Privacy issues in autonomi client and ant-cli libraries

Can someone explain me why is ant-cli using wallet private key to determine vault private key? This looks like mayor privacy issue. My private key for Arbitrum wallet can be forced to be revealed by courts, its related transactions are traceable on chain, linked to my person. So any government authority has a power to find out I own it and force me to reveal it. For example Australia has already some laws forcing people to reveal encrypted data. This private key can than be used to reveal my private vault data. I read vault documentation and it seems there can be any kind of random key for vault.

Therefore I think it would be better to remove this automatic vault key retrieval, and make it optional with big warning about privacy risks. And make default vault key random generation or user assigned, where user has to store this key himself in secure location.

Or it can be in a form, like bitcoin Trezor is using, It uses seed words + passphrase. In Autonomi vault case, it could be privatewallet key + some suitable math operation +hash(password).

Also, there is another privacy problem. Why is RPC server for the wallet official arbitrum clearned RPC server? We have a nice option directly in rust, for Tor routing.

This can solved by standing up a tiny “forward‐proxy” HTTP server on localhost, and wallet would be than configured with that localhost url instead of original clearnet RPC server url.

Tor implementations options are:

default tor service as separate exe + small forward proxy in rust.
or
direct tor rust implementation using arti-client and arti-hyper rust modules.

Doesn’t sound like a security bug to me.

If an adversarial actor (legal or illegal) is able to force someone to reveal a wallet key, seems reasonable to expect they are able to force someone to reveal a file storage key too.

Privacy-preserving intermediate cyptocurrencies & exchanges exist, e.g. someone purchases tether, uniswaps tether for Arbitrum ETH (no reason to reuse the same wallet/key).

If an https RPC connection to Arbitrum is objectionable to a user’s security preferences, such a user can run their own Arbitrum node software (and change their Autonomi RPC configuration to connect to it). That said, what’s being sent when data storage is requested is quote hashes (quotes are generated by the Autonomi node to be paid) - file hashes are not exposed on Arbitrum if I understand correctly.

This is not true. Government knows you own that crypto, so they can force you because they know. That is a reason why Bitcoin trezor introduced passwords. Authorities can seize the trezor, they can force you to reveal pin or recovery seed. But they have no way to find out about whether you used any passwords or how many. So the idea was, to have no password account on trezor with some small irrelevant crypto. And to hide important crypto behind various passwords. Password is just some math manipulation of original private seed… So 2 people with 2 same passwords and different seeds do not have identical wallets. In case you decide that such password protected wallet should be shown to authorities without revealing original seed, it can be done.

This does not preserve privacy at all. Uniswap is on chain, so it thorswap. Once you KYC your initial identity, all on chain activity can be traced among all the DEX exchages and bridges. It is not privacy bud pseudo privacy and the main reason why it is not traced by authorities is the costs/reward reason. But if they investigate big fraud, or big crime, that will track it and find it in that DEX hell. Not talking about AI, that can automate all those processes among all the chains and bridges.

yea, lets tell people, this is super anonymojus, but you have to run your own arbitrum node:) Comeone, it is joke, right?

RPC servers log activity, so they log which IP did what. Reading only is not a big deal, anyone can watch anything on public blockchain, but doing actual transactions and broadcasting them gives government a way to find out who does it, and this is the easiest way hot to bind real people to blockchain activity.Tor routing is a must here to keep the privacy.

I don’t think this is a fundamental issue. It may be a limitation if the CLI but not the libraries.

The API separates owner and payment, but it’s up to the app developer to make use of that.

The owner could be derived from the wallet using a “password” in the same way you describe for Trezor. In fact dweb does this but for other reasons, so those derived keys aren’t secret unless the app provides a separate owner key - which it can if using dweb REST API.

This is a good discussion to have, because I agree it will be important for some use cases and best practice in general should be designed to maximise privacy.

dweb REST API probably needs to support a password as well (optional, decided by the app and user). So I’ll make a note about this.

It might be worth raising an issue for ant-cli, to provide an optional password argument and for it to use that to derive a separate owner key.

I should have said monero not tether. Use a compatible exchange to trade monero for ETH at a new wallet address.

Yes, the point I was making is that quote hashes (the storage payment) reveals nothing about the contents of the data being stored (nor even the chunks’ self-encrypted hash*), so if your security preference is to hide even that from the operator of the Arbitrum https gateway for some reason, it’s possible.

* only you and the storage node that you pay has a copy of the underlying quote (and chunk hash, which isn’t enough to learn the content of the self-encrypted data stored across chunks).

In case anyone is interested, I have implemented Rust app, that can be run on localhost and can route any url via tor.

So instead of using original RPC server url you can url encode it like this: http://localhost:9090/[url_encode(https://arb1.arbitrum.io/rpc)]

which gives:
http://localhost:9856/https%3A%2F%2Farb1.arbitrum.io%2Frpc

So you can past this localhost url as a RPC_URL parameter to autonomi and it will hide your IP activity, so that RPC server will now know who you are.

This can also be used in any wallet that allows you to pick an rpc server. Like Metamask, you can hide your identity in all crypto wallets like this.

I don’t have github and I am not sure I want to publish it, so I could share it privately. I will share source code only, not binaries.

In case anyone in the future will want to configure his RPC_URL for command line tool, it is not documented feature.

It seems that specifying only RPC_URL does not work, there are 3 parameters to be specified as environment variables, which will create custom network before actual ant cli commands are called. Since the goal is to use main network but with different than original official RPC server, that tracks your IP address, we need to set up those 2 additional parameters same as original network.

So on Windows powershell do this:

$env:RPC_URL = “https://arb1.arbitrum.io/rpc”
$env:PAYMENT_TOKEN_ADDRESS = “a78d8321B20c4Ef90eCd72f2588AA985A4BDb684”
$env:DATA_PAYMENTS_ADDRESS = “B1b5219f8Aaa18037A2506626Dd0406a46f70BcC”

if you are using command line, do this:

set RPC_URL = “https://arb1.arbitrum.io/rpc”
set PAYMENT_TOKEN_ADDRESS = “a78d8321B20c4Ef90eCd72f2588AA985A4BDb684”
set DATA_PAYMENTS_ADDRESS = “B1b5219f8Aaa18037A2506626Dd0406a46f70BcC”

And now you can for example check your balance using this new RPC server.

ant wallet balance

In case you want to do this for test networks or any other network, here are the values for each network

const ARBITRUM_ONE_PAYMENT_TOKEN_ADDRESS: Address =
address!(“a78d8321B20c4Ef90eCd72f2588AA985A4BDb684”);

const ARBITRUM_SEPOLIA_PAYMENT_TOKEN_ADDRESS: Address =
address!(“BE1802c27C324a28aeBcd7eeC7D734246C807194”);

const ARBITRUM_SEPOLIA_TEST_PAYMENT_TOKEN_ADDRESS: Address =
address!(“4bc1aCE0E66170375462cB4E6Af42Ad4D5EC689C”);

const ARBITRUM_ONE_DATA_PAYMENTS_ADDRESS: Address =
address!(“B1b5219f8Aaa18037A2506626Dd0406a46f70BcC”);

const ARBITRUM_SEPOLIA_DATA_PAYMENTS_ADDRESS: Address =
address!(“993C7739f50899A997fEF20860554b8a28113634”);

const ARBITRUM_SEPOLIA_TEST_DATA_PAYMENTS_ADDRESS: Address =
address!(“7f0842a78f7d4085d975ba91d630d680f91b1295”);

In case anyone feels a need to hide his ass behind tor, when doing transactions and balance checking on autonomi, I can send him my implementation of localhost proxy, that can proxy any RPC server over tor network.