A Brief Overview of Web3's Privacy Landscape
Exploring the Shifting Terrain: A Look Into Web3's Privacy Landscape
Disclaimer: This piece was written in January 2023. Information in this article may be outdated.
Web3's approach to privacy is constantly evolving, with the influence of companies like Chainanalysis and the Tornado Cash case. Many companies are working on various visions for privacy in the Web3 future. These sections are important to understand when addressing the privacy landscape. Privacy is quite niche depending on the type of privacy a user is looking for. Privacy can mean very different things to different people. The following are some key areas of privacy preservation.Â
Four Sections of Privacy Preservation
Embedded Privacy
A form of network-level privacy that allows developers to easily integrate privacy into their dApps. An example of this is Manta Network, which offers a mass-market approach to enhancing privacy that enables developers to easily include privacy-as-a-service in their dApps. This makes it easy for users to access privacy without even realizing it, similar to the role of HTTPS on the internet. The advantages of this approach include default access to privacy, which simplifies adoption for users, and avoids the need for users to make difficult moral choices about privacy. The drawbacks include the possibility of missing privacy consent, particularly in relation to third-party requests, and the fact that privacy advocacy is delegated to projects.
Programmable Privacy
This is a configurable approach to privacy that allows users to choose when to reveal their transactions to third parties. An example of this is Aztec, which enables users to set up their privacy features so that transactions can be disclosed to accountants or law enforcement as needed. This approach is also compliant-ready, meaning it can effectively handle bad actors who may try to compromise the system. The benefits of this approach include the ability for DeFi users to KYC or AML their identity and transactions, and the ability to be transparent with governments, enabling users to pay taxes and comply with state regulations. The drawbacks include the risk of governments, enterprises, and other third parties abusing private data, and the possibility of data processors using biased UX/UI forms to trick users into allowing companies to access and use their data for profit or surveillance.
Enterprise Readiness
This is a privacy protection standard that is suitable for use by enterprises and governments. An example of this is NYM, which uses a mixnet to allow third parties like fintech and healthcare companies to access or send data across borders without any leakage. The benefits of this approach include the ability to protect human rights activists in countries like Iran and Russia, and the fact that it facilitates a network-level privacy standard. The drawbacks include the risk of legal implications and challenges in relation to subpoenas from law enforcement, and the potential for adoption by corporations like Google, which has faced criticism for its role in surveillance capitalism.
Privacy-By-Choice
User-centered approach to privacy that gives users control over what data they share and with whom. An example of this is the Veil protocol, which enables users to choose which data they share and with whom, and also offers privacy-enhancing features like on-chain privacy. The benefits of this approach include the ability for users to retain control over their data and the potential to help rebuild trust in online privacy. The drawbacks include the risk of users making poor choices about privacy, and the possibility of user error leading to privacy breaches.
Ultimately, the question of privacy in Web3 is complex and multifaceted, with different approaches offering different benefits and risks. It is important for companies and users to carefully consider the trade-offs involved in each approach and choose the one that best meets their needs and values.
Privacy Protocol Landscape By FieldÂ
InfrastructureÂ
Concordium is a science-backed blockchain designed around an ID layer that balances privacy with accountability.
Oasis Foundation is a layer 1 platform for open finance and a responsible data economy.
Secret Network is a blockchain that enables customizable privacy.
Nym is an infrastructure that protects packet metadata at the network and application layers.
Horizen is a Zero-Knowledge network of blockchains.
XX Network is the only quantum-resistant blockchain ecosystem.
There are also projects working to bring privacy to popular blockchains like Ethereum, such as Oscuro, Zecrey, Starkware, Light Protocol (Solana), and Calamari Network (Polkadot – Kusama).
In addition, there are companies building privacy-preserving smart contract and Dapp platforms, including Findora, Nulink, Dero, and Aleo.
The increased focus on privacy has caught the attention of venture capitalists and investment funds, resulting in multi-million dollar funding rounds for companies like Aztec ($100M), Secret Network ($400M), Nym ($300M), Starkware ($273M), Aleo ($228M), and Oasis Foundation ($160M).
Cryptocurrencies
Monero is probably the most well know currency when it comes to privacy of transaction. Monero is a privacy coin that uses technology to obscure transactions in order to offer real anonymity. While many users appreciate the level of protection provided by the developers, there are also criticisms that the indiscriminate anonymity offered by the coin can facilitate criminal activity such as money laundering and international financial operations. There is many regulatory implications with privacy currencies and for that reason I don’t see them having any meaningful development with regulators looming over this niche. This sector is overall unappealing at the moment.Â
Other privacy coins that have been developed include Dero, Pirate Chain, Epic Cash, DeepOnion, PivX, Iron Fish, and more.
However, Zcash is another privacy coin that aims to maintain user privacy while also complying with regulations, using ZK-SNARKs technology to achieve this goal. (RIP Barry LMAO)
Decentralized Finance (DeFi)
In the world of decentralized finance (DeFi), several notable applications and protocols have gained traction and promise. Some examples include:
Dusk Network: an open source, secure distributed ledger technology that businesses use to tokenize financial instruments.
Panther Protocol: a metaprotocol that enables confidential, trusted transactions within the DeFi space.
Shade: a suite of privacy-focused DeFi applications built on the Secret Network.
Penumbra: a shielded network that allows users to securely transact, stake, swap, or marketmake crypto assets across different chains.
Silent Protocol: a solution that enables the creation of compliant, privacy-enhanced smart contract assets and DApps at scale.
Other privacy-conscious DeFi solutions include Aztec and ChainPort bridges, as well as validator services like ZKValidator.
Wallets
The recent update to ConsenSys' privacy policy has caused concern among users, as it allows the most popular non-custodial wallet, Metamask, to collect IP addresses during transactions.
There are now several alternatives that provide users with full control over their personal data. These include Frame for Ethereum wallets, Lunar (the only wallet with built-in TOR integration), multisig wallets such as Nucleo, DeFi wallets like Edge or Railway, Starshell on the Cosmos ecosystem, and various bitcoin wallets including Wasabi and cold wallets like the Foundation's Passport. Technical users may also consider DIY solutions like Seed Signer or open source firmware like Krux.
Storage & CommunicationÂ
Data management has become riddled with issues such as cloud providers, data silos, unclear retention policies, breaches, and leaks. As on-chain activities continue to generate more data, both quantitatively and qualitatively, it is crucial that companies and other actors take steps to protect our privacy.
In response to these challenges, Skiff offers a secure and encrypted alternative to Google Drive, while the Sia foundation has created a trustless cloud storage marketplace. Other decentralized data storage platforms like Storj, Swarm, and Crust prioritize privacy as they compete with sector leaders like Filecoin and Arweave.
But data is not only stored, it is also transmitted through messages between individuals. Ensuring security and privacy has long been a concern in this area, with even WhatsApp implementing end-to-end encryption for its conversations. Other unique solutions that prioritize privacy include Session, which minimizes sensitive metadata; Status, which raised $100M in funding; XMPT, which has partnered with Lens Protocol; Verida, which is developing a multi-chain protocol; Zion, which is built on the Bitcoin Lightning Network; Telios, which encrypts metadata; and Waku, which provides tech foundations. The field is ripe for innovation.
Analytic Tools
As counterintuitive as it seems analytics and other tools that track on chain actions can still manage to respect user data and privacy.Â
Oasiis is a user-centric cookie wallet that generates actionable insights, while Cheqd allows individuals and organizations to fully control their personal data. Mask Network, on the other hand, brings privacy and Web3 benefits to social media platforms like Facebook and Twitter with an open-source browser extension.
Other useful tools are being developed and platforms like Mysterium, Automata, or Arcana are worth checking out.
DAOs & NFTs
Involvement in an organization, collection of art, or possession of a certificate can reveal personal information that an individual may wish to keep private or not share publicly.
Semaphore: enables users to prove their membership in a group and send signals such as votes or endorsements without revealing their true identity, thanks to the use of ZK proofs.
Stashh: the first NFT marketplace that prioritizes privacy, while Geniish is a protocol for confidential NFTs.Â
LegenDAO: a play-to-mint NFT platform powered by Secret Network.
Automata: also making progress in this area with innovative products like NFTFair and AnyDAO.
Digital IdentityÂ
In addition to financial activities, online and on-chain users engage in a variety of actions and interact with applications (or Dapps) on a regular basis. To ensure the authenticity of users and prevent the presence of bots, fake accounts, and malicious actors, it is necessary to have a system in place to distinguish legitimate users. The current login system, particularly the monopolistic practices of companies like Google, Microsoft, and Facebook, has proven to be inadequate.
In the web3 world, advanced technology allows for the creation of a true digital identity. While this may be convenient for users who no longer have to remember passwords and keys, it also raises significant privacy concerns as personal and sensitive data is at risk.
To address these concerns, web3 players in this field are prioritizing the protection of user privacy. Many believe that the ultimate solution could be Zero Knowledge proofs, a cryptographic method that allows a prover (A) to demonstrate the truth of a statement to a verifier (B) without revealing any information beyond the fact that the statement is true. Polygon ID is a strong advocate of this approach, but others such as Findora CR, Holonym, zCloak, Verus ID, Notebook labs, and more are also implementing it.
Other projects aim to maintain anonymity through the use of biometrics, such as Anonybit. Some focus on other techniques and specific services, such as Sismo, a provider of ZK badges, Litentry, a decentralized identity aggregator, and Shyft, which strictly adheres to legal compliance to deliver blockchain identity data and user privacy.
This space is rapidly evolving and is the subject of an ongoing international debate, as evidenced by the recent recommendation of the W3C (World Wide Web Council), one of the most influential standard-setting bodies for the entire internet infrastructure.