What we see. What we don't. Side-by-side.
The product is identity that pays you. The privacy posture is what makes it distinct from Sign in with Google — the comparison your privacy reviewer can falsify. For the formal policy, see /privacy.
| property | sign in with google | sign in with apple | me.ochk.io |
|---|---|---|---|
sees which sites you sign into each integrating site verifies its own envelopes against its own scoped OC verifier instance. me.ochk.io's servers do not participate in the verification path. | yes — every one | limited — apple-mediated | no — sites verify locally |
cross-site behavior graph the only correlation across sites is your own /me/earn log, which only you and the relevant integrating site can read. | yes | partial | no |
third-party advertising tied to identity | yes | no | no |
PII required at signup | name, recovery, often phone | apple id (name, email) | email or phone — your choice |
KYC / PII stored at provider | yes | yes | never — me.ochk does not do KYC, ever |
sybil resistance | opaque · provider rules | opaque · provider rules | BIP-322 sat-bond attestation + paid-action history + integrator-defined gates |
graduation to self-sovereign | — | — | first-class — sweep to your own wallet |
works without the provider being online | no | no | yes — envelopes verify offline against Bitcoin headers |
every byte that crosses an edge.
the entire data graph — laid out so you can audit it. nothing in this list is not in the diagram; nothing in this list happens that's not in the diagram.
| from | to | what |
|---|---|---|
| you | integrating site | an OC envelope with your scoped identity, the action you authorized, and your signature. |
| integrating site | me.ochk.io | the event's billing record (what was authorized, by whom, for what fee). this is what the site pays for; this is what flows back to you as cashback. |
| me.ochk.io | you | a credit to your federation-custodied wallet, with full provenance on /me/earn — site, action, fee, your share, envelope id, verify link. |
| me.ochk.io | public | an OpenTimestamps-anchored event root, published to Nostr relays. cryptographic, not personal — the user identity is a public Bitcoin address. |
what we ask cookies for
Two cookies. oc_session — the Ed25519-signed session JWT issued by ochk.io. HttpOnly, Secure, SameSite=Lax, Domain=.ochk.io. Used to verify you across me.ochk.io and the rest of the family. oc_theme — your dark/light preference, JS-readable, not auth-bearing. No tracking cookies, no advertising IDs, no third-party pixels.
Page analytics use Plausible, which is cookie-free and stores no PII. We see aggregate page views, not individual user journeys.
delete your identity
On /me/settings → advanced → delete, you can permanently revoke your OC identity. Your federation-custodied balance must be swept first (the graduate flow). Anchored events on Bitcoin headers and Nostr-published envelopes are immutable by design — these we cannot delete; they are public records of fee flows. We never delete the chain; we delete the operational records about you.