How does idOS FaceSign work?
is it safe to use?
idOS FaceSign is a feature within the idOS app that integrates third-party software with secure infrastructure managed by the idOS Association. It enables users to create a unique identity and associated cryptographic wallet, emphasizing privacy and security for biometric data. Designed for Web3, particularly for portable identity in the stablecoin economy, it allows users to verify once and use everywhere without losing access. FaceSign is currently in closed beta, available on the idOS app, and supports proof-of-personhood without storing raw biometric data
Detailed Explanation of How idOS FaceSign Works
The process prioritizes maximum privacy, ensuring that neither idOS Association nor third parties access facial images, raw biometric data, or mathematical vectors. All processing occurs in an isolated secure enclave. Here’s how it works:
• Initiation on User’s Device: A third-party SDK displays a widget on your device (e.g., phone or computer), prompting you to record your face and perform a liveness check to confirm you’re a real person, not a photo, video, or mask. The recording happens entirely on your device, without sending raw data to servers.
• Encryption and Transmission: The recorded image or video is encrypted directly on your device. This encrypted data is sent to a secure processing environment (enclave). Encryption uses keys generated and stored bound to the enclave and code version—these keys are inaccessible to idOS or anyone outside the enclave.
• Processing in the Enclave: Inside the enclave, the image is transformed into a mathematical vector for uniqueness verification. The enclave is protected by code integrity protections (attestation) and tamper-evident logs. idOS has no access to the enclave’s contents. Users instruct idOS and Node Operators to make these logs publicly available for transparency and verifiability.
• Verification and Identity Creation: Upon successful liveness verification, a unique identifier is generated, and a cryptographic wallet (idOS Face Wallet) may be created. This wallet can be used for authentication, oAuth, interaction with idOS programs, or signing blockchain transactions if enabled. The wallet is “loss-proof” as it can be accessed via biometrics on any device without manual backup.
• Privacy and Data Handling: idOS Association, third parties, and providers do not receive or process facial images, raw biometric data, or vectors. All biometric data is deleted after processing. Only non-biometric data like system-generated IDs, wallet metadata, and audit logs may be processed (with user instructions), complying with regulations like GDPR and AML. Data remains encrypted in your wallet.
Users must not misuse FaceSign to impersonate others or provide fraudulent data, as this violates system rules and security.
Key Points of idOS FaceSign
• Integration and Purpose: Combines third-party SDKs with idOS infrastructure for unique identity and crypto wallet creation; supports account recovery, proof-of-personhood, login, 2FA, and reusable KYC for Web3.
• Biometric Security: Liveness detection prevents spoofing; processing occurs on-device and in a secure enclave, with no storage of biometric data.
• High Privacy: No access to raw data by idOS or third parties; public logs for transparency; compatible with self-custody and privacy regulations.
• Wallet Benefits: idOS Face Wallet is portable, cross-device, and can sign transactions; prevents access loss without additional apps.
• Broader Context: Part of idOS, a decentralized identity protocol backed by investors like Circle and Arbitrum; focuses on reusable credentials for stablecoins and dApps, with gamified elements like quests for points.
gidOS