alltheseas
commented
1 month ago A few privacy questions: 1) does zap store know which npubs downlaod which apps?
The relay does not log but currently has access to the device installed apps when querying for updates. #58 could fix this
Artifacts are requested directly from the source by default (e.g. github). This info is shown in the alert dialog on first install. There is a fallback to the zs blossom server (https://cdn.zap.store) though. In the future we should honor npub's blossom server list.
2) does the app dev know which npubs download their app(s)?
No, unless the file servers gather data and associate IPs with npubs AND share it with devs - possible but unlikely
3) does zapstore know the IP address of the users?
The relay does not log IP addresses but there is no way for users to verify, they should use a VPN or Tor
4) is any other information observable by zapstore?
Searches for example
5) what/is any information recorded by zapstore?
The relay none but they have to trust us on that, so the zs client should enable as many verifiable guarantees as possible
6) for how long? 7) in what ways does zapstore use relays?
In the future users will be able to switch relays, each has its own privacy reputation
8) does zapstore use its own relay?
Yeah
9) does zapstore provide/offer any in-app tracking post download & install?
Answered above
10) how does zapstore know which app versions are installed on the user's device?
Android allows querying for this information with a permission bundled in the app. #42 can help here
11) is there "delete all my info" functionality?
Nothing to do on the relay side as no personal information is stored, a button to remove local storage will be available #45
franzaps
Privacy is a fundamental value at zap.store . Any privacy issues are unintentional and due to lack of time not malice, we're not fucking Google