The Remarkable Task of Addressing Privacy in e-Commerce
Concerns over privacy and consumer trust in e-commerce go as far back as 1999 when encryption for payment using early online stores was fragmented at best. Today, secure socket layer (SSL) forms the basis for encryption in e-commerce gateways where you enter your credit card information — assuming it’s a sufficient safeguard against theft.
Privacy concerns are slightly more nuanced than those days of the late 90s and early 2000s, though. Secure electronic transactions (SET) developed by Mastercard and Visa were an improvement over solely using SSL, masking card details from the merchants themselves, but we are faced with several privacy problems.
In particular, e-commerce transactions are concentrated in the hands of a few dominant companies, most notably, Amazon. E-commerce platforms like Shopify even circumvent third-party payment processors now, collecting fees and customer data in the process.
And its the collection of customer data that is the cardinal problem. Continuing on the path we’re on now is a slippery slope.
Ignorance is Bliss
Many people are entirely unaware of the data collection churning away in the background of their online shopping experience. To understand the absurd scale of one company let’s glance at Amazon’s “Amazon Prime Day.” During the 2019 iteration of Amazon Prime Day, Amazon sold over 175 million items worth over $6 billion.
The process of buying items on Amazon includes millions of customers depositing their bank card information into its interface, and in many instances (e.g., Amazon Prime), saving this data with their account. The amount of insights into customer behavior and information Amazon has is remarkable, and scary.
Most people simply don’t care about such privacy either, but it’s the tail effects that are concerning.
For example, as e-commerce transactions continue to consolidate into a few major players (e.g., Amazon, Shopify, eBay, etc.), sensitive user data is hidden behind these “walled gardens.” Consequently, they become targets for hackers, who refer to them as “honeypots,” as they contain priceless amounts of consumer data. It’s not surprising, then, that we are bombarded with stories of strings of high-profile hacks exposing millions of people’s personal data.
Today, data is supposedly the oil resembling those wild days that saw Standard Oil rise to the pinnacle of corporate power. We’re seeing the same kind of ascendance with companies that have a stranglehold on treasuries of user data.
So how do we solve this problem?
Well, people aren’t going to stop using Amazon Prime to deliver packages within a day just because of a little privacy nuisance — that much is evident. And Amazon will be reticent to forfeit control to that data.
Naturally, cryptocurrencies can fill a critical void here with privacy concerns, but several problems are preventing that realization.
First, privacy transactions in cryptocurrencies are cumbersome, requiring more data, making them not ideal for rapid (or mobile) payments — at least so far. Second, cryptocurrencies just aren’t widely adopted, nor are they integrated with e-commerce.
We believe that can all change soon.
Crafting Privacy Tools for e-Commerce
Cryptocurrencies solve a fundamental problem in e-commerce by merging a medium of value with privacy. Currently, privacy (e.g., SSL) and value (a user’s bank info) are divested from each other, working in concert to make a “secure” payment.
With a cryptocurrency like Suterusu, the value and privacy are imbued into a single medium, where the value can be transferred privately, with minimal overhead — thanks to ZK-ConStarks. This kills two birds with one stone by both preventing e-commerce stores from aggregating payment data on customers (a credit card can be wielded to reveal nearly anything about a person) and severing the requirement for consumers to repeatedly enter sensitive payment information into online gateways.
In the long-term, broader use of cryptocurrencies in online payments can help to diminish the widescale aggregation of consumer data. In the process, advances in zero-knowledge proofs (ZKPs), which provide non-discretionary privacy, can make them more efficient and congruent with the demands of consumers when dealing with online payments.
Significant advances have already been made in ZKPs in just the last few years alone, from Suterusu’s implementation of ZK-ConSNARKs (constant-sized transactions) to Zcash’s Sapling upgrade. Over time, ZKPs may function as the technology behind interfaces for other personal information in online gateways as well — such as identity.
Tackling privacy in e-commerce is a remarkable task because of the ballooning popularity of e-commerce platforms. Convincing people that their privacy is at risk and should be balanced against the convenience of ordering from Amazon is not an easy task. Unfortunately, it will probably take some watershed moment, of the negative variety, to convince the broader public that privacy is in their best interest.
Until that time, we’ll be toiling away at improving Suturusu and its underlying technology — ZKPs.
If you would like to continue this discussion, please reach out to us on Telegram!
