Maximizing User Privacy

I have a new app that I am working on where user privacy is of the utmost importance. Users will be cryptographically associating their user account with Bitcoin addresses, and I don’t want to store any data that can link their identity to their Bitcoin address.

I need to ensure that no IP addresses, emails, or other personally identiable information is stored (in case the server becomes compromised). Email-less user account packages exist, so I don’t think that’s a problem…

Correct me if I am wrong, but the only place that I am aware of that IP addresses are stored is in the accounts-base session logic after a session key and cookie are generated. Therefore, disabling the renewable session feature (or the accounts-base package) essentially stops all logging of IP addresses.

Is this correct?

A lot depends on how deep you want to go. For example, can you trust the infrastructure provider?

I’m interested in your response if I were to answer no, but I think you may be alluding to if the server is compromised… then IP addresses can be aggregated from that point forward- even if they weren’t being stored when the app was running “purely”?

Obfuscating the server’s location would help make compromising the server harder, so this app probably needs to be ran as an Onion service. Considering I am not doing anything illegal, I didn’t think of that before. Thanks for the idea…

A secure hosting environment would be paramount for such an app, and users will be informed at account registration of the possible risks associated with having your Bitcoin address tied to your identity. Use of a VPN/TOR/(or similar) will be highly recommended to users, along with a unique-to-this-app pseudonymous username.

Some background:
Essentially, I’d like to make Bitcoin ownership a prerequisite to joining an exclusive club only for Bitcoin stakeholders. To register for the club, you will need to sign a random memo generated by the server to prove you have access to the private key of an address that owns Bitcoins. I am going to start with just a simple chat room, and see where it goes from there… aka. let the club form organically and continue development on the most-requested features.

Maybe something like this:

I think its a very complicated question, and I would not be comfortable giving any suggestions / guarantees here.

However, if there is one person to consult about this, its @pcorey