After the KYC documents are issued, Alio users are concerned about their privacy
Aleo, a blockchain platform that focuses on zero-knowledge (zk) applications, has released its users' data. Users raised concerns on the X social platform and informed the Layer-1 (L-1) platform about the issue.
A user named @0xemirsoyturk mistakenly sent Aleo Know Your Customer (KYC) documents to his email. These documents included selfies and ID card photos of other users, which raised concerns about the security of the data.
Zero Knowledge Layer-1 blockchain platforms focus on providing enhanced privacy and security to users. To enable transactions without revealing specific details, they use zero-knowledge authentication encryption techniques that ensure confidentiality.
This privacy-focused approach makes it challenging for outside parties to find or access sensitive information, giving users more control over their data. These platforms aim to enhance privacy in blockchain transactions, making them more secure and confidential for participants.
Another user @Selim_jpeg confirmed the claim saying that he got another user's KYC documents via email.
To claim rewards on Aleo, users must complete KYC/AML and pass Office of Foreign Assets Control (OFAC) screening in accordance with Aleo's internal policies. Users must complete this process for HackerOne – a third-party protocol to collect users' unencrypted KYC data.
Related: Citrea Raises $2.7M Seed Fund to Launch Bitcoin ZK-rollup
Mike Sarvodaya, the founder of Galatica, the L1 blockchain infrastructure, told Cointelegraph that in such a protocol design, one should not theoretically access the user's data. he said:
“It would be ridiculous if the Programmable Privacy Protocol used a third party to collect users' unencrypted KYC data if it became public. Apparently, your zk stack is so advanced that you forget how to practice basic opsec.
According to Sarvodaya, the Aleo case surprisingly highlights the value of creating storage and authentication systems for sensitive data such as personally identifiable information (PII) using zero-knowledge or full homomorphic encryption (FHE). In such systems, protocol rules ensure that no party can reveal the stored information.
The Aleo mainnet is set to launch in the next few weeks; Alex Prudden, executive director of the Aleo Foundation, said in an interview with The Block that some final bugs have been taken care of to bring privacy to crypto transactions.
Magazine: What did Satoshi Nakamoto think about ZK-proofs?