In the second installment of our DIF Member Spotlight series we sat down with Tarun Gaur, the CEO and founder of qixfox, a cybersecurity system that includes a decentralized browser. He will share more about his journey into the decentralized identity space and about his product which also supports quantum resistant cryptography. Watch the entire interview on YouTube
Limari: First of all, I want to welcome you Tarun. Thank you so much for joining me today and having this discussion. I must say, when I spoke to you a few months ago, when you went through your short demo on qixfox, I was actually really excited about what you guys are doing. I’m really glad we get to have this discussion and go a little bit more in. First what I always like to do when I start out is I like to hear people's story. Everyone in this community is so interesting. and decentralized identity, it is a space which is relatively new. it would be great to just get a sense of your journey, how you came to work on qixfox and also decentralized identity generally. So maybe you can just give us a little bit of an introduction on that
Tarun Gaur: Absolutely first of all, thanks for having us here, very excited to be an associate member at DIF. As far as my story is concerned, I worked for companies like Deloitte, AOL and Microsoft and I've been all over the place. I'm an engineer by profession, never been a business guy, but somehow by default got into entrepreneurship. I left Microsoft to start my own software consulting firm growing it to around five hundred people and then I had a successful exit from it. Then qixfox was my favorite project since my college days. I always had this feeling that something is drastically wrong with the Internet. It’s very information driver and obviously the technologies were not there. Early on web 1.0 was very information-driven.
Since my college days I wanted to build an internet browser in the horizontal platform, and that's how ultimately how man and machine came together. You know, I had the resources to do it this time around the hardware and software was now up to par, I could build very immersive experiences and a lot of technology was open source. I said, this is the right time to do it. We are kind of sitting at the beginning of the end of the first era of the Internet. So I think this is the perfect time to do it.
Limari: Okay, wonderful. If you can give us maybe just a bit of an overview of what qixfox is that would be great.
Tarun Gaur: Absolutely, we love to call ourselves the trustworthy internet company which practically means that we are building the tool shed for the trustworthy Internet. As part of that we are solving two problems: fixing what is broken in the web, which is safety, security, and privacy and second, design the future which practically means build a more democratic, equitable, and decentralized Internet.
In the past peer to peer computing has been tried before or decentralized web has been tried before. It did not fail because we could not connect computers together, it practically failed because we could not contain spam. You know for example you have bit torrent, and you download bit torrent, content from bit torrent and you can't put a finger on what are you downloading from and what the content is all about, it could be a malware, it could be a key log it could be anything.
We have this set of problems in web 2.0 around safety, security and privacy and we are dragging all these problems to web3.0 You know, with all the Hoopla around privacy and trust we thought you cannot solve privacy without solving safety and security, and we thought you need a horizontal platform to do that. Honestly, the more we kind of researched other browsers we realized that, there were some basic problems that other browsers were not solving that we had an opportunity to solve at qixfox. That's how we transpired. You know a number of our team members, they've worked with me in the past. We thought it might be a great idea to get together, and fix this once and for all.
The icing on the cake was that my mother got scammed for $600 some time back, and her running joke was that, hey, you're good for nothing you can't fix this problem for me and all of the mails. I'm like, okay mom let's fix this problem for everybody. Let's make Internet more safe, trustworthy and reliable and that's what we are doing at qixfox, practically.
Limari: Yeah, that's great and I know there are a number of browsers that may claim, you know to be security browsers. It would be great if you can give us also a bit of an idea of
what makes qixfox different from other security browsers that are out there that people can choose from.
Tarun Gaur: Absolutely. You know tongue in cheek, I generally tend to say that we don't consider other browsers to be our competitors. We consider every other horizontal platform to be a competitor. For example, I think Google is a competitor, we think Microsoft is a competitor. Apple is a competitor. We don't consider Oprah or Brave to be a competitive per se. Our intention was to build a platform that is designed for trustworthy Internet. It doesn't matter whether you are centralized or decentralized, whether you're using web2 technologies, web2.5 technologies or web3.0 technologies.
We had a feeling that the consumer is not getting a consumer-friendly reliable experience.
So that's where we kind of delineate ourselves from the likes of Brave and what have you. Their claim to fame is practically that we take care of privacy. As I mentioned before, we think that you cannot solve privacy if you don't solve safety and security. I'll give you a simple example. You have an email from a phishing website. You click on that website, and you willingly provide all your information. There goes your privacy out of the window. If the browser does not have the technology to identify that the entity you are dealing with is not a legitimate business, or you are not interacting with a reliable second or third party, then your privacy is not secured. So we jokingly say that privacy is the new Kool Aid these days. Everybody talks about privacy but very few know how to fix it.
Then safety security privacy, I always had this opinion that it's things like honesty, integrity, are not your speciality, they should be there by default. Safety, security, and privacy are not a speciality that you design the platform around. It is a prerequisite and then comes the things that you want to do. For example, we want to design the future, we want a consumer to be able to create an online shop with a click of a button. We want them to be able to find each other very easily. We want them to be able to verify each other's identity easily. We want them to feel private and then be anonymous if they want to, but at the same time share information at the point of view. That's where decentralized identity was a critical building block for us. We couldn't have done this without decentralized identity, because re-writing the Internet kind of practically starts and ends at creating these building blocks in the horizontal platform.
So, in short, you know it's quite a mouthful. You know I love to say it in a simple manner that we are solving the problems the fundamental problems that exist in internet today
and then build pleasant, consumer, friendly, centralized, as well as decentralized experiences for the consumers for the future.
That's how I would put it. So that's where I think we deviate from all of the browsers like Firefox, Opera, Brave, etc.
Limari: When I spoke to you months ago, you mentioned that this was a cybersecurity system, and a feature of it is the browser that has decentralized identity baked into it. You describe it as, once you have access to it, you can access all your various accounts. Can you maybe give a little bit of a summary for some of our audience of kind of how that might work?
Tarun Gaur: Very early on in my career, in one of my incarnations at Microsoft, I used to work with the telecom providers. With telecom providers they were latching on to data networks. It was almost always about the applications that you can bring on a platform. At the end of the day a platform is as successful as the applications that you built on it and decentralized identity is the one such paradigm. If you don't have a working, active application for it, it is very difficult for the consumer to understand the difference between a password manager, and identity.
You see that in decentralized apps, they are in a dismal state today. You know there are more than 4,000 decentralized apps and their average active users are 699. You look at 350 identity wallets, and practically when you open the application it's completely empty.
So we thought, having an identity wallet singularly and separately, and in an isolated fashion, does not make sense unless you were Apple or Google. So where do you kind of put your identity wallet? The identity wallet has to be at the point of use, and you have to make the transition for the consumer seamless, from using a password manager to be able to use decentralized identity or using their verifiable credentials as part of that workflow. So we have around four different reference applications that we have built. One of them is a collaboration engine like Zoom, another one is an in built anti-virus, then the third one is a smart stack application, which is our answer to IPFS. All these technologies are put together, they all use decentralized identity. For example, if you log in you have a profile created in our browser, and you want to log into any of these applications you don't have to do anything. One simple question is asked, this service provider is asking for so and so information.
You click yes, and then you are logged in automatically, because that exchange between the identity wallet and the service provider happens automatically. For the consumer it’s as simple as just clicking on the password manager and selecting the password. This was the experience that we wanted to kind of get to.
We had a simple philosophy, that if we can't make it simple for the consumers throw it in the dust bin. At the end of the day the browser needs to be used by the consumers and small businesses alike. Another reasoning was how do you bring it to the masses? How do you make sure that, identity systems become an integral part of the next generation experiences. While we were working on building these, reducing the entry barrier for consumers to create a website, to build a shop, you know all those experiences, identity becomes an integral fundamental part of it. We wanted to make sure that it is built into the browser.
So today all you need to do is you'll go to the browser, there is an application called anti-virus, which is built into the browser. You click on that anti-virus, your identity is automatically shared, your subscription is validated, and if your subscription is still valid (everything happens with decentralized identity), then you get access to the application. We’ve taken care of those advanced use cases like revocation lists and ensuring privacy for the consumer, not going back to the issuer and so and so forth. But all of it is completely transparent to the consumer. The consumer thinks just another password manager.
Limari: I know you mentioned that your mother was one of the individuals who fell prey to fraud and the boomer generation you mentioned was really your primary market. These are the primary people who are coming to you to use qixfox and that makes sense. My parents are boomers, a lot of us we've experienced strange links that get sent from people, you know they've been hacked. I’m curious to hear more about how you see this moving into other markets, or what's your vision of where you see qixfox going, and how it may change the way people do things and think about things.
Tarun Gaur: I think this is something first thing yes, my mother, you know I had an ear full from her after she got scammed, and it was all my fault, because I was supposedly an IT guy and I had to fix it! How can she get scammed from her computer? That's how it started. As far as baby boomers are concerned it was our beachhead market, because we realized that you know there are 73 million baby rumors in the United States. Around 46 million are on the Internet every single day, and out of them 21 million purchase an antivirus subscription. We realized that if we can enter this market, and we can safeguard baby boomers from getting scammed that'll give us a lot of credibility to kind of branch out to SMBs, and then ultimately go towards mega corps and then ultimately open up the other verticals and other customer segments.
So that was the plan, but if you kind of go to our website today and you look at the message it's a very simple message. It says the browser that keeps you safe. It brings you peace of mind, and this is the message for the consumers who have not yet latched on to the crypto bus, or who have not latched onto the web3, marketing buzz words. These are the consumers who use the internet every single day, and they are concerned that they may get scammed or their credit card information will be stolen.
These are the consumers that we thought are our primary market, and all across the planet. What was surprising when we kind of started doing our market research, we started to realize that it is not the baby boomers who are buying the product, it's actually their kids who are buying it for their parents. The kids are like, oh this seems very interesting. I mean, this browser is able to identify that domain name if you kind of browse to a domain name that is the legitimate business in the United States or not.
That in itself, this one simple tweak to the to the platform, actually safeguards consumers I mean from 90% of the threats. As far as our future is concerned. I think our future is all about web3. We’ve kind of identified the value proposition when it comes to the regular consumers, that’s the browser that keeps you safe.
Now the browser of the future is where we in 2023 and 2024, that's where we are working
In two different segments. One we want to make sure that we redefine what a browser means for small and medium businesses, second, we kind of enable this decentralized, trustworthy web3. That’s where I can say that blockchain in generally a small toolchain. Blockchain is practically a data structure, blockchain is not decentralized internet. Decentralized internet means you and I can connect with each other, we can share in information, we can share conversations we can have performed transactions then finally we can share experiences.
If we can do all these four things, then we are actually laying the foundation of the next generation of decentralized fragmented internet. I think we are getting there one step at a time, and all this churn that we are seeing right now is an essential part of it, and through this churn will come out the winners and the losers
Limari: Thank you for sharing all that. The other question I do have is specifically about DIF. What brought you to DIF? I’m always curious kind how you came across us, if there are any work items that were of interest to you at your company, groups that you enjoy attending, or members of your team enjoy. It would just be great to hear your thoughts on that.
Tarun: Well, I think we've always been curious. We were kind of following two different tracks when it came to decentralized identity and creating decentralized profiles. There is another school of thought that thinks that rather than decentralized identity you can just have nfps, non-fungible profiles and kind of just post them on blockchain and use them as a springboard to kind of define identity.
But I've been throughout my career, I've been a standards junkie. Very early on you've understood right if you make a lot for yourself, it should work for everybody otherwise you’re the only one using the lot. So the key has to work for everybody.
I think that's where the standards bodies come in. I think the biggest help that comes from DIF is the establishing of standards and writing of specs and creating use cases. We have practically used it as our prds. Our focus was building the Internet you know, the trustworthy Internet. If we had to kind of build this entire set of, architectural paradigms, the security and the specifications and the use cases around decentralized identity, it would have taken us another two years to do it. So, thanks to the entire community. We keep on following almost all the specs you know, we kind of passively follow. So thanks to the entire community for the amazing work that everybody has done to kind of bring us to this point.
It's amusing to sometimes see our implementation then ultimately see the specifications that happen at the DIF and the all the debates that go around. One of the sticking points still that we have is the revocation lists, how to deal with the revocation lists. So that's where we are very curious. We are also very curious to see how Google and Apple react to it. What is their roadmap in in terms of implementing it in their browsers? We are not complaining, because we already have it today. As I was mentioning to you last time around, you say that Jack Dorsey has a spec for web5. We have a product that does all of that today. We are not complaining, I mean Google and Microsoft and Apple can take their own sweet time debating whether they are going to go the decentralized identities out or not.
I think the speed with which we've been able to implement decentralized identity it's all thanks to DIF. If you're checked in into the future, you have to know what's happening in the identity space. Identity is fundamental to any horizontal platform so I can't really recall how I know about DIF, but let's just say, I just know it from the day one
Limari: Right, if you're in the space you come across it eventually. That's great to share because it is a great place for you to just come in, you can get your hands on the code, or you can just watch, you know you can get into the Github repos. If they’re members they can join our Slack channel, and we have great discussions that are happening there all the time.
Tarun Gaur: There is one other thing I wanted to mention very quickly. Decentralized identity when combined with quantum resistant cryptography is amazing. I guess we are the only browser that actually ensures that both these technologies are in. So we are today the only browser that has, if your server can support quantum resistant cryptography, our browser supports it today. This is what we are doing for the enterprises to make them more safe and secure.
Limari: Great thanks for sharing. I'm sure a lot of people in our audience will be very interested in that. That really brings us to the end of things. It was really great to speak with you today, Tarun. Lastly, can you give people a sense of how they, if they want to follow up with you. If they want to learn more about qixfox, what's the best way to do that.
Tarun Gaur: qixfox.com. My name is Tarun Gaur and I am available on LinkedIn, Facebook, Twitter, till we build our own social network as part of the super app. I'm reachable, and I’m busy to nothing. If you’ve got an amazing use case, I would love to hear from you. If I can be of any help to anybody in the community I would love to do that.
Limari: Awesome. Thank you so much for joining me today. This was a great interview, and I look forward to being in touch.
Tarun Gaur: Absolutely. Thank you. Thanks again.