13

hi everyone, this is my first submission to Kiwi :) thanks to Mac for helping me get started Phil wrote this post a few months after trying out Fluidkey, the product I'm building if you have any thoughts, feedback or questions about it, I'd love to engage here
I saw the demo at Devcon, and it looked slick. And it's good that it works on L2s because Railgun IIRC works only for Mainnet, meaning sending money there is expensive. I have one question about privacy - IIRC, Fluidkey needs to have view access to display all my stealth addresses in the dashboard. How is this access protected from the risk of Fluidkey getting hacked and the data about the links between stealth addresses getting out?
Thanks mac! Yes, currently Fluidkey requires view access to enable a UX that is as smooth as regular wallets. It's a tradeoff we took and are transparent about as it still allows for much stronger privacy than the current default while removing a lot of the friction other privacy solutions bring with them. Now to your question - first off, we limit the amount of data we collect to the bare minimum: you can get started just by connecting with a wallet address that doesn't have any past history. We are of course also making sure to follow best practices in terms of data security. In an ideal world, Fluidkey v2 doesn't even require any view access, but for this to work there are some fundamental technical challenges still to solve. For example, you'd need to be able to generate stealth addresses and resolve them via ENS with FHE or another technology that allows the whole process to happen in a fully encrypted way. We have some ideas around this, but it's definitely still early days. Until then, I'd recommend using Fluidkey in combination with other privacy best practices. Btw if you are interested in diving deeper, this is a great report about stealth addresses: https://simbro.medium.com/privacy-in-ethereum-stealth-addresses-f05016109010