Risks & Mitigants

No technological solution is perfect. However, we’re taking deliberate steps toward prevention and intervention to ensure that content is kept within the Privy ecosystem. We’ll be transparent with our customer on which things our protocol and corresponding consumer app can provide and what it cannot.

1. Risk: The Privy Delegate Operator system is hacked by a third party, compromising the Virtual Account System and the ability to onboard users. Mitigants: A multi-signature operator system can operate as an intentional deadlock in the event a non-expected Operator operation is attempted/emitted/recognized outside of the multisig cycle. The compromised operator is then ejected and replaced. In the event of total multisig-level compromise, on-chain data is rolled back to the priormost stable point, with diffs being parity-checked.

2. Risk: Privy user wallet addresses are public information presenting an opportunity for a threat actor to try to reverse-engineer and expose information about the user. Mitigants: By default, virtual accounts are symbolic transaction signers that do not carry asset or financial information ; if a user opts to connect with their own wallet, it is recommended to create a separate empty address using the same BIP39 mnemonic (one BIP39 mnemonic can support the creation of multiple addresses which are not publicly linked together).

3. Risk: A bad actor submits content to the system that they are not the true owner of, resulting in a misattribution of recorded content and thereby degrading the integrity of the system. Mitigants: In the event of a bad actor duplicating already-existing on-chain content, a provenance comparison can assist the check for content. In the event of a bad actor submitting data on-chain which exists for the first time, human intervention / community escalation can assist the remediation process with off-chain comparison.

4. Risk: A node goes rogue/is hacked. Mitigants: As storage nodes are by definition public, their publicly-hosted encrypted content remains safe. If a single verification node goes rogue, decentralized consensus mechanism persists and transactions occur.

5. Risk: Bad actors upload harmful or illegal content i.e. Child Sexual Abuse Material (CSAM) onto the PrivyCam system. Mitigants: - Our real-time capture system, deters the fast proliferation of harmful content. - Privy can leverage KYC and age verification technology that verifies a user is over the age of 18. - Privy can partner with currently-in-market hash matching tools to vet content against registered CSAM material.