Improve NFT privacy - Githubissues

MetaMask / metamask-mobile

Mobile web browser providing access to websites that use the Ethereum blockchain

https://metamask.io

Other

2.16k stars 1.11k forks source link

Improve NFT privacy #2733

Open omnat opened 3 years ago

omnat commented 3 years ago

Issue to improve security and privacy regarding the loading of images in Collectibles.

DanF: We should only load NFT images from decentralized/static sources by default, and prompt a user to click "load image from [whatever].[com/net/etc]" before pinging centralized servers for auto-detected NFTs. We should either proxy image requests or “load on click”.

Tweet pointing the issue with NFTs images

Proposed solutions

Improve UX to inform the users about the risk of loading images from centralized servers and giving them the option to opt out in autoloading the images.
Develop an image proxy to protect the user's data and use the UX improvement as a fallback in case the proxy is down.

To consider https://consensys.slack.com/archives/G4V2HTG0Y/p1626891700217800

cjeria commented 3 years ago

This reminds me of the email preference to "ask me before displaying external images". Google actually has developed secure proxy servers to address these security and privacy concerns (pretty interesting if we want to ever aim for security by default and do something similar) See here https://gmail.googleblog.com/2013/12/images-now-showing.html

I've started a Figma file with some of these patterns for us to reference https://www.figma.com/file/T6y4y8nYAH1EyEBMXV8xLw/Improve-NFT-Privacy?node-id=0%3A1

Customization options by the user

1. Autoloading assets off by default (more UX friction, more secure)

Always ask users if they wish to display assets per NFT. Don't ask again for NFTs that have been displayed by the user.
First-time UX - notify the user that they can turn on autoloading in settings and mention the risks.

2. Turn on autoloading assets from Settings (Smoother UX, less secure)