TIP-070 -Enhancing Menstrual Health Privacy: Embody's Inner Circle and TACo Integration

Thank you everyone for all of the insightful questions and guidance so far. I wanted to flag that we’ve edited the proposal with the following:

*Note: After great feedback from the DAO, we’d like to clarify and add that the development of a reusable chat infrastructure will be at the core of this proposal. The proposed work will be open source and reusable.

3 Likes

I believe it’s of utmost importance for the DAO to incentivize the usage of its proprietary products, and the development of a reusable decentralized chat infrastructure will be very beneficial and greatly add to the Threshold ecosystem.

With that being said regarding the critique of the lack of decentralization, as highlighted by Agoristen, I have a different perspective. I believe that a DAO should adopt a pragmatic approach. For instance, consider a private company aiming to launch a product with decentralized elements, such as taco encryption. While it’s ideal for a DAO to strive for complete decentralization in its internal products, this doesn’t preclude us from offering our services or encouraging the use of our products in other ways. Even if our contribution is just one aspect of a new product, having at least one practical application is always preferable to having none.

5 Likes

@james thank you for the question and apologies for the delayed response.
We have looked into Matrix and do not think it’s the best fit for Inner Circle due to the following concerns:

  • It’s not decentralized, but federated
  • It’s a complex protocol and lacks focus, attempting to solve too many problems
  • Lack of E2EE from the start: Matrix wasn’t originally designed with E2EE as a core feature, which could result in potential security and privacy concerns, especially for Inner Circles.
  • Matrix has had extensive issues with leaking metadata which goes directly against our concern for users’ privacy

What we’re talking about building here is infrastructure that Inner Circles will be built atop, and that can be reused by Matrix and other projects shipping decentralized chat.
A key difference in the use case is that Inner Circles is peer-to-peer from day one using mobile phones, and that larger groups need a place to manage group keys and encrypted metadata. In Matrix, this is solved with centralized (federated) servers today, and the decentralized effort has been years and years in the making with no end in sight.

3 Likes

Enhancing Menstrual Health Privacy: Embody’s Inner Circle and TACo Integration

TIP Number and Title: TIP-070

Vote Type: Token Holder Governor Bravo

DAO Elected Representative Sponsor: Will

*Note: Following valuable feedback from the DAO community, we acknowledge that the TACo Integration for Embody represents a unique venture, diverging from the projects typically funded by the Threshold DAO. We view this as an opportunity for long-term ROI, advocating for the funding of this integration as a means to test TACo in a practical, real-world setting. We aim to address a tangible problem and demonstrate TACo’s efficacy in a production level environment outside of the traditional blockchain ecosystem. Additionally, it’s important to emphasize that our proposal centers on the development of an open-source social communication infrastructure built on TACo. This infrastructure is not just a singular solution but a reusable foundation, designed to foster ongoing innovation and utility within the Threshold DAO ecosystem and beyond. The open-source nature of this project ensures that the benefits and learnings derived from this integration can be widely adopted and adapted, furthering the Threshold DAO’s mission of pioneering in decentralized solutions.

Project Summary

Our team is excited to propose the integration of TACo (Threshold Access Control) into Embody, the most privacy-forward and comprehensive period tracking app ever built. This integration is especially crucial in the wake of the U.S. Supreme Court’s decision to end the constitutional right to abortion in 2022, which has heightened menstruators’ concerns about the security of data collected by period-tracking tools and its potential misuse. More specifically, we are looking to build the Inner Circle feature, an online community space where menstruators can securely discuss and share their experiences. Through the integration of TACo, Embody’s Inner Circle gains the advantage of its robust security features but also actively contributes to the advancement of the TACo ecosystem.

The team at Embody is requesting $146,250 to achieve the following key milestones.

Milestone 1 - UX/UI Design, Technical Architecture, TACo testnet integration, and release of open source testnet integration

Milestone 2 - Development and TACo mainnet integration, and release of open source mainnet integration

Milestone 3- Public release of Inner Circles, available on app stores and marketing

Background

In the wake of newly activated state laws and uncertain legal boundaries in the United States, women are searching for a safe space to gather online to discuss the problems that they face related to women’s health and connect with each other without concerns about data privacy and societal stigmas. This gap underscores the need for Inner Circle, a social network within Embody (an encrypted, local-first, open-source period tracker) designed for intimate, small-group interactions where women can share, learn, and connect on their health and topics that resonate deeply with them.

Our project’s overarching objective is to redefine menstrual health by creating the most privacy-forward period tracking application, ensuring that every individual has the tools to understand and manage their menstrual health without compromising their personal security and privacy. This initiative aims to address the growing concerns about data misuse while empowering users with unique insights into their bodies and creating a safe community for sharing experiences with their trusted circle.

Our goal is to design and develop an Inner Circle feature utilizing a decentralized network, accessible via our Embody app, which will provide a supportive and secure community space for women to openly share and discuss their menstrual health and how it affects their day-to-day lives. We aim to integrate TACo (Threshold Access Control) to leverage its end-to-end encrypted data sharing and communication capabilities, protecting Embody users from a centralized authority that might unilaterally deny service or, in the worst-case scenario, decrypt/view/share private user data without consent. It is the only access control layer available to web 3 developers that can offer an end-to-end encrypted access control service, through a live, well-collateralized, and battle-tested decentralized network of nodes. The TACo integration will ensure that users can share and communicate while retaining complete control over their data’s integrity and confidentiality.

From the outset, Embody has been designed with privacy and decentralization at its core. This means every feature, integration, and decision is made with the goal of avoiding centralized control or points of vulnerability. That’s why the integration with TACo makes sense to us.

Additionally, we believe this will be a powerful partnership with TACo as we become one of the first use cases showcasing TACo’s usability and applicability beyond its conventional domains and in an environment where the stakes for compromising trust are exceptionally high—exceeding even the risk faced by adopters who rely on TACo for seed phrase recovery and inheritance.

To significantly benefit the Threshold DAO community, we are committed to developing this feature as an open-source toolkit, thereby democratizing access to TACo for decentralized, encrypted social communication. The open-source nature of the toolkit ensures rapid adoption and expansion within the developer community, greatly benefiting Threshold DAO by broadening its influence and reach. Furthermore, the cost-effectiveness of this open-source solution dramatically lowers the entry barrier, inviting a diverse spectrum of users to leverage advanced encrypted communication.

We are currently in beta, and we’re encouraged by the organic growth we’ve seen so far. Without dedicated marketing campaigns, we have already achieved over 250 downloads and attracted more than 1,700 blog subscribers. It’s a promising sign as we gear up for more structured marketing efforts post public launch, especially with the introduction of inner circle.

What sets Embody apart from Competitors?

Privacy has traditionally been conceded in favor of convenience, with most apps collecting data from users from the start, making it impossible to guarantee it won’t be compromised and released by hackers, sold to third parties, or used as evidence in court.

We are well aware of existing period tracker applications such as Clue, Flo, Stardust, and 28. However, none of them are private by default, where the user has full control over their data. With Embody users don’t have to select an “anonymous mode” or turn on a special setting. Their actions are always private. And unlike other period trackers, our technology is open source so anyone can verify our security guarantee. We have built our business model around security from day one.

Additionally, no other application currently provides all of the following features: symptom logging, personalized analytics, 4-phase focus, and a social component.

Market Strategy & Fit

Our period tracker app occupies a unique and lucrative niche at the intersection of wellness and women’s health. With 2/3 of the US population embracing wellness apps, amounting to a $2.7 billion market, and 1/3 of US women relying on period tracking apps, representing a $1.2 billion market, our app taps into a substantial market opportunity. By seamlessly integrating menstrual health tracking into the broader realm of wellness, we are positioned to address the comprehensive well-being needs of millions.

A recent survey of over 1,150 women highlighted that 59% prioritize transparency in data usage, and 57% prioritize data security over cost and ease of use when choosing a menstrual health app. We meet these growing security concerns that other apps often fail to address.

Product strategy: Our target audience includes menstruators who value privacy and security in digital health tools, particularly those in regions with restrictive reproductive rights.

We will focus on expanding our user base through targeted marketing campaigns and partnerships with women’s health organizations including top organizations and advocacy groups that are helping women get access to reproductive health care, particularly those in the 24 US states that have banned abortion. Additionally, we plan to partner with Hey Jane (a telehealth startup providing patients with medication abortion) and De Lune (a menstrual wellness brand that offers innovative, all-natural relief supplements for period pain and other PMS symptoms), along with with other organizations as revenue sharing partners, leveraging their established networks and expertise to enhance our market reach.

Given the growing awareness and openness around menstrual health, and the specific need for privacy-focused solutions, there is significant market demand for an app like Embody. In a Product-Market Fit (PMF) survey, we observed compelling evidence of the significant impact and value our product holds in the market. A notable 46.79% of our users reported they would be “very disappointed” if they no longer had access to our product, a figure that notably exceeds the 40% benchmark commonly associated with a strong product-market fit.

Embody will initially adopt a freemium model, providing essential period tracking features and inner circle at no cost to ensure accessibility for all users. By Q3 of 2024, we plan to transition to a premium subscription model, priced at $10 per month or $65 annually. Our premium content will include guided meditations tailored to different phases of the menstrual cycle, customized fitness routines that adapt to hormonal changes, and nutritional guides to optimize health and well-being. Additionally, we will offer interactive tools for period trend analysis, providing users with actionable insights into their menstrual health.

To encourage upgrades to the premium version, we will implement a strategic marketing approach, showcasing the tangible benefits of the advanced features. This will include targeted promotions, free trials, and exclusive content previews. We will also continue to leverage user feedback to continuously enhance the premium offerings, ensuring they remain aligned with the evolving needs and preferences of our users.

Impact

This project sets a new standard in tech: women’s data is not a product to be sold, shared, or used against them in a court of law. Women are the owners of their intimate health data, and they can safely learn more about their bodies and connect with other menstruators in a safe environment.

Milestones and Timeline:

Milestone 1 - UX/UI Design, Technical Architecture, and TACo testnet integration
The Embody team will create a technical document to outline the architecture behind Inner Circles along with high-fidelity designs, with feedback from early users of the Embody app. The Inner Circles feature will allow a user to create a circle of up to 5 friends, allowing those in the circle to share and view each other’s menstrual cycle. The Circle receives a daily prompt that helps users build a deeper understanding of how menstruators are affected by their cycles. Responses, which are ephemeral and disappear after 24 hours, are shared with the group, providing a point of connection for the users in the Circle.

Activities:

  1. Develop Technical Requirements document to outline the architecture behind Inner Circles and the TACo integration
  2. TACo testnet integration
  3. Perform user research to inform design & early functionality
  4. Develop Figma mockup for Inner Circle
  5. Gather user feedback on the designs
  6. Iterate on designs based on user feedback
    7. Gather feedback from DAO community on open source toolkit

Deliverables: Requirements document, complete UX/UI Design, user research report & iterations made, Initial open sourcing of testnet integration
Timeline: 3 months
Budget: $36,750

Milestone 2 - Development and TACo mainnet integration
Technical implementation of the Inner Circles feature in beta and test with early users

Activities:

  1. TACo mainnet integration
  2. Implement Inner Circles functionality based on designs from Milestone 1
  3. User testing & bug resolution

Deliverables: fully functional version of the Inner Circles feature with TACo integration, testing report & bug fixes, open sourcing of mainnet integration
Timeline: 5 months
Budget: $54,750

Milestone 3- Public release of Inner Circles, available on app stores.

Activities:

  1. Final round of QA
  2. Release on app stores
  3. Marketing campaign

Deliverables: QA report, app store release
Timeline: 1 month
Budget: $54,750

Outcome

*Enhanced data security. By leveraging TACo’s decentralized and end-to-end encrypted framework, the Inner Circle feature will offer unparalleled data security and privacy while minimizing the trust users need to place in any single entity.

*User empowerment. Users will have more control over their data, deciding who can access their shared content. With transparent and verifiable security measures and open source ethos, users will have increased trust in the platform’s commitment to their privacy. It’s worth noting that both TACo and Threshold have been open source since their inception, and even TACo’s roadmap is open source, ensuring that all limitations and discussions are auditable.

*Community support. Inner Circles allows women dealing with challenging health or political issues to gather in a safe space to talk about the issues they collectively face.

*Scalability. TACo’s decentralized nature ensures that as the Inner Circle community grows the system remains resilient and efficient for scaling

By integrating TACo, Embody not only benefits from its robust security features but also contributes to the evolution of the TACo ecosystem. Our application serves as a real-world implementation and our open-source toolkit serves as a community-centered asset, designed for reusability and ongoing development.

Additionally, the FemTech ecosystem, with its unique challenges and requirements, presents an ideal opportunity to showcase how TACo’s technology can be adapted to protect and empower users in nontraditional spaces.

Who is Involved:

Embody is currently being incubated by Thesis. Thesis is a crypto venture studio behind Taho, Fold, tBTC, and Keep, a key contributor to Threshold.

The Embody team is led by founder Anna Hall and includes experts in engineering, design, strategy, growth, and advisory roles, with members including Liz Shinn, Carolyn Reckhow, Dani Bonilha, and Claire Seidler, each bringing specialized skills from product development to strategic growth and design.

Budget Summary

Our budget is structured around specific milestones, denominated in USD because our costs and liabilities are in USD. We ask to either A) be paid an amount of T that corresponds to the USD value of the milestone at the time of each payment, or B) that the Integrations Guild allocate the amount of T necessary to cover the entirety of the USD denominated budget and immediately swap it into USD or USDC and hold in escrow, to be released upon completion and acceptance of each milestone.

We have reduced design costs and are self-funding various marketing and design efforts. This approach enables us to allocate our resources efficiently, ensuring that the majority of the DAO’s budget remains dedicated to its core functions and objectives of developing reusable chat infrastructure.

SUMMARY BY MILESTONE Amount $
Milestone 1 $36,750
Milestone 2 $54,750
Milestone 3 $54,750
Total $146,250
9 Likes

This update is more in-line with the DAO feedback and is the sweet-spot of ROI for Threshold and incentivizing an excellent use case for Taco that can showcase the protocol. I support it.

5 Likes

Sorry our response to the modified proposal is coming a tad late – we’ve been quite occupied with early DKG initialization rituals. Adopters now fully control their own cohort of mainnet TACo nodes – likely run by some people in this thread! @derek will post an update announcement soon.

It’s very encouraging to see the Threshold community taking such an interest in this proposal, and that the Embody team has been able to absorb feedback so quickly. This follow-up aims to clarify a few things.

In order to evaluate TACo’s compatibility with this kind of offering, we’d need a lot more detail on the desired functionality, security properties, end-user expectations, and planned features.

Some relevant background; TACo is designed to be general-purpose – through the KEM/DEM mechanisms, interactions with the network are lightweight – therefore the protocol is fairly agnostic to the underlying payload and actual sharing flow. This design makes TACo is a good fit for specialized applications that need an e2e encrypted component within them. As an example, the Save app, which helps citizen journalists validate and chronicle footage, could benefit from a trust-minimized video sharing extension. In Embody’s case, one good use of TACo might be granting conditional access to one’s frequently updated menstrual calendar with a friend or coach.

However, being general-purpose is not the same as being optimized for every use case – what really matters is the status quo: the expectations and state-of-the-art for a given domain. Messaging apps, and the protocols that undergird them, are among the most sophisticated consumer-facing e2ee products out there, and offer a range of security (e.g. forward/backward secrecy) and UX features (e.g. message history backup) that are optimized for that narrow use case. Conversely, there is no e2ee product for sharing one’s menstrual calendar, so end-user expectations are going to be very different.

I also brought up the non-blockchain access conditions point a couple weeks ago in this thread:

Previously, we worked with a messaging app, but they required access to chats predicated on holding special-purpose NFTs, to prove membership of a DAO. Although I’m optimistic about non-blockchain recipients/conditions, the most promising avenues at the moment (e.g. proof of being the legitimate owner of a user account via TLS notarization) could be a complicating factor for this specific messaging use case – the unknowns are arguably multiplicative.

I do want to re-emphasize, in case this follow-up sounds slightly pessimistic, that there’s little doubt integrating into Embody’s app would be tremendously valuable to both sides – and most importantly, to those most vulnerable to surveillance-driven prosecution. However, it’s important to know exactly what we’re aiming for, so we can (1) understand compatibility and (2) design and develop necessary modifications/extensions.

8 Likes

In theory, worst case the existing blockchain requirements for TACo could be used. It would possibly involve some level of abstraction for creating a key in the app for an address to be used to have an NFT on Polygon, for example.

It is always exciting to see new things built, though.

I like the updated proposal much more than the original text.

1 Like

Arj, thanks for the thoughtful insights! Your points about TACo’s flexibility and the nuances of our unique use case make total sense. In the first few months of the project, we will dedicate a lot of time to delving deeper into the desired functionality, security properties, end-user expectations, and planned features, as you’ve suggested. Agree that it’s essential for us to work together to understand all the compatibility and potential modifications/extensions required for a successful integration.

I am in support of this proposal and echo Evandro’s comments. It is not ideal that some of the elements in this implementation will be centralized, however there is a very strong use case for TACO demonstrated in the milestones and with the decentralized elements. Having practical applications that implement the use of TACo are very beneficial to the long term success of its launch.

I think this proposal demonstrates a clear pathway for future project integrations. Seeing a company, like Embody, that is privately owned and operational provides a level of confidence to future enterprises that may also wish to enter the blockchain space. This grant effectively creates a novel method of integrating our blockchain technology with a myriad of future users and use cases.

In my opinion it is important to recognize and support the advancement of pioneers and explorers in our industry. Pioneers are the first to use or apply a new method or area of knowledge. Explorers travel to unfamiliar places, of which little is known about, in order to discover and understand what is out there. I think the Embody Application encompasses both of these ideals.

There is indeed a concern throughout this discussion, for the size of the grant itself, which I feel has been addressed in the revised milestones of this request. Having the lion’s share of the requested funds at the final 2 stages of the proposal provides the DAO an opportunity to vet any future draws based on the grantee’s performance. Updated Milestone 1.7 also clearly addresses and provides an opportunity for DAO comments, further steering the success of the overall implementation.

4 Likes

Hi @arj ,

Apologies for not responding sooner here and acknowledging your concerns.

To be clear, we’re still talking about building for our specific use case, just making it reusable for someone who may similarly need to provide access control to between 1 and 5 people. We’re not looking to solve general chat.

What we’re trying to do is ship the same thing we’ve been talking about building all along - Inner Circles - in a way that is easier to reuse for other projects. Here are a few examples of applications where this could be re-used:

  • reminders to take pills
  • sharing a calendars between a person with a disability and their support person
  • family planning
  • children’s calendars
  • poly partner calendars

As far as foward/backward secrecy and other specific cryptographic requirements, you’re right - we do not yet know what our users expect, and this will take time to explore. These are good examples of the discovery work we would focus on in Milestone 1, and the reason our proposal suggests that the disbursement of funds be milestone-based.

The vote has been a rollercoaster! Either way, I’m hopeful we can find a way to work together to build this much-needed tool.

3 Likes

Folks, with the on-chain vote having concluded AGAINST 51% compared to a snapshot vote FOR 97%, and with multiple AGAINST votes from folks who did not participate in discussing this proposal, as well as folks who did and never articulated opposition here or in the snapshot, I hope the DAO as a whole realizes the large governance issues that this process has highlighted.

We’ve dragged a team through months of back and forth, including multiple revisions to a proposal that took feedback into account and made adjustments to reflect it, with the public interest of the team working on the underlying Threshold product—only to have multiple members of the DAO and of that team in particular not show up to the snapshot and then vote against on-chain. In my opinion, this calls into question the utility of the temp check vote, which requires more time and management from a proposing team while, it would appear, providing little actual directional input on the final outcome.

I believe this process in its current form is fundamentally broken if we hope to attract any builders to build real apps on Threshold infrastructure in the future.

4 Likes