow even the novice to take advantage of sophisticated information security. Whether defending against thieves and scams or the prying eyes of Big Whatever, encryption is the great equalizer and decentralization (empowering the enduser) is the force multiplier. Tapeke was built to satisfy the most ardent info-sec hound, but also simple and smooth enough for the average Bitcoin user to thoroughly enjoy.

We believe Bitcoin is for everyone, no matter their age, creed, color, gender, heritage, or anything else. If you have access to the Internet or SMS, then there is only one real barrier to using Bitcoin: accessibility/ease-of-use. To help those users who aren’t familiar with encryption get started without straying too far from their comfort zone, Tapeke offers three tiers of account login options. A Tapeke account using Simple Encryption requires the familiar “username and password” for login credentials. Users that choose the Simple Encryption account will be encouraged and trained to gradually increase their account security until they’ve reached full zero-knowledge status. We want everyone to experience the feeling of being in full control of their data. Time to zero-knowledge all the things!

Simple Encryption

Your data is encrypted with AES and your password’s hash. If you forget your password, we are able to reset it for you to regain access to your account.

This option is not a zero-knowledge solution. But, it’s a great place to start for those who want to learn how to maintain better security and privacy in their online accounts.

Medium Encryption

Your data is encrypted client-side in your browser using AES before being saved in our servers. If you forget your password we cannot reset it for you, because we cannot read your encrypted data.

This option is in fact a full zero-knowledge solution, and pretty easy to use! We recommend this option for all privacy-conscious users who don’t wish to manage RSA keys.

Advanced Encryption

Your private financial details are encrypted with AES using a passphrase, which is then encrypted client-side in your browser with RSA keys before being saved on Tapeke’s servers. No one can read your data even if your password gets hacked, because the RSA keys are also needed. You can access your Tapeke account on additional devices by creating specific RSA key pairs for each one in your account settings.

This is the badass zero-knowledge option. If you like to live in the future and feel confident about taking back your privacy online, then this is the account security model for you. And, if you’re all like, “Gee, I wish I knew how to do that.” Not to worry, buckeroo. Tapeke is here to help you learn.