I am looking for more information regarding user security, privacy, and anonymity when using radicle. I don’t have a deep familiarity with Web 3 but my understanding is that anything that uses the Eth blockchain stays there forever. What personally identifiable information (I suspect IP address, computer model/OS information) will be made public if I publish code with radicle? Do you have documentation on this?
Likewise, your documentation says end-to-end encryption is coming. Can you explain what you are planning to encrypt in future development, and if this includes PII?
Hi @Scion6087, if you publish your code to one of the community nodes we currently host, only your code and the git commit information like author name and email is being made public for example on app.radicle.xyz, we do not store any personally identifiable information except the things you decide to publish on the Radicle community nodes.
You are also able to self host a seed node and for example through some kind of authentication system decide who has access to it.
We use the ETH Blockchain currently only as opt-in feature for funding FOSS development through dips and eventually workstreams.
To clarify are you are referring to the author name from git config --local user.name <Name>) and the email address from git config --local user.email <user@example.com>?
It sounds like this information is not stored on a blockchain. Does that mean it is erased / overridden when git config is updated and a new commit to the repository is pushed, or is it retained somewhere?
To clarify are you are referring to the author name from git config --local user.name <Name> ) and the email address from git config --local user.email <user@example.com> ?
Yes that’s the author information I was referring to
It sounds like this information is not stored on a blockchain.
Yes, that’s what I was trying to explain, only if you use e.g. the RAD token for governance, register a .radicle ENS name, the drips protocol or eventually workstreams you interact with a blockchain.
Does that mean it is erased / overridden when git config is updated and a new commit to the repository is pushed, or is it retained somewhere?
If you update your author information with git config and push a new commit, the same as with a local git repo happens, the old commits will still have the old author/committer information and the new commit will have the new information, which will also be stored on the seed node you push to.
It might be worth us to call this out for all users in FAQs somewhere.
Anyone with an existing laptop/environment, has likely set these email/usernames to some personal default. And that may cause people to accidentally dox themselves when they start committing code.
The steps above can help people reconfigure to avoid doxxing.
Are these steps [git-clearHistory] sufficient for users to override existing names / emails connected to their repositories, or do you recommend a different approach? The steps are for pushing to github so I expect there are differences.
# Remove the history from
rm -rf .git
# recreate the repos from the current content only
git init
git add .
git commit -m "Initial commit"
# push to the github remote repos ensuring you overwrite history
git remote add origin git@github.com:<YOUR ACCOUNT>/<YOUR REPOS>.git
git push -u --force origin master
I expect this would only work if other peers have not been brought in as collaborators.
Hey @Scion6087 sorry for the delay, yeah if you remove the entire git history and squash everything into the Initial commit with the desired Author information that would allow to override existing names / emails