The Web of Privacy in web3: Part II

The second part of a three part profile from Decentralized Future CouncilFellow, Gabrielle Hibbert.

Introduction

In the first part of our blog series, a condensed history of the privacy landscape of web1 explained the rise of the privacy conscious movement of the cypherpunks. The cypherpunk movement partially gave way to our current cryptocurrency landscape.

Even with advances toward privacy in the web3 space, for those not closely attuned to the space, it is not easy to determine what embodies privacy. In part two of this series, the following will be explained, as it relates to blockchain: (i) the interplay of transparency and privacy and (ii) a detailed look at blockchain transaction data.

Transparency: A tenet of blockchain development

When people speak about blockchains, one of the first aspects of the technology to be mentioned besides its tamper-evidence is its transparency. One of the values embedded in many legacy 1 blockchains such as Bitcoin, is that each transaction has the ability to be audited by the public; this characteristic is what makes risk-limiting audits for voting (4) and supply chain applications more favorable than our current opaque processes.

Transparency within blockchain development is used to create accountability and a pseudo public forum for those to see what transactions are happening and when. This accountability is something that is not wholly different from how we envision functioning democracies to operate.

The privacy that we talk about on various blockchains is determined by how private individuals desire to be when they use blockchain based technologies.

Just as we mentioned before, there are different levels to privacy protocols when we speak specifically about blockchain transactions. However, the level of privacy that is afforded to all users is pseudonymity.

Pseudonymity is afforded through a hierarchical deterministic (HD) wallet (one of the most common forms of a “crypto wallet”), where the user is afforded a level of privacy through their public wallet address. This wallet address appears as a string of non-human readable alphanumeric characters (ex. 14qViLJfdGaP4EeHnDyJbEGQysnCpwk3gd). In web3, the public wallet address can be likened to an account that users create for websites in web2. However, unlike accounts in web2, your address neither shows your name nor any other personally identifiable information (PII). Due to the asymmetric encryption behind hierarchical deterministic wallets, a user can generate multiple addresses or accounts from the master key pair. One of the main functions of this is to enhance the privacy of the user. If a user has multiple addresses an outside observer cannot be certain that a specific address is tied to the master key pair. (5)

While a public address affords a level of privacy, users new to the web3 ecosystem often incorrectly believe that their transactions on various blockchains are anonymous. This idea is particularly misleading, as each transaction is subject to transparent metadata. Blockchain protocols are purposefully transparent, where all transactions can be viewed. One of the easiest ways to view blockchain transactions is through using a block explorer such as Etherscan. Essentially a block explorer is akin to viewing an air traffic control system, where users can view not only the transaction on the Ethereum blockchain, but also analytics such as the price of gas, the pricing mechanism tied to transactions.

The Metadata of a Blockchain Transaction (on a blockchain — specifically an Ethereum blockchain):

For further details, click here for the Etherscan.

What you can glean from the metadata table is the following:

• One of my Ethereum Addresses
• The transaction metadata

What the public cannot see:

• Where I am located
• Who I am (e.g., it’s not an ecommerce marketplace where my financial and personal data is stored)
• IP address

This varies greatly from our traditional means of financial communication, and is a huge selling point for those that value financial and personal privacy. The personal details of who I am as a person are obfuscated by the transaction hashes, which provides a layer of privacy or pseudonymity that I otherwise would not have if I bought a good or service with a traditional line of credit.

Conclusion

Transactions on the blockchain provided a layer of privacy but not complete anonymity. However, there are ways in which users can add additional layers of privacy to their identity and transactions.

Privacy is often thought of as “all or nothing” where something is either private or public. In actuality and especially with blockchains and cryptocurrencies, privacy is a layered and nuanced process. In the last installment of this series, a primer on the various types of privacy enhancing technologies (PETs) used within the web3 space will be explained.

Footnotes:

4. A big caveat here is that while RLA (risk-limiting auditing) is a supported way of doing voting on the blockchain. Voting during an election using blockchain is not supported (Park, et al., 2021) for various reasons ranging from security concerns

5. In asymmetric encryption, hashing functions such as a SHA-256 (secure hashing algorithm) is used to digest an arbitrary set of information. Hashing functions only work “one-way” meaning that they are deterministic and not reversible. Therefore, an outside observer of a user’s public address cannot determine the master key from any of the extended key pairs.