uport-project / uport-registry

Core uPort registry contract for linking attributes to uPort identities. DEPRECATED
Apache License 2.0
64 stars 27 forks source link

Regarding privacy of data #23

Closed varunagarwal315 closed 7 years ago

varunagarwal315 commented 7 years ago

Hi, this is probably the wrong place to ask a query but I couldn't find a better option.

In the About section, it is mentioned that uPort identity is stored as a JSON structure (IPFS) and a hash of that on the blockchain. Isn't is possible for someone to simply query the smart contracts and get the list of hash available and open them on ipfs to extract customer data by going through non-empty blocks, which can raise a privacy issue.

I wanted to understand if uPort has an encryption mechanism to safegaurd data of people.

Sorry if this is not the correct place, but if someone replies then TIA.

oed commented 7 years ago

Yes, that is possible. Encryption of this data is something we want to add, but it's not a priority right now.

varunagarwal315 commented 7 years ago

Well if that is not a priority, could you give me some information/guidance so perhaps, I can have a go at it? Would love to help out in some way or the other.

oed commented 7 years ago

Thanks for the offer :) However this is something that is likely to impact most of the uport system and we therefore want to think through it thoroughly before we start implementing it. Personally I think this is a very important feature that uport needs to have, and I will push to get it in sooner rather than later.

davux commented 7 years ago

I think it is valuable that someone wants to impulse a given effort, especially one that is desired by the team anyway. There should be at least a space to discuss possible options as a community, be it this very issue, a page on the wiki...

In my humble opinion, "don't do anything because we want to be part of the discussion but we're not available" is not a nice thing to say when you want a community to raise around your project. Plenty of minds are available and could come up with something great if you guys allow yourselves to losen a little bit of exclusive control.

coder5876 commented 7 years ago

@varunagarwal315 @davux Thanks for your interest! In the latest version we have removed all public data from what’s linked on the blockchain, so this particular privacy issue is mitigated.