web3privacy/Web3privacynowplatform/Scoringmodel.md

**Privacy scoring options to consider**

**Note**: _final scoring model shouldn't be too complex to execute._

_Sketches what could be put inside privacy-solutions scoring model_ (note: think of these as questions to experts for workshop on scoring ideation).

**Open-source transparency**
- **GitHub repos**: # of commits, # stars, date of repo creation.

**Third party validation**
- **Security audits**: yes, no; type of audit; ammount of audits.

**Community validation**
- Existing bugs
- White hackers assesment (like Secret Network TEE bug)
- Negative Discord, Twitter, other public feedback (product & founder-centric)

**Team**
- Market validation
- GitHub contribution
- Track record (incl. red flag projects)

**Financials**
- Investments
- TVL (like Aztec's L2)
- Donation-based
- Public treasury

**Liveliness**
- How active is GitHub activity 
- How active is community
- Is there a public product traction?

**Product-readiness**
- State of product-readiness
- MVP-readiness
- Protocol (test-net/main-net)
- dApp (release timing, third party validation like AppStore/Play Store)
- network-reliability (the state of privacy in Ethereum, Solana, Avalanche etc)

**Cross-checked data leakage**
- Complementing privacy stack data leakage (example: phone + dApp; wallet + RPC etc)
- Third party data leakage (from the hackers to state agents (think of Iran or North Korea govs))

**Data aggregation policies**

_Reference_: https://tosdr.org 

**Centralisation level (incl KYC)**

Reference: https://kycnot.me/about#scores

**On-going community research (survey) within the privacy experts - all answers on how to score services privacy (non-redacted)**:

**Docs**
- read the documentation
- Good and comprehensive documentation

- ask about its weaknesses from competitors
- try to trace a transaction
- Precise description of the concrete privacy properties. Privacy is complicated so if they don't say exactly what they protect, then its likely vapor
- Usability - for end users or in the developer experience if it is a B2B project.
- Validation by trusted and respected independent scientists and researchers
- Open source
- There is a way to verify the code I think is running, really is running e.g. attestation service
- Ability to run part of the service and verify for myself
- Other tooling to verify e.g. block explorers 
- Open source/FOSS
- Minimal to no metadata capture
- Doesn’t sell your data
- Non-vague, and non-intrusive privacy policy
- protects against global passive adversary
- does not implement kyc or aml
- strong secure anonymity tech
- Decentralized 
- Credibly neutral
- Usage of ZKP

**VCs**
- Who are the VCs
- not funded by big US VCs like a16z

**Team**
- ideological team
- Reputation of team
-												Create Scoringmodel.md
											
										
										
											2023-01-27 16:43:41 +01:00
+								**Privacy scoring options to consider**
-												Update Scoringmodel.md
											
										
										
											2023-01-27 19:13:06 +01:00
+								**Note**: _final scoring model shouldn't be too complex to execute._
-												Create Scoringmodel.md
											
										
										
											2023-01-27 16:43:41 +01:00
+								_Sketches what could be put inside privacy-solutions scoring model_ (note: think of these as questions to experts for workshop on scoring ideation).
 								**Open-source transparency**
 								- **GitHub repos**: # of commits, # stars, date of repo creation.
 								**Third party validation**
 								- **Security audits**: yes, no; type of audit; ammount of audits.
 								**Community validation**
 								- Existing bugs
 								- White hackers assesment (like Secret Network TEE bug)
 								- Negative Discord, Twitter, other public feedback (product & founder-centric)
 								**Team**
 								- Market validation
 								- GitHub contribution
 								- Track record (incl. red flag projects)
-												Update Scoringmodel.md
											
										
										
											2023-01-27 16:44:40 +01:00
 								**Financials**
 								- Investments
 								- TVL (like Aztec's L2)
 								- Donation-based
 								- Public treasury
-												Update Scoringmodel.md
											
										
										
											2023-01-27 16:50:19 +01:00
 								**Liveliness**
 								- How active is GitHub activity
 								- How active is community
 								- Is there a public product traction?
-												Update Scoringmodel.md
											
										
										
											2023-01-27 16:57:30 +01:00
 								**Product-readiness**
 								- State of product-readiness
 								- MVP-readiness
 								- Protocol (test-net/main-net)
 								- dApp (release timing, third party validation like AppStore/Play Store)
 								- network-reliability (the state of privacy in Ethereum, Solana, Avalanche etc)
-												Update Scoringmodel.md
											
										
										
											2023-01-27 16:59:47 +01:00
 								**Cross-checked data leakage**
 								- Complementing privacy stack data leakage (example: phone + dApp; wallet + RPC etc)
-												Update Scoringmodel.md
											
										
										
											2023-01-27 17:01:07 +01:00
+								- Third party data leakage (from the hackers to state agents (think of Iran or North Korea govs))
-												Update Scoringmodel.md
											
										
										
											2023-01-30 09:30:35 +01:00
 								**Data aggregation policies**
-												Update Scoringmodel.md
											
										
										
											2023-01-30 09:30:50 +01:00
 								_Reference_: https://tosdr.org
-												Update Scoringmodel.md
											
										
										
											2023-01-30 13:56:09 +01:00
 								**Centralisation level (incl KYC)**
 								Reference: https://kycnot.me/about#scores
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:13:48 +01:00
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:17:20 +01:00
+								**On-going community research (survey) within the privacy experts - all answers on how to score services privacy (non-redacted)**:
 								**Docs**
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:13:48 +01:00
+								- read the documentation
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:17:20 +01:00
+								- Good and comprehensive documentation
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:13:48 +01:00
+								- ask about its weaknesses from competitors
 								- try to trace a transaction
 								- Precise description of the concrete privacy properties. Privacy is complicated so if they don't say exactly what they protect, then its likely vapor
 								- Usability - for end users or in the developer experience if it is a B2B project.
 								- Validation by trusted and respected independent scientists and researchers
 								- Open source
 								- There is a way to verify the code I think is running, really is running e.g. attestation service
 								- Ability to run part of the service and verify for myself
 								- Other tooling to verify e.g. block explorers
 								- Open source/FOSS
 								- Minimal to no metadata capture
 								- Doesn’t sell your data
 								- Non-vague, and non-intrusive privacy policy
 								- protects against global passive adversary
 								- does not implement kyc or aml
 								- strong secure anonymity tech
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:17:20 +01:00
+								- Decentralized
 								- Credibly neutral
 								- Usage of ZKP
 								**VCs**
 								- Who are the VCs
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:13:48 +01:00
+								- not funded by big US VCs like a16z
-												Update Scoringmodel.md
											
										
										
											2023-02-04 13:17:20 +01:00
 								**Team**
 								- ideological team
 								- Reputation of team