Features
Everything you need.
Nothing you don't.
Private identity that works with any service, protects your data by design, and never asks you to trust a middleman.
Selective Disclosure
"Share only what's needed"
Most identity systems send everything at once — your name, address, date of birth, and more. mwen lets you choose exactly which facts to share with each service.
Prove you are over 18 without revealing your birthday. Confirm your nationality without sharing your passport number. Verify your employer without disclosing your salary.
This is made possible by SD-JWT-VC, an open standard for selective disclosure of verifiable credentials — the same technology underpinning EU digital identity wallets.
Per-App Unlinkability
The "super-cookie" problem, solved by math.
Traditional sign-in ("Sign in with Google", "Login with Facebook") creates a permanent record. The identity provider sees every service you visit — building a detailed profile of your online life.
mwen generates a unique cryptographic key for each service you interact with. Two services that both verify you through mwen cannot compare notes. There is no shared identifier.
This is not a policy or a promise. It is a mathematical property of how keys are derived.
Local Vault
Encryption, backup, recovery — without a cloud.
Your credentials are encrypted with AES-256-GCM and stored in your browser's local storage. They never leave your device unless you explicitly choose to export them.
To recover your vault on a new device, use your 24-word recovery phrase (generated when you set up your vault) or an encrypted .mwen backup file. You are the custodian.
There is no mwen server that could be compromised, subpoenaed, or shut down. Your identity is yours.
Open Standards
EUDI-compatible, W3C-aligned, auditable.
mwen implements SD-JWT-VC (IETF draft) for credential format and OID4VP (OpenID for Verifiable Presentations) for the presentation protocol.
These are the same standards being adopted by EU Member States for the European Digital Identity Wallet. A credential issued by an EUDI-compatible issuer can be used with mwen.
The entire cryptographic stack is open source and independently auditable. No proprietary formats, no vendor lock-in.
Open Source
Transparent, auditable, community-owned.
mwen is Apache 2.0 licensed. The full source code — extension, protocol library, SDK, and website — is publicly available on GitHub.
Security through transparency: every credential operation, every key derivation, every protocol exchange is reviewable by anyone. We commission external security audits and publish the results.
Open source also means no lock-in. Fork it, extend it, audit it, deploy your own instance.
How we compare
mwen vs. the alternatives
| Feature | mwen | Password manager | Social SSO | Centralised ID |
|---|---|---|---|---|
| Data stored on your device | ✓ | – | – | – |
| Works without internet | ✓ | ✓ | – | – |
| No third party sees your activity | ✓ | – | – | – |
| Selective attribute disclosure | ✓ | – | – | ~ |
| Per-service unlinkable identifiers | ✓ | – | – | – |
| Open standard (not proprietary) | ✓ | – | – | ~ |
Ready to try it?
Install the mwen extension and experience private identity for yourself.
Install for Chrome