How robust is the privacy here if you can reverse transactions and collect IP address?

Hi guys,

I was looking at your privacy policy and terms of service and noticed a few things that seem at odds with the mission of incognito and privacy.

First, the privacy policy:

1. You agree to permit us to track your activities on the Website and the Apps.

2. If you are willing to use the services offered by us, you will be required to fill in and provide the following two categories of information:

1. Identity Information
We do not collect identity information nor do we require user registration for using the Service.

2. Service information
Such information helps us to contact you and provide you with our service and includes but not limited to, your email address (hereinafter collectively referred to as ”service information”).

It was the “but not limited to” that caught my attention. So I was wondering what is / can be tracked here?

Also, in regards to California residents:

Depending on how you interact with our Website, Apps and the Service, we may collect the following categories of personal information about you, in addition to the information we collect in connection with providing financial products and services:

- Identifiers, such as your name and contact information, IP address, and mobile device identifiers

- Commercial information such as purchase history

- Internet usage information, such as browsing history, access history, and use and interaction with our website.

I assume this just for residents of California? If so surely you would have to monitor IP address to know… and then you are monitoring everyones IP address.

And lastly, on your terms of service page I found this:

We perform periodic screening of transactions for suspicious activities. Certain suspicious transactions might be reported directly to relevant authorities without informing you in advance. In case of transactions we deemed suspicious, we reserve the right to revert the transaction to its original sources and may take action to report such transactions. Furthermore, we reserve the right to refuse to provide services to the account holder.

Does this mean devs can view transactions across the network and roll back transactions whenever they like?

That more or less says to me that we agree to be tracked, and that transactions can be monitored and reversed, which doesn’t seem all that private.

I am sure it is not as it seems, but obviously it would be great to hear your side of this… On what devs can see and do, or not see and not do.

Btw, I love the protocol and the work you guys have done here.

First of all, I am a regular user of the app and I really like incognito. But these are very good questions by @JimJam .
In addition to that and at the risk that these questions may have been asked before:

• is the source code of the app 100% open source?
• is the code audited regularly?
• are there other apps (i.e. wallets) that can interact with the protocol?

Thx to the team, would love to hear from you guys and thank you JimJam to bring this to attention.

Jay

Short answer, yes! You can find the code to the network, apps, website, node monitor, etc all on our GitHub: https://github.com/incognitochain/

Long answer, still mostly yes! The 2 aspects that are not open source would be the pNode reward structure and Provide backend structure.

The smart contracts are pretty standard and were audited by coinspect, you can find their report here: https://www.coinspect.com/doc/Incognito%20-%20Smart%20Contract%20Audit.pdf

You’ll notice the date of the audit is from April 2021, that’s an issue isn’t it? No, the smart contracts have not changed since that audit. If a change is ever needed and/or an upgrade is needed then we would have them re-audited.

There are a few community members / teams working on some external wallets and projects. However, we offer the following ways to interact with the Incognito blockchain: Android app, iOS app, Incognito-CLI, a browser extension and soon support for ledger wallet.

Jared did not respond to the original questions:
Are our IP addresses stored? If so, are they filed along with our email addresses and public keys?
Can transactions actually be reversed?

After posting the original post, I did some more browsing through the forum, and I came across this post explaining how the team look to possibly deal with AML and the travel rule imposed by the FATF.

Post here: A few changes...

It discusses ways to scan for and ban incoming transactions that could be suspicious or linked to sanctioned or blacklisted wallets (such as wallets linked to hacks etc). In that scenario transfers into the network could be reverted to the original deposit address from outside the network. I assume this is what they refer to when they claim to “reverse transactions”.

However, it would still be interesting for the team to mention how they deal with the original questions posted. Ie. how IP address and other tracking data are collected, and what devs can see and change on the network.

I know you guys are busy, but would great to hear from you when you get the chance.

hello guys, thinking that obtaining responses to the original post would add value & be interesting for the community

could any of the developers take time to do so?

thanking you in advance for your kind & speedy help