Privacy-First Security Approach
Overview
The Avian FlightDeck Wallet takes a privacy-first approach to security, ensuring that user data is minimized and wallet addresses are not unnecessarily linked to user identities.
Core Privacy Principles
- Data Minimization: We collect and store only what’s absolutely necessary
- No User-Wallet Linking: We avoid creating permanent links between user accounts and wallet addresses
- Cryptographic Verification: Wallet ownership is verified through signatures, not database records
- Local Verification: Critical security checks happen locally on the device
How It Works
1. Wallet Ownership Verification
Wallet ownership is verified locally through cryptographic operations:
// Example of verifying wallet ownership
const isValidSignature = verifySignature(walletAddress, message, signature);
// Only proceed if signature is valid
if (isValidSignature) {
// Proceed with operation now that ownership is verified
// ...
}
2. Local Storage Privacy
The client-side architecture ensures privacy by:
- Storing notification preferences locally in the browser
- Using IndexedDB for secure, persistent storage
- Processing all notification triggers locally without server communication
- No transmission of wallet addresses for notification purposes
3. Privacy-Preserving Local Audit Logs
The local audit logs track security events without exposing user identity:
- Store minimal required information
- Log the wallet address (which is pseudonymous)
- Log the action performed
- Keep logs locally on the device
Benefits
- Enhanced Privacy: No server-side storage of sensitive user data
- Reduced Data Risk: All sensitive data remains on the user’s device
- Regulatory Compliance: Helps meet GDPR, CCPA, and other privacy regulations
- Self-Custody Principles: Aligns with cryptocurrency principles of sovereignty and ownership
- Simplified Architecture: No database dependencies simplify deployment and maintenance
Implementation Details
This privacy-first approach is implemented throughout the codebase in the storage and service layers.