Piro is a one-stop dApp (with widgets!) to follow your Web3 friends' activities like collecting NFTs, donating on Gitcoin, exchanging tokens, and more! Piro presents all your friends' Web3 activities in a concise & human-readable manner. 👉 piroapp.xyz
Hello Frens! I’m Charlie, the founder of Piro.
As the internet rapidly embraces Web3, my friends and I noticed that there weren’t many social media spaces where we could share and see our Web3 activities. Twitter is great, but when I want to see what NFTs my friends are buying or what articles on Mirror they’re reading, it’s a bit hard to get all that info quickly and easily when you have to sift through Web2 content to find it. At the same time, dedicated Web3 spaces for seeing Web3 content and activities such as Etherscan were not very human-readable or displayed content in an aesthetically appealing way.
So I got thinking, talked to my Web3 friends about what they would like to see in a Web3 social media app, and created Piro!
**What is Piro?**
Piro is a one-stop dApp for following your frens’ Web3 activities. A beautiful, streamlined UI and widgets help keep you notified when someone in your Web3 social circle sends or receives an NFT or POAP, makes a donation on Gitcoin, shares an article on Mirror, exchanges tokens, participating in community governance via Snapshot and more!
- 3 different widget sizes to make catching up on your social circle as easy as looking at your home screen
- Personalize your profile to show off your assets- set your favorite NFT as your avatar!
- Multimedia support, so your assets are displayed the way you intend them to be seen
- Link your Twitter profile to your account to make the transition from Web2 social to Web3 seamlessly
- Profiles, notes (posts & comments), and links (including follow lists and likes, etc.) are stored securely on Crossbell (an EVM side-chain for social activities)
I’m so proud of what I’ve built and can’t wait to connect with new frens on Piro! Do give it a try and let me know what you think :) Feel free to join our Discord as well to connect with others in the Piro community and receive exclusive insider updates!
👉 Website: [piroapp.xyz](http://piroapp.xyz)
👉 iOS testing link: [https://testflight.apple.com/joi...
👉 Android testing link: [https://play.google.com/apps/tes...
👉 Discord: [discord.gg/sUKccxkjnt](https://t.co/tBkxJZdhFt)
👉 Twitter: [https://twitter.com/Piro_App](ht...
Charlie 🐸
@charliemorrison Hey Charlie.
I mainly have some concerns that frankly freaked me out, from reading your privacy policy, that I had to follow up. Since it doesn't look like your app is open source but covers pretty similar territory as open source projects like Status I threw your apk into Bytecode Viewer but it ended up confusing me even more so I guess sine this is a convenient forum to ask questions, I'm mostly curious as to:
a) Who do you consider a "3rd party"? Because your privacy policy for all intents and purposes is screaming from the mountaintops "we collect your data and then pass it on". I appreciate the honesty, but your apk surprisingly doesn't seem to actually connect to many of the usual suspects when it comes to app analytics. Instead, it calls the crossbell.io chain and your own apis, as well as some native libraries, but I haven't really looked that hard. It does seem to collect a lot of twitter oauth data and naturally, blockchain data, and the way it's worded, the privacy policy would allow all of the data to be retained by you AND passed on to 3rd parties. This raises the question of, well, who is getting this data right now? Your privacy policy is opened ended to the point that I can make a cogent case that basically it can covers literally everyone and anyone you choose, or anyone who happen to see it because no internet mode of transmission is entirely safe (true, but there are ways to provide more security as well as ways to provide less during that transmission of data). IS this all intentional? If so, why not just state it in a straightforward way? If not, then what are the outer boundaries of what you collect and/or provide beyond your own databases? And what point are the users informed? And how would they revoke the permission?
b) Since the app has the ability to link previous unmade connections between blockchain assets and Twitter handles in addition to other Ethereum addresses, and do so without the having to acquire permission of the person/entity whose information just got linked together, do you plan on having mechanisms in place that would inform the person/entity so they would have to opt in, or at least opt out prior to the connection being made? Just because I told one person my EOA address with a potentially valuable NFT does not mean I want to tell the world, especially if I'm using a Twitter account that isn't pseudonymous. This potentially creates a huge number of privacy problems and can effective be considered doxxing someone who never consented to the platform being used or even know that it's being used. I'm not saying that this is your intention, but with the very broad definition of 3rd party, this is certainly doable and in fact, I'd be shocked if nobody ends up actually doing it. You have so many parties with bad intentions, from those who run phishing operations to those who are a part of the surveillance-industrial complex, who would like to link such data. With no plan in place, what differentiates it from a data collection/enrichment operation on a substantive level? It certainly does not take that much code dedicated to collecting data to do what essentially amounts to the displaying of several RSS feeds and to call a few contracts, and why involve Twitter at all when your critque is based on Twitter being Web 2.0? Why not web3 for its own sake and not some sort of prescriptive notion that there's a need to connect Web 2.0, in particular Twitter, with web3?
c) Without a jurisdictional element, how would those who live in places where data privacy can't simply be waived with a shrinkwrap privacy policy seek relief? It seems extraordinarily easy, considering that most people do not take the effort in reading terms and privacy policies in full, to collect not only the data of users of your platform specifically but also those of followers, a ton of metadata, up to geolocation and cashtag data as of the v2 stream api. Even if you haven't intended to, essentially your app is currently already primary a data enrichment/collection app first. How will you ensure compliance with the wide range of data privacy laws so that it is actually legal for users to use? The US doesn't have federal-level laws that are specific to such data for the most part and I can tell you that your privacy policy is going to be unenforceable if ever litigated on. This is no joke, but from the looks of it, you already know that?
Otherwise, congrats on the launch. Best of luck!
Piro