view release on metacpan or  search on metacpan

docs/threat_model.md  view on Meta::CPAN

* knowledge that zaddr Z has X coins in it
* knowledge that zaddr Z1 sent zaddr Z2 X coins in a (z,z) transaction
* knowledge that taddr T  sent zaddr Z  X coins in a (t,z) transaction
* knowledge that zaddr Z had X coins in it just before a (z,t) transaction
* the list of taddrs/zaddrs under control by Hushlist

# Classes of Threat Actors

## Users on same computer

Never use Hushlist on the same physical computer or virtual machine with another user you do not trust. If that user can leverage a single CVE and get privilege escalation, full loss of privacy could happen. Best to not ever let this easy-to-prevent ...

## Users on same physical network

Bad actors on your local physical network have elevated risk to you. If you think your local physical network is not secure, use caution.

* ARP poisoning
* DDoSing because there is no firewall/router/NAT between