Interact is a project I've been working on since 2004. It's a database in which all data is encrypted, and securely synchronised across devices.
Interact has forms to search for, display and enter data items. Data items support a variety of standard field types. Changes to items are tracked, allowing their history to be inspected, or reverted to a prior state. Interact encrypts and saves data to a local storage file, and automatically synchronises encrypted data across devices via a zero-knowledge server.
More screen shots are available here.
How it works
Interact centres around three things - templates, items and links. Templates define items, so they're analogous to database table definitions. Items are like table records. The interesting bit is that an item contains the template, as well as data. This means future changes to a template won't affecting items based on older versions of the template. Data structure therefore evolves independently of data. Finally, links define relationships between items. This is the process:
If for example, you created a template describing a person, you might then create an item using that template:
||Item based on Person
||25 April 1990
Items can be tagged with labels. Also, a complete change log is held for all items. This means that an item can be reverted to any prior state. It's a bit like - no wait, it is records management for structured data.
- Declarative - data is self-describing and discloses meta data.
- Associative - entities are arbitrarily associated with other entities using links.
- Visualisation - data and meta data can be graphically visualised.
Annotations - data entities can be annotated with text. (scheduled for release two)
- History - changes to data and meta data are tracked. An entity can be restored to any previous state.
- Search - all data and meta data is indexed and can be searched.
- Open - all data and meta data can be extracted and exported in encrypted or unencrypted (plain text) form at any time.
- Multi-user - the server synchronises data for multiple users.
- Multi-device - each client instance is uniquely identified and tracked.
- Multi-application - the desktop client runs all applications. Phone clients run domain-specific applications. The server synchronises data approriate to the form factor and application type.
- Multi-server - additional servers can be added at will to add resilience.
- Anonymous - Interact only requires a user name (which can be anything) and password. User names are encrypted on the client, unknown to servers, and passwords are hashed and salted, and not stored at all.
- Encrypted data at rest - all data is encrypted.
- Encrypted data in transit - message payloads are encrypted with the user's key. Messages are in turn encrypted with the device's key. Messages are transmitted to and from servers using SSL/TLS.
- Zero knowledge server - servers cannot read user's data, which is encrypted on the client. Servers do not have access to client keys, and so can only shuttle sync data back and forth.
- Decentralized - Interact data cannot be accessed from a server. It needs a client. Only the client can decrypt data. And anyone can set up and run their own synchronisation server.
- Logs/audits - every event in Interact clients and servers is logged, and can be audited.
- Multi-factor authentication - proof of concept which may not make it into the first release.
What Interact doesn't do
It's important to understand the scope of a product's functions and features. It's also important to know what it excludes:
- Social - There's no social in Interact. Facebook, Twitter or Google+ logins aren't supported, thereby eliminating any privacy leaks they might bring. You can't like or share anything with them either.
- Third-party libraries - There are no dependencies on third parties. The underlying database is SQLite or SQL Server CE, and that can be changed at will.
- Analytics - Interact has no in-built analytics. This means that usage or any other data be neither collected, nor measured.