Dappy's goal is to build an ultra-trustworthy name system and to expand the security features of current browsers in order to allow for critical industries (fintech, defi, energy, banking, NGOs etc.) to safely and easily distribute public web applications and services. In this article we focus on one of the most well-known web attack on web browsers.
Cookies on regular web browsers are stored in a per site fashion. A tab a.com interacting with b.com and c.com may end up storing cookies on the user's browser. And later, the user browsing other websites, without knowing may communicate those informations to the corresponding web servers on each request.
This feature has two negative impacts, the first one is the ease with which web services can track users: just store a cookie with any data in it, and then every interaction with your server will include this cookie that identifies the user and probably stores personal informations.
Dappy resolves this issue with a simple shift: isolation of cookies. Cookies in dappy have two levels of indexing instead of one, the first level is the domain currently browsed (the tab), the second level is the web server that wishes to store a cookie. The consequence is simple, if you are visiting mysite, all the cookies stored by any web server during this session will never be accessible outside of the mysite tab, even if some requests in other tabs (ex: anothersite) target the same web servers.
Read more about cookies and dappy in the specifications document.
Dappy is half way between embracing web standards, and shifting away from them. Our goal is to only keep the best, and drop the features that make web services more vulnerable. This article focuses on cookies, dappy also embraces another philosophy for its name system, and the servers whitelist system.
Many web services are adopting models based on subscriptions or recurring payments, today the NFT blockchain standards cannot be used to express subscriptions, they do not expire, neither do they need renewal. At dappy we are building a NFT as a susbscription system, that will allow web companies and services to propose subscriptions that are managed by a unified NFT standard on the RChain smart contract platform.
Dappy is a first of its kind ultra-secure web browser and name system. It is a no-DNS system that has been built with a decentralized and zero-trust approach from the start.