# zkTLS: Unlocking Data Portability for Web3 By [milian](https://paragraph.com/@milian) · 2024-11-22 zktls, zk, mpc, tee, cypherpunk --- **zkTLS (aka Web Proofs or zk-HTTPS)** is a protocol enabling private data verification across the internet. As an extension of Transport Layer Security (TLS), it allows users to create zkProofs of HTTPS data directly in their browser, enabling seamless sharing of verified information from any website—even if that website doesn’t offer a specific API—while maintaining user privacy. Traditionally, verifying simple facts requires either a specific API or oversharing—such as presenting a full driver’s license for age confirmation or a complete utility bill for address verification—making secure data sharing across platforms challenging and potentially compromising privacy. zkTLS enables data portability from any website and mitigates the privacy risks associated with oversharing. For businesses, zkTLS opens up new opportunities in loyalty programs, personalized recommendations, and cross-platform rewards, enabling secure, privacy-preserving methods to recognize and engage customers in ways that were previously impossible. **Overview of zkTLS Setups** ---------------------------- zkTLS security can be adapted and strengthened through setups like MPC-TLS, Proxy-TLS, and TEE-TLS, each offering different balances of privacy, performance, and reliance on trusted intermediaries: **MPC-TLS** * MPC-TLS enables secure handshakes without single-party access to private keys. * **Strengths**: Provides strong security guarantees and can be decentralized to reduce reliance on a single entity. * **Weaknesses**: Higher computational and networking demands due to resource-intensive operations and potential risk of collusion. **Proxy-TLS** * Involves a proxy as a "middleman" for data transfer, without access to private keys. * **Strengths**: Fast, cost-effective, and capable of handling substantial data volumes, making it suitable for high-throughput environments. * **Weaknesses**: Vulnerable to potential man-in-the-middle attacks, and the proxy may be blocked at scale. **TEE-TLS:** * Uses hardware-based enclaves to secure TLS handshakes, providing efficient and relatively secure operations. * **Strengths**: Highly efficient with minimal computation or networking overhead, making it suitable for environments requiring low latency. No need for a 3rd party like a notary or proxy. * **Weaknesses**: Vulnerable to side-channel attacks and depends on trusted hardware providers, creating hardware-specific assumptions. **Key zkTLS Projects** ---------------------- Several projects are pioneering zkTLS, each with its own approach and focus: ![Image](https://storage.googleapis.com/papyrus_images/4285e990140e476f46f31920c2c2ecc8.jpg) * **Opacity Network (**[**@OpacityNetwork**](https://x.com/@OpacityNetwork)**)**: Utilizes MPC-TLS with EigenLayer for economic security. Prevents collusion through random node selection, a commit-reveal scheme, and Web2 identity mapping. Collusion attempts leave verifiable logs, risking future proof rejection. The AVS model ensures liveness with randomly selected nodes, while nodes run in TEE environments for added security. * **Reclaim Protocol (**[**@reclaimprotocol**](https://x.com/@reclaimprotocol)**)**: Uses Proxy-TLS for efficient data verification processing, and residential proxies to bypass Web2 firewalls, helping prevent proxy blocking at scale. * **zkPass (**[**@zkPass**](https://x.com/@zkPass)**)**: Uses a hybrid model of Proxy-TLS & MPC-TLS for data verification, allowing the protocol to adapt to various network conditions and server restrictions. Utilizing optimized hybrid ZK proofs (VOLE-ZK, zk-SNARKs), zkPass enables fast zero-knowledge proof generation in-browser. Additionally, zkPass’s Proxy is designed to be fully decentralized, capable of bypassing proxy blocking. Other notable projects leveraging zkTLS that are worth exploring include [@tlsnotary](https://x.com/@tlsnotary), [@zkp2p](https://x.com/@zkp2p), [@plutolabs\_](https://x.com/@plutolabs_), and Chainlink DECO. **Potential Use Cases for zkTLS** --------------------------------- **zkKYC**: Enables age or identity verification while protecting sensitive personal information by selectively disclosing only necessary details, making it ideal where full KYC is unnecessary. **Bring Your Own Algorithm**: When a new app launches, it often lacks data on its users. zkTLS lets users import relevant activity from other platforms—like importing Twitter followings to generate custom recommendations on Farcaster—creating a more tailored experience from day one. **Cross-Platform Verification:** The decentralized food delivery service [@NoshDelivery](https://x.com/@NoshDelivery) allows drivers and restaurants to transfer their data from DoorDash using a "sign with DoorDash" button via zkTLS. Similarly, the on-chain ride-sharing service [@teleportxyz](https://x.com/@teleportxyz)enables drivers to easily carry over their Uber ratings. **Loyalty Programs**: Ordered 6+ times on DoorDash? Get rewards with another delivery brand (e.g., [@NoshDelivery](https://x.com/@NoshDelivery)). Ridden with Uber 6+ times? Enjoy discounts on another ride app (e.g., [@teleportxyz](https://x.com/@teleportxyz)). zkTLS enables cross-app data verification, allowing businesses to recognize loyal customers. **Proof of Personhood**: zkTLS could enable a privacy-preserving Proof of Humanity / Personhood by allowing users to verify they are unique individuals without exposing sensitive details. **DeFi Lending**: Confirms creditworthiness securely, allowing private data to remain undisclosed while enabling trust in lending decisions. **Challenges and Criticism** ---------------------------- **Scaling**: A challenge for zkTLS lies in scaling its use. Each website requires a defined “provider” (URL + data location), which can be a time-consuming process to set up. Expanding zkTLS at scale will depend on efficient mechanisms for integrating data providers. **Why not use signed HTTPS Messages (RFC 9421)?** RFC 9421 can verify website data via cryptographic signatures, but it depends on cooperation from major entities like certificate authorities (CAs), which control trust and may not support decentralized verification. zkTLS, however, provides a practical solution that works today and operates independently of traditional internet trust structures. **Conclusion** -------------- zkTLS represents a breakthrough in data portability and privacy, seamlessly merging Web2 data sources with Web3 applications in a secure, privacy-preserving manner. Projects like Opacity Network, Reclaim Protocol, and zkPass each bring unique solutions to the zkTLS space, helping to shape a future where data portability and privacy coexist. To experience zkTLS firsthand, you can explore Reclaim Protocol’s demo or try zkPass directly on the mainnet through their respective websites! _Note: I’ve done my best to provide accurate information, but given the rapid pace of this field, some details may be outdated, and technical inaccuracies may exist._ [ ](https://x.com/milianstx/status/1852396819852001736) --- *Originally published on [milian](https://paragraph.com/@milian/zktls-unlocking-data-portability-for-web3)*