You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CAIPs/caip-358.md
+18-2Lines changed: 18 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -241,7 +241,23 @@ It also does not attempt to provide dispute functionality. These present ideas f
241
241
242
242
## Privacy Considerations
243
243
244
-
TODO
244
+
### Wallet Address Sharing
245
+
246
+
Wallet addresses were intentionally omitted here both for the purpose of UX simplicity as well as for privacy.
247
+
By opting to limit the usage of a wallet address, we make this API implementable without first needing to request permission for the user's wallet address.
248
+
The wallet address acts as a cross-origin identifier which can be used to link a user's financial transactions across sites.
249
+
Since the wallet address is not needed, we can leave it up to the wallet which address to use.
250
+
Furthermore, it is also the responsibility of the wallet to determine if possible which token they wish to make a payment from, if multiple are accepted.
251
+
This may be done automatically to improve the user experience or allowing the user to select and override assumed defaults.
252
+
253
+
### Transaction Privacy
254
+
255
+
Wallets are encouraged to utilize transaction privacy protocols to prevent payment data from leaking browsing history onchain.
256
+
A complete transaction privacy protocol can be defined as one that prevents manual or automated analysis of transaction data on-chain (e.g. on a block explorer) being enough to identify the sender and/or the recipient of a given transaction.
257
+
A protocol which protects the sender's privacy will prevent leaking of purchase data being used to build a behavioral profile through purchase history of an onchain account.
258
+
A protocol which focuses only on recipient (e.g. merchant) privacy will prevent leaking real-time transaction data of businesses which may constitute "business intelligence" that enables reverse engineering of business practices, intellectual
259
+
property, trade secrets, etc.
260
+
Depending on the use-case, either or both may be necessary to prevent this RPC's on-chain records creating damaging externalities.
245
261
246
262
## Backwards Compatibility
247
263
@@ -262,4 +278,4 @@ TODO
262
278
263
279
## Copyright
264
280
265
-
Copyright and related rights waived via [CC0](../LICENSE).
281
+
Copyright and related rights waived via [CC0](../LICENSE).
0 commit comments