W3A: The 1st Data Management App for Web Users
Some context
There is an abundance of information out there on giant data monopolies of the internet, like Google or Facebook — the epitome of the so-called Web 2.0 era — and how they extract value from their users’ data. Even the European and US regulators have caught up with the trend, now blaming these companies for extracting enormous amounts of value from their users’ data.
Yet the wider public mostly ignores the fact that Google, for example, excesses control over the Web beyond the realm of their own apps, as they also provide analytics tools built into 3rd party applications. Google Analytics is the most widely used web traffic analytics dashboard. According to Wappalyzer's report, 66% of the websites are using Google Analytics as the data analysis tool.
Another tech giant, Apple by default collects high precision data points on the users of its devices: from their health habits to fingerprints. Also, according to RightScale’s 2019 State of the Cloud report, 91% of businesses reported using a public cloud service, like Amazon’s AWS. These services thus store and collect zettabytes of data points on internet users: from ISP telemetry to personal data. While all of these companies make justifiable claims to never abuse the data they collect and store, the fact is that users have 0 control over it.
Things aren’t that much better in the Web3.0 world either, where dApps and p2p networks are still using the same centralized infrastructure — data analytic tools or cloud services.
The aforementioned problem also creates myriads of centralized honeypots, both business- and government-owned, that “leak” from time to time, like the infamous Equifax breach, where nearly 150 million Americans’ sensitive financial data became publicly available. IBM conducts a survey each year to account for data breach costs for global companies. Its 2020 report points out that the average data breach takes 280 days to identify and contain — that’s over 9 months!
The size and scale of these estimates suggests that the data breach problem is not only poorly contained — it is out of control.
Cybersecurity, Data Breaches, and the Economic Loss Doctrine in the Payment Card Industry
Data is an asset. And as we just covered there are layers upon layers of different data that is being collected, shared, and kept on the internet, as well as monetized by Web giants, instead of its producers — users and “regular” apps. It should be authorized, rented out, and retrieved upon request. The data-sharing channels should be secure end to end, with the provider hosting their own data. And all of this should work “under the hood” and by default, without necessitating regular users to manually manage it.
W3A: the Black Box of Data Analysis
Web3 Analytics is a decentralized Google Analytics alternative aiming to give users: businesses, individuals, and even governments — full control of their data. It provides web performance measurement, customized statistics, and a data visualization dashboard for websites and apps, with the cost of integrating only 10 lines of code. Empowered by TEE technology that runs on a public privacy cloud of Phala, W3A is a tool that runs the data analysis in TEE nodes and outputs only the results to the authorized parties. Those computations are done in parallel by hundreds and even thousands of nodes in the near future. For comparison, just one Phala-connected TEE can process orders of magnitude more data and computations than all of Ethereum by replacing decentralized consensus with trust-minimized hardware. All of those units work in an isolated way — allowing for massive scalability. This way the websites using it never expose their end-users.
In Web3 Analytics, user data is end-to-end encrypted between the user’s browser and the backend (a confidential smart contract on Phala’s trustless software), and the encrypted data will be stored in a decentralized storage network, connected to Phala (think Filecoin). The encryption key is only accessible by its owner and the smart contract itself that runs inside the trusted execution enclave (i.e. is inaccessible by any external party). Those users that want to actually manage their data proactively can do so however and whenever they want thanks to the W3A dashboard.
By design, the raw personal data is only read and processed by the smart contract, and will not be output from the TEE without the permission of its owner. At the same time, analysis results will be displayed on the dashboard of both the user client and the dev client, which achieves “analyzing without leaking any raw data”. This opens massive use-cases beyond just web traffic analysis.
There’s also a possibility of a data-driven market to emerge on top of this infrastructure, with global 24/7 access via Phala’s blockchain network. We are open sourcing the W3A code, also making the product free — you’d only need to pay the network fees. So developers can take it up and build customized data markets and data analytics tools on top of it.
Web3 Analytics could be used for:
- Automatic and customized event measurement and statistics for Web and Mobile apps
- Data visualization on the developer dashboard
- Decentralized data management: Users (both businesses and individuals) have 100% control over the collected data, and can manage permissions for it via a personal data console
- Data Plaza: A marketplace for data
- “Common good” data analytics tools (akin to Google’s semantic or visual analysis tools, which are ubiquitous, but not used for common benefit)
- and many more…
“The core problem we identified and solved is: to dencentralize the management of off-chain user data.”
Marvin Tong, CEO of Phala Network
Data Plaza
Data Plaza is a simple experimental implementation of a data market: by paying a certain amount of PHA token, a data “renter” holds the right to analyze someone’s data for a specific use case. The data can be analyzed by your algorithm with only the outputs revealed to the data analytic.
Development Roadmap
Phala has been developing W3A since Q1, 2020, backed by a grant from the Web 3 Foundation. During the past 6 weeks, we have been working on key functionalities for it such as:
- Secure data encryption SDK
- Privacy-preserving data analytics smart contract
- Personal data depot
… and the implementation is millions of times faster and flexible than other data encryption technologies, like sMPC or zk-Proof technologies.
In the next 3 months, both the user client and the dev client will be ready for public testing. We are also planning to incentivize developers to integrate W3A into their applications or websites (including the “traditional” Web2 sites) with PHA tokens.
Feel free to check out this simple demo dashboard to get a rough idea of one of the multiple ways the W3A tool might be used.
On Building Web3 Together
Phala Network is a cross-chain confidential smart contract network for decentralized apps and private computation cloud for enterprises, traditional web, and other software services. Phala took only a month to receive our first Web3 Foundation Grant in June 2019 — pLibra. We are part of Linux Foundation’s CCC Confidential Computing Consortium. Phala is also one of the inaugural members of the Substrate Builders Program.
We built our network on Substrate because:
- Substrate offers the common parts that almost every blockchain needs such as network infrastructure, configurable consensus, storage, mempool, etc. We could thus focus more on Phala’s technical and economic specifics, as well as our vision and the ecosystem around it.
- As a private computations network, we don’t want to limit our reach to just Phala users, but also benefit the entire Web3 and Web2 ecosystem, as well as businesses working with software and data via the cloud. XCMP [hyperlink], SPREE [hyperlink], and other interoperability infrastructure elements of Polkadot make it possible.
Since the day we submitted our application for a W3A Grant, Phala has been receiving both technical and event support from Web3 Foundation and Parity.
For instance, one of the core innovations of Phala Network is establishing seamless trust between the blockchain and the software running in TEEs. Therefore the pRuntime, as this software is called, needs to validate the blocks and derived messages from the blockchain in TEE. This means we need to build a Substrate light validation client in the TEE.
Unlike simple blockchains such as Bitcoin, validating blocks with Substrate’s advanced consensus algorithm, Grandpa over Babe, is way more challenging. It’s the engineers from the Substrate Builder Program that offered us great help: code samples, and a few code triaging sessions from the very beginning of our project. Without the support from Parity (the team behind the original Polkadot implementation) and Wed3 Foundation, we could not imagine it built within just three weeks.
Phala will, in the near future, run as a parachain on Polkadot and provide infrastructure for scalable private computations on a transparent public blockchain, run and accessed by anyone, anywhere in the world.
About Web3 Foundation
Web3 Foundation funds research and development teams building the technology stack of the decentralized web. It was established in Zug, Switzerland by Ethereum co-founder and former chief technology officer Dr. Gavin Wood. Polkadot is the Foundation’s flagship project.
About Polkadot
Polkadot is a scalable sharded blockchain and the first protocol that provides a secure environment for cross-chain composability across multiple shards. Polkadot also introduces a highly advanced, open governance system that will allow the network to innovate and grow at a much more rapid pace than legacy blockchains. Applications from DeFi to energy to gaming will thrive on Polkadot, challenging the centralized platforms of Web 2.0.
About Phala
A Substrate-based confidential smart contract blockchain on which you can develop confidentiality-preserving and privacy-first blockchain apps. Member of Substrate Builders Program starting lineup. Recipient of Web3 Foundation Grant. Phala will be a parachain of Polkadot, freeing the privacy computing power of countless CPUs to provide the confidentiality-preserving function for all blockchains.
Website | Twitter | Github | Telegram | Discord
