polymutex on Warpcast

Content pfp

https://warpcast.com/~/channel/walletbeat

0 reply

0 recast

0 reaction

polymutex pfp

Possibly-controversial change: Should servers running in enclaves be treated as privacy-preserving? https://github.com/walletbeat/walletbeat/commit/294dde48a808c93b1c619171a226ffd40ac908f8

3 replies

2 recasts

7 reactions

Cassie Heart pfp

No. Enclaves should not be considered a black box that makes something private, they get broken all the time

1 reply

0 recast

1 reaction

polymutex pfp

So, to increase the resolution on this, would you rather, all else being equal: (a) Use an Ethereum wallet with an RPC endpoint set to go straight to infura/etc, or (b) Use an Ethereum wallet with an RPC endpoint running in an enclave, with all the properties described in https://warpcast.com/polymutex.eth/0x1157fd6f + TLS terminated in enclave, or (c) See both (a) and (b) as strictly equivalent from a user privacy standpoint? (And why?) I understand this is a false choice and that there are better solutions out there beyond those 3. I'm only suggesting this thought experiment to clarify the rationale and to more carefully describe the properties that (b) does or does not provide, and the assumptions being made about them. For example, @scbuergel calls it "stable era privacy" as opposed to "chaotic era resilience tech" in https://warpcast.com/scbuergel/0x10736373 which seems like a good spectrum to distinguish the difference in quality of privacy provided by such options vs the better alternatives.

1 reply

0 recast

2 reactions

polymutex pfp

Argument for (c): Enclaves get broken all the time, so you might as well ignore the presence of this tech in the stack and treat it as useless. Argument for (b): At least there's a chance your requests aren't getting logged, vs (a) where logging is explicitly stated in their privacy policy. So you're getting "at least as good but possibly better" privacy as (a). Argument for (a): (b) gives you an illusion of privacy that you can't prove is actually there because the enclave might be broken. So you should stay away from (b) as it may be selling you snake oil, whereas with (a) you know exactly what you're getting.

1 reply

0 recast

1 reaction