Authored by Timothy Hao Chi Ho
"You're not an island. When you don't protect your own communications, it's not just about you. You're not communicating with yourself, you're communicating with other people. You're exposing all of those other people. If you assess that they're not at risk, are you sure your assessment is correct? Are you sure they're not at risk going into the future?
Perhaps the biggest problem with mass surveillance is the knowledge of mass surveillance. Fear about it produces intense conformity, so people start censoring their own conversations and eventually they start censoring their own thoughts." - Julian Assange, Reddit AMA
ABSTRACT: The following post outlines the need for privacy on the Internet. From corporations to governments, the surface areas of attack on privacy, as well as vulnerabilities to having our data leaked, are increasing. Blockchains came into the picture as a check on censorship and honeypots, but the transparent nature of a public ledger of record leaves much to be desired. Although many teams and individuals have worked towards implementing privacy solutions, governments are reacting unfavorably to privacy-protecting encryption technologies. To that end, ChainSafe Solution's new Privacy Engineering team is contributing our efforts to protect this fundamental freedom.
There's an all-out assault on privacy in the modern era.
The advent of seemingly harmless technologies like cookies, geolocational tracking, and biometric authentication aimed genuinely to serve humanity at one point. Targeted advertisements would ensure businesses delivered the most relevant ads to us. Geolocational primitives like geotagged IP packets and GPS-tracking helped Google route our commute around traffic jams. And biometric authentication made logging into our electronic devices a simple scan away.
All of this seems innocuous. But without a clear view of what data we are giving up, where it goes, what is being done with it, and how it is being protected, we end up selling out the bedrock of freedom: our privacy.
"Potentially more terrifying than being surveilled is complacency against surveillance. ‘I have nothing to hide', making jokes about the state of surveillance, and generally brushing it under the rug is what those who surveil want us to do." - Anon
The unholy matrimony of surveillance tech: big tech and governments
Nowadays, centralized entities like multi-state mega-conglomerates and prying nation-state governments hold untold amounts of data on us. None of this should be a surprise by now, but it is worth reiterating some examples to highlight the accelerating velocity in attack surfaces.
Corporations like Amazon and Google could probably build a relatively complete picture of our likes, our dislikes, the time of day we're most likely to do anything, and even our kinks and vices.
Moreover, time and again, it is revealed that, under duress, corporations will give up our data to cooperate with authorities. More subtly, even if corporate institutions finally begin to implement end-to-end message encryption, they maintain complete access to our exposed metadata, including from where, when, and to whom we might interact over the Internet.
Surveillance from corporations inevitably leads to mass data extraction as well as pinpointing and segregating those with specific traits, desires, and political views - leading to easy manipulation.
On the other hand, our governments are armed to the teeth to conduct bonafide Orwellian surveillance and censorship - from our finances to our social circle. This is already a reality in China with panopticon software like WeChat, which began controlling physical mobility during the COVID pandemic.
There is speculation that China may even export its surveillance-state framework to other nation-states as crescendoing social tensions around the globe serve as a pretense for even more invasive measures. Even Canada proved itself to lean authoritarian when politically challenged, setting a dangerous precedent of freezing the bank accounts of protesters and those loosely affiliated.
The question is, can we really trust thatsociety's top institutions are taking the appropriate steps to hold and secure all this data?
With each new day, there's a new hack, a new data breach, or a new vulnerability that exposes our sensitive personal data to the public. The reality revealing itself before us is a scenario in which the cloud bursts, and then literally everything private to us becomes public knowledge - the Pangaea of honeypots.
An all-revealing public ledger of record
Enter blockchain. Decentralized blockchain tech (and, more generally, the web3 space) is a powerful check on centralized surveillance tech.
Namely, blockchains blow the door open on transparency, making a public ledger of record available that's available for anyone in the world to see and verify. Andreas Antonopoulos sums up the value prop nicely:
"One of my favourite words is sousveillance. It is the opposite of surveillance. Surveillance means to look from above; sousveillance means to look from below. In their dream of nation-states controlling all of our financial futures, they made one major miscalculation. It's a hell of a lot harder for a few hundred thousand people to watch 7.5 billion. What happens when 7.5 billion of us stare back?"
In other words, if we manage to shift aspects of the global Internet architecture onto blockchain primitives, how would corrupt politicians, non-compliant corporations, and other entrenched, deep-state bad actors hide?
With any system (and this isn't exclusive to blockchain, e.g., interplanetary file system or IPFS) that is both decentralized and private, the balance of power shifts favorably back toward the individuals, giving us the option via social consensus to fork, exit, or even fix, maligned protocols and systems.
There's one problem: how does a fully transparent, traceable public ledger of record help privacy? People often have the misconception that blockchain tech obfuscates identity (i.e., provides anonymity) thanks to pseudonymous public addresses.
But pseudonymity is not anonymity. And thanks to the abundance of know-your-client (KYC) & anti-money laundering (AML) requirements in centralized exchanges, most people on-ramping into crypto are effectively doxxed, mapping our identity to any address.
True anonymity is hard.
And although exposing those currently in power to the unyielding transparency of blockchains is a worthy ideal to strive for, individual privacy must still be safeguarded.
What if we want to donate crypto to a particular cause but do not want to reveal ourselves to anyone?
How do we keep information about our wealth private to protect ourselves and our families from targeted physical attacks?
What if future-state blockchain-enabled insurance companies use the transparent nature of the architecture to deny or exclude members of society or unfairly raise premiums?
Spearheads of privacy tech🛡
The need for privacy in blockchain is clear. Satoshi Nakamoto themselves mentioned as much in the original Bitcoin whitepaper.
Since the industry's earliest days, many have worked towards building privacy solutions, whether at the base layer (Monero, Zcash) or the dApp layer (Tornado Cash). Promising research and implementation of zero-knowledge proofs (zkp), an advanced form of cryptography, continue to make many more in-roads with privacy, such as in the case of zk-rollups: one flavor of scaling on Ethereum layer-2's (zkSync, Polygon Hermez, StarkNet, Aztec).
Combined with non-blockchain privacy solutions in anonymous communications (Tor browser), encrypted connections (virtual private networks), and instant messaging services (Signal), individuals are better equipped than ever before to exercise their right to protect their activities, their identities, their communications, and their transactions.
And this is still not enough.
The sanctioning of Tornado Cash by the US Office of Foreign Assets Control (OFAC) and the arrest of Tornado Cash developer Alexey Pertsev by the Dutch Fiscal Information and Investigation Service (FIOD) was a significant event.
Nation-state governments are reacting.
Ostensibly, they may feel challenged by defensive, private encryption technologies. The premise of their consternations is to signal their intent to protect the innocent - by attacking privacy, it is supposed that criminals find it more difficult to get away with money laundering, drug, and human trafficking, coordination of terrorism, and other illicit activities.
Here's the reality.
In criminal law, Blackstone's Ratio posits that it is better to let ten guilty people get away than to put one innocent person in jail. The inverse of Blackstone's Ratio would suggest that letting one guilty person get away is better than harming hundreds of millions of innocent citizens, which is what happened when more than 30,000 public and private organizations at the US local, state, and federal levels were compromised in the SolarWinds hack.
This singular event leaked an unknowable amount of official and personal data - suggesting authorities themselves do not know how far-reaching the damage could be. Is privacy tech still relevant, then?
SolarWinds (plus many more cases) is proof enough that Pangaea honeypots sitting with centralized institutions are no longer fit for the job. Sovereign privacy solutions must be the standard bearer for humanity as we move toward the Network Age.
"Transparency for the powerful. Privacy for the rest of us."
Yet, the regulatory attacks have likely only begun. The spearheads of privacy need reinforcements from the open-source community. And that's why ChainSafe has an engineering team dedicated to privacy solutions.
ChainSafe Solutions is ChainSafe's internal applied research and development division. We combine our skills, knowledge, and constant research to deliver new perspectives, solve complex problems, and help the community drive innovation.
We're introducing the newest arm within the solutions team: the Privacy Engineering Team. And in doing so, we throw our hats into the ring to join the collective effort in developing privacy solutions for the future of the internet.
Our privacy efforts have already included a number of research contributions and implementations 👇
- A proposed off-chain scheme using multi-party computation and threshold signatures to achieve coin-mixing without an on-chain smart contract
✅ IPFS privacy improvements | Proposal
- Introducing protocol changes to IPFS DHT content routing subsystem by creating more privacy for both readers and writers about content they publish or consume.
✅ xx Network development and support | Blog
- xx Network is a layer-1 blockchain that supports both transaction-level and network-level privacy
✅ xx Network post-quantum signature security in Substrate | Blog
- Implement Winternitz One Time Signatures (W-OTS+) for Substrate-based chains (in Rust) and automated Placards generation
- An anonymity-preserving gossip algorithm for validator privacy on Ethereum Consensus
- Bringing privacy to ENS using Aztec Network and zk.money
- Universal covert privacy-enhanced transactions for ANY public blockchain that supports ECDSA or Schnorr based on two-party computation (2PC) combined with adaptor signatures and verifiable timed commitments (VTC)
Win back the bedrock of freedom with ChainSafe Solutions' Privacy Engineering.
Contact us, and let's collaborate👋
The bedrock of our humanity
We leave you with a final word.
In February 2022, @punk6529 wrote an enlightening thread on how the freedom to transact sits upstream of other fundamental constitutional rights such as freedom of speech, assembly, and religion. We don't disagree.
The truth is, that without the ability to conduct ourselves privately, it is debatable how much freedom we have. Freedom to privacy sits upstream of everything else. Privacy is a bedrock right of our humanity.
ChainSafe is a leading blockchain research and development firm specializing in infrastructure solutions for web3. Alongside its contributions to major ecosystems such as Ethereum, Polkadot, Filecoin, and more, ChainSafe creates solutions for developers and teams across the web3 space utilizing our expertise in gaming, bridging, NFTs, and decentralized storage.
As part of its mission to build innovative products for users and improved tooling for developers, ChainSafe embodies an open source and community-oriented ethos to advance the future of the internet. To learn more, click here.