Web3 Can Solve the Data Hack Crisis
Zero-Knowledge Cryptography Returns Control of Personal Information to Consumers
The world is facing a data hacking pandemic — a billion-dollar problem that’s been worsened by the rise of cloud computing.
Once upon a time, our files and software would be stored on local computers. Now, there’s been a marked shift to Software-as-a-Service (SaaS) solutions instead. Personal information, often sensitive in nature, is being saved to vast centralized servers and platforms. It isn’t just private firms utilizing this technology, but governments too.
While this can add a layer of convenience for everyday consumers, it’s also a dream come true for hackers, who are making it their life’s work to cause devastating breaches and extort victims. Policies designed to protect the public and eliminate criminality, such as Know Your Customer and Anti-Money Laundering rules, risk inadvertently helping cybercriminals. Why? Because users must submit confidential details to private organizations to open accounts.
In the past, hackers had to target their victims individually. But given that SaaS solutions regularly store data belonging to all users in one spot, it may only take one attack to access a treasure trove of information belonging to millions of users. While web2 platforms have come up with added security layers in an attempt to keep customers safe, these measures aren’t without vulnerabilities. IBM’s Cost of Data Breach Report 2023 states that customer personal identifiable information (PII) was the most commonly breached record type in 2023. Fifty-two percent of all breaches involved some form of customer PII.
Logins and two-factor authentication — such as through emails, texts, and facial ID — all suffer fatal flaws because phishing and social engineering attacks are on the rise. Hackers have become increasingly sophisticated at mimicking the websites of reputable businesses and sending “urgent” messages to unsuspecting customers that appear to be from an official source. Falling for one of these scams can be calamitous, with victims seeing their accounts drained and their data encrypted in ransomware attacks.
One thing has become painfully clear: the infrastructure powering web2 is fundamentally broken — and the problem gets worse as tech giants get bigger. As the number of customers and employees increase, so do the attack vectors that are open to cybercriminals and the amount of data that’s available as a prize. Things need to change, decentralization needs to become a priority, and hackers need to see their opportunities diminish even as projects continue to grow. Truly robust security is essential to eliminate economic incentives for fraudsters — and web3 is the answer.
Changing the Economics Of Hacking
Unfortunately, businesses haven’t always got this right. Last year, an Activision employee was duped by an SMS phishing attack. A vast treasure trove of data was compromised — including the email addresses, salaries and phone numbers of workers, not to mention a release calendar of upcoming games.
Back in July 2022, Unstoppable Domains confirmed that anyone who had made a purchase — or subscribed to its newsletter — may have had their email address exposed after an external vendor suffered a security incident. This creates a risk of unsuspecting victims being targeted in phishing attacks that mimic the company. All users were urged to never give away private keys, avoid downloading attachments purportedly from Unstoppable Domains, and double check links in emails before clicking.
One of the worst hacks of them all affected the crypto wallet manufacturer Ledger. In 2020, the phone numbers and email addresses of 270,000 hardware wallet customers were made available to download from a hacking forum. This made crypto investors prime targets for malicious scams, with many receiving bogus emails warning them they needed to download new software and reset their PINs. Those who fell for the ruse would have had their wallets drained.
To stop the scammers in their tracks, we need to do three things:
1. supercharge the infrastructure that powers the Internet,
2. return control to users rather than tech giants, and
3. ensure that hack attacks make little to no financial sense.
Championing a return to individuality will eliminate the era where the data of millions is available in one place, thus reducing the payday for hackers who manage to breach it.
Things need to change, decentralization needs to become a priority, and hackers need to see their opportunities diminish even as projects continue to grow. Truly robust security is essential to eliminate economic incentives for fraudsters — and web3 is the answer.
There are ways to address the endless slew of hacks and data leaks. As a start, everyday users need a greater ability to decide which personal information they share with companies — and to revoke it at any time.
Zero-knowledge credentials also need to play a much bigger role, enabling us to prove who we are without compromising privacy by sharing confidential data. In practice, the applications can be exciting. For example, when asked if you are over the age of 18, you can submit verifiable credentials that prove you were born before the cut off— without disclosing a specific date of birth. You can verify your identity with one trusted third party, providing a copy of your passport, drivers license, and a utility bill. In return, you are provided with a zero-knowledge credential which contains your date of birth and current address. You can then use the zero-knowledge proof whenever you need to prove your age. This means that — even if the applications and blockchains you connect with suffer security vulnerabilities — the data they hold on you remains non-specific.
This doesn’t have to be at the expense of convenience and speed. Going forward, we need to shift to a world where everyone has a decentralized username — a one-stop shop where you can use the same credentials to log into multiple applications. This can save time and mean we no longer have to provide our details to every individual company we interact with online.
And crucially, it would be worlds away from the past, where details about the data that companies gather about you were buried in thousands of words of terms and conditions. Instead, businesses would now need to contact you via encrypted messaging every time they need information about you — giving you the power to accept or decline.
The Compelling Perks of Decentralization
The breakneck speed of online adoption left us little time to contemplate the potential pitfalls, and the benefits of the analog world that we’d end up forfeiting. When cash was king, anonymity was assured — not least because a $20 note could change hands without the world knowing about it. With most of us now using smartphones and debit cards to settle transactions, everything has changed.
To make matters worse, our data can be sometimes weaponized against us. Minorities are often discriminated against when they’re trying to access loans, housing, and other essential services. A “computer says no” approach means millions of people are missing out on the financial inclusion they deserve — with algorithms failing to offer flexibility for self-employed individuals whose incomes vary from month to month. Decentralization, and the anonymity it brings, offers an opportunity to create a more equitable and efficient economy.
Let’s illustrate this through a classic real-world example. Musicians applying for a role can often face discrimination based on how they look, no matter how beautifully they play. But if it’s a blind audition, where they perform from behind a curtain away from the judges, their chances of acceptance can increase substantially.
Data decentralization can achieve a similar result. Imagine a world where someone hoping to secure a home loan is able to prove their income without needing to disclose extraneous information. We can create an ecosystem where financial decisions are made in an equitable and unbiased way, with individuals put on a fair footing from the start.
Cryptocurrencies and artificial intelligence may both be transformative here. You could voluntarily decide to run your data through an algorithm to receive a personalized course of treatment, or receive advice based on your specific financial circumstances. Smart contracts have already unleashed a wave of innovation and paved the way for programmable money — with transactions automatically activated once key milestones are met.
If we had all our data at our fingertips — without fear of it being exploited and used to flog targeted ads — entrepreneurialism could flourish. There’s also a chance for it to be lucrative, too. You can decide which parts of your online life you’re willing to share with businesses and be rewarded with payments in exchange.
More Competition, Fewer Monopolies
Far too often, Silicon Valley stands in the way of compelling use cases getting off the ground. Let’s imagine a budding entrepreneur had a big vision for augmented reality — an interface for smart glasses that would come into its own at a tech conference. A subtle green dot would indicate who you’ve spoken to before, with a bigger dot for people you’ve messaged — making social interaction far more slick, professional, and less socially awkward. It’s the type of application that thousands would benefit from. But would LinkedIn allow it to be built using the data they hold? Probably not.
Things could be infinitely different on a decentralized LinkedIn, where users would be given the freedom to opt into the ideas that benefited them — rather than have the decision taken out of their hands by a centralized company. Better still, it would actually increase compliance with laws such as the European Union’s General Data Protection Regulation — known as GDPR — after years and years of social networks being fined for egregious breaches.
All of this is achievable, but admittedly, it won’t be easy. There must be improvements in the way data is encrypted and shared — especially if we’re going to be in a world where we’re in control of our confidential healthcare files. User interfaces have sometimes also been a pain point for web3 projects too, meaning they’re a little more complicated to use. They need to be as intuitive and foolproof as their web2 predecessors in order to get the traction they deserve.
This speaks to a wider narrative of making everyday consumers comfortable and educated. So many are used to being able to phone their bank if they lose their credit card or forget their PIN. Such backup plans wouldn’t be available in a truly decentralized world. This could be off-putting — especially among those who have long trusted mechanics with their cars, their health with doctors, and their finances with a bank.
The web3 world is fast moving, and huge strides have been taken in recent years. Now, the challenge is to educate the public on its benefits and encourage web2 companies and disruptors to start making the most of what this technology has to offer.
Consumers are slowly waking up to how their data is being used and monetized. Decentralization will dramatically transform our online lives, unlock exciting new use cases, and put us back in control. Even better, it’ll be a nightmare for hackers.
Author Bio
Chris Were is a CEO of Verida, empowering individuals to control their digital identity and personal data. Chris is an Australian-based technology entrepreneur who has spent more than 20 years devoted to developing innovative software solutions and lately Verida, a decentralised, self-sovereign data network. Chris has so far disrupted finance, media and healthcare industries with his application of latest technologies.
Editor/Designer Bio
trewkat is a writer, editor, and designer at BanklessDAO. She’s interested in learning about crypto and NFTs, with a particular focus on how best to communicate this knowledge to others.
Designer Bio
ab_colours is a versatile designer with over seven years of experience. He specializes in doing product design, UX design and brand identity. He has been DAOing for the past eight months and has been able to amass quite a lot of knowledge about the fascinating blockchain space.
BanklessDAO is an education and media engine dedicated to helping individuals achieve financial independence.
This post does not contain financial advice, only educational information. By reading this article, you agree and affirm the above, as well as that you are not being solicited to make a financial decision, and that you in no way are receiving any fiduciary projection, promise, or tacit inference of your ability to achieve financial gains.
Bankless Publishing is always accepting submissions for publication. We’d love to read your work, so please submit your article here!
More Like This
Web3 Privacy Begins With Your RPC by Hiro Kennelly
Privacy By Design: The Promise of Decentralized Social Identities by Chris Were
A Non-Technical Primer on ZK-Rollups by sianjon
