Since the beginning of crypto, users have relied on the pseudonymity of crypto addresses to protect their privacy, and for the most part, this system has worked.
Anyone on the Internet can view a person’s blockchain transaction history, as all of their transactions are transparent. However, in most cases, the person’s true identity remains a mystery, providing some level of privacy.
For 26 years, since Bitcoin was invented in 2008, this system has protected users’ privacy to some extent.
But some Web3 protocols claim the time has come to rethink the idea that pseudonymity is enough.
For these protocols, the rise of artificial intelligence models and the need for constant data to feed them has made privacy and data sovereignty more important than ever.
One hack away from being exposed
Leona Hioki, system architect for privacy-focused layer 2 INTMAX, told Cointelegraph that pseudonymity just doesn’t provide enough protection for users.
He said that nearly all centralized exchanges have imposed Know Your Customer and Anti-Money Laundering provisions, requiring users to submit photo IDs before using the exchange.
This means that the user’s deposit address can be known if just a single hacker manages to breach the exchange’s defenses. And once the deposit address is matched up with a real identity, the person’s entire on-chain history can be revealed.
“So many databases are centralized, there’s no incentive to protect that. For example, there was a huge privacy leak on a Japanese exchange, FTX Japan. Its name was ‘Liquid,’ but was renamed to FTX Japan. And now nearly all their records are hacked and leaked. And why did that happen? Because there’s no incentive to protect people’s information from a CEX.”
Japanese exchange Liquid was hacked in 2021. It was later purchased by FTX and renamed “FTX Japan.” It then went bankrupt in November 2022 as part of the overall collapse of FTX.
According to Hioki, the problem isn’t just that this centralized data sometimes gets stolen.
The bigger issue is that blockchain analytics programs have gotten so sophisticated, it's become nearly impossible to avoid getting doxxed.
“There are chain analyzers like Chainanalysis and Crystal, and these high spec tracers which can [reveal] almost all of the addresses which are binded to CEX,” Hioki stated. “Criminals can use these, anybody will have access to use that. It’s quite dangerous and actually not anonymous at all.”
To prevent these kinds of privacy-violating exposures from happening, INTMAX uses zero-knowledge proofs to allow validators to confirm transactions without knowing the data contained within them.
AI increases privacy risks
Alex Page, founder of AI blockchain Nillion, claimed that while pseudonymity may have been all that users needed in the past, it has become obsolete in a world where AI models must constantly be fed with user data in order to provide personalized results. He stated:
“I think pseudonymity works in a world where you can create an unlimited number of wallets, or you can have an unlimited number of, say, small identities that exist in different connection points. Where it falls apart is when we’re talking about actual use cases where you’re consistently contributing data to an application [...] it’s hard to have pseudonymity when it comes to data that you’re creating about yourself [...] and so we need systems to solve for that part.”
In Page’s view, relying on centralized systems to protect privacy will lead to disappointment. He pointed to Gmail as an example.
“They may say they don’t have access to [user’s emails],” he claimed. However, “We see advertisements in Gmail all the time that are about things that are inside of our email.”
The solution, in his view, is to use multi-party computation (MPC) technology to restrict who can view data, allowing people to collaborate without needing to share their data with giant cloud computing systems and social networks.
Page said that there is already a messaging platform running on Nillion that allows collaborators to message each other privately, but without needing central servers like Signal or Telegram do.
Mailchain decentralized messaging protocol. Source: Mailchain.
Bad guys won’t get away
Some people have concerns that blockchain privacy could allow hackers, scammers, and other assorted bad guys to escape judgment.
However, Hioki argued that the worst offenders can still be banned from networks if they are proven to be involved in illicit acts.
INTMAX uses a decentralized chain analyzer to provide risk scoring for deposits, and the nodes do not allow major hackers to deposit to it. “We are super non-sexy for hackers to wash the money,” he stated.
In regard to “false positives,” or the idea that innocent users’ funds might also be blocked, Hioki claimed that the network currently has a “high threshold” for deposits that can trigger a block, so small users are unlikely to be affected.
Page stated that there will always be bad actors in any technological system. However, he argued that adding privacy to blockchain will not make their exploits any easier.
“What we’re doing is just increasing the amount of whitespace for developers to build with,” he stated. “That’s always going to come with some nefarious actors, but that doesn’t actually mean that this will be the easier pathway for them to do the nefarious acts they were doing before.”