From f38daeee2d2742657b91e346d9f384f34f0adb5b Mon Sep 17 00:00:00 2001 From: Volodymyr Kozieiev Date: Mon, 4 May 2020 11:14:18 +0300 Subject: [PATCH 1/5] Draft of 3rd party api spec --- docs/draft/3rd-party-api.md | 88 +++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 docs/draft/3rd-party-api.md diff --git a/docs/draft/3rd-party-api.md b/docs/draft/3rd-party-api.md new file mode 100644 index 0000000..c976030 --- /dev/null +++ b/docs/draft/3rd-party-api.md @@ -0,0 +1,88 @@ +# (DRAFT) 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy + +Authors: Volodymyr Kozieiev + +Status: Draft + +Version: 0.1.0 + +## Table of Contents + +1. [Abstract](Abstract) +2. [Definitions](#definitions) +3. [Why 3rd party API can be a problem?]() + + +## Abstract +In this specification listed 3rd party APIs that Status functionality rely on. + +## Definitions + +| Term | Description | +| ------------- |-------------| +| Fiat money | Currency which established as money, often by government regulation, but that has no intrinsic value +| Full node | Any computer, connected to the Ethereum network, which fully enforces all the consensus rules of Ethereum. +| Crypto-collectible | A cryptographically unique, non-fungible digital asset . Unlike cryptocurrencies, which require all tokens to be identical, each crypto-collectible token is unique or limited in quantity. + + +## Why 3rd party API can be a problem? +Relying on 3rd party APIs interferes with `censorship resistance` Status principle. Since we aim to avoid suppression of information it is important to reduce amount of 3rd parties crucial for app functionality. + +## 3rd party APIs used by Status + +### Infura + +##### What is it? +Infura hosts a collection of own full nodes on the Ethereum network and provides an API access to the Ethereum and IPFS networks without having to run a full node. + +##### How Status use it? +Status works on mobile devices and therefore can't rely on local node. So all communication to Ethereum network happens via Infura. + +##### Concerns +Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data. +Infura hosts on Amazon. It can fail or Amazon can cut off service or their servers crash. In this case all Status features related to Ethereum network calls will fail. + + +### Etherscan +##### What is it? +Etherscan is a service that allows user to explore and search the Ethereum blockchain for transactions, addresses, tokens, prices and other activities taking place on Ethereum network. + +##### How Status use it? +Status Wallet has buttons that allow user to view details of address or transactions on Etherscan site. + +##### Concerns +If Etherscan fails user won't be able to view address or transaction details with it. But inside the app this info will still be available. + +### CryptoCompare + +##### What is it? +CryptoCompare is a service that shows live streaming prices, charts and analysis from top crypto exchanges. + +##### How Status use it? +Status regularly fetches crypto prices from CryptoCompare. Using that info Status calculates fiat value for transaction or wallet assets. + +##### Concerns +Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data. +If CryptoCompare fails Status won't be able to show fiat equivalent of crypto in wallet. + +### Collectibles + +There is a set of services that used for getting information about collectibles: +- https://api.pixura.io/graphql +- https://www.etheremon.com/api +- https://us-central1-cryptostrikers-prod.cloudfunctions.net/cards/ +- https://api.cryptokitties.co/ + + +##### Concerns +Making http request means that user metadata leaks. Also if service hacked they can be used in various attacks, e.g. by faking returning data. + +### Iubenda +##### What is it? +Service that helps in creating documents that make websites and apps compliant with the law across multiple countries and legislations. + +##### How Status use it? +Privacy policy of Status hosted on Iubenda. + +##### Concerns +If Iubenda fails Status users won't be able to navigate to app's privacy policy. From a12d4338c4ba31b86ce7a1a8c7eea965075aacaa Mon Sep 17 00:00:00 2001 From: Volodymyr Kozieiev Date: Mon, 4 May 2020 11:24:20 +0300 Subject: [PATCH 2/5] TOC added --- docs/draft/3rd-party-api.md | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/docs/draft/3rd-party-api.md b/docs/draft/3rd-party-api.md index c976030..c977911 100644 --- a/docs/draft/3rd-party-api.md +++ b/docs/draft/3rd-party-api.md @@ -1,17 +1,26 @@ -# (DRAFT) 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy +--- +title: 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy +version: 0.1.0 +status: Draft +authors: +--- -Authors: Volodymyr Kozieiev - -Status: Draft - -Version: 0.1.0 +# 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy ## Table of Contents 1. [Abstract](Abstract) 2. [Definitions](#definitions) -3. [Why 3rd party API can be a problem?]() - +3. [Why 3rd party API can be a problem?](#why-3rd-party-api-can-be-a-problem) +4. [3rd party APIs used by Status](#3rd-party-apis-used-by-status) + * [Infura](#infura) + * [Etherscan](#etherscan) + * [CryptoCompare](#cryptocompare) + * [Collectibles](#collectibles) + * [Iubenda](#iubenda) +5. [Changelog](#changelog) +6. [Acknowledgements](#acknowledgements) +7. [Copyright](#copyright) ## Abstract In this specification listed 3rd party APIs that Status functionality rely on. @@ -86,3 +95,15 @@ Privacy policy of Status hosted on Iubenda. ##### Concerns If Iubenda fails Status users won't be able to navigate to app's privacy policy. + +## Changelog + +| Version | Comment | +| :-----: | ------- | +| [0.1.0](https://github.com/specs/...) | Initial Release | + +## Acknowledgements + +## Copyright + +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). From f5e71d2a91d68942fbbceb6fd6c9ad137dcb1945 Mon Sep 17 00:00:00 2001 From: Volodymyr Kozieiev Date: Tue, 12 May 2020 13:45:29 +0300 Subject: [PATCH 3/5] Addressed comments --- .../{3rd-party-api.md => 9-3rd-party.md} | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) rename docs/draft/{3rd-party-api.md => 9-3rd-party.md} (87%) diff --git a/docs/draft/3rd-party-api.md b/docs/draft/9-3rd-party.md similarity index 87% rename from docs/draft/3rd-party-api.md rename to docs/draft/9-3rd-party.md index c977911..a62df24 100644 --- a/docs/draft/3rd-party-api.md +++ b/docs/draft/9-3rd-party.md @@ -1,10 +1,18 @@ --- -title: 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy -version: 0.1.0 -status: Draft -authors: +permalink: /spec/9 +parent: Stable specs +title: 9/3RD-PARTY --- +# 9/3RD-PARTY + +> Version: 0.1 +> +> Status: Draft +> +> Authors: Volodymyr Kozieiev + + # 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy ## Table of Contents @@ -12,7 +20,7 @@ authors: 1. [Abstract](Abstract) 2. [Definitions](#definitions) 3. [Why 3rd party API can be a problem?](#why-3rd-party-api-can-be-a-problem) -4. [3rd party APIs used by Status](#3rd-party-apis-used-by-status) +4. [3rd party APIs used by Status](#3rd-party-apis-used-by-current-status-app) * [Infura](#infura) * [Etherscan](#etherscan) * [CryptoCompare](#cryptocompare) @@ -23,7 +31,12 @@ authors: 7. [Copyright](#copyright) ## Abstract -In this specification listed 3rd party APIs that Status functionality rely on. +In this specification listed 3rd party APIs that Status rely on. With the help of that APIs Status: +- communicates to Ethereum network +- allows user to see address and transaction details on external website +- gets fiat<->crypto exchange prices +- gets information about collectibles +- hosts privacy policy ## Definitions @@ -37,7 +50,7 @@ In this specification listed 3rd party APIs that Status functionality rely on. ## Why 3rd party API can be a problem? Relying on 3rd party APIs interferes with `censorship resistance` Status principle. Since we aim to avoid suppression of information it is important to reduce amount of 3rd parties crucial for app functionality. -## 3rd party APIs used by Status +## 3rd party APIs used by current Status app ### Infura From 48e099e08785146672318983741fe51e0aeb8440 Mon Sep 17 00:00:00 2001 From: Volodymyr Kozieiev Date: Fri, 15 May 2020 12:15:52 +0300 Subject: [PATCH 4/5] Fix notes --- docs/draft/9-3rd-party.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/draft/9-3rd-party.md b/docs/draft/9-3rd-party.md index a62df24..d6ba105 100644 --- a/docs/draft/9-3rd-party.md +++ b/docs/draft/9-3rd-party.md @@ -1,7 +1,7 @@ --- permalink: /spec/9 -parent: Stable specs -title: 9/3RD-PARTY +parent: Draft specs +title: 9/3RD-PARTY-USAGE --- # 9/3RD-PARTY @@ -13,7 +13,7 @@ title: 9/3RD-PARTY > Authors: Volodymyr Kozieiev -# 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy +# Third party APIs used for core functionality ## Table of Contents @@ -31,11 +31,11 @@ title: 9/3RD-PARTY 7. [Copyright](#copyright) ## Abstract -In this specification listed 3rd party APIs that Status rely on. With the help of that APIs Status: -- communicates to Ethereum network -- allows user to see address and transaction details on external website -- gets fiat<->crypto exchange prices -- gets information about collectibles +In this specification, we discuss 3rd party APIs that Status relies on. These APIs provide various capabilities such as: +- communicate with the Ethereum network +- allow users to see address and transaction details on external website +- get fiat/crypto exchange rates +- get information about collectibles - hosts privacy policy ## Definitions @@ -55,22 +55,22 @@ Relying on 3rd party APIs interferes with `censorship resistance` Status princip ### Infura ##### What is it? -Infura hosts a collection of own full nodes on the Ethereum network and provides an API access to the Ethereum and IPFS networks without having to run a full node. +Infura hosts a collection of full nodes for the Ethereum network and provides an API to access both the Ethereum and IPFS networks without having to run a full node. ##### How Status use it? Status works on mobile devices and therefore can't rely on local node. So all communication to Ethereum network happens via Infura. ##### Concerns -Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data. -Infura hosts on Amazon. It can fail or Amazon can cut off service or their servers crash. In this case all Status features related to Ethereum network calls will fail. +Making http request means that a user leaks metadata, which can be used in various attacks if the service is hacked. +Infura hosts on centralized providers. If these fail or the provider cuts off service, then Status features requiring Ethereum calls will. ### Etherscan ##### What is it? -Etherscan is a service that allows user to explore and search the Ethereum blockchain for transactions, addresses, tokens, prices and other activities taking place on Ethereum network. +Etherscan is a service that allows user to explore and search the Ethereum blockchain for transactions, addresses, tokens, prices and other activities taking place on Ethereum. ##### How Status use it? -Status Wallet has buttons that allow user to view details of address or transactions on Etherscan site. +Status Wallet allows users to view details of addresses and transactions on Etherscan. ##### Concerns If Etherscan fails user won't be able to view address or transaction details with it. But inside the app this info will still be available. @@ -84,7 +84,7 @@ CryptoCompare is a service that shows live streaming prices, charts and analysis Status regularly fetches crypto prices from CryptoCompare. Using that info Status calculates fiat value for transaction or wallet assets. ##### Concerns -Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data. +Making http request means that a user leaks metadata, which can be used in various attacks if the service is hacked. If CryptoCompare fails Status won't be able to show fiat equivalent of crypto in wallet. ### Collectibles @@ -97,7 +97,7 @@ There is a set of services that used for getting information about collectibles: ##### Concerns -Making http request means that user metadata leaks. Also if service hacked they can be used in various attacks, e.g. by faking returning data. +Making http request means that a user leaks metadata, which can be used in various attacks if the service is hacked. ### Iubenda ##### What is it? From 36edf7cecba483bf86a0b37db49510264dfc3874 Mon Sep 17 00:00:00 2001 From: Volodymyr Kozieiev Date: Mon, 18 May 2020 12:00:44 +0300 Subject: [PATCH 5/5] Updated link --- docs/draft/9-3rd-party.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/draft/9-3rd-party.md b/docs/draft/9-3rd-party.md index d6ba105..b0156a4 100644 --- a/docs/draft/9-3rd-party.md +++ b/docs/draft/9-3rd-party.md @@ -113,7 +113,7 @@ If Iubenda fails Status users won't be able to navigate to app's privacy policy. | Version | Comment | | :-----: | ------- | -| [0.1.0](https://github.com/specs/...) | Initial Release | +| [0.1.0](https://github.com/status-im/specs/blob/master/docs/draft/9-3rd-party.md) | Initial Release | ## Acknowledgements