I’m interested in attending an event that requires me to buy a NFT ticket. I am asked to enter my full name and email address, before I’m asked for payment details.
I’m aware that anything stored on-chain is public. I’m certain my payment details won’t be stored on-chain because the ticket vendor outsources payment proccessing, but I don’t know about my name and email address. At the event, I don’t know how frequently I will need to use my NFT ticket, and by using it what information will be stored on-chain.
I have some questions.
What data is generally stored on-chain in connection to NFT tickets? Only the ticket’s unique identifier (and any ownership transfers that occur), or the ticket-holder’s details like name and email address? And does this depend on the ticket vendor?
What other privacy risks, especially on-chain, exist with NFT tickets?
What general measures should I take to mitigate privacy risks?
You should be able to validate you’re an NFT holder with your wallet without any on-chain transactions, so I don’t think there is a concern with using it at the event.
This sounds pretty dumb though. Do you really want a permanent, public record of events you’ve been to?
The data stored in an NFT is arbitrary so yes, it would depend on the vendor. It would be idiotic of them to include personal information, since their main selling point is that you can sell/transfer the NFT to someone else on chain, but I also have no faith in a crypto company doing things well so who knows?
Going with the assumption NFT ticket contents are immutable, makes sense. However, I read that sometimes semi-fungible tokens are used for tickets so that they can be transferred.
Personal information could be stored as “metadata” on-chain and ticket ownership is identifiably traceable all the way to the ticket vendor, either by mistake or as homage to Ethereum’s “transparency” ideology. /s A massive legal liability to do this, and a massive risk for everyone doxxed this way, so very unlikely I’d bet.
My uneducated guess is all that’s stored on-chain are
the smart contract
the wallet address of the owner
the ticket’s unique identifier
possibly a URI for fetching the ticket
other Ethereum blockchain data (previous hash, timestamp, etc.)
I haven’t even confirmed, and don’t know how to confirm, the Ethereum blockchain is used by the ticket vendor. It could be a layer-2. The only information I could get about the ticket vendor is how event organizers create events and design tickets, and how ticket holders purchase and use their own tickets. Almost no technical detail about the NFT tickets is documented.
I wondered if the event would do weird stuff on-chain in connection with people’s activities at the event, or if I would be required to do stuff on-chain with my NFT ticket. I get the feeling these possibilities are unlikely. For perspective, assuming personal information stays off-chain and the tickets are secure, conventional off-chain data breaches are probably a higher risk than anything that may happen on-chain.