Polkadot_Championship_Chall.../Main_Challenges/Privacy_Research/Challenge.md

1.2 KiB

Privacy Challenge for Polkadot Metaverse Championship

Description

This is a privacy research challange. Take is as a proposal.

Task

Do a research on privacy and what data is taken by the chosen project - list below. You need to test what kind of data can be logged and where by the service provider, for example: does the backend receive your browser user-agent, screen resolution, battery state, etc. We know some of the projects listed here have serious issues, but a clear collection of what data is taken and where would it be stored could make things more transparent and increase awareness.

So the task is to do the research, create list about data sent to the project servers/nodes and draw a topology. Don't spend on it more than an hour.

Ideas on what to look for:

  • Data in the HTTP/API requests
  • Data in the WSS channels
  • Network data
  • Think about timing and even if you have multiple addresses, balance checks can give a good base for statistics on which addresses belong to the same wallet/browser
  • Consider what would happen if you use the service through proxy/TOR/etc

https://kusama.momentum.xyz/ https://polkadot.js.org/ https://www.talisman.xyz/ https://metamask.io/ https://acala.network/