Dear developers,
I am a loyal user of OpenChat. OpenChat uses canister to unify my social, communication, and asset data. However, as I understand it, when we chat privately with an OpenChat user, we can see his canister ID. We can then easily use that ID to query the user’s token balance information and track their transaction history on browsers like ic.house. This is a privacy flaw that exposes both social and asset information in a public setting.
How should this privacy issue be addressed? Is it the responsibility of OpenChat dev or Dfinity? Thanks for reply.
I don’t know if this is necessarily a few as this is quite the standard in all DeSo apps I have used in every ecosystem. Perhaps giving users the option to hide their wallets may be a potential solution for the issue you just brought up.
OpenChat user can send prize message or tips in public group, so it seems can easily find out the wallets, it can’t be possible to hide wallet because canister ID is the address…
We would need this to do that: Derived Canister IDs (Derived Canister Principals).
1 Like
In fact, you can track everything on-chain. Even the NNS neuron account, which is “theoretically” private.
Don’t panic, if you’re not doing anything wrong, you’ll be fine, LOL.
1 Like
Thanks for ur reply, I will read that.
1 Like