Content prove online facts

src/contents/Prove-Online-Facts.mdx

@@ -0,0 +1,315 @@
+---
+name: "Prove Online Facts Without Revealing Too Much"
+index: 12
+summary: Learn to prove online facts securely without exposing sensitive information using TLSNotary.
+author: Chiemezie Agbo
+authorIcon: https://pbs.twimg.com/profile_images/1697221657373360128/iqDhBtk9_200x200.jpg
+authorLink: https://x.com/ChiemezieAgbo
+published: Dec 19, 2024
+readTime: 12 min read
+labels: ["ZK", "Privacy", "TLSNotary"]
+---
+
+
+Have you ever needed to prove something online without revealing too much personal information?
+
+Imagine you’ve got an online deal, but it’s available only to people with a certain number of followers and who live in a specific city. Let’s say you’re a public figure and want to protect your privacy, avoiding unnecessary attention. How can you prove that you meet their criteria without revealing your full identity or additional sensitive details?
+
+Welcome to **TLSNotary**, a tool that allows you to generate verifiable, cryptographic proofs of your online interactions while revealing only the information you choose. This tutorial will guide you through proving you have a certain number of X followers and live in a specific city, all without disclosing your exact profile details.
+
+# **What is TLSNotary?**
+
+[TLSNotary](https://docs.tlsnotary.org/) is a protocol that lets users securely export data from any website using **Zero-Knowledge Proofs (ZKP)**. It allows selective sharing of data with others, ensuring cryptographic verifiability without exposing sensitive information.
+
+With this protocol, users (referred to as **Provers**) can share their data with others (**Verifiers**) as they deem fit, enabling true data portability and trust.
+
+# **Why is TLSNotary Important?**
+
+## **The Limitations of TLS for Non-Repudiation**
+
+[Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security) plays an important role in digital security by safeguarding communications between users and servers. It provides:
+
+- **Data Integrity**: Ensures data is not altered during transmission.
+- **Server Authentication**: Validates the server’s identity using Certificate Authorities (CAs).
+
+However, while TLS is effective in protecting data transmitted between user and server, it falls short in providing **non-repudiation** — the ability to prove to a third party that data is authentic and untampered.
+
+This limitation arises because TLS uses a keyed hash (Message Authentication Code, or MAC), which requires the user (e.g., Alice) to know the key. This means Alice could potentially alter the data and recompute the hash after the TLS session, making it impossible to verify the data’s authenticity to another party (e.g., Bob).
+
+**The Solution?** Digital signatures based on asymmetric public-key cryptography are required. Unfortunately, TLS does not natively support server-side signing of data, and even if it did, such an approach might compromise privacy if not designed thoughtfully. You might ask, what of [**Delegation**](https://en.wikipedia.org/wiki/Delegation_(computer_security))?
+
+## **What About Access Delegation?**
+
+[**Delegation**](https://en.wikipedia.org/wiki/Delegation_(computer_security)) is the process of a computer user handing over its authentication credentials to another user. A user (Alice) might want to share data with Bob using OAuth. In this case, Bob would access the data directly from the server to ensure its authenticity. The issue is that Bob gains **more information than necessary**. Even worse, many servers don’t support OAuth due to lack of incentive.
+
+***Here is where TLSNotary comes to the rescue,***
+
+TLSNotary addresses these challenges by introducing **Multi-Party Computation (MPC)** into the TLS communication process.
+
+# **How TLSNotary Works**
+
+The TLSNotary protocol operates through three main steps:
+
+1. **Multi-Party TLS Request:** Traditional TLS connections are between a user and a server, but TLSNotary introduces a third participant: the **Verifier**. Unlike a “[man-in-the-middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack),” the Verifier operates within a secure **Multi-Party Computation (MPC)** setup, ensuring that user data is not exposed in plaintext. To the server, the connection appears as a standard TLS request, preserving its integrity.*Alice and Bob can jointly manage the TLS connection, ensuring Bob can independently verify the data’s authenticity without seeing unshared portions.*
+2. **Selective Disclosure:** TLSNotary allows the Prover to **selectively disclose specific portions** of the data to the Verifier. Sensitive information can be redacted before sharing. ****Zero-Knowledge Proofs can be used to verify properties of redacted data without revealing the actual content.*Alice can choose which parts of the data to disclose, safeguarding her privacy.*
+3. **Data Verification:** The Verifier can then authenticate the disclosed data by validating the server certificate using trusted Certificate Authorities (CAs). This ensures that non-redacted portions of the data match their cryptographic proofs.*With this approach, Alice retains full control over her data while providing Bob with cryptographic proof of its authenticity.*
+
+## **TLSNotary and the Ethereum Foundation**
+
+TLSNotary is developed by the [**Privacy and Scaling Exploration (PSE)**](https://pse.dev/) research lab of the Ethereum Foundation. The PSE team is committed to conceptualizing and testing use cases for cryptographic primitives.
+
+# **Project: Prove Online Facts Without Revealing Too Much**
+
+**Overview:** This project demonstrates how to use **TLSNotary** to prove online facts, such as having a certain number of followers and living in a specific city, without exposing sensitive information like your exact profile details.
+
+**Use Case:** Ideal for scenarios like online deals or partnerships that require verification of certain criteria without compromising privacy.
+
+# **Setting Up the Development Environment**
+
+For this, we will go through **Three** **steps**. Most of these steps offer **two options** — choose one and move on to the next step. Often, the first option is easier from my perspective.
+
+## **1. Browser Extension**
+
+Install the TLSNotary extension in Chrome or Brave:
+
+***Option 1: Install via [Chrome Web Store](https://chromewebstore.google.com/detail/gcfkkledipjbgdbimfpijgbkhajiaaph)***
+
+Go to the Chrome Web Store and click **Add to Chrome**.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/TLSNotaryChromeExtension.png" alt="TLSNotary Chrome Extension" /> 
+  _TLSNotary Chrome Extension_
+</div>
+
+***Option 2: Manual installation***
+
+1. Download the browser extension from [this link](https://github.com/tlsnotary/tlsn-extension/releases/download/0.1.0.700/tlsn-extension-0.1.0.700.zip).
+2. Unzip the downloaded file.**Note**: Be cautious if unzipping via the command line, as this is a flat file and contains many files at the top level.
+3. Open **Manage Extensions** in your browser by visiting `chrome://extensions/`.
+4. Enable **Developer mode**.
+5. Click the **Load unpacked** button.
+6. Select the unzipped folder.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/DeveloperModeAndLoadUnpacked.png" alt="Developer Mode And Load Unpacking" />
+  _Develope rMode And Load Unpacked_
+</div>
+
+## **2. WebSocket Proxy**
+
+The WebSocket Proxy is used to establish a TCP connection.
+
+***Option 1: Use a Hosted Proxy***
+
+1. Open the extension.
+2. Click on the top-right corner to locate **Options**, then click it.
+3. Enter `wss://notary.pse.dev/proxy` as the **Proxy API**.
+4. Click **Save**.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/HostedProxy.png" alt="Hosted Proxy" />
+  _Hosted Proxy_
+</div>
+
+***Option 2: Run a Local Server***
+
+1. To run the WebSocket Proxy locally, install `wstcp`:
+
+```
+cargo install wstcp
+```
+
+2. Run a WebSocket Proxy for [`https://swapi.dev`:](https://swapi.dev/)
+
+```
+wstcp --bind-addr 127.0.0.1:55688 swapi.dev:443
+```
+
+3. Now use `ws://localhost:55688` as the **Proxy API** in Step 3 above, that is under option 1.
+
+## **3. Notary Server**
+
+To generate a TLSNotary proof, the browser extension requires access to a Notary Server. This server facilitates secure communication using Multi-Party Computation (MPC). In real-world development, the server is typically operated by a trusted third party or the verifier of the proof. In this project, you can either run the server yourself or use the test server provided by the TLSNotary team.
+
+***Option 1: Use the TLSNotary Team’s Hosted Server***
+
+1. Open the TLSNotary Browser Extension.
+2. Click on the top-right corner to locate **Options**, then click it.
+3. Set the **Notary API** to:
+
+```
+https://notary.pse.dev/v0.1.0-alpha.7
+```
+
+4. Save the configuration.
+
+***Option 2: Run a Local Notary Server***
+
+1. Open the TLSNotary Browser Extension.
+2. Click on the top-right corner to locate **Options**, then click it.
+3. Set the **Notary API** to:
+
+```
+http://localhost:7047
+```
+
+4. Save the configuration.
+
+5. Run the Notary Server
+
+***Clone the Repository***
+
+```
+git clone https://github.com/tlsnotary/tlsn.git
+```
+
+***Disable TLS for Local Development***
+
+Edit the Notary Server configuration file (`crates/notary/server/config/config.yaml`) to turn off TLS:
+
+```
+tls:
+  enabled: false
+  ...
+```
+
+⚠️ **Note**: Disabling TLS is only for local development. Ensure TLS is enabled in production environments for secure communication.
+
+***Start the Server***
+
+Navigate to the server directory and run:
+
+```
+cd crates/notary/server
+
+cargo run --release
+```
+
+The server will now be running locally, ready to accept requests from the browser extension.
+
+# **Notarize X Followers and Location Access**
+
+Now it’s time to prove details about an X (formerly Twitter) account, specifically its follower count and location. We will use the `UserByScreenName` API endpoint for this process.
+
+## **Step 1: Open X and Log In**
+
+1. Visit X and ensure you’re logged in to your account.
+2. Navigate to your profile at [`https://x.com/...yourHandleName`](https://x.com/...yourHandleName.)
+3. Keep the TLSNotary browser extension active — it will automatically start recording requests.
+
+**Note:** The TLSNotary browser extension often includes a plugin for X. Clicking on this plugin can automatically generate proof of account ownership. However, that’s not the focus of this tutorial, so let’s proceed with proving follower count and location instead.
+
+## **Step 2: Search for the Relevant API Request**
+
+We’re looking for the `UserByScreenName` API endpoint. Here’s how to find it:
+
+1. Navigate to your X profile page.
+2. Open the TLSNotary extension and go to the **Network** tab.
+3. Search for the following request in the list:
+
+```
+https://x.com/i/api/graphql/laYnJPCAcVo0o6pzcnlVxQ/UserByScreenName
+```
+
+To simplify, enter `UserByScreenName` in the search box.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/UserByScreenName.png" alt="UserByScreenName endpoint" />
+  _UserByScreenName APi endpoint_
+</div>
+
+4. Click on the **xmlhttprequest** entry for this request. It contains the details we need, such as follower count and location.
+
+5. Once selected, you’ll see a summary page. Click **Notarize** to begin.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/Notarize.png" alt="Notarize button" />
+  _Notarize button_
+</div>
+
+
+Select any headers that you would like to reveal. Once done, click on **Next** below to proceed to the redact page.
+
+## **Step 3: Highlight and Redact Data**
+
+On the next page, redact sensitive portions of the data. Focus on the following fields in the JSON response:
+
+- `"followers_count"`
+- `"friends_count"`
+- `"location"`
+
+**Action:** Highlight the portions you want to redact, leaving only the relevant details (follower count, friend count, and location) visible.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/RedactData.png" alt="Redact Data" />
+  _Redact Data_
+</div>
+
+## **Step 4: Generate the Proof**
+
+1. Once satisfied with the highlighted and redacted data, click **Notarize**.
+2. The TLSNotary extension will connect to the notary server to cryptographically sign the proof.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/PendingNotarization.png" alt="Pending Notarization" />
+  _Pending Notarization_
+</div>
+
+
+If you use the hosted notary server, notarization may take several seconds.
+
+## **Step 5: View and Share the Proof**
+
+***View the Proof***
+
+- Open the **History** tab in the TLSNotary extension and click on **View**.
+
+You’ll receive a file containing:
+
+- Cryptographic evidence tying the data to your interaction with X (formerly Twitter).
+- Under the `Recv` section, it will display only the unhighlighted fields (*follower count* and *location*).
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/Proof.png" alt="Proof" />
+  _Proof_
+</div>
+
+***Share the Proof***
+
+- Here is a shareable link of the notarization: [link](https://explorer.tlsnotary.org/ipfs/bafkreidizzzrgibgmzogw75eeoivkv6yeh75swyuqqll7bdrsm2xqubdbq)
+- Check the `Recv` section to verify that only the unhighlighted fields (*follower count* and *location*) are visible.
+
+<div className="text-center">
+  <img src="../contents/prove-online-facts/RecvProof.png" alt="shareable Recv Proof" />
+  _shareable Recv Proof_
+</div>
+
+shared link of the notarization
+
+This is the proof you share with other party to verify your claims without revealing additional private details.
+
+**By the way, now that you’ve seen how small my follower count is, why not give me a follow?** 👉 [Follow me on X](https://x.com/ChiemezieAgbo)😊
+
+# **Conclusion: Proving Just Enough**
+
+Congratulations! You’ve successfully proven that you meet specific criteria (followers and location) without exposing unnecessary information. This technique is not just useful for privacy-conscious celebrities but also for anyone needing to share verifiable information selectively.
+
+# **Next Steps**
+
+**Read the official TLSNotary documentation** to gain a deeper understanding of its capabilities.
+
+***Resources***
+
+- 🖥️ [TLSNotary Official Documentation](https://docs.tlsnotary.org/)
+- 📂 [TLSNotary GitHub Repository](https://github.com/tlsnotary/tlsn)
+
+If you’re curious about further applications of TLSNotary, here are some ideas:”
+
+- Could it be used in the financial sector to prove eligibility for a bank loan?
+- Might it streamline job application processes, enabling applicants to verify credentials such as age, experience, or education without disclosing unnecessary details?
+
+## **Personal Insight**
+
+TLSNotary places privacy and transparency in your hands. By allowing you to share only the necessary information, it empowers users in an increasingly interconnected world.
+
+**Where will you use it next?** The possibilities are endless!