redesign privacy

[sirpy]

• keep only hashes of user email+mobile on our database (mautic as only storage of contacts)

  • user dup search needs to be updated
  • admin get/delete needs to be updated

• keep user zoomid encrypted

• keep user seed phrase encrypted

• keep user blockchain id encrypted

• account recover, requires use of special master key to decrypt

• can require user to perform zoom authentication

[sirpy]

@LiavGut @tzvister waiting your input, this came up from Dorit, it makes sense to maybe give us more ability to help users recover their wallet, until we educate them.

[tzvister]

What's the input you're looking for? It does make sense for us to be able to help users.

[LiavGut]

But by doing that, the users are "losing" their sole control over their accounts. We need to keep that in mind while we deciding on it.

[sirpy]

@tzvister initially we were oriented at full privacy, non custodial etc. so we didnt keep in our records link between user record and his facial record and to his blockchain address. So in order to provide better support it is suggested that we do keep a link in our records. The main changes suggested are:

1. keep user seed phrase in our database encrypted by some master key that can only be decrypted after a certain "bureaucratic" process on our side to validate the user is reallywho he is, in order to be able to let them recover their wallet.
2. currently we dont keep connection between user record and his facial features, in case user loses his wallet, we can't easily delete his facial record, so if he wanted to open a new account he wont be able to do so
3. currently we dont keep connection between user record and his blockchain address. so if user fakes that he lost his wallet and we let him re-register, we dont have a way to blacklist his old account, so technically he might continue to claim in both wallets.

[sirpy]

FR record deleted after two weeks. whitelisting also is valid for two weeks