Web3’s data privacy problem
Few Web3 infrastructures actually have built-in data protections, especially not against the now omnipresent AI surveillance systems tracking people’s metadata. As Nym recently reported in Cointelegraph, this leaves sensitive information like wallet-associated addresses, public chain transaction records, financial contacts, and much more open to surveillance.
As Nym CEO Harry Halpin and Head of Research Ania Piotrowska noted already in 2022, crypto like Bitcoin, despite the cultural assumption of it being an anonymous payment method, is highly traceable:
“[T]he public nature of Bitcoin’s ledger of transactions [...] means anyone can observe the flow of coins. [P]seudonymous addresses do not provide any meaningful level of anonymity, since anyone can harvest the counterparty addresses of any given transaction and reconstruct the chain of transactions.”
What quickly follows from the surveillance of crypto are the financial risks of hacking, theft, phishing scams, and censorship for people worldwide. Financial cybercrimes in Web3 continue to be a billion dollar industry. And with AI technology becoming more sophisticated, cheaper, and widely distributed, these surveillance capacities are growing in turn.
Vitalik’s plan
Vitalik’s roadmap outlines 9 key procedures for improving data privacy and security for Ethereum users. These underscore the importance of paying attention to metadata. Here’s Nym’s summary of each point:
-
Introducing privacy protections directly to wallets themselves to protect information like balances from being exposed.
-
Decentralizing addresses between apps so that surveillance of your activity across different platforms becomes more difficult.
-
For the “one address per app” model to function effectively, Ethereum requires private transfers between addresses controlled by the same person.
-
Right now, private transactions often need centralized servers to broadcast them, which creates a censorship risk. By adding FOCIL alongside EIP-7701, privacy tools like Tornado and Privacy Pools can operate without these relays – making them more decentralized, censorship-resistant, and easier to maintain.
-
Use of trusted hardware (or trusted executive environments, TEEs) in Remote Procedure Call (RPC) nodes can ensure that the latter are not collecting people’s data. But this is just an intermediate step since TEEs rely on hardware trust and have limitations.
-
In the long run, Ethereum envisions replacing TEEs with Private Information Retrieval (PIR), a cryptographic technique that allows you to query data from a server without revealing which data is being requested. However, right now, PIR is still too slow for large-scale datasets.
-
Ethereum thinks that wallets should use multiple RPC nodes, ideally one per dApp, with routing connections through mixnets to hide metadata as a good possibility. Every time your wallet talks to the blockchain, it can leak metadata, like which dApp you’re using and when. Using different RPCs per dApp makes tracking the individual wallet across different activities harder. However, to prevent metadata tracking, the connection from the wallet to the RPC node should be routed through a mixnet, like it could with Nym.
-
Use proof aggregation so that multiple privacy transactions can share one on-chain proof, reducing gas costs. By bundling many private actions into one proof, private transactions can be cheaper and more efficient.
-
Develop wallet systems that let users change their security setup without revealing or linking their private notes. This would allow users to upgrade their account's verification logic in a single transaction, while automatically updating all their private assets across L1 and L2, without publicly linking them.
Mixnet as an anonymization layer
In proposal 7, Vitalik proposes using a mixnet as a protection layer. But how would a mixnet work to protect personal data made available on a decentralized system like a blockchain? The short answer: it scrambles all your metadata so surveillance of it is close to futile.
Whenever you connect with your wallet and make a transaction, the data will be first transmitted through a 5-hop network. Along the way, many anonymized data packets for a single transmission are shuffled together with other traffic flows on the network. With the Nym Noise Generating Network, anonymity is also greatly enhanced by added “noise” like cover traffic.
This means that your true IP address and that of your transacting partner, as well as other metadata about the traffic, can never be linked together. There’s simply too much intermediary noise for patterns to be discovered, even by the best AI systems.
“The state of capture is already here. Machine learning is feeding off our data. Instead of leaving people’s data there unprotected, Web3 and anonymity systems can make sure that what ends up in the teeth of AI is effectively garbage.”
Learn how exactly Nym’s NGN works, and why you might need it.
What’s the difference between L1 and L0 anonymity protections?
Vitalik’s proposition for L1 protections would happen at the app and chain level. A L0 anonymity layer, by contrast, could be integrated into any chain, app, or system to provide privacy protections for all traffic happening there. This assumes that some latency is tolerated as it could be with many crypto transactions and personal communications.
The advantage? Nym’s L0 mixnet is already built and up-and-running! Try it today whether you’re an Ethereum and crypto user, want to explore the web anonymously, fight surveillance capitalism, or simply want the metadata parasites off your back for once.
The future of mixnets is here
It is great news that Web3 thinkers and builders like Vitalik are making concrete plans to address one of the core and unresolved problems of Web3: metadata leakage. If metadata protections are not in place, then Web3 is heading for a data crisis of its own making.
The bellwether is that mixnets, originally developed in Web 1, are getting the recognition they deserve: a way forward to a more private and secure internet. The stakes couldn’t be higher as AI technology is dramatically changing the power of surveillance systems. Nym knows that privacy-defending technology needs to keep pace.
But there’s no need to wait for roadmaps and plans: protect not only your wallet, but all of your web traffic today with NymVPN, the world’s first Noise Generating Network: it’s a mixnet right in your hands, for all your devices. But what’s clear is that the way to a private web will be technologically cooperative. In the end, multiple tools together are needed for Web3 to succeed. Let’s build the connections.
