web3privacy
/
web3privacy
zrcadlo https://github.com/web3privacy/web3privacy.git
1
0
Rozštěpit 0
Zdrojový kód Úkoly Balíčky Projekty Vydání Wiki Aktivita

Update Readme.md

This commit is contained in:
Mykola Siusko 2023-06-30 14:12:25 +02:00 odevzdal GitHub
rodič bd8d5b24a7
revize e85f4cc4df
V databázi nebyl nalezen žádný známý klíč pro tento podpis
ID GPG klíče: 4AEE18F83AFDEB23
1 změnil soubory, kde provedl 139 přidání a 79 odebrání
Zobrazit statistiky Stáhněte soubor záplaty Stáhněte rozdílový soubor Rozbalit všechny soubory Sbalit všechny soubory

218
Web3privacynowplatform/scoringmodel/Readme.md
Zobrazit soubor

@ -118,84 +118,94 @@ Answers:
**BrightID**
You could rationalize from the fact that it does not ask you for any personally identifying information directly, so there is nothing to preserve and keep it safe in its infrastructure. technical things you could ask a technical person you trust to look at its oss code.
- You could rationalize from the fact that it does not ask you for any personally identifying information directly, so there is nothing to preserve and keep it safe in its infrastructure.
- technical things you could ask a technical person you trust to look at its oss code.
**Swarm** reading our whitepaper, which provides a comprehensive overview of Swarm's technology and how it achieves privacy
**Railgun** Use @Railway_xyz to send a private transfer to a 0zk address through a Relayer. Examine the "receipt" of that transfer on etherscan or arbiscan. You will not find: (1) sender, (2) receiver, (3) token or (4) amount anywhere in the transaction receipt. There's a ton a technical person can do to verify but there's also a litmus test of #privacy that anyone can do. https://t.co/PqkUJWwmPD "This is a 0zk -> 0zk transaction (sending tokens from one #DeFi user to another.
You'll note in the scan has a from address but this is simply a Relayer address that pays gas to process the on-chain computation." "User communications with a Relayer are passed via through the @waku_org p2p gossip network, so Relayers can't know a particular message origin.
In other words, even here #privacy was a big consideration throughout the tech stack not just on Etherscan." "The To address is simply the RAILGUN smart contract on
@0xPolygon in this case. So nothing is revealed about the recipient.
**Swarm**
- reading our whitepaper, which provides a comprehensive overview of Swarm's technology and how it achieves privacy
**Railgun**
- Use @Railway_xyz to send a private transfer to a 0zk address through a Relayer.
- Examine the "receipt" of that transfer on etherscan or arbiscan. You will not find: (1) sender, (2) receiver, (3) token or (4) amount anywhere in the transaction receipt.
- There's a ton a technical person can do to verify but there's also a litmus test of #privacy that anyone can do. https://t.co/PqkUJWwmPD
- "This is a 0zk -> 0zk transaction (sending tokens from one #DeFi user to another.
- You'll note in the scan has a from address but this is simply a Relayer address that pays gas to process the on-chain computation.
- User communications with a Relayer are passed via through the @waku_org p2p gossip network, so Relayers can't know a particular message origin.
- In other words, even here #privacy was a big consideration throughout the tech stack not just on Etherscan.
- The To address is simply the RAILGUN smart contract on @0xPolygon in this case. So nothing is revealed about the recipient.
- The value that exchanged hands? #Private
- Try to decode the input data for the transaction? It's all #encrypted.
So how much money exchanged hands here?
Well, the short answer here is - it's #private.
Only the sender and recipient will know. There will be #zeroknowledge about it unless they choose to reveal the transaction information."
- So how much money exchanged hands here? Well, the short answer here is - it's #private. Only the sender and recipient will know. There will be #zeroknowledge about it unless they choose to reveal the transaction information."
**Penumbra**
maybe look for people you trust that are able to analyze the technical solution for its privacy merits and then get their opinion ? it's prob difficult to analyze a technical protocol with a non-technical analysis. what you're asking about relates to a more holistic assessment of a protocol and its attributes, so that should be within the scope of a research function moreso than a security audit function.
- maybe look for people you trust that are able to analyze the technical solution for its privacy merits and then get their opinion ? it's prob difficult to analyze a technical protocol with a non-technical analysis.
- what you're asking about relates to a more holistic assessment of a protocol and its attributes, so that should be within the scope of a research function moreso than a security audit function.
**HOPR**
- FOSS
Free & Open Source Software is the foundation that enables you to check whatever you want. The hoprd client is released under GPLv3 license that allows you to do that (and also modify and re-distribute) hoprd freely: GitHub"
- Code quality
Open source code should be readable to be helpful to you! To that end we enforce code quality via linters for Typescript
https://github.com/hoprnet/hoprnet/blob/df7bc88517329472adbfe73bd4a22bddd5cfbcc9/package.json#L46…
and for our Rust code:
https://github.com/hoprnet/hoprnet/blob/master/rustfmt.toml…
and in our automation pipeline:"
- Tools
So far we released tools such as http://DERP.hoprnet.org or http://mint.hoprnet.org (which in turn are obviously also FOSS!) that show shortcomings of existing technologies. We will keep building such tools also for HOPR itself." "The exact checks you'd do depend on the application that actually use HOPR
- FOSS. Free & Open Source Software is the foundation that enables you to check whatever you want. The hoprd client is released under GPLv3 license that allows you to do that (and also modify and re-distribute) hoprd freely: GitHub"
- Code quality. Open source code should be readable to be helpful to you! To that end we enforce code quality via linters for Typescript
https://github.com/hoprnet/hoprnet/blob/df7bc88517329472adbfe73bd4a22bddd5cfbcc9/package.json#L46… and for our Rust code: https://github.com/hoprnet/hoprnet/blob/master/rustfmt.toml…
- Tools. So far we released tools such as http://DERP.hoprnet.org or http://mint.hoprnet.org (which in turn are obviously also FOSS!) that show shortcomings of existing technologies. We will keep building such tools also for HOPR itself." "The exact checks you'd do depend on the application that actually use HOPR
E.g. on #RPCh we're thinking of installing a VPN server on the RPCh exit node which would visualize requests via DERP: https://twitter.com/hoprnet/status/1596896868377792520" If you want to go hardcore, you could use a packet inspection tool such as #Wireshark to check all packets coming into your machine and going out "You will notice that you cannot tell anything from these packets - thanks to the Sphinx packet format that we use at HOPR:
https://twitter.com/hoprnet/status/1572601550379311104
Check out our HOPR Basics series for more details:
- Check out our HOPR Basics series for more details:
https://medium.com/hoprnet/basics/home"
**Waku** rfc.vac.dev is a good start. "The RFC repository contains the specification of Waku and other protocols. In terms of @ethstatus 's privacy claims. It is good to first look at the base layer: @waku_org
**Waku**
The RFCs describe the protocol and also contains security assumptions/guarantees section." Tthe target audience are researchers and maintainers of Waku implementations. Not the easiest thing to read!
- rfc.vac.dev is a good start. The RFC repository contains the specification of Waku and other protocols. In terms of @ethstatus's privacy claims. It is good to first look at the base layer: @waku_org
- The RFCs describe the protocol and also contains security assumptions/guarantees section."
- The target audience are researchers and maintainers of Waku implementations. Not the easiest thing to read!
**Rotki**
Don't think u can. Gotta trust either me or someone who can read code "The simplest thing a non-techie person can understand is:
- Don't think u can. Gotta trust either me or someone who can read code "The simplest thing a non-techie person can understand is:
- Local application with all data stored in a local encrypted database (private by design)"
- Opensource, so your techy friend can see we are not lying "It really isn't complicated imo.
- Opensource, so your techy friend can see we are not lying. It really isn't complicated imo.
- To be 100% sure read code
- But it does not take an expert to understand that an application that you download, run locally and keeps all data locally is 1000x more private than a webapp
- We have been brainwashed to calling webapps, as ""apps"" now."
To be 100% sure read code" "But it does not take an expert to understand that an application that you download, run locally and keeps all data locally is 1000x more private than a webapp
**Webb**
We have been brainwashed to calling webapps, as ""apps"" now."
- you need to analyze the data they create through transactions. If that data (and metadata) can be analyzed for patterns then that can help define the degree of privacy of the solution.
- For our bridge solution, this is akin to rebuilding the tx graph and seeing if flows through such a graph can be identified. The main actions in our system are deposit, transfers, and withdrawals. We use the same zero knowledge proof based ideas to make it harder to track…
**Webb** you need to analyze the data they create through transactions. If that data (and metadata) can be analyzed for patterns then that can help define the degree of privacy of the solution. For our bridge solution, this is akin to rebuilding the tx graph and seeing if flows through such a graph can be identified. The main actions in our system are deposit, transfers, and withdrawals. We use the same zero knowledge proof based ideas to make it harder to track…
**Boring protocol**
**Boring protocol** The "no logs" claims are generally very ambiguous. We make a point to know as little as technically possible about our users. We only know the bare minimum required to make the network function. All we know is your wallet pubkey, with which we issue and assign to a network key.
- The "no logs" claims are generally very ambiguous. We make a point to know as little as technically possible about our users. We only know the bare minimum required to make the network function. All we know is your wallet pubkey, with which we issue and assign to a network key.
**Lit protocol** State of Network is available right here: https://t.co/sgaOX5SPga
**Lit protocol**
**Alter network** "Try the #dapp and join the chatroom for
@AlterDapp
community" "You can check out this video to see how to create an account on mobile.
- State of Network is available right here: https://t.co/sgaOX5SPga
https://youtu.be/ZgpCHDnR9WU" The discord has a lot of resources as well, depending in what you need.
**Alter network**
- "Try the #dapp and join the chatroom for @AlterDapp community
- "You can check out this video to see how to create an account on mobile: https://youtu.be/ZgpCHDnR9WU"
- The discord has a lot of resources as well, depending in what you need.
**Sons of crypto**
We have no (google) analytics or tracking We do not run any backend We will have built in mixers We dont know or what to know who or where users are "For non-techie that would not be straight forward. Perhaps using something like https://charlesproxy.com to see all the traffic. Still fairly techie though.
- We have no (google) analytics or tracking
- We do not run any backend
- We will have built in mixers
- We dont know or what to know who or where users are. For non-techie that would not be straight forward.
- Perhaps using something like https://charlesproxy.com to see all the traffic. Still fairly techie though.
For devs all of our code is open source on github, anyone can read it."
**Orbis** You can check our open-sourced SDK, but that would require people to read some code :) https://t.co/iiA7lSaDdn
**Orbis**
**Nighthawk Wallet** "Its been a while since @NighthawkWallet APK was analyzed for privacy concerns. Feel free to test it at
- You can check our open-sourced SDK, but that would require people to read some code :) https://t.co/iiA7lSaDdn
**Nighthawk Wallet**
- "Its been a while since @NighthawkWallet APK was analyzed for privacy concerns. Feel free to test it at
@ExodusPrivacy, a friendly service to investigate Android apps. " "You can also obtain the @NighthawkWallet APK built with @fdroidorg and verify the “no anti-features” tag. Weve worked hard to remove dependency on third-party services and strictly require users consent before opting-in to sharing information.
https://t.co/YwYd4RUeVh" "“Anti-Features are organized into “flags” that packagers can use to mark apps, warning of possibly undesirable behaviour from the users perspective, often serving the interest of the developer or a third party.”
@ -210,68 +220,118 @@ https://t.co/LEaBIh8LV7"
2. users decide for what reason they share a credential with whom.
3. one can share credentials partially" A DID is created on the users device. Like your blockchain keypair. Its an identifier like your face, your fingerprint or your signature. Its not issued by any entity. This way its always decentralised and does not have a decentralisation status.
**Onionclub** actually privacy is by default on our platform. It's not a option! So, every user will have this enabled and if they want to be doxxed than they need to jump trough some hoops.
**Onionclub**
**Sismo** "Here are the public resources we have around the core of our ZK systems:
actually privacy is by default on our platform. It's not a option! So, every user will have this enabled and if they want to be doxxed than they need to jump trough some hoops.
**Sismo**
Here are the public resources we have around the core of our ZK systems:
- Commitment mapper https://docs.sismo.io/sismo-docs/technical-concepts/commitment-mapper…
- Hydra-S1 ZK Scheme https://docs.sismo.io/sismo-docs/technical-concepts/hydra-zk-proving-schemes…" "- Privacy & Security FAQ (the less technical part)
- Hydra-S1 ZK Scheme https://docs.sismo.io/sismo-docs/technical-concepts/hydra-zk-proving-schemes…"
- Privacy & Security FAQ (the less technical part): https://t.co/M3eVLoYeUK"
https://t.co/M3eVLoYeUK"
**Krebit**
**Krebit** Privacy-preserving: your credential's claims are stored encrypted off-chain Self-sovereign: you control the access conditions to read your private data "This is possible thanks to
@LitProtocol and @ceramicnetwork"
- Privacy-preserving: your credential's claims are stored encrypted off-chain Self-sovereign: you control the access conditions to read your private data - "This is possible thanks to @LitProtocol and @ceramicnetwork"
**Puma browser** One of the reasons we started focusing more on enabling novel use-cases like ENS/HNS/IPFS and others is because it's really easy to demo in 10-15 seconds and prove, vs privacy is much harder to both demo and prove beyond company reputation.
**Puma browser**
**Hideyour.cash** Were on the process to conduct a security audit with a full report when going to mainnet. Our code is open source in case you wanna ask someone from your trust.
One of the reasons we started focusing more on enabling novel use-cases like ENS/HNS/IPFS and others is because it's really easy to demo in 10-15 seconds and prove, vs privacy is much harder to both demo and prove beyond company reputation.
**Spook** "If youre non technical you wont be able to verify it yourself.
**Hideyour.cash**
You need this information from a trusted source that has done the job of checking its privacy."
- Were on the process to conduct a security audit with a full report when going to mainnet.
- Our code is open source in case you wanna ask someone from your trust.
**Elusiv** Once we are live, detailed docs including our whitepaper will be released! you can expect more explanatory content covering various topics around privacy, ZKPs, MPC and more.
**Spook**
- "If youre non technical you wont be able to verify it yourself.
- You need this information from a trusted source that has done the job of checking its privacy."
**Elusiv**
- Once we are live, detailed docs including our whitepaper will be released! - you can expect more explanatory content covering various topics around privacy, ZKPs, MPC and more.
**Beam** You can read Beams whitepaper I also recommend reading the Documentation "you can reach me here on Twitter, on Telegram
@maxnflaxl or on Discord Maxnflaxl#8141"
**Beam**
**Findora** Dapps using our privacy SDK will allow their users to transact with privacy. The evidence can be found on our block explorer when one attempts to view the details.
- You can read Beams whitepaper
- I also recommend reading the Documentation
- "you can reach me here on Twitter, on Telegram @maxnflaxl or on Discord Maxnflaxl#8141"
**Leo wallet** Here's a talk by our co-founder/CTO discussing Zero Knowledge Proofs in general and some features our wallet utilizes to increase privacy (e.g. single-use addresses) https://t.co/BLeKu2ghmS
**Findora**
**Scala** You should probably start here: https://wiki.scalaproject.io and if you have questions send us a DM.
Media network Thanks to the blockchain and smart contracts, your personal and payment information is always secure. Communication between clients and providers is always encrypted. The client only needs to disclose the origin (i.e., the back-end IP) for the CDN marketplace and the Legacy dCDN.
Dapps using our privacy SDK will allow their users to transact with privacy. The evidence can be found on our block explorer when one attempts to view the details.
**Leo wallet**
Here's a talk by our co-founder/CTO discussing Zero-Knowledge Proofs in general and some features our wallet utilizes to increase privacy (e.g. single-use addresses) https://t.co/BLeKu2ghmS
**Scala**
You should probably start here: https://wiki.scalaproject.io and if you have questions send us a DM.
**Media network**
- Thanks to the blockchain and smart contracts, your personal and payment information is always secure.
- Communication between clients and providers is always encrypted.
- The client only needs to disclose the origin (i.e., the back-end IP) for the CDN marketplace and the Legacy dCDN.
**Privacy & Scalability**
- one approach might be looking at the public data from the system. If you see user identifiers being used only once that's perhaps helpful? But a non-technical person doesn't know if identifiers are true random, or if they're backdoored somehow. With the unirep protocol we're building an explorer that shows all the things happening in the system. So a user could see their epoch keys and attestations and see how they're distinct in the system. One thing we might do is write what can and can't be determined about the different identifiers.
- one approach might be looking at the public data from the system. If you see user identifiers being used only once that's perhaps helpful? But a non-technical person doesn't know if identifiers are true random, or if they're backdoored somehow.
- With the unirep protocol we're building an explorer that shows all the things happening in the system. So a user could see their epoch keys and attestations and see how they're distinct in the system. One thing we might do is write what can and can't be determined about the different identifiers.
**Automata** You should go to the very beginning of the medium articles. There is explained how the architecture works. "https://medium.com/atanetwork/whats-automata-i-the-last-puzzle-piece-to-web-3-0-ea8a0af5840e
**Automata**
- You should go to the very beginning of the medium articles. There is explained how the architecture works:
- https://medium.com/atanetwork/whats-automata-i-the-last-puzzle-piece-to-web-3-0-ea8a0af5840e
https://medium.com/atanetwork/whats-automata-ii-protocol-overview-witness-7c1fc2232655
https://medium.com/atanetwork/whats-automata-iv-conveyor-93c9335e4f43"
- https://medium.com/atanetwork/whats-automata-iv-conveyor-93c9335e4f43"
**Aleo** " i'd start with the official Blog articles:
https://www.aleo.org/post/welcome-to-aleo
https://www.aleo.org/post/zero-knowledge-primitives-by-aleo" "Hi! there are so many info you can find in blog articles :Laughheart: unofficial!
**Aleo**
- " i'd start with the official Blog articles: www.aleo.org/post/welcome-to-aleo
https://www.aleo.org/post/zero-knowledge-primitives-by-aleo"
- "Hi! there are so many info you can find in blog articles :Laughheart: unofficial!
also there are so many videos on this topic you can find in 📸┃user-content
our community has so many contributions and rich diversity of content"
**MASQ** Join our beta testing group and simply try it for yourself! You can run any local and in-browser IP tests you want, and use other tools to see how the data is transported to and from your machine. As a non-techie the first start is simply check an IP checker website while using
**MASQ**
**Lokinet** user education would absolutely be how. to be fair lokinet's docs arent really there rn, it's always on the todo list and never really gets done. once you do all the user education you can, you get to the point where you see that privacy is more of a bonus to seal the deal than a primary feature from the perspective of the consumer grade user. ideally we dont want lokinet to leak anything at all. net usage statistics tools from projects like pihole provide great visualizations for some of it. i am sure there are ones for netflow data too not just dns.
- Join our beta testing group and simply try it for yourself!
- You can run any local and in-browser IP tests you want, and use other tools to see how the data is transported to and from your machine.
- As a non-techie the first start is simply check an IP checker website while using
**ActiList** We are running on the Secret Network blockchain, you can check out http://SCRT.network for more information.
**Lokinet**
**Cheqd** You can start by learning about verifiable credentials, decentralised identifiers(DID), and the concept of Self-Sovereign identity. cheqd is quite technical, and in order to understand why it is privacy preserving, you'll need to get familiar with some terms. "You can also learn more about each of the components of the network, the credential types, co clots of payment rails and verification by visiting our learn pages
https://t.co/8OQ0Fav16W" "Concepts of payment rails** Sorry for the typo
- user education would absolutely be how.
- To be fair lokinet's docs arent really there rn, it's always on the todo list and never really gets done.
- once you do all the user education you can, you get to the point where you see that privacy is more of a bonus to seal the deal than a primary feature from the perspective of the consumer grade user.
- ideally we dont want lokinet to leak anything at all.
- net usage statistics tools from projects like pihole provide great visualizations for some of it.
- i am sure there are ones for netflow data too not just dns.
As a final note, you'll find a range of useful content and project progress on our blog. If you have any questions, you can jump on our official telegram channel or tweet us.
https://t.co/wHRkrrJ3F0"
**ActiList**
We are running on the Secret Network blockchain, you can check out http://SCRT.network for more information.
**PirateChain** Look at the block explorer and see if you can figure out how much ARRR is in a wallet...
**Obscuro** "- we'll build tools that have been audited by trusted authorities to verify attestation of software versions along with audits showing the software doesn't leak privacy
- although superficial, our block explorers will demonstrate privacy" "- anyone can run a node and use simple network tools to verify data flowing is encrypted
- Provide education on how TEEs preserve privacy and the things to look out for" We'll deploy a game with significant funds that can only be won by breaking Obscuro's privacy. As long as the game isn't won, users can be confident privacy remains intact.
**Cheqd**
- You can start by learning about verifiable credentials, decentralised identifiers(DID), and the concept of Self-Sovereign identity.
- cheqd is quite technical, and in order to understand why it is privacy preserving, you'll need to get familiar with some terms.
- "You can also learn more about each of the components of the network, the credential types, co clots of payment rails and verification by visiting our learn pages
https://t.co/8OQ0Fav16W" ("Concepts of payment rails")
- As a final note, you'll find a range of useful content and project progress on our blog. If you have any questions, you can jump on our official telegram channel or tweet us: https://t.co/wHRkrrJ3F0"
**PirateChain**
Look at the block explorer and see if you can figure out how much ARRR is in a wallet...
**Obscuro**
- we'll build tools that have been audited by trusted authorities to verify attestation of software versions along with audits showing the software doesn't leak privacy
- although superficial, our block explorers will demonstrate privacy"
- anyone can run a node and use simple network tools to verify data flowing is encrypted
- Provide education on how TEEs preserve privacy and the things to look out for"
- We'll deploy a game with significant funds that can only be won by breaking Obscuro's privacy. As long as the game isn't won, users can be confident privacy remains intact.
**SendingMe** you can visit @Sending_Network account to learn more about what is under the hood our GitBook is pretty easy to read even if you are not techie :)