2023-01-27 16:43:41 +01:00
|
|
|
|
**Privacy scoring options to consider**
|
|
|
|
|
|
2023-01-27 19:13:06 +01:00
|
|
|
|
**Note**: _final scoring model shouldn't be too complex to execute._
|
|
|
|
|
|
2023-01-27 16:43:41 +01:00
|
|
|
|
_Sketches what could be put inside privacy-solutions scoring model_ (note: think of these as questions to experts for workshop on scoring ideation).
|
|
|
|
|
|
|
|
|
|
**Open-source transparency**
|
|
|
|
|
- **GitHub repos**: # of commits, # stars, date of repo creation.
|
|
|
|
|
|
|
|
|
|
**Third party validation**
|
|
|
|
|
- **Security audits**: yes, no; type of audit; ammount of audits.
|
|
|
|
|
|
|
|
|
|
**Community validation**
|
|
|
|
|
- Existing bugs
|
|
|
|
|
- White hackers assesment (like Secret Network TEE bug)
|
|
|
|
|
- Negative Discord, Twitter, other public feedback (product & founder-centric)
|
|
|
|
|
|
|
|
|
|
**Team**
|
|
|
|
|
- Market validation
|
|
|
|
|
- GitHub contribution
|
|
|
|
|
- Track record (incl. red flag projects)
|
2023-01-27 16:44:40 +01:00
|
|
|
|
|
|
|
|
|
**Financials**
|
|
|
|
|
- Investments
|
|
|
|
|
- TVL (like Aztec's L2)
|
|
|
|
|
- Donation-based
|
|
|
|
|
- Public treasury
|
2023-01-27 16:50:19 +01:00
|
|
|
|
|
|
|
|
|
**Liveliness**
|
|
|
|
|
- How active is GitHub activity
|
|
|
|
|
- How active is community
|
|
|
|
|
- Is there a public product traction?
|
2023-01-27 16:57:30 +01:00
|
|
|
|
|
|
|
|
|
**Product-readiness**
|
|
|
|
|
- State of product-readiness
|
|
|
|
|
- MVP-readiness
|
|
|
|
|
- Protocol (test-net/main-net)
|
|
|
|
|
- dApp (release timing, third party validation like AppStore/Play Store)
|
|
|
|
|
- network-reliability (the state of privacy in Ethereum, Solana, Avalanche etc)
|
2023-01-27 16:59:47 +01:00
|
|
|
|
|
|
|
|
|
**Cross-checked data leakage**
|
|
|
|
|
- Complementing privacy stack data leakage (example: phone + dApp; wallet + RPC etc)
|
2023-01-27 17:01:07 +01:00
|
|
|
|
- Third party data leakage (from the hackers to state agents (think of Iran or North Korea govs))
|
2023-01-30 09:30:35 +01:00
|
|
|
|
|
|
|
|
|
**Data aggregation policies**
|
2023-01-30 09:30:50 +01:00
|
|
|
|
|
|
|
|
|
_Reference_: https://tosdr.org
|
2023-01-30 13:56:09 +01:00
|
|
|
|
|
|
|
|
|
**Centralisation level (incl KYC)**
|
|
|
|
|
|
|
|
|
|
Reference: https://kycnot.me/about#scores
|
2023-02-04 13:13:48 +01:00
|
|
|
|
|
2023-02-04 13:17:20 +01:00
|
|
|
|
**On-going community research (survey) within the privacy experts - all answers on how to score services privacy (non-redacted)**:
|
|
|
|
|
|
|
|
|
|
**Docs**
|
2023-02-04 13:13:48 +01:00
|
|
|
|
- read the documentation
|
2023-02-04 13:17:20 +01:00
|
|
|
|
- Good and comprehensive documentation
|
|
|
|
|
|
2023-02-04 13:13:48 +01:00
|
|
|
|
- ask about its weaknesses from competitors
|
|
|
|
|
- try to trace a transaction
|
|
|
|
|
- Precise description of the concrete privacy properties. Privacy is complicated so if they don't say exactly what they protect, then its likely vapor
|
|
|
|
|
- Usability - for end users or in the developer experience if it is a B2B project.
|
|
|
|
|
- Validation by trusted and respected independent scientists and researchers
|
|
|
|
|
- Open source
|
|
|
|
|
- There is a way to verify the code I think is running, really is running e.g. attestation service
|
|
|
|
|
- Ability to run part of the service and verify for myself
|
|
|
|
|
- Other tooling to verify e.g. block explorers
|
|
|
|
|
- Open source/FOSS
|
|
|
|
|
- Minimal to no metadata capture
|
|
|
|
|
- Doesn’t sell your data
|
|
|
|
|
- Non-vague, and non-intrusive privacy policy
|
|
|
|
|
- protects against global passive adversary
|
|
|
|
|
- does not implement kyc or aml
|
|
|
|
|
- strong secure anonymity tech
|
2023-02-04 13:17:20 +01:00
|
|
|
|
- Decentralized
|
|
|
|
|
- Credibly neutral
|
|
|
|
|
- Usage of ZKP
|
|
|
|
|
|
|
|
|
|
**VCs**
|
|
|
|
|
- Who are the VCs
|
2023-02-04 13:13:48 +01:00
|
|
|
|
- not funded by big US VCs like a16z
|
2023-02-04 13:17:20 +01:00
|
|
|
|
|
|
|
|
|
**Team**
|
|
|
|
|
- ideological team
|
|
|
|
|
- Reputation of team
|