All me is not a platform that watches over people. It is a vault that protects them even when it does not know who they are.
This explainer shows how the vault works, why anonymity is a structural defence, and how the architecture prevents account theft without storing personal data.
1. The Vault Metaphor: Protection Without Visibility
A traditional digital identity system is like a room: you enter, you are seen, and the system keeps a record of who you are.
All me is a vault. The system does not see you. It only verifies the key you hold.
Key idea
The vault protects the resident without needing to know the resident.
This is the foundation of All me’s security model.
2. What Lives Inside the Vault?
Inside the vault is the anonymous profile — a minimal, non-identifying construct that contains:
- no name
- no email
- no phone
- no behavioural history
- no social graph
- no personal identifiers
It is a sealed container with no personal data to steal.
Why this matters
If an attacker breaks in, they find nothing. The vault protects by absence, not by obscurity.
3. The Key: Device-Bound Authentication
The vault opens only when the user presents a device-bound cryptographic key.
This key is:
- generated locally
- stored locally
- never transmitted
- never shared
- never stored by All me
It is paired with a generated username and a 2FA password, but these alone cannot open the vault.
Why attackers cannot use stolen credentials
Even if someone captures the username and 2FA password, they cannot satisfy the device challenge. The vault remains locked.
4. The Lock: External 2FA Authority
All me does not reset 2FA internally. Only the verified payment identity can request a reset through the payment gateway.
This creates a separation:
- All me protects the anonymous profile
- The payment gateway protects the verified identity
- Neither system can impersonate the other
Why this is safe to explain publicly
The strength comes from structural separation, not secrecy.
5. Zero-Trust Walls: No Internal Visibility
The vault is built from zero-trust principles:
- All me does not trust the device
- The device does not trust All me
- The payment gateway does not trust All me
- All me does not trust the payment gateway
Each component sees only what it must. No component can infer identity.
Outcome
There is no single point where identity can be reconstructed.
6. Why Attackers Cannot Steal an Anonymous Account
Attackers cannot:
- reset the 2FA
- bypass the device challenge
- extract personal data
- impersonate the user at the gateway
- persistently hijack the account
The only way an account is lost is if the user loses their own key not because an attacker steals it.
This is the core message
The vault cannot be opened from the outside.
7. The Architecture at a Glance
Below is a conceptual diagram of how the vault model fits together:
User Device (Key) – Local cryptographic seed – Hardware-bound authentication – Generated username + 2FA password
All me (Vault) – Anonymous profile – Zero-trust compartments – No personal data stored
Payment Gateway (Lock Authority) – Verified adult identity – 2FA reset authority – No access to anonymous profile
8. Why This Model Is Safe to Explain Publicly
All me’s security does not rely on hiding mechanisms. It relies on:
- absence of personal data
- separation of identity domains
- device-bound cryptography
- external reset authority
- zero-trust architecture
Explaining these principles does not weaken the system. It strengthens user understanding.
9. The Final Metaphor
Most platforms: A room where everyone is visible.
All me: A vault where the resident is protected, even when the system does not know who they are.
The vault does not need to know the resident. It only needs to verify the key.




