Update w3p-03.md

This commit is contained in:
Mykola Siusko 2023-10-19 14:59:12 +02:00 committed by GitHub
parent 0c2ca9289e
commit 48cab06d9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -9,6 +9,7 @@
- [Context](#Context) - [Context](#Context)
- [Privacy features to audit](#Privacy-features) - [Privacy features to audit](#Privacy-features)
- [Additional](#Additional) - [Additional](#Additional)
- [Comments](#Comments)
# Context # Context
@ -26,7 +27,7 @@ This will significantly protect the general public from compromised services wit
| Default privacy | enabled, not | | Default privacy | enabled, not |
| Privacy policies (data collection policies) | what data is collected & why; marking non-essential data collection practices | | Privacy policies (data collection policies) | what data is collected & why; marking non-essential data collection practices |
| Non-consent data collection practices | IP, wallet, balance etc | | Non-consent data collection practices | IP, wallet, balance etc |
| Anonymous set | data "profile" service reveal about you | | Anonymity set | data "profile" service reveal about you |
| Third-party privacy tech maturity | If service is a part of ecosystem - security audit company comments on core tech privacy (Ethereum, Waku) | | Third-party privacy tech maturity | If service is a part of ecosystem - security audit company comments on core tech privacy (Ethereum, Waku) |
| Traceability | How traceable are transactions | | Traceability | How traceable are transactions |
@ -35,3 +36,7 @@ This will significantly protect the general public from compromised services wit
| Feature | Observation | | Feature | Observation |
| ------------- | ------------- | ------------- | -------------
| Privacy risk | low, medium, high | | Privacy risk | low, medium, high |
# Comments
- there's a thin line between privacy & security, so we approach it like this: if privacy is compromised -> it becomes a security issue (threat)
- some privacy observations are ethical (like "compliance"), so tech companies couldn't say it's "good" or "bad" -> we will just highlight them on our public platform (like KYC, team reputation etc)