Guest blog: Fabrice Rochette

· 4 min read
Guest blog: Fabrice Rochette

2060.io enables anonymous, decentralized, sophisticated and interoperable chat connections between users and services. The company has developed Hologram Messaging, a Verifiable Credential wallet and messaging app with true privacy preserving features. Unlike other messaging apps, Hologram is a self-custody app, which means user’s data is only stored on device, and exclusively under user’s control. We spoke to the company's CEO and co-founder, Fabrice Rochette.

Tell us about the journey you’ve been on so far with 2060.io

I emigrated from France to Latin America twelve years ago. Once there I decided to start my own company and built a team of engineers in Colombia, developing software and SaaS (software as a service) products for mobile operators in the region, as well as in Africa and Asia. 

It was a good business, but I started to worry about the shift to a centralized internet where everything is provided as platforms, and you need to create an account to do anything. 

I met Ariel Gentile, my co-founder at 2060.io, when I contacted Gemalto (now part of Thales) where he worked, as we needed help to develop an applet for SIM cards. We got talking about how the internet has become highly centralized, and started thinking about new decentralized concepts. Around a year later we heard about DIDs (Decentralized Identifiers) & VCs (Verifiable Credentials). We started to dig more into these topics and attended IIW (the Internet Identity Workshop) for the first time remotely, during the pandemic. 

We detected that what we wanted to do was totally aligned with the SSI ecosystem. So we decided to get involved in the ecosystem and started to analyze what was provided - what was good, also what we felt was too complicated.

We decided to design a solution that would address several problems at the same time. One of the main topics we wanted to tackle is that the communication channels we currently use are insecure and obsolete. They all use public identifiers, so anyone can contact you without your consent. Also, there’s no way of knowing for sure who is on the other end, which leads to problems with spam, phishing and so on. Finally, there’s no interoperability. For example, if you want to use Whatsapp, you can only talk to people who also use Whatsapp.

You’ve developed a chat application, Hologram Messaging. Can you tell us a bit about it, and how it leverages the DIDComm (Decentralized Identifier Communication) protocol? 

There are more and more chatbots appearing in apps like Whatsapp, Telegram, and so on. Some are tied to a legitimate company or brand but there are a lot of fraudulent ones. So, we decided to address the chat channel first. 

It was very important to us to enable users to confidently identify each other, as well as the entity providing a chatbot or other service. When we discovered VCs, we decided this was a good way to set up a secure communication channel where we can authenticate both ends.

We developed Hologram Messaging using Credo, a framework that’s aligned to Hyperledger Aries, and enables developers to work with agents such as digital identity wallets, DIDs and DIDComm.

DIDComm doesn’t just enable the initial credential exchange to establish trust. It also creates a persistent, secure connection between a user and a service (or another user), so it’s a good fit for a secure messaging application. What’s more, it’s built on Decentralized Identifiers (DIDs), so the content stays under the user’s control. 

We decided to develop some open source modules that anyone can integrate in order to provide decentralized trusted services, and have extended the DIDComm protocol by adding more specifications and messages. These enable third party applications to handle everything a chatbot should do — forms, attachments, voice and video calls, and so on. We even have biometric modules for face, fingerprint and liveness detection, enabling you to do biometric verification, for example as part of a KYC process. 

The Hologram app is a VC wallet as well. Using the chat interface is very convenient for the user, who has a history of what has happened and can access their credentials easily. 

What are the key advantages of Hologram, for companies wishing to implement a secure chatbot? 

Imagine your customer wants to talk to someone remotely, but they need to be sure who they’re speaking with. Today, you can only do this using VCs.

Hologram enables VC-based messaging and voice interactions, in a way that’s more secure than using OpenID for Verifiable Credential Issuance (OpenID4VCI) — when you deliver a credential using DIDComm, you can authenticate both the user and the service using the linked Verifiable Presentation (VP) within each entity’s DID Document. 

If you’re a company that wants to use Whatsapp to communicate with your customers, you need to sign a contract with Meta, and pay them. In contrast, companies can build their own secure chatbot using our open source modules. 

The chat interface is perfect for accumulating and presenting credentials, and for companies to enable the user journey. It’s very simple to deliver credentials. You don’t need to build a dedicated UI (User Interface). 

It’s really easy to implement, which is why companies are attracted to it.

Who is using Hologram today? 

We are working with mobile operators to find solutions to reduce fraud, including bank fraud. One of their main concerns is SIM swapping. Usually you need to share your mobile number with the bank when opening an account. Mobile operators can use Hologram to deliver a certificate of a mobile number as a Verifiable Credential, so a customer can demonstrate he or she owns the mobile number. They could also use it to enable customers to verify their physical address, for example, when a telco visits you to install optic fiber.

We have pilots in place in several countries, mostly in LATAM. We are testing reusable KYC with mobile operators and banks, and are piloting some simple services with governments, including mobile driving licenses.

Where should people go to find out more? 

Check out the 2060 website which includes some example use cases that can all be downloaded and customized from our GitHub repo, from creating a mock Citizen Registry, to using a credential to identify yourself during KYC. There’s even an authentication model where you use a credential presentation to log into a service.