Data protection laws, such as the EU’s General Data Protection Regulation (GDPR), establish a comprehensive framework of individual rights intended to give data subjects greater control over the processing of their personal data. Together, these data protection rights aim to empower individuals while restricting how organizations use and process that
Privacy depends on more than promises or compliance. This blog explains how policy creates obligations, but system architecture determines outcomes, shaping what data can be collected, linked, or exposed. Why Law Creates Obligations—but Architecture Determines Outcomes Privacy failures are rarely the result of a single mistake. More often, they emerge
We performed a security audit of TACEO’s OPRF Noir circuits within their OPRF service, which provides publicly verifiable, privacy-preserving nullifiers via a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our findings, click here: Report
We performed a security audit of the upgraded version of TACEO’s Circom circuits used in their Nullifier Oracle service, which implements publicly verifiable, privacy-preserving nullifiers through a verifiable threshold OPRF (Oblivious Pseudorandom Function). Our final audit report was completed on January 26, 2026. To read the full report, including our
Privacy is often treated as a feature or a promise. Add encryption, write a policy, or comply with a regulation, and privacy is assumed to follow. Our work this past year reinforced our longstanding core principle: privacy holds when it is enforced by system design. When privacy depends on process,
Recently, we encountered a situation that underscored the importance of verifiable transparency. A modified version of one of our audit reports was shared online through an unauthorized link pointing to a URL designed to resemble our official domain. We identified and addressed the issue promptly, but the incident reinforced why
Our team performed a security audit of the Confidential Transfer component of the Solana Token-2022 program. The project, combining the Token-2022 extensions with the zk-elGamal/zk‐sdk, delivers privacy‐preserving token operations while keeping balances and transaction validity cryptographically verifiable via homomorphic twisted ElGamal and Bulletproofs‐based range proofs. Our final audit report was
Least Authority reviewed the changes made to Zebra that will be introduced in the NU6.1 network upgrade. The Zebra project is a Rust implementation of a Zcash node, developed by the Zcash Foundation as an alternative to the reference zcashd client. Its core functionality centers on validating blocks, enforcing consensus