Security, Privacy & Compliance
Last updated
Last updated
Sudo is built on the foundational principle of secure, trustless communication. Every technical and product design decision prioritizes user protection, privacy preservation, and regulatory alignment for the evolving Web3 ecosystem. The platform ensures that all interactions are encrypted, self-custodial, and resistant to surveillance, while providing a compliance-ready framework for future requirements.
Sudo implements the LibSignal Protocol, the same cryptographic foundation used by Signal and WhatsApp, ensuring world-class encryption standards:
Forward Secrecy: Every message uses a unique encryption key, ensuring that even if one session is compromised, previous and future messages remain secure.
Double Ratchet Algorithm: Encryption keys are continuously updated with every message sent or received, providing ongoing confidentiality and resilience against interception.
No Metadata Access: Message content and metadata are inaccessible to Sudo’s infrastructure — not even the platform can read or log user conversations.
Sudo’s architecture is designed to maximize privacy without sacrificing usability:
No Phone Numbers or Emails: Authentication is done exclusively via Web3 wallet signatures, removing reliance on centralized identifiers.
Pseudonymous Communication: Users can engage using only their public wallet address or a chosen username.
Optional Paid Usernames: Premium usernames are tied to token utility, not to personal identity, ensuring anonymity remains intact.
Self-Custodial Messaging: Messages are stored locally on the user’s device, with no permanent storage on centralized servers unless a user opts for encrypted backups.
Sudo combines modern transport protocols and decentralized storage principles to protect data in transit and at rest:
WebSockets + TLS Encryption: All real-time communication channels are TLS-secured to prevent interception or hijacking.
Redis & PostgreSQL Hybrid Architecture:
Redis manages real-time message queues for ultra-low latency delivery.
PostgreSQL stores only encrypted metadata or optional non-sensitive logs.
No Centralized Data Ownership: User messages and data remain under full control of the user — never monetized, sold, or harvested.
Sudo employs multi-layered systems to maintain a healthy communication environment:
Message Rate Limits: Restricts excessive messaging frequency to mitigate spam.
Burn-to-Talk Mechanism: Spammers may be required to stake or burn SUDO tokens to continue messaging.
Reputation System (Planned): Users flagged for abuse will be shadowbanned or temporarily muted across all channels.
Verified Smart Contract Access: Only verified smart contract owners can create token-gated or contract-linked group channels, preventing mass fake group creation.
Sudo’s minimal-data approach ensures inherent compliance with major privacy frameworks while keeping the platform decentralized:
GDPR-Aligned: As no personal data is stored by default, the platform inherently complies with GDPR principles.
Data Sovereignty: Optional backups are encrypted and controlled entirely by the user.
VASP-Ready: Wallet-level activity tracking can integrate with regulatory APIs if future compliance requirements arise.
KYC-Free by Design: No traditional identity verification is required, significantly reducing regulatory exposure while protecting user anonymity.
Sudo is planning zkSNARK and zk-STARK integrations to enhance anonymous verifiability:
Proof Without Disclosure: Enable proof of message ownership, timestamp, or integrity without revealing the content.
Anonymous Access Control: Allow users to join groups, claim rewards, or verify participation without exposing their wallet address.
Sybil Resistance Without Identity Leaks: Prevent fake accounts while keeping the user’s identity private.