dcrdocs icon indicating copy to clipboard operation
dcrdocs copied to clipboard

Published 20 hours ago verified publisher icon decred

Dedicated Privacy page

Open xaur opened this issue 6 years ago • 9 comments

Collect all privacy gotchas (theory) and best practices on one page.

Some ideas for content:

  • tradeoffs of reusing vs not reusing addresses: simplicity and transparency (sometimes needed) vs complexity and privacy, payment protocols
  • privacy loss from reusing voting address for different tickets when using VSP
  • spending reveals pubkey, key/address that never spent is better protected from QC (perhaps this belongs to security, but privacy is very related too)
  • not leaving identifiers in public places
  • privacy implications of checking one's data via public block explorer
  • privacy of dcrwallet/decrediton's SPV and of 3rd party wallets
  • privacy degradation from using centralized KYCed third parties
  • privacy implications of using atomicswap tools
  • privacy of using Politeia, trickling, Tor
  • using email address on VSPs and Politeia

xaur avatar Jan 27 '19 20:01 xaur

i would like to work on this.

imestin avatar Jul 12 '19 14:07 imestin

Hi @imestin, fine for you to work on this, but I would suggest working on only a few of these topics at a time. Many small PRs are preferred to one large PR - it makes reviewing much easier, reduces chance of mistakes being made and conflicts appearing.

jholdstock avatar Jul 13 '19 09:07 jholdstock

ok, I will do it in small pieces.

imestin avatar Jul 13 '19 12:07 imestin

Some huge resources to mine for privacy knowledge:

  • https://en.bitcoin.it/wiki/Privacy
  • https://github.com/6102bitcoin/FAQ/blob/master/hodl-privacy.md
  • https://medium.com/@nopara73/coin-control-is-must-learn-if-you-care-about-your-privacy-in-bitcoin-33b9a5f224a2

Not everything is applicable to Decred until our wallets gain more coin control features, but I suspect a lot of general and common sense advice can be reused or at least referenced.

xaur avatar Jul 13 '19 16:07 xaur

How deep this docs should be? (compared to https://en.bitcoin.it/wiki/Privacy for example) should I redirect to outside resources and keep the length of the doc below 1/2 pages?

imestin avatar Sep 07 '19 11:09 imestin

Great question @imestin

I think it can start as an overview and list of high level directions written in simple language.

  • page that turns user's privacy brains on and brings all the nuance into his awareness
  • put lowest hanging fruit first to help us mortals start at least somewhere
  • go deeper into things specific to Decred
  • overview and link to all Decred's privacy features
  • don't hesitate to link to great outsude resources
  • consider expanding this issue from one page to a group of pages

In general though, I'd like to have all valuable knowledge self hosted and replicated in our repos. bitcoin.it is a great resource, but it is a yet another centrally hosted MySQL database. Poof and it's gone, and will there be anyone who has the backups to bring it back?

I started decredcommunity/wiki just for this purpose. It can host any valuable knowledge that doesn't fit in dcrdocs, and you can go all crazy into the details like bitcoin.it's Privacy page. Pages can also migrate into dcrdocs once it decides to host some. Unlike dcrdocs, the wiki repo is not funded currently.

xaur avatar Sep 08 '19 09:09 xaur

With the release of privacy features I'm coming to realization that Privacy page should be primarily focused on explaining Decred's privacy tech (in theory) and how to use it (in practice). This is a category of support docs similar to how to use Decrediton or Politeia.

What was originally intended by this issue I think should be a bit different category of "Privacy Guidelines", similar to the format of https://docs.decred.org/advanced/general-security/

Thinking how to organize this better, I would a start a new Privacy section, add Privacy Overview page similar to other overview pages, and then add two subpages for Decred's privacy tech and general Decred and crypto privacy tips.

xaur avatar Sep 13 '19 10:09 xaur

So I should create a folder "privacy" under "docs" and move "general-privacy.md" there, and with an other issue->pull request, create "privacy-overview", which will talk about privacy tech of Decred.

Is that right?

imestin avatar Sep 22 '19 08:09 imestin

There are two ways to organize this.

First is group by aspect: create new Privacy group as suggested above and let it host both general privacy and Decred privacy. This is similar to existing Governance group.

The other way I didn't imagine initially is to fit into existing grouping by use case. Place the general privacy page under Advanced (next to Security), and then place another page for Decred privacy features in Wallets category, similar to how it hosts a page for Lightning Network use case.

xaur avatar Oct 03 '19 20:10 xaur