Privacy depends on more than promises or compliance. This blog explains how policy creates obligations, but system architecture determines outcomes, shaping what data can be collected, linked, or exposed. Why Law Creates Obligations—but Architecture Determines Outcomes Privacy failures are rarely the result of a single mistake. More often, they emerge
Privacy is often treated as a feature or a promise. Add encryption, write a policy, or comply with a regulation, and privacy is assumed to follow. Our work this past year reinforced our longstanding core principle: privacy holds when it is enforced by system design. When privacy depends on process,
Recently, we encountered a situation that underscored the importance of verifiable transparency. A modified version of one of our audit reports was shared online through an unauthorized link pointing to a URL designed to resemble our official domain. We identified and addressed the issue promptly, but the incident reinforced why
Our team performed a security audit of the Confidential Transfer component of the Solana Token-2022 program. The project, combining the Token-2022 extensions with the zk-elGamal/zk‐sdk, delivers privacy‐preserving token operations while keeping balances and transaction validity cryptographically verifiable via homomorphic twisted ElGamal and Bulletproofs‐based range proofs. Our final audit report was
Least Authority reviewed the changes made to Zebra that will be introduced in the NU6.1 network upgrade. The Zebra project is a Rust implementation of a Zcash node, developed by the Zcash Foundation as an alternative to the reference zcashd client. Its core functionality centers on validating blocks, enforcing consensus
Data protection laws often do not apply to the lesser-known category of “anonymous data”. There are misleading claims and new risks. Privacy’s Newest Threat It’s no secret that in today’s digital economy, an era in which data is the new oil, entities are collecting, sharing, and analyzing personal information at
What if Privacy Were the Default? Most digital services still require accounts, personal data, and behavioral tracking permissions, even for simple actions. It’s often assumed that convenience depends on identity. But that assumption is outdated. Tools like anonymous credentials make it possible to build services where an identifying profile is
Aligned Layer is a verification layer for zero-knowledge proofs using Eigen Layer. Our team recently performed a security audit of the Aligned Layer system as part of a multi-firm audit, targeting Aligned Layer version 0.4.0. In this review, we performed a follow-up audit, focusing on the changes between Aligned Layer