Breaking, Safe is collecting user privacy and uploads to their backend server!

The latest safe-dao-governance-app program collects private information without user permission and uploads it to the backend server!

safe-dao1164×559 31.9 KB

They use FingerprintJSPro to collect user information.

import { FingerprintJSPro } from ‘@fingerprintjs/fingerprintjs-pro-react’

collect-privacy1266×847 74.4 KB

Data Collection Methods FingerprintJS primarily collects browser features through:

• User Agent information
• Screen resolution and color depth
• Available fonts list
• Browser plugin information
• Timezone
• Hardware details (processor architecture, GPU)
• Canvas and WebGL fingerprinting
• Audio and video codec support
• Battery status
• System language
• Touch support
• Browser-specific features (WebRTC, LocalStorage)
• Fingerprinting Algorithm By gathering these features, the library generates a unique hash value that remains relatively stable even if the user clears cookies or uses private browsing.

send-sealedResult693×651 13.5 KB

And they upload user privacy to their backend server!

Their backend point is: https://safe-client.safe.global/v1/community/eligibility

It may be worth submitting a PR to remove it and see how that goes. Based on the code screenshot you shared, this is potentially related to [Discussion]; Defund privacy harmful projects - #2 by Christoph, and perhaps this sort of thing should also be included in the proposal to defund privacy harmful projects.