Make Exodus usage more private

[ajvsol]

From what I understand currently there is some noise being added to help obfuscate what apps you have installed, but multiple syncs will make the noise meaningless. This is concerning especially from a privacy-focused app.

Is there no way this can be done in an end-to-end encrypted/zero knowledge manner?

One solution is an optional setting to download the report for every app, and then locally only the reports for installed apps are kept.

Another is Tor support. This way all you know is some anonymous user has XYZ installed apps.

[lionirdeadman]

End-to-end in this context is already done by HTTPS and Zero Knowledge is simply impossible, Exodus needs information to function.

I don't think anything other than noise (which they seem to do according to you) and TOR could be done to make Exodus more private. TOR should probably be optional because it would require Orbot and would be rather slow.

[Schoumi]

Sorry for the delay of this answer.

We don't store any data from user and are unable to do it (user ip are not saved in any log) and don't want to identify anybody.

End to End encryption doesn't avoid us to know you if we want to because the exchange is still between you and us. So implement this will only to try to avoid man in the middle between you and us.

If you have knowledge on how to send specific data to the user with zero knowledge you're welcome to help us make the app and api more private if it's possible but the app needs specifics reports, it's impossible to send all the database (cf below).

Don't know much on zero knowledge but since we need to send you data, we need to select at least data you want + other data you don't want, noise make that job. Zero Knowledge could do more on this? If we know your ip and a part of data you want on each request we can, like you said, retrieve the exact data you want at the end or i'm wrong somewhere? (like i said i don't know much on zero knowledge)

Download report for every app is impossible. At the beginning of the app, we have made that but at that time database was lighter and weight 1Mo and was generated for each connection (data can change each seconds). It was very slow and need a good network connection to retrieve the full data so we have drop this to add noise and only get data requested. I don't know the actual weight but it should be at least 100 times heavier and generate for each connection is impossible with that amount of data.

You can use tor and vpn to not be found but it's not on our main goal to do more on this, we have many work to do to improve things. I understand you may don't trust us but can't do better right now.

Our code is open and contributions are welcome :) You can make donation too, to allow us to give more time to improve things. :)

I hope i have answer to you and will be happy y to continue to discuss about it if you want to and will be happy if you have knowledge that i can learn from you. :)

[ItsIgnacioPortal]

Technical solutions are being discussed on #64. This issue should be closed.