Skip to content

Ministry of Many

Open-source infrastructure for portable, privacy-preserving digital identity - and the apps built on it.

🌐 ministry.id

The ecosystem

Minister issues verifiable badges, so you carry a pseudonymous identity you own instead of a scatter of accounts other companies keep on you. Everything built on it uses zero-knowledge proofs to draw a line most systems can't: you get in by proving something true about yourself, and what you do once you're inside stays unlinkable to you. Gated by proof, anonymous in practice.

  • Minister (ministry.id) - the identity provider. You hold a profile of verifiable badges (you own a given email domain, a GitHub or Google account, you're over 21, you live in a certain state, and so on) and use them to sign in to third-party apps over OpenID Connect. An app can request badges, but you decide what to disclose. And when it will accept any of several proofs, Minister offers the one that the most other users also hold, so what you reveal blends into the largest possible crowd and narrows you down the least. Each app also sees a different ID for you, so your activity in one can't be linked to your activity in another. AGPL-3.0
  • minister-client - the SDK apps build on to run the flow end to end: sign a user in against Minister, then verify the badges it returns (signature, schema, and expiry). If you're building a relying party (an app that uses Minister OIDC), this is the piece you install. (@minister/client) MIT OR Apache-2.0
  • Deforum (deforum.space) - Reddit-shaped forums where every sub-forum sets its own rules. Rather than email-and-a-captcha, a forum gates on Minister account strength (an anti-sybil score based on how many independent proofs you hold) plus any badges it wants. Post under a per-forum pseudonym, or, in members-only spaces, post fully anonymously behind a Semaphore membership proof the platform itself can't trace to you. Your identity is separate in every sub-forum, so nothing ties your activity in one to your activity in another. AGPL-3.0
  • FreedInk (freed.ink) - collective blogs where the members, not an owner, decide what runs. Anyone with authoring rights submits a draft, eligible reviewers vote, and a two-thirds majority publishes. The voting is the clever part: it runs on blind signatures, so the server can confirm a vote came from an eligible member without ever learning who voted or which way. Authoring is pseudonymous, commenting and voting are fully unlinkable, and posts stay verifiable even after the membership rotates. AGPL-3.0
  • Discreetly (discreetly.chat) - zero-knowledge group chat. Rooms gate on a Minister badge policy (all of these, any of these, or at least N of these), but once you're in, every message carries a proof of membership and nothing else, never your identity. Your sending identity rotates each epoch so your messages can't be strung together, and you can rotate devices per room to stay unlinkable across rooms. Some rooms are ephemeral: relayed to everyone present and stored nowhere. Rate limiting has teeth, too: flood a room past its limit and the same math that kept you hidden reconstructs your key and bans you.

Pinned Loading

  1. FreedInk FreedInk Public

    TypeScript 1

  2. Deforum Deforum Public

    Deforum (deforum.space) - badge-gated anonymous-but-verified forum. SvelteKit; sub-forums gated by Minister badges with a configurable per-role action policy.

    TypeScript

  3. Discreetly Discreetly Public

    Anonymous federated zero-knowledge group chat; Minister OIDC relying party

    TypeScript

  4. minister-client minister-client Public

    OIDC relying-party SDK for Minister: auth-code+PKCE flow, ID-token verification, and verification of disclosed badge VCs.

    TypeScript 1

Repositories

Showing 9 of 9 repositories

Top languages

Loading…

Most used topics

Loading…