ZilPay Privacy data.

ZilPay 0.1.9 include new functions by work with your data.

If you have installed ZilPay extension on FireFox or Chrome, opera. This wallet keeps you privacy data such as “your Zilliqa Address, and balance”.

On any Web site you visit, ZilPay injecting little JavaScript Object for working with dApps. This means that these sites can query your data and call some functions and transactions.

But when it comes to user privacy, this behavior is less than perfect. ZilPay show the Zilliqa proxy object to any site you visit, which means your Zilliqa address is indiscriminately exposed. Since the blockchain is public, your account balance and entire transaction history are retrievable by anyone with your address. Malicious sites can use this data to fingerprint, phish, or track unsuspecting users.

Decision ZilPay in 0.1.9 version.

When you visit web site, ZilPay does not give out your privacy data but this web site can to request for it. When a dApp asks for permission to see your accounts, you’ll see a ZilPay popup like this:

Now you control the distribution of your data.

Also, all permissions are stored and you can delete them in the settings.

This change was introduced due to a security issue regarding how ZilPay inject to DOM environments follow a pattern of injecting a fully-enabled provider into the DOM without user consent. This puts users of such environments at risk because malicious websites can use this provider to view account information and to arbitrarily initiate unwanted ZilPay transactions on a user’s behalf.

Standard EIP-1102 created to protect data privacy.

Thanks to the MetaMask developers and community members who have contributed to this standardization effort!