mirror of
https://github.com/web3privacy/grants.git
synced 2024-10-15 12:06:27 +02:00
2.6 KiB
2.6 KiB
W3P: 3 Title: Privacy features audit concept for security audit organizations & whitehackers (research) Status: preparation Type: Research Created: 2023-10-01
Contents
Context
90%+ of the privacy services in web3 lack basic security audit. High risk for anyone using them without a third-party attestation. At the same time, security audit companies aren't focused on privacy features but analyze smart contracts etc. So we want to increase the "security" levelling of the privacy services by facilitating new kinds of Privacy features attestation by white hackers (working for companies or themselves).
This will significantly protect the general public from compromised services with backdoors, poor code execution & false privacy claims. Meanwhile, it will prove privacy claims from the broader community, contributing to the latest encryption, ZK-research & other privacy-tech execution concepts.
Privacy features
Feature | Observation |
---|---|
Selected privacy technology maturity | latest, old etc |
Selected privacy technology delivery | state of the privacy tech: test-net, poor code execution etc |
Default privacy | enabled, not |
Privacy policies (data collection policies) | what data is collected & why; marking non-essential data collection practices |
Non-consent data collection practices | IP, wallet, balance etc |
Anonymity set | data "profile" service reveal about you |
Third-party privacy tech maturity | If service is a part of ecosystem - security audit company comments on core tech privacy (Ethereum, Waku) |
Traceability | How traceable are transactions |
Decentralization | permission, permissionless etc |
Additional
Feature | Observation |
---|---|
Privacy risk | low, medium, high |
Comments
- there's a thin line between privacy & security, so we approach it like this: if privacy is compromised -> it becomes a security issue (threat)
- some privacy observations are ethical (like "compliance"), so tech companies couldn't say it's "good" or "bad" -> we will just highlight them on our public platform (like KYC, team reputation etc)
Contribute
- Community member: discuss - Join Signal group, do - make Pull Request here
- Privacy organization: donate - Contact, do - make Pull Request here
- Security audit company: reflect - Join Signal group, do - make Pull Request here