anonymous-social

Anonymous social is a project designed to explore privacy in a social network setting. In social media applications nowadays, privacy is minimal and users are often easily doxxed simply from their profile. We believe privacy should be a right users have access to and that good meaningful conversations can be had without revealing who you exactly are.

What do we mean by this?

Imagine you're browsing Reddit, a social forum, and you come across a subreddit called /r/wallstreetbets. Wallstreetbets is a subreddit known for rampant speculation and users talking about their recent trades, often without showing proofs of these trades. So who can you believe is telling the truth and who is lying? It is next to impossible right now on Reddit, and other social platforms, without having the user upload directly a copy of their recent trades, which would immediately dox most of their identity.

Using TEEs and ZKPs, we now are able to achieve private computations which isolate (private) user input to generate proofs of any data! Combine these technologies with an attestation protocol and we have a synergistic private compute stack that allows us to verify certain properties about ourselves we want to make known and hide the others that we do not.

In the proof-of-concept for Anonymous Social, we implemented a proof of ticket from ETHGlobal using Email Proofs to verify that a user had received the email invitation with the ticket from ETHGlobal to attend ETHGlobal Bangkok. We transport the original email as an encrypted file using the public key from Phala Network's TEE to maintain user privacy and only the TEE knows and does the computation on the email to pre-process it and run the Email Proof from vlayer.xyz, and then post it on-chain using Sign Protocol. In this process, user details are not shared with anyone but the TEE and data can be assumed to a high degree to not have been leaked.

While in the short time span of this hackathon we only managed to implement verification of invitation to ETHGlobal Bangkok, there are countless of things users can prove about themselves. For example, we can have communities comprised of traders where there is a required amount of returns over time that need to be verified before allowing entry to the community. This data to compute returns is almost never shared publicly due to privacy reasons and with TEE + ZK secure computations, we can ask the user for such data with the confidence to never leak it. This allows us, as well as users, to create dynamic communities with trust that a person they are speaking to have certain qualities, all while not revealing their full identity!

To create a seamless onboarding experience, we use Dynamic's wallet kit. Specifically, we needed a wallet kit that allowed a user to sign easily through any identity they preferred, with a blank wallet being the most secure in terms of privacy as there would be no traces of identity other than the wallet address.

The frontend is created as a generic NextJS project using shadcn components and serves as the user interface to interact easily with our Email Proof + TEE backend. When a user chooses to upload their .eml file, in a production setting, Phala Network's API would encrypt the data at rest before sending it over to the TEE, in which the backend is running, and decrypt it there. Once the .eml file is received in the backend, it is decrypted and pre-processed to verify using Email Proofs from vlayer.xyz. When the Email Proof from vlayer returns as successful, the TEE then makes a create attestation call to the Sign Protocol contracts to upload this attestation for our platform (and others) to use.

The current documentation for these sponsors are lacking a little in detail, which is expected as they are relatively new and putting out new APIs for us to use. However, this meant that a majority of my project was very difficult/otherwise impossible to deploy without partner integrations. As such, the demo that I have only runs locally. A hacky solution I found for running vlayer through the TEE is to have some ports exposed between the host and the Docker container to allow http access. Some further hacky work that needed to be done was to edit the public package for vlayer's sdk within the node_modules because the current iteration is not working as expected.