Guided Technical Tour
Six-step journey
Move through the dashboard in order, or jump directly to any step.
Step 6
Failures and Shortcomings
This final step is the production barrier: it explains why a successful prototype can still fall short of a high-stakes deployment, especially when centralization creates a new master key.
A central orchestrator becomes a new master key if it is compromised.
The prototype depends on API availability, rate limits, and external provider behavior.
The Root Seed still lives server-side until the framework reaches self-sovereign identity.
The centralization paradox and systemic risk
Building a central authority to orchestrate user APIs creates a new, more dangerous master key for identity. If the central IWISI gateway were compromised, an attacker could reconstruct the digital lives of every user on the platform rather than just stealing a static password.
That conflict shows the tension between a business model built around a central authority and the project’s broader goal of total user privacy.
Technical and operational failures
Third-party API dependency introduces fragility, and the model can lock out thin-file or underbanked users who do not have the premium digital footprints needed for high-entropy challenges.
Real-world data is also volatile, so deterministic test seeds can hide false rejections that appear when habits change faster than the system expects.
The deployment gap
The current prototype is still server-side. Until the Root Seed and orchestrator move to the user’s own device, the liability remains centralized and the clean-room story remains incomplete.
Transitioning from a mock REST API to OAuth-protected production data streams also adds a large amount of security overhead that the prototype does not yet manage.
Adversarial sophistication
The decoy engine works well against random guessing, but it still needs more development to stay resilient against attackers who have partial localized context from social engineering.
In other words, the prototype is a strong proof of concept, but it is not yet production-ready for a high-stakes environment.
Why this matters
Identifying these failures is part of the value of the research itself: it shows that a technically sound model can still carry systemic risk when centralization, dependency, and scale collide.