diff --git a/attachments/2024-09/Privacy With Status Infrastructure and Insights.md b/attachments/2024-09/Privacy With Status Infrastructure and Insights.md new file mode 100644 index 0000000..e85a072 --- /dev/null +++ b/attachments/2024-09/Privacy With Status Infrastructure and Insights.md @@ -0,0 +1,264 @@ +# Privacy With Status Infrastructure and Insights + +![[privacy_1st_party_header.png]] + +This page is part of our wider communications about Status’ commitment to privacy transparency. + +For more information, see: + - [[Privacy in Status Software]] + - [Notion version - Privacy In Status Software](https://www.notion.so/DRAFT-Privacy-In-Status-Software-bc67de90041c49479b3ffd5771ca2cce?pvs=21) + - [[Privacy With Status Third Parties]] + - [Notion version - Privacy With Status Third Parties](https://www.notion.so/Privacy-With-Status-Third-Parties-e1536c7e7a6240a0b5e10e6faac16c8c?pvs=21). + +At Status Software, privacy is one of our core principles, and the handling of personal data through our first-party infrastructure is a key aspect of ensuring user security. This page provides an overview of the implications associated with the personal data handled by Status' own infrastructure, including nodes and servers directly operated by Status. + +We will outline the types of personal data collected, how it is stored and transmitted, and the measures implemented to safeguard this information. This guide offers transparency into how Status Software manages personal data within its own systems, reinforcing our commitment to protecting user privacy. + +[[#Waku Protocol and Status-Managed Waku Infrastructure]] +[Waku Protocol, and Status Managed Waku Infrastructure](https://www.notion.so/Waku-Protocol-and-Status-Managed-Waku-Infrastructure-1fe4c48332d044f6b0b7ea9bb126f592?pvs=21) + +[[#Waku Telemetry]] +[Waku Telemetry](https://www.notion.so/Waku-Telemetry-d47926403868420aae6e4f5237ec7f63?pvs=21) + +[[#The Status Software Proxy Server]] +[The Status Software Proxy Server](https://www.notion.so/The-Status-Software-Proxy-Server-8f299b2a4115453d95463f15e59504eb?pvs=21) + +# Waku Protocol and Status-Managed Waku Infrastructure + +**Status Software** uses the Waku protocol to transport a range of message types between devices also hosting Status Software. The Waku protocol has many privacy-preserving qualities, making it a superior choice for privacy-centric messaging applications. + +These features include true end-to-end encryption, ensuring that only the intended recipient can read the message. Messages in transport share only the content-topic, while all other metadata remains encrypted and accessible only to the intended recipient. Furthermore, messages in transport contain no sender or recipient identifiers, thus protecting user anonymity. + +Waku also employs techniques such as topic masking and selective relay to further hide message origins and destinations, minimising the risk of metadata leakage and making it difficult for external observers to trace communication patterns. This combination of privacy features makes Waku well-suited for secure, decentralised messaging. + +To support the wider Waku network Status altruistically hosts a Waku node fleet. The node fleet serves as a foundation-cum-buffer for the wider p2p Waku network and provides stability for Status Software’s chat protocol. As part of responsibly managing digital infrastructure Status logs very limited data which is essential for monitoring the fleet’s activity, diagnosing issues, and ensuring the overall health of the network. + +## Waku Store Nodes + +With Waku’s many privacy-preserving features, there are some inherent privacy concerns that users should be aware of. One primary concern involves **Waku Store nodes** (previously referred to as mailservers), which store and provide messages for nodes that are offline. While these nodes enable more reliable message delivery for intermittently connected devices, they also have access to certain metadata. + +**What Does Status Software Share With Status and the Waku Network?** + +Specifically, Store nodes can access a user's IP address when the user connects to retrieve messages. In addition, these nodes are aware of the content-topics that the user is interested in, as users must specify these topics to request stored messages. Although the message content remains encrypted, this exposure of metadata could allow a Store node to correlate a user’s IP address with their interests, posing a privacy risk—particularly if the node is malicious or compromised. + +**Your IP address (Logged for 15 days).** As part of sending a TCP call to a Status-managed Waku Store node, your IP address will be shared with our node. + +**Your message content-topic (Incidental).** As the content-topic is the only plain-text element in a Waku message, this information will always be available. Your IP address and your content-topic preferences can be associated. + +For details about potential mitigation of privacy concerns, see [**Waku Store Nodes**](https://www.notion.so/Waku-Store-Nodes-fbbf6f0246cb44928b2a5a7d6efa7d94?pvs=21). + +## **Waku Bootstrap Nodes** + +**Bootstrap nodes** play an essential role in the Waku network by helping new nodes discover and connect to the broader network. When a node first joins the network, it needs to establish initial connections to begin participating in message relaying, receiving, or broadcasting. Bootstrap nodes serve as the first point of contact, offering a list of peers that the new node can connect to in order to join the decentralised network. + +### **What Does Status Software Share With Status?** + +While bootstrap nodes are crucial for enabling network participation, they also present some privacy considerations. Since a new node must connect to bootstrap nodes directly, the bootstrap node can observe the new node's IP address during the initial handshake. + +**Your IP address (Logged for 15 days).** As part of sending an TCP call to a Status managed Waku Bootstrap Node, your IP address will be shared with our node. + +For details about potential mitigation of privacy concerns, see [**Bootstrap Nodes**](https://www.notion.so/Bootstrap-Nodes-88c7a30bff6e4b799a79c71f3cd3fbdf?pvs=21). + +## **Waku Light Push Nodes** + +**Light Push nodes** are designed to operate with reduced resource requirements, primarily by pushing messages into the network without fully participating in message relaying or receiving. + +### **What Does Status Software Share With Status and the Waku Network?** + +Because Light Push nodes sit on the periphery of the main network, their peers can easily identify their IP addresses and observe the content-topics that Light Push nodes are publishing to. This exposure could allow network observers to infer patterns about the topics being communicated by these nodes, compromising the privacy of users relying on Light Push nodes for message delivery. + +**Your IP address (Incidental).** As part of sending a TCP call to any Waku node, your IP address will be shared. + +For details about potential mitigation of privacy concerns see [**All Nodes**](https://www.notion.so/All-Nodes-ea09c68e010249cf981424a4ee38174e?pvs=21). + +## **Waku Filter Nodes** + +**Filter nodes** are an essential component of the Waku v2 protocol, enabling more efficient message delivery by allowing nodes to explicitly request only the messages they are interested in, rather than receiving all messages broadcast across the network. This filtering mechanism helps reduce bandwidth and resource usage. + +A node can subscribe to specific content-topics, and the Filter node will only forward messages matching those topics. However, this targeted filtering introduces some privacy considerations, as the Filter node becomes aware of the content-topics the requesting node is interested in, along with the node's IP address. While the message content remains encrypted, metadata exposure still occurs, potentially allowing a Filter node to link users to their interests. + +### **What Does Status Software Share With Status and the Waku Network?** + +**Your IP address (Incidental).** As part of sending calls to any Waku Filter node while using Status Software in Light Push mode your IP address will be shared. + +**Your message content-topic (Incidental).** As the content-topic is the only plain-text element in a Waku message this information will always be available. Your IP address and your content-topic preferences can be associated. + +For details about potential mitigation of privacy concerns, see [**All Nodes**](https://www.notion.so/All-Nodes-ea09c68e010249cf981424a4ee38174e?pvs=21). + +## **Mitigation of Metadata Leakage** + +### **Waku Store Nodes** + +To address privacy concerns with Waku Store nodes, Status is working to enable users to use trusted third-party Store nodes, ideally operated by organisations or individuals that align with their privacy values. This option would help minimise the risk or perception of risk of IP address / content-topic correlation being exploited. + +Additionally, Status plans to give users the ability to host their own Store nodes. By doing so, users can have full control over their data, reducing reliance on third parties and the potential exposure of metadata. In both cases, Status is focused on empowering users to make informed decisions about the level of trust in the nodes they interact with, providing greater protection for those prioritising privacy. + +In this case, the following personal data will be shared by Status Software to either your own or third-party node(s): + +**Your IP address (Incidental).** As part of sending a TCP call to any Waku Store node your IP address will be shared. + +**Your message content-topic (Incidental).** As the content-topic is the only plain-text element in a Waku message, this information will always be available. Your IP address and your content-topic preferences can be associated. + +### **Bootstrap Nodes** + +To mitigate potential privacy risks, Status is working towards enabling users to host their own Bootstrap nodes or use Bootstrap nodes operated by trusted third parties. This would give users the flexibility to manage how their connection data is handled. + +In this case the following personal data will be shared by Status Software to either your own or third-party node(s). + +**Your IP address (Incidental).** As part of sending an HTTPS call to any Waku Bootstrap Node your IP address will be shared. + +### **All Nodes** + +For some users, exposing their IP address is a concern. These users can employ techniques like VPNs or Tor to obscure their IP addresses when connecting to Store nodes, Bootstrap nodes, and even Filter nodes, This will help to protect their identity and network activity.. + +## **Further Reading** + +For further information about the level of privacy the Waku protocol provides, please reference the following documents: + +* [https://forum.vac.dev/t/on-the-anonymity-of-waku-relay/135](https://forum.vac.dev/t/on-the-anonymity-of-waku-relay/135) +* [https://rfc.vac.dev/waku/standards/core/11/relay/\#security-analysis](https://rfc.vac.dev/waku/standards/core/11/relay/#security-analysis) + +# Waku Telemetry + +In Status Software, a user can opt-in to enable Waku telemetry. Waku telemetry collects non-personally identifiable information to monitor network performance and reliability. This data includes metrics such as message success rates, peer connections, bandwidth usage, and app version details, all tied to a randomly generated peer ID. + +The purpose of collecting this data is to improve Waku’s efficiency and stability while maintaining user privacy. Telemetry is kept for a maximum of 30 days, ensuring short-term use of data. While helpful for improving the protocol, it raises concerns about possible metadata exposure, such as the peer ID being used to track patterns. + +### **Key Metrics Collected** + +* **Message Success Rates (Logged for 30 days):** Helps monitor how reliably messages are delivered within the Waku network. +* **Peer Connections (Logged for 30 days):** Tracks the number of peers a user is connected to, as well as the type of connection. +* **Bandwidth Usage (Logged for 30 days):** Analyses data transfer to optimise network performance, especially for low-bandwidth environments. +* **Device Operating System (Logged for 30 days):** To help in troubleshooting and improving compatibility across platforms and devices. +* **Status Software Version (Logged for 30 days):** To help in troubleshooting and improving compatibility across versions. + +### **Random Session Peer ID** + +Telemetry data is linked to a randomly generated peer ID that changes each time Status Software is started and restarted. This ensures the data is anonymised, as the peer ID is temporary and not associated with any personally identifiable information or specific device. While this safeguards user anonymity, the collection of this telemetry still allows for potential pattern analysis, which could, in theory, reveal certain usage behaviours if aggregated over time. + +### **Data Retention and Privacy** + +Data collected through Waku telemetry is stored only for as long as necessary to fulfil its intended purpose, with a maximum retention period of 30 days. After this period, the data is deleted, minimising the risks of long-term metadata retention. + +### **Privacy Considerations** + +While Waku telemetry does not collect personal data, it involves metadata that may indirectly reveal usage patterns. Even though the data is non-personally identifiable, it is important to recognise that metadata such as message success rates, peer counts, or bandwidth usage could still reveal behavioural patterns over time. For instance, high message traffic or frequent peer connections might expose behavioural patterns, which could be used to infer a user’s activity. + +Furthermore, since telemetry includes network interaction details, despite different random session peer IDs, there’s an onerous potential for linking data across multiple sessions if not properly managed. + +# The Status Software Proxy Server + +The primary purpose of our proxy server is to act as a critical intermediary between users and select service providers, as well as enhancing both the security and performance of our app. By leveraging a proxy server, we can also effectively hide users' IP addresses, thereby helping to safeguard their privacy and aiming to protect them from potential tracking or malicious activities. + +Additionally, the proxy server acts as a shield for sensitive access credentials, preventing these from being exposed directly to potential attackers, which could lead to unauthorised access or misuse. + +## **Masking User IP Addresses** + +One of the key functions of our proxy server is to mask the IP addresses of users. When a user makes a request through our platform, the proxy server intercepts this request and forwards it to the destination server on behalf of the user. + +The destination server only sees the IP address of the proxy server, not the original user's IP. This not only helps to protect user privacy but also to mitigate risks such as targeted cyberattacks, location-based restrictions, or unwanted tracking by third parties. + +## **Protection of API Keys** + +Our proxy server also plays a crucial role in securing our API keys. API keys are sensitive credentials that grant access to various backend services and data. By routing all API calls through the proxy server, we ensure these keys are never exposed directly to the client-side or user-facing environment. + +The proxy server securely manages the API requests, embedding the necessary keys before forwarding the requests to the appropriate service providers. This approach significantly reduces the risk of API key theft, unauthorised access, and potential abuse. + +## **Caching of Static and High-Bandwidth Requests** + +To optimise performance and reduce server load, our proxy server caches static content and high-bandwidth requests. This is achieved via in-memory caching that Status does not permanently store; the caching naturally expires as the memory is garbage collected. + +By caching frequently requested resources such as historical price data, latest block data, and historic balance data. The proxy server can deliver these resources directly to users without repeatedly fetching them from the origin server. This caching mechanism not only speeds up the delivery of content but also minimises bandwidth usage, enhancing the overall experience of users. Additionally, it helps in managing traffic spikes, ensuring that our servers remain responsive even under high demand. + +## **Graceful Rate Limiting** + +Another important function of our proxy server is to implement graceful rate limiting. To prevent overloading our backend systems and to maintain fair usage across our platform, the proxy server monitors and controls the rate at which requests are forwarded to our servers. + +If a user or service exceeds a predefined request limit, the proxy server can throttle the requests, temporarily delay them, or return appropriate error messages. This helps in maintaining the stability and reliability of our services, ensuring that no single user or group of users can negatively impact the performance of our platform. + +## **What Services Use the Proxy Server and What Do We Have Access To?** + +The following personal data is processed by the Status Software proxy server. + +**📈 [Cryptocompare](https://www.notion.so/Cryptocompare-431fab226e0c4c6181aaaff3c36155dd?pvs=21)** + +**Your IP address (Logged for 15 days).** As part of sending an HTTPS API call, your IP address will be shared with our proxy server. + +**What tokens you are interested in (Passed-Through).** As part of the HTTPS API calls we will see what tokens you want price data for. + +✍ [**Infura**](https://www.notion.so/Infura-6b8c0c8194364fc1b392dea4f7cfdf77?pvs=21) & [**Grove**](https://www.notion.so/Grove-c04b51454f034384912ef7942707b35f?pvs=21) + +**Your IP address (Logged for 15 days).** As part of sending an https API call your IP address will be shared with our proxy server. + +**Your full transaction details (Passed-Through).** This includes values of your transaction, sender and recipient(s) of your transaction, which contracts you interact with, and what functions you call on those contracts. + +**Your data queries (Passed-Through).** An example is an ERC-20 token balance call. + +**Any response from your data query (Passed-Through).** Example, the balance of the address’s ETH and/or tokens. + +**Your EVM (wallet) address (Passed-Through).** + +### What Exactly Does the Status Software Proxy Log? + +The Status Software proxy server logs certain data as part of its normal activity. Note that Status DOES NOT log the contents of any request or responses handled by the Status Software proxy server. + +This logging is essential for monitoring the proxy’s activity, diagnosing issues, and ensuring the health of the network. The Status Software proxy logs details such as the client's IP address, the request URL, timestamps, response status codes, and the time taken to serve the request. + +However, since these logs contain sensitive metadata, such as IP addresses, Status takes great care to secure them properly to prevent exposure of personal data. This involves restricting access to log files and ensuring logs are rotated and deleted after a set retention period of 15 days. + +**Example**: The Status Software proxy access log captures the following information: + +* Client IP address +* Time of request +* Basic request details + * HTTP Method + * URL +* HTTP Status code +* User-agent string + +A typical log entry looks like this: + +```log +192.168.1.1 - - [05/Sep/2024:12:34:56 +0000] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0" +``` + +In addition to access logs, the Status Software proxy also maintains error logs, which track issues such as failed connections, timeouts, or server misconfigurations. These logs provide critical insights into why a request might have failed, helping our infrastructure and development teams troubleshoot and resolve problems more effectively. + +## **Privacy Tradeoffs** + +When using our proxy server to interact with RPC and cryptocurrency price services, there are important privacy tradeoffs to consider compared to directly calling these services. Routing requests through the proxy server enhances user privacy by masking their IP address and masking transaction data from third-party service providers. This means providers will only see the proxy server's IP address and request information, effectively preventing them from linking these requests to individual users. + +This setup is particularly valuable in the context of cryptocurrency transactions, where users prioritise privacy to protect themselves from tracking, profiling, or other forms of data exploitation. + +However, while the use of a proxy server shields users' data from external providers, it also introduces a different privacy tradeoff: the proxy server itself now becomes the point of data visibility. This means that the proxy server has access to all the information that would otherwise be visible to the RPC and API services, including the user's IP address, transaction data, and any other details included in the requests. + +While this may not be a significant concern to users if they trust that Status Software manages the proxy server with strict privacy policies and robust security measures, it does centralise the visibility of sensitive data in one place. As a result, users must place a high level of trust in Status, as the operator of the proxy server, to handle their data responsibly and securely. + +Moreover, the centralisation of data at the proxy server creates a single point of failure from a privacy perspective. If the proxy server is compromised or if the operator's security practices are insufficient, the sensitive information that users sought to protect from external service providers could be exposed or misused. This scenario underscores the importance of implementing strong encryption, access controls, and regular security audits for the proxy server to mitigate the risks associated with this tradeoff. + +### **Security Audits** + +Status, as part of the IFT, has a dedicated internal security team that provide regular security audits of Status Software. The results of the security audits inform our feature roadmaps and provide the Status development teams with confidence that Status Software is sufficiently hardened against malicious actors. These audits include the following points of analysis: + +* **Penetration Testing:** + * Of both gray-box and white-box tests, focusing on: + * **Application Layer:** + * Detailed assessments of web applications, APIs, and mobile apps to identify and exploit vulnerabilities such as SQL injection, XSS, and authentication flaws. + * **Network/Infrastructure:** + * Comprehensive testing of network architecture, firewall configurations, and VPNs to detect issues like misconfigurations and potential entry points for attackers. + * **Host Build Reviews:** + * Evaluations of server configurations, patch management, and hardening practices to ensure they follow security best practices. + * **Cloud Security:** + * Assessment of cloud environments (e.g. AWS, GCP) for proper configuration, access controls, and compliance with cloud security standards. +* **Incident Response Planning:** + * Development of strategies and procedures to effectively manage and mitigate security incidents. + +## **Summary and Mitigations** + +In summary, while using a proxy server offers significant privacy benefits by keeping user data opaque to RPC and cryptocurrency price API services, it also shifts the responsibility for protecting this data to the proxy server operator, in this case Status. Users gain enhanced privacy from external entities but must consider the potential risks of concentrating their sensitive information in a single, albeit trusted, location. + +Ultimately, we want users to have the ability to choose to use the Status proxy server or not. As part of this initiative, we are working towards allowing users the ability to target their own EVM RPC endpoint with optional API key management. + +See here for details [https://github.com/status-im/status-mobile/issues/21062](https://github.com/status-im/status-mobile/issues/21062). + +This will allow users to make an informed choice and have the ability to weigh the benefits against the mentioned tradeoffs, with careful consideration given to the trustworthiness and security of the proxy server infrastructure. \ No newline at end of file diff --git a/attachments/2024-09/Privacy With Status Third Parties.md b/attachments/2024-09/Privacy With Status Third Parties.md new file mode 100644 index 0000000..3d4c0c9 --- /dev/null +++ b/attachments/2024-09/Privacy With Status Third Parties.md @@ -0,0 +1,333 @@ +# Privacy With Status Third Parties + +![[privacy_3rd_parties_header.png]] +This page is part of our wider communications about Status’ commitment to privacy transparency. + +For more information, see +- [[Privacy in Status Software]] + - [Privacy In Status Software](https://www.notion.so/DRAFT-Privacy-In-Status-Software-bc67de90041c49479b3ffd5771ca2cce?pvs=21) +- [[Privacy With Status Infrastructure and Insights]] + - [Privacy With Status First Parties](https://www.notion.so/Privacy-With-Status-First-Parties-895281846aae434cb0f73cc7b741dc7c?pvs=21). + +This page outlines the implications of personal data sharing with third-party service providers, focusing on the types of personal data involved, how it is shared, and the measures in place to protect user privacy. + +By understanding the relationship between Status and third-parties, users can make informed decisions about how they use Status Software and how their data is handled to ensure their privacy preferences are respected. Transparency in data practices is one of our key priorities, and this guide aims to provide clarity on the privacy risks and protections in place when interacting with Status Software and its third-party components. + +# **Cryptocurrency On / Off Ramps** + +Status Software uses cryptocurrency on-ramp providers to facilitate the seamless conversion of traditional fiat currency into cryptocurrencies. These providers help lower the barrier to entry for new users who may be unfamiliar with the complexities of cryptocurrency exchanges, making it easier for them to enter the digital asset ecosystem. + +These on-ramp services integrate with Status Software to allow users to purchase EVM-compatible cryptocurrencies like Ether, SNT, and DAI using payment methods such as credit cards, bank transfers, or other payment methods (dependent on the provider and your jurisdiction). + +Integrating an on-ramp provider in Status Software enhances users’ experience by providing a convenient and efficient way to acquire digital assets and enables them to quickly begin participating in blockchain-based services and functionality. + +## **What Status Software Shares With On-Ramp Providers** + +In our current implementation, Status Software redirects users to the on-ramp provider via their device’s web browser of choice. This means all the interactions a user will have with the on-ramp will be directly between them and the on-ramp provider. + +Any information the user shares with the on-ramp provider via the third-party browser will be inaccessible to Status Software. + +Status Software does however share some information about users to the on-ramp service providers. + +**A reference number that identifies you as a Status Software user (Shared).** Status Software embeds this unique identifier into a referral link. This associates any activity you have on the on-ramp provider’s platform with Status. + +**Your Ethereum address (Shared).** Status Software embeds user’s chosen Ethereum address into a referral link. This is a convenience feature that allows on-ramp providers to preselect where your digital assets should be sent to. + +**Your IP address (Incidental).** Depending on your web browser of choice, as part of sending an HTTPS call to open the web pages, your IP address will be shared with the third-party’s server. + +## **When Does Status Software Share This Data?** + +Status Software only shares the above personal data when the user explicitly navigates to use one of the on-ramp providers mentioned below. + +## **On-Ramp Providers** + +For more information about the on-ramp providers, their APIs and widgets, and privacy policies, please see below: + +### **Mercuryo** + +* [https://uk.mercuryo.io/on-off-ramps/](https://uk.mercuryo.io/on-off-ramps/) +* [https://help.mercuryo.io/hc/en-gb/articles/14833411947037-How-does-the-Mercuryo-widget-work-for-on-ramp](https://help.mercuryo.io/hc/en-gb/articles/14833411947037-How-does-the-Mercuryo-widget-work-for-on-ramp) +* [https://help.mercuryo.io/hc/en-gb/articles/14495463995805-How-does-Mercuryo-keep-my-information-safe](https://help.mercuryo.io/hc/en-gb/articles/14495463995805-How-does-Mercuryo-keep-my-information-safe) + +### **Moonpay** + +* [https://www.moonpay.com/en-gb](https://www.moonpay.com/en-gb) +* [https://dev.moonpay.com/v1.0/docs/integrating-the-widget](https://dev.moonpay.com/v1.0/docs/integrating-the-widget) +* [https://www.moonpay.com/en-gb/legal/privacy\_policy](https://www.moonpay.com/en-gb/legal/privacy_policy) + +### **Ramp** + +* [https://ramp.network/](https://ramp.network/) +* [https://docs.ramp.network/](https://docs.ramp.network/) +* [https://ramp.network/privacy-policy](https://ramp.network/privacy-policy) + +# **Cryptocurrency Prices** + +Status Software uses cryptocurrency price services to access comprehensive and real-time data on cryptocurrencies. Status Software uses this data to provide users with up-to-date information on prices and historical performance that allows the app to show users their balances in a fiat currency of their choice. + +Cryptocurrency price services provide APIs that deliver detailed metrics such as current market prices and trading volumes across a wide range of digital assets and exchanges. By integrating this data, Status Software is able to offer users insightful analytics, portfolio tracking, price alerts, and decision-making tools. + +## **What Status Software Shares With Cryptocurrency Price Services** + +Unless through [The Status Software Proxy Server](https://www.notion.so/The-Status-Software-Proxy-Server-8f299b2a4115453d95463f15e59504eb?pvs=21): + +**Your IP address (Ambient Metadata).** As part of sending an HTTPS API call, your IP address will be available to the third-party’s server. + +## **When Does Status Software Share This Data?** + +Status Software only shares the above personal data with one of the below service providers in the following circumstances: + +* Any time the user navigates to the wallet page. +* Any time the user refreshes their wallet page. +* Any time the user navigates to a specific address. + +## **Providers** + +### **Cryptocompare** + +* [https://www.cryptocompare.com/](https://www.cryptocompare.com/) +* [https://min-api.cryptocompare.com/documentation](https://min-api.cryptocompare.com/documentation) +* [https://www.cryptocompare.com/privacy-policy/](https://www.cryptocompare.com/privacy-policy/) + +### **Coingecko** + +* [https://www.coingecko.com/](https://www.coingecko.com/) +* [https://www.coingecko.com/en/api](https://www.coingecko.com/en/api) +* [https://www.coingecko.com/en/privacy](https://www.coingecko.com/en/privacy) + +![[privacy_3rd_parties_1.png]] +# **EVM RPC Providers** + +Status Software uses RPC (Remote Procedure Call) services to seamlessly interact with EVM-compatible networks without needing to manage full node infrastructure. These services provide a reliable and scalable API that allows Status Software to connect to Ethereum network(s) for tasks such as sending transactions, querying blockchain data, and deploying smart contracts. + +Status Software leverages RPC services to perform blockchain operations in real-time, ensuring a smooth user experience even as the underlying blockchain grows in size and complexity. This is especially important for dApps, where consistent and low-latency access to the blockchain is crucial. Running a full-node service comes with many considerations and is difficult to scale without dedicated expertise and infrastructure. + +## **What Status Software Shares with RPC Providers** + +Unless through [The Status Software Proxy Server](https://www.notion.so/The-Status-Software-Proxy-Server-8f299b2a4115453d95463f15e59504eb?pvs=21): + +**Your IP address (Ambient Metadata).** As part of sending an HTTPS API call, your IP address will be shared with the third-party’s server. + +**Your full transaction details (Ambient Metadata).** This includes values of your transaction, sender and recipient(s) of your transaction, which contracts you interact with, and what functions you call on those contracts. + +**Your data queries (Ambient Metadata).** An example is an ERC-20 token balance call. + +**Any response from your data query (Ambient Metadata).** Example, the balance of the address’s ETH and/or tokens. + +**Your EVM (wallet) address (Ambient Metadata).** + +## **Goals to Improve EVM RPC Privacy, AKA Fluffy** + +**Fluffy** is an ultra-light Ethereum client being developed by our Nimbus team as part of the Ethereum Foundation’s Portal Network. It allows resource-constrained devices like mobile phones to access Ethereum data without needing to sync or store the entire blockchain. + +Fluffy focuses on minimal resource consumption (bandwidth, CPU, RAM), improving the security and privacy of users by reducing reliance on third-party services like Infura or our own proxy server. It contributes back to Ethereum’s decentralisation by allowing light clients to play an active role in the network. + +For more details, read our [Fluffy article](https://our.status.im/nimbus-fluffly/). + +## **When Does Status Software Share This Data?** + +Status Software only shares the above personal data with one of the below service providers in the following circumstances: + +* Any time the user navigates to the wallet page. +* Any time the user refreshes their wallet page. +* Any time the user navigates to a specific address. + +## **RPC Providers** + +### **Infura** + +* [https://www.infura.io/](https://www.infura.io/) +* [https://docs.infura.io/api/networks/ipfs/http-api-methods](https://docs.infura.io/api/networks/ipfs/http-api-methods) +* [https://consensys.io/privacy-notice](https://consensys.io/privacy-notice) + +### **Grove** + +* [https://www.grove.city/](https://www.grove.city/) +* [https://docs.grove.city/guides/getting-started/welcome-to-grove](https://docs.grove.city/guides/getting-started/welcome-to-grove) +* [https://www.grove.city/privacy](https://www.grove.city/privacy) + +![[privacy_3rd_parties_2.png]] +# **Collectibles** + +Status Software uses NFT collectible services to integrate and enhance users’ interactions with digital assets, particularly in the realm of NFTs and decentralised applications (dApps). + +The services provide APIs that allow Status Software to let users visualise their collection of NFTs along with detailed metadata, ownership history, and transaction capabilities, all within the app's interface. + +## **What Status Software Shares With NFT Collectible Service Providers** + +**Your IP address (Ambient Metadata).** As part of sending an HTTPS API call, your IP address will be shared with the third-party’s server. + +## **When Does Status Software Share This Data?** + +Status Software only shares the above personal data with one of the below service providers in the following circumstances: + +* When the user views NFT collectables in their wallet. +* When the user transfers NFT collectables. +* When the user receives NFT collectables. + +## **NFT Collectible Service Providers** + +### **OpenSea** + +* [https://opensea.io/](https://opensea.io/) +* [https://docs.opensea.io/reference/openapi-definition](https://docs.opensea.io/reference/openapi-definition) +* [https://opensea.io/privacy](https://opensea.io/privacy) + +### **Alchemy** + +* [https://www.alchemy.com/](https://www.alchemy.com/) +* [https://docs.alchemy.com/reference/api-overview](https://docs.alchemy.com/reference/api-overview) +* [https://www.alchemy.com/terms-conditions/privacy-policy](https://www.alchemy.com/terms-conditions/privacy-policy) + +### **Rarible** + +* [https://rarible.com/](https://rarible.com/) +* [https://rarible.org/](https://rarible.org/) +* [https://static.rarible.com/privacy.pdf](https://static.rarible.com/privacy.pdf) + +![[privacy_3rd_parties_3.png]] +# **Cryptocurrency Swaps** + +Status Software uses cryptocurrency swap services provided by third parties who facilitate cryptocurrency trading and token swaps by aggregating multiple decentralised exchanges (DEXs) and liquidity providers into a single, seamless interface. This greatly enhances users’ experience by making complex trading strategies accessible, efficient, and cost-effective, directly within the app. + +Integrated cryptocurrency swap services enables Status Software to offer users the best possible trading rates by automatically splitting and routing transactions across various liquidity sources. This ensures that users can execute trades with minimal slippage and transaction costs. The app can provide advanced trading functionalities, such as multi-hop swaps (swapping one token for another through intermediate tokens), price impact analysis, and gas optimisation, all without requiring users to navigate multiple platforms. + +## **What Status Software Shares With Swap Service Providers** + +**Your Ethereum address (Shared).** Status Software embeds user’s chosen Ethereum address into swap requests. This is a convenience feature that allows swap providers to preselect where your digital assets should be sent. + +**Your IP address (Ambient Metadata).** As part of sending an HTTPS API call, your IP address will be shared with the third-party’s server. + +## **When Does Status Software Share This Data?** + +Status Software only shares the above personal data with one of the below service providers when the user explicitly instigates a token swap within Status Software. + +## **Swap Service Providers** + +### **Paraswap** + +* [https://www.paraswap.io/](https://www.paraswap.io/) +* [https://developers.paraswap.network/api/master/api-v5](https://developers.paraswap.network/api/master/api-v5) +* [https://files.paraswap.io/pp\_v2.pdf](https://files.paraswap.io/pp_v2.pdf) + +# **Bridging Services** + +Status Software integrates with third-party bridging services to facilitate cross-chain transfers, allowing users to move their assets between different blockchains. These services provide seamless, secure transfers, enabling users to interact with multiple blockchain ecosystems directly from the app without needing to use multiple wallets or platforms. + +## **What Status Software Shares With Bridging Service Providers** + +* **Your Ethereum address (Shared).** Status embeds the user’s Ethereum address into requests to bridge assets. +* **Your IP address (Ambient Metadata).** Your IP address is shared during API calls to the third-party bridging provider's server. + +## **When Does Status Software Share This Data?** + +Status only shares this data when the user explicitly initiates a cross-chain transfer using one of the below bridging services. + +## **Bridging Service Providers** + +### **Hop Exchange** + +* [https://hop.exchange/](https://hop.exchange/) +* [https://forum.hop.exchange/privacy](https://forum.hop.exchange/privacy) + +### **Celer Network** + +* [https://celer.network/](https://celer.network/) +* [https://celer.network/doc/Privacy-Policy.pdf](https://celer.network/doc/Privacy-Policy.pdf) + +# **Blockchain Explorers** + +Status Software uses third-party blockchain explorers to provide users with detailed insights into their on-chain activities, primarily focusing on providing users with details of pending transactions. This allows users to have peace of mind by monitoring the status of transactions they’ve sent that have not yet been confirmed. + +## **What Status Software Shares With Blockchain Explorer Providers** + +* **Your IP address (Ambient Metadata).** Your IP address is shared when making requests to the blockchain explorer service for transaction data. + +## **When Does Status Software Share This Data?** + +This data is shared whenever a user interacts with on-chain transaction data through Status Software, which then requests information from one of the following block explorers: + +## **Block Explorer Providers** + +### **Etherscan** + +* [https://etherscan.io/](https://etherscan.io/) +* [https://etherscan.io/privacyPolicy](https://etherscan.io/privacyPolicy) + +# **Signature Tooling** + +When a blockchain transaction is sent to a smart contract, the transaction includes a four-byte identifier to specify which function on the contract should be executed. Status Software uses the 4byte directory to match these identifiers with human-readable function names, making it easier to understand, decode, and interact with smart contract functions. + +Status Software uses the 4byte directory as a tool to help map and interface with EVM smart contracts. 4byte maintains a registry of known function signatures and their corresponding 4-byte hexadecimal identifiers, derived from the first four bytes of the Keccak-256 hash of a function's interface. + +## **What Status Software Shares With Signature Tooling Providers** + +**Your IP address (Ambient Metadata).** As part of sending an HTTPS API call, your IP address will be shared with the third-party’s server. + +## **When Does Status Software Share This Data?** + +* When the user views the activity details page of a transaction. + +## **Providers** + +### **4byte** + +* [https://www.4byte.directory/](https://www.4byte.directory/) +* [https://www.4byte.directory/docs/](https://www.4byte.directory/docs/) (API Docs) + +![[privacy_3rd_parties_4.png]] + +# **URL Previews** + +When a message containing one or more HTTP URLs is sent, only the *sender* will bear the burden of IP address leakage as Status Software automatically unfurls all URLs to generate previews. Once unfurled, the data is embedded in the message itself, ensuring that *receivers* don't need to re-unfurl URLs, which would share their IP addresses. + +Status Software unfurls URLs using the oEmbed and OpenGraph protocols, as well as direct HTTP requests to fetch URL thumbnails, all of which expose the *sender's* IP address. + +Unlike other messengers, Status Software does not use special servers to serve unfurled assets (e.g. as a caching layer). + +Currently, Status Software does not support the ability to choose when unfurling should occur, for example, a *sender* may prefer to unfurl only specific domains they trust. + +## **What Status Software Shares With Web Hosts** + +**The IP address of ONLY the message sender (Ambient Metadata).** As part of making HTTP requests to unfurl URLs. + +## **When Does Status Software Do This?** + +Status Software only performs this action when a user begins the process of sending a URL to a chat, and only when the user has consented to enabling URL unfurling for use within Status Software. + +![[privacy_3rd_parties_5.png]] +# **Embedded GIFs** + +Status Software uses third-party GIF providers to allow users to send GIFs within chats. When a user searches for and sends a GIF, Status Software embeds Tenor's GIF URLs into a chat message. When Status Software shows a GIF within a chat, this process shares some personal data with Tenor. + +## **What Status Software Shares with Tenor** + +* **Your IP address (Ambient Metadata).** When making a request to Tenor’s servers to fetch GIFs. This applies to both the sender and recipient of the message containing a GIF URL. + +## **When Does Status Software Share This Data?** + +Status Software only shares this data when a user sends or receives a GIF in the chat interface, and only if Tenor GIF functionality is enabled within the app. + +## **Providers** + +### **Tenor** + +* [https://tenor.com/](https://tenor.com/) +* [https://tenor.com/gifapi](https://tenor.com/gifapi) +* [https://policies.google.com/privacy](https://policies.google.com/privacy) + +### **How Status Software Provides Privacy Protection for Users Who Receive GIFs** + +To give users the option to protect their IP address(es) from GIF providers, we ask users to give their explicit consent before opening any GIFs in chat. + +![[privacy_3rd_parties_6.png]] +Permission to use GIFs in the mobile app. + +![[privacy_3rd_parties_7.png]] + +Permission to use GIFs in the desktop app. + +![[privacy_3rd_parties_8.png]] + +Permission settings for GIF and website link previews. + diff --git a/attachments/2024-09/Privacy in Status Software.md b/attachments/2024-09/Privacy in Status Software.md new file mode 100644 index 0000000..2655f1f --- /dev/null +++ b/attachments/2024-09/Privacy in Status Software.md @@ -0,0 +1,98 @@ +# Prioritising User Privacy In Status Software + +![[privacy_main_header.png]] +## TL:DR + +Status prioritises privacy\! This article walks you through how we handle your personal data, whether it’s logging, sharing, or just passing through our servers. We’ve made some changes to our software (all good things\!), and in line with our core principles, we’re being completely upfront about them. In the vast majority of cases only your device's IP address (if you're not using a VPN or Tor) will be handled by Status or third parties. Whether it’s censorship-resistant messaging, swaps, or cross-chain magic, we’ve got your back. Got questions? Hit us up\! ... or read all the stuff for nerds below (and maybe the Privacy Policy itself). + +Status will never try to access, store, or use your personal data in any way unless absolutely required for the functioning or improvement of Status Software. Under no circumstances will Status ever monetise or exploit the personal data handled by Status Software or Status infrastructure. + +## Purpose of This Article + +Status Software has undergone some important changes and added exciting new features. As part of this process, the way it handles user data has necessarily changed. We’re excited about the recent improvements to Status Software and in staying true to our commitment to openness, we want to explain how these updates impact you and how we continue to uphold our promise of protecting your privacy. + +While we continue to enhance our decentralised approach, some features require Status Software to interact with third parties, resulting in the handling of limited metadata. Our priority in handling this data is to deliver the powerful features our users require while always keeping their privacy paramount. + +Other applications might simply update their privacy policy and expect you to read through it yourself to decode what’s changed with their data handling. To keep everything transparent and demonstrate our commitment to user privacy, we’ve laid out in clear terms what data is handled by Status Software and when. + +## Why Make These Changes? + +### Trust Through Transparency + +Three of the core principles in our [manifesto](https://status.app/manifesto) are **Security**, **Privacy**, and **Transparency**. In accordance with these values, it is our sincere obligation to our community to be as absolutely open about our data handling as possible. + +These principles are a cornerstone of Status Software, and as such we have updated our privacy policy to build and maintain our users’ trust by providing a clear and detailed explanation of how Status Software handles data. + +By being upfront and open about our data processing practices, we are making an honest, good-faith demonstration of our ongoing commitment to protecting our users’ privacy and securing their personal data. + +### Enhanced Functionality and User Experience + +We are thrilled to have introduced the Status API Proxy Server, a powerful tool that delivers an improved user experience and enhances the performance of the Status app while shielding various user data from third-party RPC service providers. + +The API Proxy Server is designed to improve the performance and functionality of Status Software, and therefore it necessitates limited data processing. To deliver a better user experience, certain user information, such as IP addresses and wallet addresses, must be briefly processed. + +Importantly, the data that Status Software handles through this server is no different from the data that would typically be handled and processed by EVM RPC service providers. The privacy policy has been updated to reflect this change and ensure users are aware of the data handling involved in optimising the software’s performance. + +### Introduction of Opt-In Usage Data Collection + +In Status Software, users are informed that they have the possibility to opt in to share usage data. This allows Status Software to gather insights on how users interact with the software, which can inform future improvements and enhancements. + +In Status Software and as also reflected in the privacy policy, Status ensures that users are fully informed about this optional feature and can make an educated decision about whether to participate. + +### Adapting to Technological Changes / Third-Party Integrations + +The exciting and user-friendly features coming to Status will often see the applications interacting with third-party services and tools, enhancing the functionality and interoperability of the platform. + +As Status Software integrates with more third-party services (such as RPC providers, cloud providers, and analytics tools), it becomes necessary to process certain personal data to ensure these services function correctly. + +The privacy policy reflects these technological changes and provides users with a clear understanding of how their personal data might be handled by these third parties. + +## Types of Data Handling + +To give a clearer idea of how Status Software preserves user privacy, we have highlighted specifically what personal data we handle and how we handle it. We have outlined the four categories of data handling that Status and Status Software performs below. + +### Logged + +Logged data refers to the information that is automatically recorded about the requests and responses passing through infrastructure that Status manages, such as the Status Software proxy server. This logging is essential for monitoring our infrastructure’s activity, diagnosing issues, and ensuring the health of the network. + +However, since these logs contain sensitive metadata, such as IP addresses, Status takes great care to secure them properly to prevent exposure of personal data. This involves restricting access to log files and ensuring logs are rotated and deleted after a set retention period of 15 days. + +### Passed-Through + +Passed-through data refers to information that flows through the Status Software proxy server, managed and maintained by Status, without being altered, stored or manipulated by the server. The Status Software proxy server acts as an intermediary between Status Software and service provider servers, simply forwarding requests and responses without modifying the data in any way. + +None of this data is logged, persisted or stored in any way. + +### Shared + +Shared data refers to personal data that is intentionally distributed between Status Software and third-party services. For the avoidance of doubt, Status does not have any visibility or access to this data. The nature of the shared personal data is limited to only a user’s destination EVM address for crypto asset transfers and referral identifiers. This personal data is only ever shared when the user actively engages with the swap and on-ramping services. + +### Ambient Metadata + +Ambient metadata is information that is incidentally handled or exposed during the course of a digital interaction. This data often includes elements like IP addresses, connection timestamps, or user-agent strings. Unlike data that is explicitly logged or shared, ambient metadata arises naturally as part of the connection process. + +## In-Depth Analysis of Status Data Handling + +For a detailed analysis of what data Status handles and in what context, please see the following sections: + +* [Privacy With Status Infrastructure and Insights](https://docs.google.com/document/d/1pcH_ZFC2uJ_kBk12ERRFrq40yrhaNBwBP_IUE5V2Hho/edit?usp=sharing) + * [[Privacy With Status Infrastructure and Insights]] +* [Privacy With Status Third Parties](https://docs.google.com/document/d/1I7fkrZzLsZcNXVZWPhq1D6-izbIel8XhWa7hXGQ2lfc/edit?usp=sharing) + * [[Privacy With Status Third Parties]] + +## The Privacy Policy + +As noted above, due to important but necessary changes made to Status Software, which now involves the handling and sharing of certain personal data of the users, we have created a privacy policy to reflect these changes and are in line with our legal obligations to do so. + +The privacy policy sets out a number of items (among others) for your consideration: + +* It states that the Status entity, Status Research & Development GmbH, is responsible for managing and processing certain personal data, as outlined in this article, when using Status Software. +* It provides detailed information on specific instances where personal data—such as analytics, telemetry data, IP addresses, and wallet addresses—may be handled or processed by Status. +* It also explains the purpose of processing this data and how long it is retained; and +* It informs you of your rights under privacy laws, including GDPR, such as the ability to access, correct, or delete your data. + +We ask that you read the privacy policy in full before you use Status Software. + +If you have any questions regarding the privacy policy, please feel free to contact us at legal@status.im. + +[image1]: \ No newline at end of file diff --git a/attachments/2024-09/privacy_1st_party_header.png b/attachments/2024-09/privacy_1st_party_header.png new file mode 100644 index 0000000..9aa868e Binary files /dev/null and b/attachments/2024-09/privacy_1st_party_header.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_1.png b/attachments/2024-09/privacy_3rd_parties_1.png new file mode 100644 index 0000000..528f60a Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_1.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_2.png b/attachments/2024-09/privacy_3rd_parties_2.png new file mode 100644 index 0000000..f6f77f9 Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_2.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_3.png b/attachments/2024-09/privacy_3rd_parties_3.png new file mode 100644 index 0000000..02ec99a Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_3.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_4.png b/attachments/2024-09/privacy_3rd_parties_4.png new file mode 100644 index 0000000..4998f59 Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_4.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_5.png b/attachments/2024-09/privacy_3rd_parties_5.png new file mode 100644 index 0000000..7d94b7f Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_5.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_6.png b/attachments/2024-09/privacy_3rd_parties_6.png new file mode 100644 index 0000000..410cf6f Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_6.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_7.png b/attachments/2024-09/privacy_3rd_parties_7.png new file mode 100644 index 0000000..004dfb6 Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_7.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_8.png b/attachments/2024-09/privacy_3rd_parties_8.png new file mode 100644 index 0000000..81e7f3f Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_8.png differ diff --git a/attachments/2024-09/privacy_3rd_parties_header.png b/attachments/2024-09/privacy_3rd_parties_header.png new file mode 100644 index 0000000..26a6b28 Binary files /dev/null and b/attachments/2024-09/privacy_3rd_parties_header.png differ diff --git a/attachments/2024-09/privacy_main_header.png b/attachments/2024-09/privacy_main_header.png new file mode 100644 index 0000000..f9dc7e9 Binary files /dev/null and b/attachments/2024-09/privacy_main_header.png differ