github/semaphore
1
1
Fork 0
mirror of https://github.com/semaphore-protocol/semaphore.git synced 2026-01-09 14:48:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added warning to the Semaphore docs (#983)

Browse Source 
Update identities.mdx

Added warning to the Semaphore docs
This commit is contained in:
Sri Hari S
2025-05-19 17:24:36 +05:30
committed by GitHub
parent 6ef16976f7
commit 57132a38df
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/docs/versioned_docs/version-V4/guides/identities.mdx
View File

@@ -87,6 +87,11 @@ You may choose to delegate such functionality to existing wallets such as Metama
3. The user can now recreate their Semaphore identity whenever they want by signing the same message with their Ethereum account in Metamask.
:::
:::warning Privacy risk
If a user signs the **same message** on multiple websites using MetaMask, all those websites will be able to **generate the same Semaphore identity**. This undermines anonymity and may allow third parties to **link identities across platforms** or even **gain control over a user's identity**.
To mitigate this, encourage users to sign **unique messages per application** or implement safeguards that detect and warn about reuse.
:::
## Sign and verify messages
Semaphore V4 uses asymmetric cryptography and in particular EdDSA to generate the identity keys. It is therefore also possible to sign messages and verify their signatures.