Privacy

Hello,

Since incognito is privacy focused I have some privacy related questions that might sound amateur but It still important for me to hear and know the answers from the team directly :

1. a. Why does the Android app requires location and camera permissions (I didn’t check ios app to see if it requires there as well)

2. b. How does the location information being used?

3. a. When installing the app what type of device fingerprinting / identification is being used in the app to distinguish a specific device from another and where this data is stored?

4. b. What device / network related information is kept on incognito servers and for how long?

5. The apps include Google SDK which basically means google get all information about every user that install, open and uses the app. Is there any ETA for the app version without google SDK or any google services included in it?

6. If I send some coin for example btc into my incognito wallet, and later send it / trade it within the incognito P-ecosystem with Pcoins and wallets, can the incognito team themselves track these transactions?

For example : if a 3rd party agency will provide the original btc address funds were sent from and legally requires the team to provide full tracking to which Pbtc wallet these coins were credited and what happened with them after, does the team have the option to check and basically follow the money to provide this information?

5. Which analytics being used on incognito.org website (google analytics, Metrica or some open source one)?

6. When registering to incognito is my ip address / device information being logged by incognito db and if so for how long?

That’s all for now,
thanks

Here is a topic with the app permissions and tracking information: Incognito Wallet App's tracking and permissions

It’s a nice topic, but honestly it didn’t answer most question and about permissions it just explain what is each permission.

I still don’t understand why location for example is needed.

Any chance to get clearer answers?

Thank you

Hi @aceupsleeve, @Mike_Wagner gave a correct topic to explain some points of your concern. Let me make some additional comments.

1. As we had explained

ACCESS_COARSE_LOCATION - This lets the app access your approximate location for WiFi connectivity. You can learn more about WiFi scanning here .

2. Currently, the app only asks this location permission when the user sets up a physical node that requires a wifi connection. So we need this permission to get and control the wifi to set up the device.

If you are going to use the Node device, this is also compulsory. You can stop sharing location permission after the setup is finished.

3. That is just the encryption, which is stored locally on your device.

4. We currently store the device information (Samsung Galaxy S20, iPhone XS, etc…) and the OS version (Android 10, iOS 13.3, etc…) for one year.

5. We are aware of that concern, but we decide to delay it until next year. As we are focusing on more important things: The core chain and network integration.

6. Currently, we can still track the receiver of the coin. But we can’t track the amount. For example, Alice sends 10 pBTC to Brown. We can track Alice has sent pBTC to Brown but we can’t track the amount Alice has sent. We are improving with Privacy version 2. It will be available next quarter.

7. The website is using Google analytics and Self Discourse basic metric to track the visits, page views, engagement, etc… This is for SEO purposes.

8. The website doesn’t store any IPs from the users.

Do you think that there are some other privacy aspects that we can improve?

I think most of us want to use cryptocurrency so we can be independent, free, and protected from 3rd parties and government. While today might be stable, we may hold cryptocurrency to hedge against future instability or changes in acceptable standards by whomever is in power. Or we just don’t want others to have our personal information.

I think many of us want:

• Personal privacy protection between receiver and sender.
• Personal privacy protection with Incognito/exchange.
• Personal privacy protection with governments.
• Personal privacy protection with any 3rd party.
• Want Tor like anonymity.
• Want to understand what our risks are.

Information collected can be used against us, and I’m not a security expert to know what those risks are. I also hope Incognito doesn’t log personal identifiable information. For example, if a government seeks the data, there wouldn’t be any data that could identify the parties, usage, location, or anything that can be tracked to the users. Or if there was a hack, the hacker wouldn’t be able to obtain anything identifiable about the parties.

Maybe Incognito should seek 3rd party certification/audits like we see with messaging apps?

Hey @Z32552F thanks for the input! I think we are on the same page about this topic, and we work with security experts and actively communicate with 3rd party companies in terms of audits.

If you take a look at Incognito's 2021 privacy roadmap for the world you fill find that several big modules are still under development (privacy v2, dynamic committee size, etc). Those implementations will increase level of privacy and make the network more robust.

The full scale network review will make sense only once development is finished and those modules are deployed on mainnet.

Meanwhile, all code is open sourced for people or organizations that want to dive in )