Cryptocurrencies, social media but for money
how cryptocurrencies further erode privacy on the Internet
This post has been updated to clarify the circumstances surrounding Peter Todd’s records and Zcash’s ceremony.
It’s January 1, 2020, the start of a new decade, and the Internet’s got a hangover. Pulsating, yet more alive than ever, I feel like we have a black eye from all those “shares”. The world’s town square got really big with the introduction of social networks. But, the walls around our home and privacy fell in the process. We built cryptocurrencies to take back some control and build money for the Internet. But, with public blockchains, we only amplified the problem and it’s starting to hurt.
We failed to understand that privacy, like freedom, must be taken rather than given.
The Internet we shared
The Facebook launched in 2004 first to connect university students, and then the world. Twitter and others followed suit. The social graph grew and we learned that we are connected to everyone single person in the world by not six but only a little more than 3.46 connections. Then 2008 brought us an economy premised on another form of “sharing”. Share your extra bedroom. Share your ride. Then, it snowballed. Share your relationship status and your current status, “I am ____” bloomed. Share your location while you’re at it. Share 140, no that’s not enough, share 280. Share your photos. Share your videos. Share where you ate, share where you are eating. We even shared pictures and videos of our friends. They won’t care. I’ll tag them, too. They’ll thank me later.
Dang, that felt good. Likes came flowing in like we hit the three cherries. Oh, man. I should do that again. We moved beyond sharing to trained influence.
Leaving the 2000’s and entering the teens, some of us had an underlying feeling that maybe we are sharing too much. So, we explored time. Snapchat added expiration dates for time-bound “stories”. Curated friend lists and a few added privacy settings gave us our privacy blanket back. Now we can cover our butts again. We moved beyond permanent, open sharing to “temporary”, “closed” sharing. Sharing expiring pictures and video to only the friends we selected felt private. Maybe I’ll share something a little more risqué to my BAE. “It won’t get out,” we reasoned. It was at this point that we moved beyond a couple of shares a day to sharing our entire day.
Why? Why share yourself? We shared ourselves and our things because it felt good. Like a gift to our friends, family, and even strangers, sharing to the Internet at large was like a donation. We were giving it away to our friends and they paid for it with reciprocal shares, likes, and oh-so-sweet hearts. Please god, give me more hearts. And, if you’re really feeling generous, I’ll retweet and share this again for you. Beyond your friend group, beyond your social sphere, it moved to the stratosphere.
The word “sharing” itself even sounds good. It’s open. It’s less greedy. Coming from the Old English word “scearu” its origin lives in “divided”. Sharing requires dividing and giving a piece of yourself to your friends, family, and that website provider, too.
But, we now know that the “sharing economy” and “everything on the web is free” were really closer to “surveillance capitalism” and “if it’s free, you’re the product”.
As Edward Snowden put it in his book, “Permanent Record”,
“This was the beginning of surveillance capitalism, and the end of the Internet as I knew it. Now, it was the creative Web that collapsed, as countless beautiful, difficult, individualistic websites were shuttered. The promise of convenience led people to exchange their personal sites — which demanded constant and laborious upkeep — for a Facebook page and a Gmail account. The appearance of ownership was easy to mistake for the reality of it. Few of us understood it at the time, but none of the things that we’d go on to share would belong to us anymore. The successors to the e-commerce companies that had failed because they couldn’t find anything we were interested in buying now had a new product to sell. That new product was Us.”
Cryptocurrencies and that public blockchain
Somewhere in the middle of all of this “sharing economy” we got Bitcoin, a cryptocurrency. My money. My money just for me, not you, and not my government either. All mine. It felt private, too. 1MvYASo… the address read. Yeah, no one can track that. Under the obfuscation of technology we barely understood, many thought a public blockchain with every transaction ever was somehow private. UTXO’s and derivative addresses gave us some privacy. Transaction mixers did, too. Then, we got smart contracts, Ethereum, and an account-based model. Those, those uh…Spankchain tokens are for investment purposes only. Thankfully, we can prove or disprove that, too. Our cryptocurrencies promised control. We owned our money but we gave up our financial lives. Broadcasting every transaction to the mempool, confirmed ~forever, for anyone to view, follow, track, and probably soon blacklist. Some of the ETH heads even stamped their names on the blockchain and tweeted about it while they were at it.
2019, the year we really blew privacy
This all came to a head in 2019 with what had to be the worst year yet for privacy coins and I’m not even going to mention the price. Zcash’s inflation bug for private addresses was met with a turnstile in the hard fork fix. You need to show your coins before you go private again. If you were really paying attention, you’ll note the hard fork came over a year after Zooko, Zcash’s head of state, essentially told (cough: conveniently omitted, lied, or whatever you want to call it) the community they had lost or misplaced Peter Todd’s records of The Ceremony. Although other participants' records could provide similar comfort to Zcash users, these records were arguably pretty important to demonstrate that the ceremony of Zcash’s trusted setup was not compromised and, as a result, no cryptocurrencies could be fraudulently created in the private transaction pool of Zcash. Mr. Todd later rebuked Zcash and the Ceremony due to the continued obfuscation and dodging by Zooko and the Electric Coin Company about the whereabouts of the records protecting Zcash. But at what costs? They may have protected Zcash holders from the vulnerability while they designed and implemented the fix in the hard fork, but they lost our trust in the process.
Grin, a proof-of-work cryptocurrency that launched in January 2019 as a more scalable and private alternative to Bitcoin using MimbleWimble, Dandelion, and Bulletproofs among other new features, wasn’t as private as we thought. While confirmed transactions are not meaningfully trackable, $60/week of AWS servers running a node listening and storing all transactions broadcast to the network is a pretty easy way to build a transaction graph. Grin core devs and community members cried this was a “know limitation.” But, we all know that’s not how Grin was, and is, marketed. Monero did not fair much better in 2019 either. To top off all of the privacy coin protocol bugs, privacy coins were delisted in mass from exchanges in South Korea, Japan, and the U.K. due to regulators such as the Financial Action Task Force (FATF)’s guidance and the Travel Rule.
As for privacy in cryptocurrencies generally, it’s going from bad to worse. Coinbase fired its blockchain analysis service provider (cough: Chainalysis) for “selling” customer data under the guise of protecting Coinbase customer’s privacy. Chainalysis was not really “selling” the data per se, but all Chainalysis customers are required to license user data to Chainalysis for the benefit of all Chainalysis customers. Each customer helps build out the transaction graph of their users’ financial lives one deposit and withdrawal at a time. Maybe we should share the off-chain activity, too!
Coinbase’s move to terminate their relationship with Chainalysis by Coinbase frankly felt really good for the community. They were protecting us and our data! Or, so we thought. Coinbase acquired Neutrino, a blockchain analysis firm, reportedly for internal use only to protect their user’s data. But, word on the street says Coinbase is debating selling Neutrino-based blockchain analysis services to the public in the years to come.
Regardless, we’ve built a moat, a moat of all of our data. We have social graphs on the Book of Faces and a financial graph on the Chains of Blocks. Don’t you dare acquire cryptocurrency any way other than through an exchange you willingly gave up your identity to for their KYC to CYA. Cryptocurrency wages and LocalBitcoins be damned. Welp, actually even LocalBitcoins has KYC now. We’ll see how they will look at dex’es like Uniswap and other smart-contract applications soon enough.
We like to blame it on the public blockchain and the Bank Secrecy Act (BSA) because it gives us comfort in what we can’t change. But, we all know that technology can do us better.
2020 and beyond
So, where do cryptocurrencies and the Internet at large go from here? When the Internet was budding, it took the leadership of Marc Andreessen to implement SSL encryption in Netscape’s browser to secure the communication between ourselves and the websites we visited, forever curbing the snooping internet service provider and governments alike. It took a “Netscape moment” in Internet browser adoption and Crypto Wars to fight against governmental attempts to limit the Internet’s desire for privacy. We spent the 2000’s (or the “aughts”, as they call it) and the teens basically making this encryption irrelevant. Who cares about encrypted website connections when we openly and proudly broadcast our private data to the world on social networks? Meanwhile, Australia and other forward-looking governments (feel my sarcasm) are demanding access to our end-to-end encrypted messaging apps.
But, what about cryptocurrencies and those blockchains? When is enough is enough? Where are the leaders who will fight against blockchain analysis firms or better yet use technology to make them irrelevant? Should we even have a leader pushing privacy into cryptocurrencies? When cryptocurrencies pride themselves on leaderless revolutions of decentralized networks, it’s hard to see a place for one person to be the face of this fight. Satoshi is gone. I’m not sure Grin and it’s Harry Potter devs are enough. Zooko is ~good~ at privacy (or maybe just early) but not so good at trust and the whole decentralization thing. Arguably, Vitalik is the most powerful person in the cryptocurrency community and best positioned to make the fix. Zooko and Vitalik are even pretty friendly But, Vitalik’s got ETH 2.0 on his hands while Zooko is fighting for that dev reward so it’s all a mess. If cryptocurrencies were companies or countries, we’d take to the streets protesting in public squares and march outside their headquarters. Maybe I should tweet about this privacy problem in cryptocurrencies. That’s it! Crypto Twitter (or CT as they call it) to the rescue…
Lawson is the Head of Operations and General Counsel at TokenSoft, the leading platform for issuing securities and other financial products on blockchains. Prior to these roles, Lawson spent his career focusing on the evolution of finance first as an attorney and investment banker originating almost $750 million of fixed income financings, and most recently as part of the founding team of SynapseFI, the first banking API company ($33M Series B 2019 led by a16z). Lawson served on a variety of non-profit boards of directors including most recently as Chairman (2014–2018) of Manos Unidas International, a non-profit benefitting special needs schools in Peru.
These opinions are my own and not that of TokenSoft or our customers. This is not legal or final advice. I’m not your attorney or financial advisor either.
