Skip to main content
HUMΛN
HUMΛN
Community
Vision
Vision

The sovereignty spine: identity without us in the middle

HUMΛN Team··13 min·Technical + Community

Three teams, one spine

Passport ships selective disclosure so a verifier learns a property—threshold met, domain present, credential fresh—without downloading a human’s whole life. Multi-device sync ships ciphertext across devices with the server acting as signal and relay, not as the long-term home of your vault. Guardian recovery ships client-side reconstruction and proof-only completion so the server verifies that recovery succeeded without ever holding the master secret S in the Option B path.

Different surfaces. Same refusal: HUMΛN will not be the permanent oracle for your keys, your vault, or your recovery.

That refusal is not a mood. It is a design spine—the thing you check when a feature request sounds convenient for us and expensive for the human.

Why “three posts in one” matters

The community does not need three variations of “we care about privacy.” It needs one argument that connects the implementations: cryptographic sovereignty beats policy promises because policy can change with leadership; math does not negotiate.

When you read the Passport Phase 6 essays, the P2P sync essay, and the guardian recovery series, you are reading one architecture expressed in three threat models:

  • Verifier model: what can Acme learn about Beatriz when she presents?
  • Sync model: what does the relay server learn when Ana pairs a phone?
  • Recovery model: where does S exist for even a millisecond?

If any answer is “everything, if we wanted,” you are not looking at HUMΛN-shaped design—you are looking at hosted identity with better fonts.

Progressive tightening is not hypocrisy

We have shipped honest intermediate steps: relay envelopes for vault sync where true P2P is still rolling out; server_assembly recovery where native clients are not universal yet; SD-JWT and issuer predicates before every numeric range proof is in a library we trust in production.

Those steps are named in code—deviation blocks, completion modes, proof types—not hidden in marketing. Progressive honesty (see the companion essay) is how we tighten without lying: the gap is grepable, testable, and scheduled for closure.

What to ask any “decentralized identity” vendor

  1. Where is the private key material generated and stored? If the honest answer is “our HSM,” ask what you can verify without their API online forever.
  2. What crosses the wire during recovery? Shards, proofs, or both? If shards hit the server in plaintext, say so and price the risk.
  3. Can two verifiers correlate presentations? If selective disclosure is only “hide fields,” you may still be linkable—BBS+ exists for a reason.

Closing

The sovereignty spine is not a tagline. It is a test: if a feature makes HUMΛN indispensable as the party that can always reassemble your life, we do not ship it without a Canon conversation and a burn-down plan.

Product & docs: Passport · What is HUMΛN? · Quickstart · Passport & developer journey

Deep dives from this sprint: Passport credential scanner, P2P multi-device sync, Guardian recovery — math matches marketing.

— Part of