Welcome back to Coinsights and happy Wednesday! Today’s article is about the tradeoffs that web3 makes between privacy and transparency and their implications. Let’s get to it!
In web2, we are beholden to centralized entities that monopolize and profit off of our data. Web3 promises to release us from these shackles by enabling everyone to access data living on the blockchain. While it is certainly appealing that institutions no longer have the power to hold our data hostage, it is still important to ask: what does the public and transparent nature of web3 mean for our privacy?
Before we get to web3, it will be useful to ground this discussion in the state of privacy in web2.
Web2 Data Fuels Advertising Giants
When you think of privacy (or the lack thereof) in web2, you probably think of internet giants like Google and Facebook. Companies like these have a poor reputation when it comes to user privacy because their business models rely on collecting as much data as possible. Why? To serve ads.
Google and Facebook get paid by advertisers when users click on ads, so they are incentivized to have users spend the maximum time on their sites.
The combination of their early mover advantages in collecting this data created a strong positive feedback loop. With more users comes more clicks on ads. In short, web2’s most valuable asset is data.
So how does a company like Google gather as much of your data as possible? First of all, they own many of the products that we use on a daily basis (Search, Maps, Docs, etc.). What’s lesser known is that Google also tracks your activity across the web through the Google Display Network.
From Neeva’s blog:
Websites that want to make money by serving ads sign up with Google AdSense to become part of the Google Display Network. The website owners then add a small amount of code known as a pixel tag (or pixel for short) to their site. Every time you visit a site in the display network, the pixel leaves a cookie on your browser.
For sites that don’t serve ads, Google offers free products, such as Google Analytics, that help people track product metrics while also funneling user data back to Google. Facebook, Twitter, and Amazon utilize similar models.
Wallets as All-Encompassing Digital Identities
Web3 flips the traditional “walled garden of data” model that makes web2 institutions so powerful on its head. I wrote earlier:
Apps like Facebook and Twitter have stagnated over the past couple years, but why should they feel pressure to innovate? Their data moats are impenetrable, and we still open them every day.
How does web3 flip the script? Data democratization. One of the consequences of the blockchain as a public ledger is that data is open. If everyone has access to the same data, competition will increase and ultimately drive better experiences for end users [1].
More concretely, all holdings and transactions linked to an account (a wallet, in crypto terms) are public. Therefore, if I know your wallet address, I can look up how much crypto you own, who you’ve sent crypto to, and more.
Web3 proponents believe that wallets are more than a crypto bank account: the vision is that they will embody our digital identities.
A simple example is a specific type of NFT called a POAP (Proof of Attendance Protocol):
POAP is a new way of keeping a reliable record of life experiences. Each time they take part on an event, POAP collectors get a unique badge that is supported by a cryptographic record.
An NFT (Non Fungible Token) is a crypto-native asset that can be stored in a wallet just like Bitcoin or ETH. By storing attendance on chain with a POAP, you simultaneously create a memory (humans love collecting things) and earn irrefutable proof that you attended an event. Moreover, the public nature of the blockchain makes it such that a third party can verify if you were originally granted the POAP or if you simply bought it from someone else!
Another important aspect of someone’s identity is their skillset. Over a decade ago, LinkedIn introduced a way to digitally represent professional experiences and skills. But there is no verifiability! On LinkedIn, I can claim to have expertise in web development or cake baking and no one would be the wiser. Protocols like layer3 issue NFTs to users for completing what they call bounties, which are tasks like coding a website or writing a blog post.
Verifiability is a means to an end, and that end is trust. These protocols enhance trust in the system (and your capabilities) as they are based on more than just your word. However, the mechanisms that enable this verifiability are exactly what has led to degraded privacy in web3.
Wallets Don’t Protect Privacy
Far too many people wrongly assume that using crypto automatically grants them privacy. It’s understandable many web2-natives think that a random list of characters like “0x28acc19a2154c51c43c0819d50a875c7c90c94b8” cannot be linked to their personal identity.
However, crypto doesn’t exist in a vacuum – there are plenty of ways to link wallets with real world identities.
For example, some projects use giveaways to incentivize people to reveal their wallet addresses:
A popular Twitter trend is for web3 creators to create buzz for a new product by promising a “surprise” airdrop to anyone who comments their wallet address. In December, I covered how OpenDao’s use of airdrops enabled them to create a massive community overnight:
The OpenDao was able to bootstrap a NFT-focused community of $SOS token holders overnight by hooking into OpenSea’s existing popularity. Blockchain based apps uniquely enable this idea of community composability…In a web3 world, founders can leverage hype marketing and the principle of ownership to kickstart communities faster than ever before.
This scenario alone highlights the duality of web3: open data enhances credibility and encourages innovation but decreases individual privacy. For every comment on that tweet (and hundreds more like it), I’d wager that someone has mapped a wallet address to a real life person.
Other ways to link wallets to real world people are far more invasive, such as by logging your IP address alongside the wallet addresses you interact with. IP (Internet Protocol) addresses are used to send and receive information online and can easily be exploited to determine physical locations.
Is Multiple Wallets the Solution?
Many people pose the use of multiple wallets as a solution to crypto’s privacy problem. Just like how Snapchat is for friends and LinkedIn is for work, owning different wallets could theoretically maintain separation between the various parts of someone’s life. In practice, this is unlikely to work.
For starters, it’s a major hassle to manage multiple wallets. Having to secure a different seed phrase & password for each one all but ensures that money will be lost. Furthermore, even if someone were to devise a system to keep their wallets separate, all it takes is one accidental transaction for two wallets to be linked forever. As you know, once a transaction is on a blockchain it is impossible to remove. There are no “take-backs” in web3! The level of diligence required to obscure your identity with multiple wallets is far too cumbersome for the average crypto citizen. Plus, techniques like this are still vulnerable to IP logging and other nefarious tracking methods.
This isn’t all bad, though. Recently, it was discovered that the person (0xsifu) in charge of Wonderland, a web3-based project managing over $1B USD, ran an identity theft ring and was a cofounder in a company that stole over $169M from its backers. How’d people find out? By painstakingly tracing through Ethereum transaction logs, which 0xsifu had tried to obscure by passing around money through multiple shell accounts.
The Advertising Play in Web3
I’ve talked about how web2 giants show personalized ads by leveraging their immense store of data. In addition, it’s clear that there’s a ton of data in crypto wallets to serve high quality ads, except now everyone has access!
One project that has started integrating ads into web3 is Adshares:
Currently, Adshares is a marketplace where advertisers and publishers can buy and sell ads without the need of an intermediary like Google. Furthermore, Adshares has some classic web3 concepts baked into its protocol by minting its own token, $ADS. Learn more here.
However, Google and Facebook are successful because of their “secret sauce” advertising formulas, where they’re able to combine vast amounts of user data with cutting edge algorithms that incentivize users to click on ads. Creating such algorithms is the next logical step for Adshares – it’s not like the advertising business is going away any time soon!
We aren’t going to see a dominant advertising business in web3 like how Google and Facebook dominate web2. Their main competitive advantage, the data, is out in the open! Web3 grants everyone access to data and therefore supports competition that benefits consumers. However, individual privacy still suffers and will lead to the same kinds of highly targeted ads that we’ve come to expect in web2.
Will Privacy-First Blockchains Save the Day?
Just like there are a wide variety of products that aim to offer privacy-focused alternatives to Google and Facebook in web2 (anything from Neeva to Signal), there are products in web3 that aim to do the same. One such project is the to-be-released Ironfish:
Iron Fish is a Layer 1 blockchain that provides the strongest privacy guarantees on every single transaction. Leveraging zero-knowledge proofs (zk-SNARKs) and the highest industry standards for encryption, Iron Fish gives you complete control over who sees transaction details via account view keys or transaction decryption keys. Your data. Your information. Your coins.
Other examples are Monero, Tornado Cash, and Oasis Protocol. Without diving into the specifics of how they work, I have a few thoughts on the state of privacy-first blockchains:
1. Privacy is antithetical to commonly accepted web3 concepts like transparency. However, the utopian ideals of entirely open chains cannot continue if crypto will eventually power the economy. However, toeing the line between privacy and openness will be a constant struggle for years to come, especially in the context of multiple stakeholders including governments, developers, and users.
2. Approachability will have to improve if the everyday citizen is going to use privacy-first blockchains. Just look at IronFish’s description above! They’re doing the right thing now by catering to technical crypto users, but I highly doubt that the average person can grasp zero-knowledge proofs or how to manage their multiple account view keys. Privacy is as much a UX problem as it is a technical one.
3. I fear that privacy will become a luxury in web3 just like it is in web2. In web2, the default is no privacy and niche products like Signal appeal to a small yet passionate community. The blockchain Monero has been around almost as long as Ethereum, yet is only the 46th most popular coin by market cap. People joining web3 will likely stick to transacting with only the most popular coins – what will it take to have a privacy-first blockchain rise to the top? How much do consumers really care about privacy? And what are they willing to give up for it?
In conclusion, this article isn’t intended to imply web3 is doomed but rather highlight its current problems and why they exist. Take this as a call to action! As pmarca, a block happy Twitter user once said, “it’s time to build.”
[1] “Competition pushes individuals, firms and markets to make the best use of their resources, and to think outside the box to develop new ways of doing business and winning customers. This not only drives productivity up, it also improves our own standard of living.”
Thanks for reading! How will web3 shape our privacy? Come chat in the Discord or reach out directly on Twitter!
been wondering this exact question lately and this answered it well for me, thanks for this!