Looking back on 2022-2023: Two Years of Security Consulting and Product Development

Our work is more than a business for us: We see it as an avenue to advance the use of distributed technologies that empower users, especially their ability to control their own data, since privacy is a human right. These numbers demonstrate how our years of experience can directly contribute to the secure design, implementation, and adoption of Web3 technologies.  

In 2023, we completed 52 security audits and have published 25 of those reports as of this writing. As a result, we passed the milestone of having published over 100 of the more than 200 audits we have completed in the past 9 years. It was only in 2021 that we had reached the milestone of completing our 100th audit, so the last two years have been not only our most productive, but also our most transparent. This particular achievement belongs as much to our clients as it does to us and is a testament to the growing understanding that security, along with showing a commitment to transparency, is more important now than ever. 

In January of 2023, we officially announced the launch of PrivateStorage to the public and delivered a new technology called zero-knowledge access passes (ZKAPs), delivering on the ZKAPs design outlined in our white paper, published in 2021. Using zero-knowledge proofs, we prevent the connection between the payment process personal information and the data we have about the usage of the storage service. User’s privacy is fundamental to our products and no one can read the data stored on the servers, not even us. Also in 2023, we added a multi-device synchronization feature and built a mobile application to further improve the usability and value of the service. 

Furthermore, 2023 has also been a pivotal year for the wider recognition of capability-based security, beyond the use of blockchain private keys. We were honored to support the secure development of MetaMask Snaps using Agoric’s Hardened JavaScript. Our experience with capability-based security is not limited to our security consulting skills; we have been long-time contributors to the development of open source capability-based systems, like Tahoe-LAFS. Our product, PrivateStorage, utilizes Tahoe-LAFS cryptographic capabilities to provide a secure, distributed, fault-tolerant, distributed data store and distributed file system. 

Recently, we were excited to introduce Privacy Reviews in collaboration with Castlebridge, renowned for their strategic data services, reflecting our belief in empowering users and ensuring responsible data handling. Through our holistic approach to Privacy Reviews, we aim to bridge the gap between technical, regulatory, and societal impacts. We envision this collaboration benefiting our clients and, by extension, the users of their systems, fostering genuine transparency and increasing user confidence.

While our headquarters are located in Berlin, we are an international team working on global systems. To further expand our business network, we completed the German Accelerator Market Access Asia program based out of Singapore and established a partnership with Bluebik Titans Company Limited (BBIK) in Thailand. German Accelerator is a private organization that supports German startups with international expansion. We received mentorship from a distinguished group of experienced professionals in the region and took advantage of several networking opportunities. With Bluebik Titans, a leading consultancy on end-to-end digital transformation, we will support their new smart contract audit service to further engage with clients in the Asian market. 

Although we released the MoonMath Manual, a guide to zk-SNARKS, in 2022, two updated versions were released in 2023 as we implemented the suggestions and improvements provided by the zero-knowledge community. In addition to having been downloaded more than 6,000 times, it has been adopted by study groups as a way to learn the building blocks of zero-knowledge proofs. 

Introduced in the second half of 2022, we launched two new file transfer applications; , Winden, a free-to-use web application, and a desktop application named Destiny.  In 2023 improvements were made to Destiny by making it available for use across a wider range of operating platforms. And on a final note about important work we accomplished in 2022: we investigated the use of the Magic Wormhole protocol with Dark Crystal as a social backup tool

These accomplishments underscore our commitment to transparency, security, and innovation with privacy enhancing technologies. Publishing more than 100 security audit reports, of the more than 200 reviews we completed, is an accomplishment shared with our clients, enhancing security in the rapidly evolving landscape of decentralized applications. Our vision extends beyond business; it is about advancing distributed technologies that empower users to control their data, aligning with our belief in privacy as a fundamental human right. Pivotal developments, from supporting MetaMask Snaps to launching PrivateStorage with zero-knowledge access passes (ZKAPs), showcase our diverse contributions to capability-based security and privacy-centric products. Our partnerships, including the recent collaboration with Castlebridge for Privacy Reviews, exemplify our continuous dedication to the advancement of privacy in technology. 

We look forward to accomplishing more impactful contributions to security, privacy, and decentralized technologies in 2024.