web3privacy
/
web3privacy
zrcadlo https://github.com/web3privacy/web3privacy.git
1
0
Rozštěpit 0
Zdrojový kód Úkoly Balíčky Projekty Vydání Wiki Aktivita

Update Readme.md

This commit is contained in:
Mykola Siusko 2023-06-30 12:51:51 +02:00 odevzdal GitHub
rodič 036421691b
revize bbc27f66f1
V databázi nebyl nalezen žádný známý klíč pro tento podpis
ID GPG klíče: 4AEE18F83AFDEB23
1 změnil soubory, kde provedl 46 přidání a 2 odebrání
Zobrazit statistiky Stáhněte soubor záplaty Stáhněte rozdílový soubor Rozbalit všechny soubory Sbalit všechny soubory

48
Web3privacynowplatform/scoringmodel/Readme.md
Zobrazit soubor

@ -5,6 +5,7 @@ Scoring model analytics based on a 50+ privacy projects [survey](https://docs.go
- answers were assembled into 1 Excel sheet to be further analysed
**Fileverse**
Answers:
- open sourcing our work
- you literally generate and download your own e2ee keys
@ -24,6 +25,7 @@ _Product feature_
- social recovery 101
**Lava Network**
Answers:
- starting with our litepaper
- further questions feel free to drop them in our discord
@ -36,6 +38,7 @@ _Product feature_
- in the future: collab with a security audit companies to create a new docs audit service description when a third-party will attest privacy-features of the initial idea x tooling description
**Holonym**
Answers:
- Check their website or docs
- If they vaguely say “data is kept private” and provide no explanation how, run
@ -43,13 +46,54 @@ Answers:
_Observations_:
- "check" is a highly abstract action related to the website or docs -> extract value should be related to understanding "privacy"-validity markers
- "private data explainers" needed to be defined within use-cases (case studies for the market
- "private data explainers" needed to be defined within use-cases (case studies for the market)
_Product feature:_rk
_Product feature_:
- website checklist (1-2-3-4-5..., yes/no validity)
- case studies "private data" explainers
- DYOR (that's our platform)
**Spinner cash**
Answers
- code is law.
- So how about "don't trust, verify"? But to verify, it would require certain technical skills... like reading source code 😅
- We hope to bring in 3rd party auditors at some point
_Observations_:
- the more ideological language is on the website - the harder to navigate the factual privacy features
- source code reading is a highly technical skill (moreover: Ethereum dev could struggle with Solana code & vice versa)
- 3rd party list is needed here to be transformed into privacy signalling features
_Product feature_:
- missing 3rd party audit potential risks 101
- 3rd party list (yes/no) from security audit agencies to independent security engineers (+their reputation 101 in later versions)
**Session**
Answers
- There is the Session code audit
- See what's being said in (non-paid) media: reviews, articles, etc.
_Observations_:
- existing audit is a plus (even if code could be updated, audit could be partial etc)
- hard to define non-paid media placements, but existing media credibility (reco by trusted people like Vitalik - is a plus)
_Product feature_:
- code audit (yes/no). Case studies (how those audits could look alike with active links)
- simplified media analysis 101
**ZKBob**
Answers
- ZKBob hether the solution forces users to preserve their privacy or if it's the user's responsibility. For example, Tornado Cash increases anonymity by requiring users to deposit a specific amount, but doesn't require using different addresses for withdrawals
- zkBOB doesn't force specific amounts or address usage, but encourages the use of new withdrawal addresses by rewarding them with a small amount of native coins that can be used in the next transaction to pay for gas.
- How the components of the protocol communicate with each other and if users can replace any components is another important aspect.
- In the case of zkBOB, the pool contracts are the core component, and the user needs to trust the zkBOB development team regarding privacy leaks in the rest of infrastructure: UI and the sequencer. However, the project roadmap includes plans to address these concerns.
- Since privacy-preserving solutions on the blockchain involve complex mathematical concepts that may be difficult for non-techie individuals to understand, there will always be trust assumptions for this part of the solution.
- "The only way for non-techie people to reduce risks is to seek expert advice or do extensive research before using such solutions.
- For zkBOB, it's worth noting that the project is open source, the part of the protocol related to zero-knowledge was audited, and the team does its best to support documentation that's up-to-date and clear for ordinary users."