• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Poll: Evo will expose your contact list, are you concerned?

Does an exposed contact list concern you?

  • Yes and I consider it a critical flaw.

    Votes: 6 40.0%
  • Yes, but I am happy to wait one year for this to be fixed

    Votes: 2 13.3%
  • Not important, let's just get Evo out there

    Votes: 7 46.7%

  • Total voters
    15

GrandMasterDash

Well-known member
Masternode Owner/Operator
In Evolution, a user's contact list can be exposed (please correct me if I'm wrong).

I am concerned that such breach of privacy will attract negative press and may have significant impact on dash going forward (expensive to counter and rectify).

It is said that usernames are pseudo anonymous, but I disagree; the DAPI will (hopefully) be embedded within mobile apps, which in turn collect lots of user data e.g. phone number, wifi identity, location, and so on. Users could register multiple usernames (at a cost), but this is not a user friendly approach.
 
@GrandMasterDash is raising an important issue here that we as a community need to address head on and come to grips with before our critics.

I believe he is referring to comments on the demo video from Alex Werner:

- Privacy is not the scope of the beta release, priority here is the protocol specification, first implementation, usability....

- With full privacy features, we need probably one other year of work before release.

- If we release soon, we can then add privacy improvement during the year to come.

End result : Similar with difference, releasing now allow to build the ecosystem, to improve, to open-source it so we all can build stuff way quicker alltogether :)

So, Evolution is going to launch with weak privacy. I understand the reasoning for the decision, and ultimately I would support the decision.

We need to know exactly where/how privacy is weak and what users will be able to do to strengthen privacy (best practices). My hope is that rejecting Evolution is not the only option.
 
Evolution’s ethos is primarily a payments system so easy to use your grandma can use it. This is what will take crypto to mainstream. NOT a privacy centric anonymous payment rail. 99% of people give out so much of their data every day to these businesses with out even caring.

If you want full anonymity, go use dash core wallet with private send or zcash. Don’t use Evolution, you are not it’s target use case.
 
It's not about the user's privacy, it's about the inadvertent exposure of the user's friends and contacts without their permission. If a user doesn't care for such things then fine, but why inflict such beliefs on all your contacts?
 
Just hold off using it if you have such an issue, I for one would rather see it here now and in time implement privacy.
As it has been stated already, you can use DASH Core wallet if you have concerns. So whats the big deal?
Let's roll out this cube chain crypto changer and start plugging into the DAPI
 
Just hold off using it if you have such an issue, I for one would rather see it here now and in time implement privacy.
As it has been stated already, you can use DASH Core wallet if you have concerns. So whats the big deal?
Let's roll out this cube chain crypto changer and start plugging into the DAPI

Everyone saying this is making the same fundamental mistake; it's fine for you to decide YOUR privacy, but it's fundamentally wrong for you to compromise the privacy of your contacts without their consent on every transaction you do. One of your friends will buy a bunch of fertilizer to make a bomb and suddenly you become a suspect.

What reaction would you expect if a bank openly exposed all it's customers contacts?

Realistically, how do you retro-fit privacy if, for example, someone already has 200 contacts? Not least that some of those people will have setup reocuring payments. Is it realistic to expect all their contacts to create a new username and re-register with all their services?

I'm thinking there's so much hype about this release - and I understand it's good stuff - that it's blinding people of how this could negatively impact dash.
 
Weak privacy is dangerous and we should not launch a dangerous product.

Let's take this use-case as an example:

Alice operates a medical marijuana dispensary in California. She is a law-abiding citizen who is well respected in the community and supported by local law enforcement. However, the Federal government has hardened its stance against the cannabis industry, with its top leadership calling for the death penalty for drug dealers, which by its definition includes Alice.

If Alice uses Dashpay with weak privacy, using sophisticated network analysis techniques, the DEA could map out and eventually identify Alice's entire network of customers and vendors, enabling them to make sweeping arrests, including Alice, and threaten her with death.

Dash is supposed to be a solution to Alice's problems, not a hazard.
 
Everyone saying this is making the same fundamental mistake; it's fine for you to decide YOUR privacy, but it's fundamentally wrong for you to compromise the privacy of your contacts without their consent on every transaction you do. One of your friends will buy a bunch of fertilizer to make a bomb and suddenly you become a suspect.

What reaction would you expect if a bank openly exposed all it's customers contacts?

Realistically, how do you retro-fit privacy if, for example, someone already has 200 contacts? Not least that some of those people will have setup reocuring payments. Is it realistic to expect all their contacts to create a new username and re-register with all their services?

I'm thinking there's so much hype about this release - and I understand it's good stuff - that it's blinding people of how this could negatively impact dash.
Is it not the same thing as bitcoin address? if you send to multiple addresses (friends) its all visible on the blockchain yes?
So all those addresses are compromised if one goes through coinbase, boom real ID attached.
Pseudonym username, pseudonym address whats the real difference? its only 1% of DASH that is private sends atm. the private sends can stay private.
people should be made aware of this and made aware that this is a work in progress and privacy is coming but let's not hold off evo bro!
 
Pseudonym username, pseudonym address whats the real difference?

From the beginning, Dash has positioned itself as a cryptocurrency with strong privacy features. Privacy is a key feature of cash that we are trying to replicate with digital cash. Without it, Dash is no better than a credit card.

We need strong privacy because it gives us an advantage in a competitive marketplace. It is a differentiating feature that can win for us.
 
Weak privacy is dangerous and we should not launch a dangerous product.

Let's take this use-case as an example:

Alice operates a medical marijuana dispensary in California. She is a law-abiding citizen who is well respected in the community and supported by local law enforcement. However, the Federal government has hardened its stance against the cannabis industry, with its top leadership calling for the death penalty for drug dealers, which by its definition includes Alice.

If Alice uses Dashpay with weak privacy, using sophisticated network analysis techniques, the DEA could map out and eventually identify Alice's entire network of customers and vendors, enabling them to make sweeping arrests, including Alice, and threaten her with death.

Dash is supposed to be a solution to Alice's problems, not a hazard.
So Alice should not use Evo until it has privacy, Privacy is coming, but Alice who chooses her own risk needs to determine her security.
Everyone complains about Evo being so late, now where complaining that it will be released with full spec! Come on, guys? This is blockchain. Unless Alice inforces private send on all her buyers, its the same shit just different smell.
Plus if Alice is really in this danger, she is looking at the death penalty anyway because she has a shop front that is far more traceable than a pseudonym username.
 
From the beginning, Dash has positioned itself as a cryptocurrency with strong privacy features. Privacy is a key feature of cash that we are trying to replicate with digital cash. Without it, Dash is no better than a credit card.

We need strong privacy because it gives us an advantage in a competitive marketplace. It is a differentiating feature that can win for us.
Nobody has said there will be no privacy, its just not ready yet. Rome wasn't built overnight.
Give core a break guys. What they have done here as amazing and all you can say is what about this what about that?
 
@yocko though you still haven't addressed the implications of no privacy for all your contacts. A transaction that is okay for you is not necessarily the same for your contacts, possibly in different countries with different laws.

At the very least there needs to be a big disclaimer on sign-up that says,

Your entire contact list will be visible to all your contacts. Every blockchain transaction becomes indisputable proof of association, both directly and indirectly. The revelation of one identity may inadvertently reveal the identity of others.
 
There is absolutely no question that what Core is accomplishing is AMAZING and I 100% support the work they are doing and ultimately support the decisions they have to make.

But weak privacy is dangerous and we have a responsibility to, at the very least, alert users to the danger. It is my opinion that it would be wrong to flippantly toss off this issue with a caveat emptor.

We must:

1. Make it clear to users where and how their privacy can be compromised
2. Recommend best practices to minimize those risks.
3. Design the product with clear options to maximize privacy.

Probably, this is exactly what Core intends to do. We are, after all, reacting to a demo that is far from the final product.
 
I agree. I think dash is, once again, leading innovation and I commend them for it. To me, it's pretty obvious this could massively boost the entire dash ecosystem. But I won't let that taint or curb my insight to how this could also go terribly wrong by abusing our users right to privacy.
 
Where does the notion come from that the contact list is visible to everyone? The way I understood it is that from the outside it is not visible at all which addresses are attached to a username, a username is associated with a set of Hierarchically Deterministic addresses, which addresses that are should only be possible to determine with the private key. The way I'd do it, but I haven't thought about it that much to be honest and I'm not even really a programmer, is that I'd keep most of it in the userspace. Something like this:
- Alice makes a contact request;
- Bob accept the request, now a flag is set for "Alice is contact" in Bob's userspace;
- Alice asks Bob for an address to send a payment to;
- Bob's has accepted Alice as a contact, Alice is sent a Public Address;
- Alice makes a payment to the given address;
- Bob receives payment on the address, this address is part of the subset of HD-addresses he allocated to Alice, so he knows the payment came from Alice.

If Bob doesn't accept Alice's contact request, Alice never receives a public address.

I think that what is shown below in the video are the contact requests from Alice, visible from Alice's userspace. But none of this is actually on the blockchain. The only thing that is on the blockchain is a hash of the userspace (or changes to it) signed by Alice's private key. So that only Alice can make changes to the data. Now whether the contacts are visible or not depends on how the userspace data is stored (on the Dashdrive?), but I assume it will be encrypted. Otherwise it would be completely useless for merchants.

The beauty of the Evolution approach is that it leverages the functionality of the Dash Blockchain but does not change how the Blockchain works much. There's no reason why there couldn't exist a second payment DAP that uses the Dash Blockchain on the same network. If they get this to work (and I'm convinced they will,) this really is Blockchain 3.0!
 
Last edited:
Alice can't modify Bob's userspace, it's exclusively his. From what I gather, a request to bob is made in Alice's userspace, it's the hash that brings it to his attention.

I'm hoping someone can clarify the full extent to which privacy is affected. And also, how retro-fitting privacy will impact development e.g. will it take twice as long to retro-fit than doing privacy from the outset.
 
Where does the notion come from that the contact list is visible to everyone? The way I understood it is that from the outside it is not visible at all which addresses are attached to a username, a username is associated with a set of Hierarchically Deterministic addresses, which addresses that are should only be possible to determine with the private key. The way I'd do it, but I haven't thought about it that much to be honest and I'm not even really a programmer, is that I'd keep most of it in the userspace. Something like this:
- Alice makes a contact request;
- Bob accept the request, now a flag is set for "Alice is contact" in Bob's userspace;
- Alice asks Bob for an address to send a payment to;
- Bob's has accepted Alice as a contact, Alice is sent a Public Address;
- Alice makes a payment to the given address;
- Bob receives payment on the address, this address is part of the subset of HD-addresses he allocated to Alice, so he knows the payment came from Alice.

If Bob doesn't accept Alice's contact request, Alice never receives a public address.

I think that what is shown below in the video are the contact requests from Alice, visible from Alice's userspace. But none of this is actually on the blockchain. The only thing that is on the blockchain is a hash of the userspace (or changes to it) signed by Alice's private key. So that only Alice can make changes to the data. Now whether the contacts are visible or not depends on how the userspace data is stored (on the Dashdrive?), but I assume it will be encrypted. Otherwise it would be completely useless for merchants.

The beauty of the Evolution approach is that it leverages the functionality of the Dash Blockchain but does not change how the Blockchain works much. There's no reason why there couldn't exist a second payment DAP that uses the Dash Blockchain on the same network. If they get this to work (and I'm convinced they will,) this really is Blockchain 3.0!

I have heard @Chuck Williams mention encryption and Dash Drive together so maybe you’re right and we are misinterpreting Alex Werner’s statement.

Hopefully, this entire discussion the past few days is mute.
 
@yocko though you still haven't addressed the implications of no privacy for all your contacts. A transaction that is okay for you is not necessarily the same for your contacts, possibly in different countries with different laws.

At the very least there needs to be a big disclaimer on sign-up that says,

Your entire contact list will be visible to all your contacts. Every blockchain transaction becomes indisputable proof of association, both directly and indirectly. The revelation of one identity may inadvertently reveal the identity of others.
I agree we need this big disclaimer if privacy is not ready yet. I don't believe we hold off release based on this.
Privacy is a very very important part of the project, however, this can be had by opting out of using Evo until its ready, those who choose to opt in do so with associated risks by choice.
The good thing is now DASH core can come weigh in on this? Hopefully?
 
Thank you for your input into this discussion guys. I need to sit with PMs and TechLeads to figure out if there is any real issue here and if yes, then creat risk mitigation plan.

Please also remember that software development is a process. You cannot develop everything at once, therefore priorities need to be set and functionalities will be developed one after another.
We will work with Dash users and merchants to understand what are their priorities in this space and set priorities according to expectations of the business and our technical abilities.
 
Back
Top