# Privacy Matters: 17 By [Automata Network](https://paragraph.com/@automata-network) · 2023-11-12 --- gm, readers. At [Automata](https://www.ata.network/) we work on protecting privacy and fairness. And in this newsletter, we find more reasons to talk about it. Explore headlines and catch up on the biggest crypto news in Web3 privacy. **This week:** * Aleo’s Proof of Useful Work Grant [rewards](https://x.com/AleoHQ/status/1721519849057268081?s=20) developers enabling Aleo credits as bounties with Leo Program * Aztec [releases](https://x.com/aztecnetwork/status/1719730159727821204?s=20) Sandbox v0.13.1, a local developer testnet for smart contract privacy * Share Protocol [integrates](https://x.com/Shade_Protocol/status/1720535523347849342?s=20) with MetaMask for access to private DeFi on Secret Network * Nym set to [launch](https://www.theblock.co/post/260674/nym-ventures-into-decentralized-vpn-realm-broadening-privacy-mixnet-protocol) decentralized VPN routing user traffic * Brave Browser [introduces](https://x.com/brave/status/1720109501058105656?s=20) privacy-respecting AI assistant Leo, now on desktop * Brave v1.60 on Android [adds](https://x.com/brave/status/1721615564869616016?s=20) Widevine support for DRM-protected streaming content * Carbon Browser to [launch](https://x.com/trycarbonio/status/1720163437198578115?s=20) on iOS **Op-Ed:** * Wired [examines](https://www.wired.com/story/x-alternatives-user-privacy-report/) the ongoing privacy struggle in social media * Kamala Harris [urges](https://www.theguardian.com/technology/2023/nov/01/kamala-harris-to-call-for-urgent-action-on-ai-threat-to-democracy-and-privacy) immediate action against AI threats to democracy and privacy **Zooming into ZK:** * ChainLight [discovers](https://blockworks.co/news/exploit-bug-zksync-matter-labs) $1.9b vulnerability in zkSync Era * Derivio, decentralized derivatives exchange, [launches](https://www.theblock.co/post/261241/decentralized-derivatives-exchange-derivio-launches-mainnet-on-zksync-era) Mainnet on zkSync Era * Scroll [integrates](https://www.coindesk.com/tech/2023/11/01/protocol-latest-tech-news-crypto-blockchain/?_gl=1*1a91y08*_up*MQ..*_ga*OTIzODQ3ODY2LjE2OTkzNDg4NDk.*_ga_VM3STRYVN8*MTY5OTM0ODg0OC4xLjEuMTY5OTM0OTUxOC4wLjAuMA..) Chainlink data feeds * Nil Foundation to [introduce](https://www.coindesk.com/tech/2023/11/07/nil-foundation-plans-ethereum-rollup-with-zero-knowledge-proofs-sharding/?utm_medium=referral&utm_source=rss&utm_campaign=headlines) Ethereum's first ZK rollup enabling sharding * Near Foundation [partners](https://www.coindesk.com/business/2023/11/08/near-foundation-and-polygon-labs-collaborate-to-build-zk-solution/?utm_medium=referral&utm_source=rss&utm_campaign=headlines) with Polygon to build zkWASM for enhanced interoperability across chains **Conversations you missed:** * Nym and Avalanche [explore](https://x.com/nymproject/status/1720410534099505175?s=20) state of privacy * CEO of Aztec Labs [discusses](https://x.com/aztecnetwork/status/1720237040204419259?s=20) ZK with Antalpha Labs [Subscribe](null) **We dive into the details, so you don’t have to:** Leo, the native AI assistant developed by Brave to safeguard user privacy, is now available to use for free for all desktop users. All requests to Leo are routed through an anonymous server, and cannot be traced back to a particular IP. No login information is required to use the chatbot, and conversations are not recorded or used to train AI models. This week, blockchain security audit firm ChainLight reported a vulnerability in the zkSync Era mainnet, that if exploited, would have exposed $1.9 billion to risk. The soundness bug would have allowed a malicious party to produce otherwise incorrect proofs that the L1 verifier contract would accept as valid. [![User Avatar](https://storage.googleapis.com/papyrus_images/0f1bd4b8d98aec0fae378a2fef4e1afb0063fa7973af717c86fee6305f5443ae.jpg)](https://twitter.com/ChainLight_io) [ChainLight](https://twitter.com/ChainLight_io) [@ChainLight\_io](https://twitter.com/ChainLight_io) [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/ChainLight_io/status/1720471129272533382) Exploiting ZK-EVM. After discovering a @zkSync Era bug on September 15th, we intentionally produced a false "proof" to battle-test our findings. Spending 100 GPU hours on A100s to generate the exploit, we turned a ZK soundness bug into a full token-stealing exploit. As this ![](https://pbs.twimg.com/amplify_video_thumb/1720471073135919104/img/-hR43WjvNYRyC_oN.jpg) [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 200](https://twitter.com/ChainLight_io/status/1720471129272533382)[ 11:00 AM • Nov 3, 2023 ](https://twitter.com/ChainLight_io/status/1720471129272533382) Nym is set to launch a decentralized VPN, NymVPN, that routes web traffic through two decentralized nodes. This “two-hop” structure encrypts and directs user traffic to one server (the first hop), then to a second server (the second hop), and finally to its destination on the internet. This adds an extra layer of privacy by making it challenging for malicious attacks to track both the source and destination of user traffic, in contrast to conventional VPNs that rely on a single central server. Connect with Automata on both [X (Twitter)](https://ata.ws/twitter) and [Discord](https://ata.ws/discord). _This newsletter is for informational purposes only. It is not intended to be a substitute for professional financial advice or interpreted as investment advice. Cryptocurrencies are volatile assets and you should always do your own research before making any informed decisions when investing or trading._ --- *Originally published on [Automata Network](https://paragraph.com/@automata-network/privacy-matters-17)*