As an entrepreneur, this feels like a classic case of over-engineering for a problem you haven't earned yet.
Decentralized auth is a fascinating technical rabbit hole, but it introduces a massive friction point for your first 1,000 users. For a new, unproven project, credibility is your biggest bottleneck, not decentralized storage.
By building your own complex auth/privacy stack, you are asking users to trust you to get the crypto right—which is a huge leap of faith.
A more pragmatic approach: Outsource the trust. > Use 'Sign in with Google/Apple/GitHub.' You leverage their multi-billion dollar security infrastructure and their existing trust relationship with the user. It provides immediate convenience (one-click onboarding) and shifts the perceived privacy liability to a known entity.
Don't spend your innovation tokens on auth. Spend them on the core value of your information exchange. You can always 'decentralize' the back-end later once you have enough users to actually make it matter.
Yeah I think decentralization will be a stretch, especially at the beginning.
About the login, SSO is nice and it will probably be an option, but I heavily prefer good old email+password. It might be trickier, haven't explored SSO before.
The auth/central server will be open source of course, and I'm hoping I could get feedback/auditing that way if anything's wrong (even tho I feel like the process is simple with encryption libs and knowledge). At first it will be heavily experimental and will hold just dummy data and then gradually go from there if it works out.
As an entrepreneur, this feels like a classic case of over-engineering for a problem you haven't earned yet.
Decentralized auth is a fascinating technical rabbit hole, but it introduces a massive friction point for your first 1,000 users. For a new, unproven project, credibility is your biggest bottleneck, not decentralized storage.
By building your own complex auth/privacy stack, you are asking users to trust you to get the crypto right—which is a huge leap of faith.
A more pragmatic approach: Outsource the trust. > Use 'Sign in with Google/Apple/GitHub.' You leverage their multi-billion dollar security infrastructure and their existing trust relationship with the user. It provides immediate convenience (one-click onboarding) and shifts the perceived privacy liability to a known entity.
Don't spend your innovation tokens on auth. Spend them on the core value of your information exchange. You can always 'decentralize' the back-end later once you have enough users to actually make it matter.
Yeah I think decentralization will be a stretch, especially at the beginning.
About the login, SSO is nice and it will probably be an option, but I heavily prefer good old email+password. It might be trickier, haven't explored SSO before.
The auth/central server will be open source of course, and I'm hoping I could get feedback/auditing that way if anything's wrong (even tho I feel like the process is simple with encryption libs and knowledge). At first it will be heavily experimental and will hold just dummy data and then gradually go from there if it works out.
Single Sign-On (SSO) is not complicated, and platforms that provide services all have detailed tutorials.
I don't think obtaining authentication data is useful; it's better to use it for collecting data on functional experiences.