grants/w3p-03.md

<pre>
  W3P: 3
  Title: Privacy features audit concept for security audit organizations & whitehackers (research)
  Status: preparation
  Type: Research
  Created: 2023-10-01
</pre>
## Contents
- [Context](#Context)
- [Privacy features to audit](#Privacy-features)
- [Additional](#Additional)

# Context 

90%+ of the privacy services in web3 lack basic security audit. High risk for anyone using them without a third-party attestation.
At the same time, security audit companies aren't focused on privacy features but analyze smart contracts etc. So we want to increase the "security" levelling of the privacy services by facilitating new kinds of Privacy features attestation by white hackers (working for companies or themselves).

This will significantly protect the general public from compromised services with backdoors, poor code execution & false privacy claims. Meanwhile, it will prove privacy claims from the broader community, contributing to the latest encryption, ZK-research & other privacy-tech execution concepts.

# Privacy features

| Feature  | Observation | 
| ------------- | ------------- 
| Selected privacy technology maturity | latest, old etc |
| Selected privacy technology delivery | state of the privacy tech: test-net, poor code execution etc |
| Default privacy | enabled, not |
| Privacy policies (data collection policies) | what data is collected & why; marking non-essential data collection practices |
| Non-consent data collection practices | IP, wallet, balance etc |
| Anonymous set | data "profile" service reveal about you |
| Third-party privacy tech maturity | If service is a part of ecosystem - security audit company comments on core tech privacy (Ethereum, Waku) |
| Traceability | How traceable are transactions |

# Additional

| Feature  | Observation  | 
| ------------- | ------------- 
| Privacy risk | low, medium, high |