Skip to content

Audit: privacy pass on AMS telemetry/export surfaces for cross-tenant leakage #5219

Description

@JSONbored

Problem

AMS's telemetry/export code (portfolio-dashboard.ts, orb-export.ts, miner-prediction metrics) was built for a single-operator, single-machine context, with no assumption that its output might ever be visible to, or aggregated across, more than one tenant. ORB's own #4893 tracks an equivalent privacy pass on its fleet-analytics ingestion; AMS has no tracked counterpart, so it's currently unknown which fields would leak cross-tenant information if AMS were hosted as-is.

Area

AMS / Multi-tenancy audit

Proposal

Review every telemetry/export/metrics surface AMS currently emits and document which fields would need redaction, aggregation, or per-tenant partitioning before being safe to expose in a multi-tenant hosted context — mirroring the scope and rigor of ORB's #4893 privacy pass so the two audits produce comparably-structured findings.

Deliverables

  • A findings document listing each telemetry/export surface and its current field-level contents
  • Flagged fields that would leak cross-tenant information if unmodified in a hosted context, with a note on the remediation category (redact / aggregate / partition per-tenant) for each

Resources

Boundaries

  • Audit and documentation only — this issue must NOT implement any redaction, aggregation, or partitioning; that is a separate follow-up issue per surface.
  • Any follow-up redaction/partitioning fix that touches how tenant data is exposed must NOT be assumed contributor-eligible by default — since it's a tenancy-boundary control, it should get the same maintainer-review bar ORB's Cross-tenant data-isolation audit #4797 cross-tenant data-isolation audit follow-ups received before merge.
  • This issue must NOT decide the final redaction scheme itself — only enumerate what exists and flag the risk.

Metadata

Metadata

Assignees

Labels

gittensor:featureGittensor-scored feature linked to a feature issue — scores a 0.25x multiplier.maintainer-onlyOwner-only work — yields no Gittensor points.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions