Attestations & Privacy: Timing Your Claims & Data Deletion

Blockchain attestations are powerful tools for establishing trust and verification, but they also require careful consideration of privacy implications. This page explains how to strategically manage your attestations across multiple wallet addresses while maintaining your privacy and controlling your data.

The Nature of Attestations and Identity

Wallet Address as Pseudonymous ID

Your wallet address is a public, pseudonymous identifier on the blockchain. Unlike traditional identity systems, it doesn't inherently reveal your real-world identity—that privacy comes from keeping the link between your wallet address and your personal information secret.

Crucial Distinction: No Single Human ID

It is important to understand that Zipwire does not create a single, immutable ID for a unique human being.

Why this matters: In systems that rely on a single underlying identity, accidental disclosure or coercion could potentially link all of your private blockchain interactions. This creates a single point of failure for your privacy.

Zipwire's Approach: Instead, with Zipwire, you can claim any attestation you desire against multiple, distinct wallet addresses. Think of your wallets as separate identities.

User Behavior: Many individuals consciously operate numerous wallet addresses, each dedicated to different purposes, and meticulously work to prevent them from being inadvertently linked.

Attestations as Permanent Facts

Attestations are immutable, permanent facts issued against a wallet address on the blockchain. Once issued, they cannot be removed or altered. This permanence makes them valuable for trust and verification, but also means they become part of your wallet's permanent public record.

Types of Attestations & Privacy Impact

Human/Age Attestations

These attestations reveal "true identity" information such as:

• IsAHuman: Confirms the wallet belongs to a real person

• Age-based attestations: Prove specific age thresholds (e.g., IsOverEighteen, IsOverTwentyOne)

These attestations are more privacy-sensitive because they directly link to your real identity.

Private Data Attestations

These attestations contain random numbers that reveal nothing directly. They're designed for selective disclosure proofs—allowing you to prove possession of specific data without revealing the actual data.

• Document attestations: Based on cryptographic hashes of identity documents

• Selective disclosure: You can prove specific facts (like age) without revealing other information

The Privacy Risk: Linking Wallet Addresses

Problem Statement

The core privacy concern is that claiming attestations against multiple wallet addresses can inadvertently link them together, potentially revealing that they belong to the same person.

Mechanism of Linking

Similar actions occurring at similar times can act as a "fingerprint" or "on-chain heuristic" that allows observers to infer connections between seemingly separate wallet addresses.

Analogy: If two people are seen entering the same building at the same time, observers might infer they're connected, even if they're actually strangers. Similarly, if two wallet addresses claim the same type of attestation within a short timeframe, blockchain analytics tools might cluster them together.

Best Practice: Strategic Timing for Privacy Protection

Core Recommendation

If you are claiming attestations against more than one wallet address, we strongly recommend you wait as long as possible between claims.

Why Strategic Timing Matters

Mitigates association: Spacing out your claims helps prevent wallet addresses from becoming associated with each other.

Breaks correlation: Spreading out the claims makes it much harder for on-chain analysis tools to correlate the activity across different addresses.

Reduces clustering: Blockchain analytics often "cluster" addresses based on shared behaviors. Strategic timing helps avoid this clustering.

Practical Timing Advice

• Significant gaps: Consider waiting hours, days, or even weeks/months between claims, depending on your privacy sensitivity

• Avoid single sessions: Don't claim multiple attestations for different wallets in a single session

• Vary patterns: Don't establish predictable patterns in your claiming behavior

• Identity attestations: This strategy is particularly important for "human" or "identity-revealing" attestations, but it's good practice for all attestations

Controlling Your Data: Deletion & Retention

User Recommendation

We strongly recommend deleting your data once you have finished using Zipwire for your attestation and proof-making needs.

Automatic Deletion Policy

In accordance with GDPR, Zipwire automatically deletes data if a user stops actively using the service for a specified period. This ensures your data doesn't remain stored indefinitely.

How to Manually Delete Your Data

You have direct control over your stored data through multiple methods:

Delete Specific Document Data

To delete specific data associated with your attestations:

1. Navigate to 'My Docs' within the Zipwire interface

2. Locate the relevant Merkle trees

3. Delete the specific document data you no longer need

Remove Stored Wallet Addresses

You can also remove a stored wallet address by simply disconnecting it:

1. Go to your wallet connection settings

2. Look for wallet addresses marked with 'Stored' status

3. Disconnect the wallet to remove its stored data

Commitment to Full Deletion

Please note that Zipwire performs a full and permanent deletion of your data. This is not merely 'marking data as gone' or hiding it from view, as is the practice with many other services. When you delete, your data is truly removed.

This ensures that:

• Your data cannot be recovered once deleted

• No traces remain in our systems

• Your privacy is fully protected

Privacy Best Practices Summary

For Multiple Wallet Addresses

1. Space out attestation claims - Wait as long as possible between claims

2. Vary your patterns - Don't establish predictable claiming behavior

3. Consider timing carefully - Think about when and how you claim attestations

4. Monitor for clustering - Be aware of how your actions might link addresses

For Data Management

1. Delete after use - Remove data once you're done with attestations

2. Regular cleanup - Periodically review and delete unnecessary data

3. Monitor stored status - Check which wallet addresses are marked as 'Stored'

4. Understand permanence - Remember that attestations are permanent on the blockchain

For Overall Privacy

1. Separate purposes - Use different wallets for different activities

2. Minimize linking - Avoid actions that could connect your wallets

3. Stay informed - Keep up with privacy best practices

4. Be proactive - Take control of your data and privacy

Conclusion: Balancing Utility and Privacy

Blockchain attestations provide powerful verification capabilities while maintaining the pseudonymous nature of blockchain interactions. By understanding the privacy implications and implementing thoughtful timing strategies, you can enjoy the benefits of attestations while preserving your privacy.

Key Takeaways:

• Strategic timing of attestation claims helps maintain wallet separation

• Proactive data management ensures you remain in control of your information

• Conscious privacy practices are essential in the pseudonymous blockchain environment

Thoughtful timing of attestations and proactive data management are simple yet powerful techniques to maintain the separation and pseudonymity of multiple wallet identities and ensure control over personal information.