avian-flightdeck

Privacy-First Security Approach

Overview

The Avian FlightDeck Wallet takes a privacy-first approach to security, ensuring that user data is minimized and wallet addresses are not unnecessarily linked to user identities.

Core Privacy Principles

  1. Data Minimization: We collect and store only what’s absolutely necessary
  2. No User-Wallet Linking: We avoid creating permanent links between user accounts and wallet addresses
  3. Cryptographic Verification: Wallet ownership is verified through signatures, not database records
  4. Local Verification: Critical security checks happen locally on the device

How It Works

1. Wallet Ownership Verification

Wallet ownership is verified locally through cryptographic operations:

// Example of verifying wallet ownership
const isValidSignature = verifySignature(walletAddress, message, signature);

// Only proceed if signature is valid
if (isValidSignature) {
  // Proceed with operation now that ownership is verified
  // ...
}

2. Local Storage Privacy

The client-side architecture ensures privacy by:

  1. Storing notification preferences locally in the browser
  2. Using IndexedDB for secure, persistent storage
  3. Processing all notification triggers locally without server communication
  4. No transmission of wallet addresses for notification purposes

3. Privacy-Preserving Local Audit Logs

The local audit logs track security events without exposing user identity:

Benefits

Implementation Details

This privacy-first approach is implemented throughout the codebase in the storage and service layers.