In the era of WEB 3.0, users own the data on the chain, and the data is open, transparent and traceable. We seem to have found the utopia of freedom and equality, on the other side, how to protect the privacy will be another holy grail.
Here is the mind map of this article:
In Chapter 10 of the Bitcoin white paper, Satoshi devotes an entire section to describing the Bitcoin network’s privacy model. In a traditional banking model, participants and trusted third parties have somewhat restricted access to information, which achieves some forms of privacy. However, on a blockchain network, transactions must be guaranteed to be public, so Bitcoin privacy is maintained by the anonymity of the public key. There is usually no way to associate a randomly generated public key with a person (although we now have tools such as whale analysis to deduce this information).
In Satoshi’s example, the privacy design of the blockchain evolved from banks to the Bitcoin network. We can extrapolate from this example to the privacy design of Web2 to Web3. We assume that the underlying network of Web3 will be a blockchain network like Bitcoin. Then the privacy we are discussing will be based on the premise that transactions are open, data is open source, and decentralized.
We actually realized the importance of privacy on the Internet a long time ago. When you were introduced to the Internet, your elementary school information teachers and parents would tell you never to reveal your real name on the creepy Internet since you didn’t know who was behind the screen.
But we were also late to realize the importance of privacy on the Internet. Our clipboards are frequently read by third-party applications, our preferences and browsing activities are sent to Google Analytics from countless websites (if you hit F12 right now, open your browser’s Console, click on the source, you’ll probably see it), and our data is sold for a price. All of these steal our data and privacy under the table. In the last few years, we’ve realized that we’ve been robbed by some Web2 Internet companies for a long time, so we started using Telegram, Duckduckgo, Mirror and other applications… Most importantly, in the Web3 era, privacy is finally being taken seriously by users and developers with the crypto boom. In the open and user-driven Web3 era, privacy protection will be a standard.Privacy will be a standard in the open and ux-driven Web3 era.
> Web3 Privacy = Confidentiality + Anonymity = Data Privacy + Identity Privacy + Computation Privacy
In the Web3 era, assuming that all our interactions and network traces are interactions with on-chain DApp, all our data will be a single transaction and the information contained in the transaction. Take the transferFrom function in ERC-20 (with parameters of _from, _to, _value) as an example, the transaction would consist of the following: transfer sender, transfer recipient, transfer amount. For these transactions, we can define privacy, anonymity, and confidentiality in the Web3 era.
On top of this, a further step towards privacy is that Web3 users need to be given the right to choose whether or not to disclose data before a transaction is sent, allowing users to actively choose privatize a transaction. The user-initiated choice of privacy for transaction execution after the transaction submitted may be difficult to achieve given the tamper-evident nature of the blockchain.
> Data privacy, or confidentiality, consists of two main components: control and ownership of the data and confidentiality of the data content itself.
> User data should not be a product. The user needs to have absolute control and ownership of the data, and it is a manifestation of privacy to ensure the ownership of the data and to prevent unauthorized manipulation of the data by the platform.
In the Web2 era, the user is the product. Thinking back, don’t you think almost all search engines, e-commerce platforms, and video sites have countless ads? In the Web2 era, companies treated users as their property, and the users were the source of their advertising revenue. From cookie tracking to Google Analytics, every action you perform, every second you spend on a page, is tracked. And you’re probably tracked just due to your checking boxes on privacy agreements that no one ever reads. In the future, as the Web becomes more pervasive, more users and data will flood the Internet, making it even more lucrative for companies that specialize in data theft. In the Web2 era, the default is that users have no privacy, no control or ownership of their data.
Data should not be a product, but information. In the Web3 era, the user have control over the data. Every interaction and transaction made and the data generated belongs to the user. Only the user can decide what to do with that data. It is also a sign of privacy for the user to not have the application decide what happens to the data, but to have the user’s subjective will be the basis.
Web2 platform applications are like farmers who give users a plot of land to live and monitor it 24 hours a day to let them generate data. They make money from the data users generate. Web3 applications are more like personal butlers, helping you manage your data without snooping or misinterpreting it without your knowledge. With the help of a public database like the blockchain, Web3 apps give control of the data back to the user, and all the app does is help the user filter and visualize the data better.
According to Vincent‘s article on Web3 reshaping the value of data, users can derive value from all their data. In the Web2 era, data had value, but it was the property of the company, and the value was not owned or distributed to the user. In the Web3 era, the data on the chain is a gold mine, and it is owned by the users. The more Web3 applications there are, the more data there is, the bigger the goldmine.
Web3 users are free to take their data goldmine with them and surf the entire web in the Web3 era. Imagine banking data interoperability, social media data interoperability, video site data interoperability …… You don’t have to imagine it, it’s already happening in Web3. Each of your footprints is left in the chain, with your address. Switching to another DApp, you don’t have to start from scratch, because the previous data will always be yours and with you.
In Web2, when you use social media, you’re talking to someone else on Facebook’s centralized servers; in Web3, when you use social media, you’re talking to yourself, the data is stored in your own account, and all the app does is to go up the chain and grab the data you have.
Data ownership is not particularly relevant to data privacy, so I won’t go too far here, but I do recommend you read the article mentioned above.
With the Web3 trend, almost all user data is available at will, and it’s up to the project to decide what to do with it. Web2 developers will compete for data first, enclosing a piece of land for users to enter and turning them into a cow of milking data, rather than thinking about how to attract users with a better app. According to DuckDuckGo’s analysis of popular free Android apps, 96% of free apps on Android include third-party trackers, 87% of which send data to Google and 68% to Facebook. The homogenization of data on the blockchain allows Web3 developers to compete on the UX of their products, which is the only way to increase the number of users.
In the Web3 era, the user is no longer the product, and the user’s data is no longer controlled and utilized by a single entity. The user’s data belongs to him or her, and the user has autonomous control and permanent ownership of all interactions. Web3 data also belongs to the entire transparent decentralized network. This is definitely a good thing for user privacy.
> The confidentiality of data content is achieved through private transaction applications. By using techniques such as zero-knowledge proofs and token mixers, the input and output of the transaction and the amount of money can be kept private.
Data content confidentiality refers to the encryption or non-disclosure of the specific content of a transaction, or the user’s transaction history. We can consider that the data content confidentiality is reflected by hiding the input and output addresses of the transaction or obscuring the exact amount of the transaction.
Ethereum’s account system is inherently not “private”. You go to a claim ENS airdrop, then you expose your address to contract interactions, and people can look at all your transactions. In real life, this is similar to when you go downstairs to buy a coffee, your room and hotel purchases could be looked at by others. It’s also similar to the way that the whereabouts of infected people in the Covid times are completely exposed (in some rare cases in certain countries). Such exposure is a good thing for the security of the entire health system and blockchain network, but it’s a more privacy-damaging thing for individuals.
For example, the image below shows the address of a hacker who crawls the web for leaked private keys, which are then transferred by the hacker as soon as the victim receives an airdrop. We can clearly see the process of his crime. Although it is righteous for us to examine his crime process, it reveals his privacy ……
A very simple and direct way to implement private transactions is to encrypt all accounts and transactions and then decrypt them. However, such a method is very expensive and time-consuming because it also involves the verification of transactions by the network.
Note that the private transaction here only hides and disables the data on the chain that is otherwise transparent. The privacy security of the onto the chain and off the chain amounts will be discussed in a later section.
In addition, there are also public chains for privacy transactions such as monero, ZCash, DASH, etc., which basically implement privacy transactions through zero-knowledge proof and token mixing to achieve secrecy.
We already have these stable privacy solutions for the basic token function of transaction transfer. Web3 will be built around tokens with different values and utilities. The transaction transfer of tokens is only a small part of Web3 usage, but it is one of the most privacy revealing operations. In the Web3 era, our transactions will be private.Web3 era, our transactions will be private.
> Computation privacy is a deeper extension of transactional privacy in data privacy. Computation privacy for smart contract execution is often achieved through cryptography, AI techniques, and trusted execution environments, but it is very difficult to achieve a perfect balance between performance and privacy.
Computation privacy is a step closer to privacy transactions for data privacy, and extends to Turing-complete smart contracts. The privacy protection of smart contracts focuses on the execution process of smart contracts, shielding the data and intermediate state involved in the execution from third parties and the nodes executing the smart contracts. Computation Privacy are divided into three main directions: cryptography (e.g., MPC), AI techniques (e.g., federated learning), and trusted execution environments (e.g., SGX).
Multi-party secure computation is usually accomplished with the help of various underlying cryptographic frameworks, mainly Oblivious Transfer (OT), Garbled Circuit (GC), Secret Sharing (SS), and Homomorphic Encryption (HE), etc. .
Federated learning is a highly efficient machine learning among multiple participants or computational nodes while guaranteeing the information security of big data exchange, protecting the privacy of end data and personal data, and ensuring legal compliance. In short, it is the process of sharing data with other parties without exposing privacy, thus improving machine learning together. Federated learning is more about AI.
Trusted execution environment is mainly related to the underlying hardware. It is usually a trusted, isolated, confidential space within the CPU that is independent of the operating system. Since data processing takes place in the trusted space, the privacy of the data depends on the implementation of the trusted hardware. The main challenge is how to balance performance and privacy.
Other projects include Secret Network, Phala Network, etc. ICP is also working on adding a trusted execution environment to achieve computation privacy.
Both transaction privacy and computation privacy are about protecting sensitive data from third-party‘s prying. Transactional privacy can be achieved directly through on-chain DApps combined with zero-knowledge proofs or token mixers, which is more pluggable and flexible than computational privacy. Computation privacy is more complex and must be designed on the entire blockchain network, involving cross-chain solutions and ecosystems to also be developed.
> Identity privacy is anonymity, which consists of two main components: the separation of physical identity and digital identity, and the independence of digital identity.
> The separation of physical and digital identities represents separating the user’s real identity from the web identity. In Web 1 we didn’t need to reveal our phone number and name to browse, but in Web 2 we had to submit our information for kyc. This is a serious privacy invasion, but one that is still difficult to address at this stage.
The separation of physical identity from digital identity refers to the separation of a person’s real identity from their online identity, which is essentially the anonymization of a person’s identity during the process of entering the Internet.
It sounds easy to do, as long as the bitcoin giant whale doesn’t reveal the name of the organization, and as long as the user doesn’t use their real name as their username or their real geographic location. But in fact, this is one of the most difficult pain points for privacy. We can’t protect our real identities with seamless separation, as long as we’re online, the telecom operator has access to our identities; as long as we buy things, the e-commerce platform has access to our identities; as long as we use ENS, we’re likely to be found out…
In addition, the various third-party logins on Web2 sites actually reveal a lot about our online whereabouts and real identity. For the sake of ease of use, we log in directly through Google or Facebook, which in fact contributes to the monopoly and centralization of these large companies, and also violates our own anonymity.
Probably the most relevant example I can think of for the separation of physical and digital identities is the dark web. We have to be thankful to dark web, without networks like the dark web to adopt Bitcoin payments, the industry would probably not have grown as much as it has. What the dark web tries to do is to separate the real world from the digital world, but users who buy illegal items on the dark web are still likely to need them delivered to them by courier. So, the dark web doesn’t really achieve that either.
The anonymity of physical identities and the separation from digital identities is really what Web1 is about, but on Web2 we are exposed to the spotlight. Not being able to use certain apps without filling in your name and phone number is an invasion of user experience and privacy.
On top of the separation between physical and digital identities, what we can go deeper in terms of privacy is the independence of our digital identities. If our digital identity is not independent, then it means that digital identity is still “connected” to real identity, and our privacy is still at great risk of leakage and exposure.
The Metaverse is defined by an authoritative body is a virtual world based on the Internet that is interconnected with the real world and exists parallel to it, a virtual space that maps the real world and is independent of it. It is a virtual space that can map the real world and is independent of the real world. Personally, I think this definition is very much in line with my ideal vision of the metaverse concept. This “virtual space that maps the real world and is independent of it” is a perfect combination of digitalization and privacy. We can enjoy the real world built through tens of thousands of years of history, but we can also be “reborn” in the metaverse, and become residents of the metaverse through an independent and private identity.
The independence of digital identity is complemented by the data ownership feature of the blockchain Web3. On the basis of digital identity independence, we can develop digital social independence. In Web2, we have social or real-time communication products such as Twitter, Facebook, and Zoom, but the social relationships in these software are based on real identities and cannot be independent. Digital identity-independent social networking would be a very important application of privacy and the most important part of the metaverse.
Web3 users can take all their data with them, making it easier to develop a digital identity. The interoperability of data naturally builds bridges between projects and connects lone islands of data. Through your degen score, CryptoPunks avatar, and governance experience on the chain, we can credibly and transparently cultivate an identity. This makes community formation more transparent and efficient, and makes it easier to socialize digital identities.
When you want to jump from a real identity to a digital identity, you can simply rebear your KOL or celebrity career into a digital identity with a new look. The prime example are virtual idols. Often we know exactly who the real identity behind the digital identity is, but the person behind the identity can still use the new digital identity to foster new communities and generate more memes. Of course this is the opposite of privacy.
Even when you don’t want the digital identity, you can just create a new account and start from scratch (of course your real identity can’t be exposed in the digital identity), while in real life, it’s more dangerous to try to rebear it. All socializing activities with a digital identity stays in the digital world. What happens in Vegas stays in Vegas. Your real identity is not affected at all.
In essence, the reality of socializing and privacy is somewhat contradictory. If ou have to socialize, you have to be visible, then you have to give up some of your privacy, to exchange information with others.
But Blockchain Web3 gives users: control and ownership of data and independence of digital identity, complete privacy of physical identity. We can interact with each other in the same way as in real life with a digital identity on the chain. The existence of a new digital identity also gives people a second life and a second way of life.
> Cross-chain application + privacy chains or decentralized applications that specialize in privacy can improve blockchain privacy without excessive loss of performance and availability.
> It is not possible to withdraw or hide transaction information after the submission. However, users can decide whether or not to disclose data about a transaction by using a privacy option before the transaction is submitted (like StarkWare’s Volition).
No one knows what will happen with Web3, and most Web3 users have no idea what they want, just as it took Web2 users a long time to realize that their privacy was being violated with such recklessly. The recent flood of funding for privacy projects has actually brought the need for privacy to the forefront and made more people aware that in the future, a better Internet will require privacy.
In the Web3 era, we need data autonomy, data privacy, data computation privacy, and real-world identity privacy. At the same time, the best privacy applications ideally need to be user experience-centric, pluggable, and lightweight.
Web3 = Get + Post + Own. In the Web3 era, everyone will own privacy.
Get fresh takes, analysis, and essays on emerging tech in our monthly newsletter.