Closed sirpy closed 4 years ago
@LiavGut @tzvister waiting your input, this came up from Dorit, it makes sense to maybe give us more ability to help users recover their wallet, until we educate them.
What's the input you're looking for? It does make sense for us to be able to help users.
But by doing that, the users are "losing" their sole control over their accounts. We need to keep that in mind while we deciding on it.
@tzvister initially we were oriented at full privacy, non custodial etc. so we didnt keep in our records link between user record and his facial record and to his blockchain address. So in order to provide better support it is suggested that we do keep a link in our records. The main changes suggested are:
FR record deleted after two weeks. whitelisting also is valid for two weeks
keep only hashes of user email+mobile on our database (mautic as only storage of contacts)
keep user zoomid encrypted
keep user seed phrase encrypted
keep user blockchain id encrypted
account recover, requires use of special master key to decrypt
can require user to perform zoom authentication