I gather the answer is no, but just to clarify, will a person's contact list be visible to others, whether through viewing their profile, or blockchain analysis, or other methods?
I'm sure many people consider this sensitive information.
First a clarification: A "person" will NOT have "their" contact list readily available. The Dash protocol & Evolution platform is not designed not collect or store any identifying information of "persons".
HOWEVER - in it's CURRENT nascent state of prototype and system design, the following statements *I believe* to be true AND ARE SUBJECT TO (& WILL PROBABLY) CHANGE:
1) The REGISTRATION TRANSACTIONS of BLOCKCHAIN USERNAMES WILL BE PUBLICLY AVAILABLE *on the blockchain*.
1.1) All registrations transactions will require in invitation from an existing blockchain user. It will be known which blockchain username invited them and paid the miner fee. Businesses will be able to register usernames and "sponsor" (read as "pay miner fees for") public registrations for the privilege of being that user's first contact.
1.2) Contacts may be removed at any time.
2) ALL blockchain user CONTACT REQUEST TRANSACTIONS (& associated state transitions) will be PUBLIC and VISIBLE on the blockchain
2.1) When a blockchain user response to a contact request, one part is only decipherable by the receiver. Someone else cannot distinguish between an approval and a rejection. Furthermore, they can't tell if you have declined, then re-asked yourself, or first accepted, then removed... This "series" of "states" on a "blockchain user object" are "opaque" (not decipherable).
2.2) Right now, in the prototype
- everything is transparent and not cryptographically protected. Dash protocol developers have encryption securities planned, not yet implemented, in the system design.
3) WALLETS, FUNDS, and ALL associated WALLET transactions, balances, etc. are *expected NOT TO BE PUBLIC*, or LINKABLE to blockchain user accounts from the blockchain.
4) RESPONSES (acceptances, denials, & or lack of responses) WILL BE PARTIALLY PRIVATE. Existence
of a RESPONSE is public, but details like HD public keys will be encrypted.
5) ALL PAYMENTS ARE NOT
PUBLICLY ASSOCIATED TO/WITH BLOCKCHAIN USERNAMES.
5.1) Blockchain Usernames are registered, recoverable, and managed with HD private keys (like wallets, but separate from wallets).
5.2) Wallet transactions executed from
a blockchain username are not publicly associated
with that username.
5.3) Wallet access connected to Blockchain user accounts will require the HD Keys of the Blockchain User Account &/or HD key of the wallet itself to access & control wallet funds.
5.4) Blockchain User accounts *should not be
* accessible or linkable through wallets, wallet transactions, or any wallet specific behavior. We are working through cryptographic methods to seal this portion of functionality.
After talking with @j0shua
, he & I agree that the current system level or privacy is roughly equivalent to "email" standards with PGP encryption options - and no transport security
. We believe this so because while it is not possible (yet?) to encrypt the sender and recipient of emails, it is possible to securely encrypt the messages and data enclosed.
We expect to improve the quality of privacy, and the level of functionality as we progress in direct response to the public's reception of the platform.
I assume (guess) you will be using round-robin dns for the DAPI. How are you going to deal with security, especially at a state level, where dns has sometimes been compromised.
We haven’t addressed this, specifically, yet. However, we believe the results of our research data and system designs will be able to maintain security across the 2nd tier network of masternodes, and the assets they protect in DashDrive.
I still think you need to sit down and think hard about username management. I know they are not free, but name squatting will still be a major issue.
We are thinking/arguing/debating/dreaming/designing/POC’ing/re-implementing really hard
about this issue. This issue is the core of the Evolution Platform that is expected to be the flagship product for Dash Core Group, Inc. for some time to come. We really don’t get a 2nd opportunity to get this right if we get it wrong. Blockchain Usernames are possibly the single most discussed nouns among Core developers since September 2017.
On that note, here’s one of our collective homework items for your review (thanks again, @j0shua
) : https://www.b-list.org/weblog/2018/feb/11/usernames/
- the rest of your questions are not yet addressed. Thanks for your questions and contribution to the discussion!
Thanks all, we’ll try to keep up on the discussion here.