Overview
This ORA/ARX Project is a proposed framework for an open source, trustless protocol that would return to the individual full control over her personal data collection and storage.
The Problem
This project grew out of a hacking event hosted by the Mozilla Foundation. The challenge we were presented: "The internet has grown as a free and open resource, and continues to become more free and more open the more it continues to grow. How can we create an ecosystem of data collection and storage such that it naturally grows in a similarly free and open manner?"
Brainstorming
In this framework we defined three players: the user (or the provider of data), the node (or the storer of data), and the org (or the consumer of data).
Next, we defined the problem in terms of these players. We determined that problems in user data collection arise when the node and the org are the same entity. We called this problem "siloing" — when the consumer of data is also the storer of data.
Last, we defined our proposed solution in terms of these players. In order to solve this problem, we would have to design a system that kept the consumers of data separate from the storers of data; that kept the nodes separate from the orgs.
Cultivation
To give myself a slight "break," I moved right into visual design after a full day of brainstorming with my team. However, I found that clarifying the visual design actually helped clarify the concept behind the framework we were hoping to build.
It was during this visual design phase that I decided to split our proposed solution into two products, rather than just one. ORA, which is Latin for "sea coast" or "naturally occurring border," is the first. ORA is the open source protocol in which each player operates.
The second is ARX. ARX, which is Latin for "citadel" or "fortress," is Mozilla's data storage service — it's Mozilla's own node. The main reason for dividing ORA and ARX: the user should have the option to utilize the ORA protocol while storing all of her own data wherever she wants. No one should be compelled to use a particular data storage solution. Having the freedom to choose where your data rests is crucial.
The second reason for the division: Mozilla's ARX data storage service would be one among many providers. However, by operating as its own data storage service, Mozilla ARX would be able to define best practices. Mozilla ARX could set a high ethical standard for all other data storage providers.
Refinement
Next was finalizing the way in which this ORA framework would ideally fit together. At this point, we defined what the value proposition would be to each player within the framework. We had to understand why each player would be incentivized to adopt this framework in the first place.
Then we defined what the ideal data flow would be. We felt the ideal structure of the ORA protocol would be very similar to the blockchain: a pseudonymous protocol that relied on cryptographic hashing to encrypt user data. This encrypted data would be stored on a node. The user would then grant permissions to orgs that wished to access this data. Because permissions are always granted directly by the user and the encrypted data must be called from the node, the user is able to revoke access to all of her data at any time.
Lastly, we defined how a cloud-based data storage solution would differ in its data flow from something more secure. Much like online Bitcoin wallets (as opposed to cold Bitcoin storage), the user would sacrifice security for convenience in opting for cloud-based data storage. However, the user would always be free to choose another data provider or to choose to store their personal data on a private server. This trade-off between security and convenience is why it would be so important for Mozilla to set best practices with its ARX storage service.
Final Steps
The ultimate goal of this project was to develop a tool to facilitate a discussion about user-controlled data collection, which would extend beyond the confines of the Mozilla hack event. So as a last step, I took the data flows designed in the hack event and converted them into a mobile click dummy.
That click dummy can be viewed at the bottom of this page or at the following link: http://jfr.ooo/ora
Closing Thoughts
This project was the most in-depth look I've gotten at product development in the open source community. As the community is fueled largely by the passion of volunteers, it seems a strong, clear, and well-polished proof of concept is even more crucial in open source projects than it is elsewhere in the tech world.
Whereas in VC-funded startups you can often win the support of solid team members with a high-level, ambitious vision and a steady (but, perhaps, rather meager) salary, open source projects don't seem to operate that way. Your idea must be solid and clear and inspiring from the start. Without this you'll never be able to caucus the necessary volunteer support you need to get the project rolling.
This slightly different set of circumstances produces a uniquely positive atmosphere. The entire experience was a pleasant surprise.