In today’s centralised Web 2.0 landscape, we expect some measure of control over our data – whether it’s setting our social media feeds to private or being able to delete an e-commerce website account entirely. At the same time, we rely on platforms to deal with bad actors and remove offensive content. That might be via moderators who actively check content or simply banning individuals based on their IP address or other records. In the decentralised realm of Web3, those assumptions are seemingly falling by the wayside.
Web3 and Anonymity
Web3 services built on blockchain upend those existing norms by their very nature, leading to a place where there is simultaneously a surplus and a lack of privacy. That’s because while transactions are always public and irremovable, connecting your identity to your wallet is not a necessity in the same way it is when dealing with a traditional banking system.
For people who don’t want to be found, blockchain technology makes it relatively easy to disappear and pop up in new locations. They might create a new wallet, use cryptocurrency mixers or tumblers to obfuscate transactions or cryptocurrency ATMs to draw it out as physical cash, for instance.
On the flipside are blockchain analysis tools which are becoming increasingly adept at identifying wallets and transactions belonging to the same individual. When even those determined to maintain their privacy are having a harder time, what hope for those who aren’t as dedicated? Once their identity becomes associated with their cryptocurrency wallet address (whether intentionally or unintentionally), all of their transactions will be open for the whole world to peruse – whether well-intentioned or not.
This could lead to a situation where only individuals who can dedicate large amounts of resources and time to maintaining their anonymity (quite possibly for nefarious reasons) have any amount of privacy. What then becomes of the freely accessible transaction data connected to our identities?
The Privacy Problem
For the past few years, there has been a seismic shift occurring in terms of how companies make use of customer data. Initiatives like the EU’s General Data Protection Regulation brought in obligations for any company collecting data regarding people in the EU, for instance, while Google is bringing about changes to “cookies” to hamper tracking and third-party advertising, and Apple made it much harder to track user behaviour in iOS apps.
But as it stands in Web3’s decentralised format, algorithms will have free reign to harvest data. That might seem fairly harmless if it’s just a company trying to sell you things, but some are wondering whether corporations or even governments could harvest blockchain transactions in order to discriminate against individuals. Indeed, parts of China’s social credit system – intended to score the trustworthiness of every citizen based on their behaviour – already run on blockchain technology.
The Immutability Issue
As that proves, blockchains are not only used to store records of financial transactions. As more and more blockchain platforms are springing up, encapsulating everything from videogames to social networks, more complex files are beginning to be stored on-chain. That leads to the possibility of unsavoury items such as hateful comments or illegal images being immutably written into a given blockchain.
At the moment, storing complex things like images on the blockchain is prohibitively expensive, and as such it simply links to image files hosted elsewhere that are almost always stored instead. That would at least enable the address hosting an offending image to be taken down, but as costs come down, there might be little stopping people from intentionally filling blockchain platforms with illegal content. While platforms might choose to hide such content within their decentralised application, it would still be visible on the underlying blockchain.
Even things uploaded innocently someone might later wish to delete would instead be stored forever within the blockchain itself. That directly contradicts existing legislation such as the “right to be forgotten” in the EU, which allows individuals to ask organisations to delete their personal data.
While some groups such as the OASIS Consortium seek to remedy these issues in the form of centralized standards, there are also those seeking to resolve them in the decentralised spirit of Web3. Europechain, for instance, specifically markets itself as a “GDPR supporting enterprise blockchain platform”, a feat which it achieves by having all of its validators under a Data Protection Agreement.
At the same time, privacy-centric blockchain platforms such as Zcash are developing a digital currency with shielded transactions to keep financial information private, while others like Aleo are using a cryptographic technique known as zero-knowledge proofs (ZKPs) to aid with the development of private applications on the blockchain. That technology allows transactions to be executed off-chain while remaining verifiable by allowing a statement or fact to be proved true without revealing what makes it so.
It remains to be seen which approach to addressing Web3 privacy will prevail as adoption grows. Will individual platforms need to go to the effort of moderating content and policing users, effectively mirroring their Web 2.0 counterparts of today, or will decentralised, on-chain solutions win out? What’s clear is that Web3’s issues with privacy aren’t going away anytime soon.