diff --git a/Web3privacynowplatform/scoringmodel/Scoringmodel_techies.md b/Web3privacynowplatform/scoringmodel/Scoringmodel_techies.md index 64ba3c3..0947129 100644 --- a/Web3privacynowplatform/scoringmodel/Scoringmodel_techies.md +++ b/Web3privacynowplatform/scoringmodel/Scoringmodel_techies.md @@ -41,132 +41,62 @@ | Number of nodes/servers/ -> the larger the footprint the best privacy | + | # Storage -| Scoring | Non-web3 person assesment | Web3, but non-tech assesment | -| ------------- | ------------- | ------------- | -| e2e encrypted LOCAL storage | - | + | -| What user information is stored? (username, IP address, last connection, wallets associate, etc) | - | + | -| Where is it stored? (centralized server, certain jurisdictions, on-chain, in browser/local cache) | - | + | +| Scoring | Techie | +| ------------- | ------------- | +| e2e encrypted LOCAL storage | + | +| What user information is stored? (username, IP address, last connection, wallets associate, etc) | + | +| Where is it stored? (centralized server, certain jurisdictions, on-chain, in browser/local cache) | + | # Data aggregation -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| no email or tel nr for signup | + | + | -| control over personal data | - | - | -| does not implement KYC or AML | + | + | -| Metadata privacy / Minimal to no metadata capture | - | - | +| Scoring | Techie | +| ------------- | ------------- | +| no email or tel nr for signup | + | +| does not implement KYC or AML | + | # Traction -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| Amount of transactions | + | + | -| number of people using it | + | + | -| is it famous | + | + | -| Latency | - | - | -| Time of test and battle-tested code - (e.g. how BSC had passed the stress time of withdrawals with FTX drama or crypto schemes such as ECDSA with more than 2-3 decades alive) | - | - | -| Cost | - | + | +| Scoring | Techie | +| ------------- | ------------- | +| Amount of transactions | + | +| number of people using it | + | +| is it famous | + | # Governance -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| DAO structure (if applied) | - | + | +| Scoring | Techie | +| ------------- | ------------- | +| DAO structure (if applied) | + | # Privacy execution -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| How is it being transmitted? (encrypted, unencrypted, offuscated, etc) | - | - | -| Combined those encryption methods effectively (holistic solution) | - | - | -| Confidentiality of transactions | - | - | -| the ability to hide transactional data from the public | - | - | -| strong encryption algorithms | - | - | -| If the speed in connection is too fast, there most probably no privacy there and rather a direct channel between user - app | - | - | -| p2p / no central server | - | - | -| Trustless - No ID required (this is where ZKs are useful) | - | + | -| Usage of ZK | - | - | +| Scoring | Techie | +| ------------- | ------------- | +| p2p / no central server | + | +| Trustless - No ID required (this is where ZKs are useful) | + | # Product-centric -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| Onboarding steps | + | + | -| Usability - for end users or in the developer experience if it is a B2B project. | + | - | +| Scoring | Techie | +| ------------- | ------------- | +| Onboarding steps | + | # Testing -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| Ability to run part of the service and verify for myself | - | - | -| try to trace a transaction | - | - | -| There is a way to verify the code I think is running, really is running e.g. attestation service | - | - | -| Other tooling to verify e.g. block explorers | - | + | - -# Other -| Scoring | Non-web3 person assesment | Non-tech assesment | -| ------------- | ------------- | ------------- | -| Entropy (non-trivial to estimate, different measurements for type of service). Some examples: https://arxiv.org/abs/2211.04259 or https://blog.nymtech.net/an-empirical-study-of-privacy-scalability-and-latency-of-nym-mixnet-ff05320fb62d | - | - | -| Censorship-resistant (how hard it's for a powerful party to block/censor a given service) | - | - | -| Precise description of the concrete privacy properties. Privacy is complicated, so if they don't say exactly what they protect, then its likely vapour | - | - | -| Doesn’t sell your data | - | - | -| protects against a global passive adversary | - | - | -| strong secure anonymity tech | - | - | -| Credibly neutral | + | + | -| ISO/IEC 29190:2015: https://www.iso.org/standard/45269.html | - | - | -| Anonymity Assessment – A Universal Tool for Measuring Anonymity of Data Sets Under the GDPR with a Special Focus on Smart Robotics: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3971139 | - | - | - -_Huge thanks everyone who contributed! I make it anon now, but will thank everyone (who would liked to be credited) once a scoring model will be published on GitHub for community evaluation._ - -# 2. My personal notes on privacy scoring (they were made before communal survey) -_Sketches what could be put inside privacy-solutions scoring model_ (note: think of these as questions to experts for a workshop on scoring ideation). - -**Key observations** - -| Topic | Observation | +| Scoring | Techie | | ------------- | ------------- | -| Broad range of different takes on privacy assesment | Privacy experts have around 50+ tips | -| Tech-centricity of assesment | Majority of the expert takes are hard to execute by non-tech people (they need info-help!) | -| Privacy assessment takes enormous time | Time-To privacy-fit - potential for analytical service | -| Privacy literacy isn't enough | The scoring model demand both "decentralisation", "open-source" & "privacy" topics understanding | -| Mix of objective & subjective takes | Scoring criteria are different from objective (example: transaction traceability) & subjective (example: backed by a16z crypto) takes | +| try to trace a transaction | + | +| Other tooling to verify e.g. block explorers | + | -**Open-source transparency** -- **GitHub repos**: # of commits, # stars, date of repo creation. +# MVP for non-tecies expanded to techies -**Third-party validation** -- **Security audits**: yes, no; type of audit; ammount of audits. +# Sandbox: DeFi category that has been analyzed -**Community validation** -- Existing bugs -- White hackers assessment (like Secret Network TEE bug) -- Negative Discord, Twitter, other public feedback (product & founder-centric) +**How to use sandbox?** +1. Read takeaways. +2. Give us feedback via general comments in the Community on [Signal](https://chat.web3privacy.info/) or make a Pull request here. +3. You can always explore 38 DeFi project' assessment [here](https://github.com/web3privacy/web3privacy/blob/main/Web3privacynowplatform/scoringmodel/DeFi%20category%20prototype.md) -**Team** -- Market validation -- GitHub contribution -- Track record (incl. red flag projects) +# Scoring model 1.2: validity track -**Financials** -- Investments -- TVL (like Aztec's L2) -- Donation-based -- Public treasury +_Validity track covers GitHub, Product-readiness, Team, Docs, Audit._ -**Liveliness** -- How active is GitHub activity -- How active is the community -- Is there public product traction? +**Note**: quick assessment helps to decrease privacy dark patterns from obscure language to test-net claiming it has a "state of art privacy". +![alt text](https://github.com/web3privacy/web3privacy/blob/main/Web3privacynowplatform/scoringmodel/staticobjects/Scoring%201.2%20validity%20track.png?raw=true) -**Product-readiness** -- State of product-readiness -- MVP-readiness -- Protocol (test-net/main-net) -- dApp (release timing, third-party validation like AppStore/Play Store) -- network-reliability (the state of privacy in Ethereum, Solana, Avalanche etc) - -**Cross-checked data leakage** -- Complementing privacy stack data leakage (example: phone + dApp; wallet + RPC etc) -- Third-party data leakage (from the hackers to state agents (think of Iran or North Korean govs)) - -**Data aggregation policies** - -_Reference_: https://tosdr.org - -**Centralisation level (incl KYC)** - -Reference: https://kycnot.me/about#scores +We use % as a simplified way to prototype scoring model (from % to 100%). Later versions will include a mixmodel of %, yes/no assumptions & much complex observations. +![alt text](https://github.com/web3privacy/web3privacy/blob/main/Web3privacynowplatform/scoringmodel/staticobjects/Scroing%201.2%20validity%20track%20breakdown.png?raw=true)