[Feat]: AP2 should require private transactions to avoid leaking browsing history onchain

[kdenhartog]

Is your feature request related to a problem? Please describe.

Yes, currently nearly all transactions are publicly available onchain unless the user specifically uses a privacy protocol. A wallet address then acts a globally unique identifier which becomes a third party cookie that can be used to both link the user across sites in a cross origin manner, as well as produces onchain data which is highly correlated to the users browsing history based on their transactions published onchain.

More details are described here: https://kyledenhartog.com/recreating-web3-cross-origin-tracking/

Describe the solution you'd like

In order for this to work within the context of a browser, it will need to make the transactions private by default. Similarly, we need to restructure the payment APIs built into wallets so that the wallet is not sharing a wallet address with each site and instead this is handled by the client as is described in CAIP-358. This will prevent the user from being tracked via their wallet address or their onchain data in a way that violates GDPR.

Describe alternatives you've considered

No response

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[loganaden]

Apart from European countries that follow GDPR, Mauritius - an african country - also has its equivalent called Mauritius Data Protection Act.

There is a similar clause:

“consent” means any freely given specific, informed and
unambiguous indication of the wishes of a data subject,
either by a statement or a clear affirmative action, by which
he signifies his agreement to personal data relating to him
being processed;

[ricp]

Thailand also has the equivalent since 2019, the Personal Data Protection Act B.E. 2562 (2019), also known as the PDPA.

Section 19 of the PDPA says a data controller must not collect/use/disclose personal data unless the data subject has given consent before or at the time of collection (unless another legal basis applies).

[kdenhartog]

Yeah I didn’t want to get into the rabbit hole of citing every data protection law that may or may not require this. As an example, my interpretation of the CCPA is that this wouldn’t qualify as personal information because this information is widely considered available publicly. It is something that needs to be considered though is how regulations apply here in the more general sense but that’s not a protocol specific concern it’s an implementation concern. However the protocol should provide a way to include privacy by default to reduce the bar for legal advice necessary to deploy this.