Thoughts about Privacy
Traditional Internet Privacy vs. Blockchain based Privacy
Our current definition of privacy over the internet when submitting information to a shopping, banking or insurance website goes something like this:
Submitted data is private in the sense that my aunt, my boss, my neighbor, the competitor of the website, and most ordinary people cannot easily access it.
However, this same data is of course visible to the website I’m dealing with, hence to some of its employees and contractors, to government agencies this website reports to, and possibly to my internet provider, to law enforcement agencies eavesdropping the communication, to any hacker who is able to access it, and to any other party dealing with all of the above.
Like it or not, this is what privacy over the internet means today. Still we do enjoy some sort of “security by obscurity”, to say, unless we are being specifically targeted, our information is difficult enough to access and is buried in many different data silos mixed with huge amount of other peoples data so that we can assume some level of privacy.
When using Bitcoin the situation is even worse, moving significant amount of Bitcoin nowadays becomes a media circus. Clearly any legitimate competitive business cannot tolerate this type of transparency for all its business activity.
The basic problem is that blockchain protocols know how to reach consensus over the order of transactions, and most of them also support data encryption. However blockchain protocols cannot base its consensus on encrypted data.
Let’s take a naive example, had this 94505 bitcoin transaction been encrypted by the sender private key using the recipient public key, both of them could decrypt the information and validate it. But the miner of the block containing this transaction, having no access to the private key of the sender or recipient, wouldn’t be able to decrypt it to validate that the sender account indeed owns this astronomical amount of funds.
Today, these type of private transactions described above are limited to specialized blockchain protocols which either mix funds during block generation to achieve better privacy or store only encrypted data on chain. This does improve privacy but comes with other overhead and limitations like off chain communication requirements or excessive resources needed by the privacy engine.
Is mixing and encryption of blockchain data Good? Bad? Ugly? it depends. Can it be misused? of course. Is it going to be developed and implemented? Sure thing, since blockchain protocols cannot reach mainstream adoption without preserving reasonable financial privacy.
Disclaimer: I’m not a privacy “maximalist”, I think that some kind of administrator access by a responsible party is a good idea for some privacy solutions, however the privacy solutions themselves are legitimate part of any blockchain technology and we will surely see more of them in the future.