Unfortunately, this problem mostly went unnoticed and stakeholders of crypto companies have only been the happiest when talking about scaling Web 3.0 for mass adoption. Are we witnessing a culminating catastrophe waiting to happen?
Web 3.0’s privacy conundrum: The matter at hand
People who championed Web 3.0 or in favor of a decentralized system in general often argue that DAO (Decentralized Autonomous Organization) is the best solution we have at hand to fight privacy infringement issues with Big Data. The popular claim is that because we stop sending our personal information to centralized databases, and instead keep them encrypted on a decentralized ledger inside a blockchain, we finally have the full autonomy of our own private data. However, the reality does not mirror the utopia dream.
Researchers have found out that although participants in public blockchains don’t typically need to make their identities known, people could still track everyone’s identity using transaction data alone inside the blockchain. In a recent research paper, they unveil, “We find that several DeFi (Decentralized Finance) sites rely on third parties and occasionally even leak your Ethereum address to those third parties – mostly to API and analytics providers.” And by “occasionally”, they mean 56% of the 78 DeFi sites examined in the study are leaking their users’ addresses to Google.
“Ethereum address leakage to Google is particularly problematic because the company likely already has PII about you, which it can then link to your Ethereum address, which can then be linked to your transaction history on the blockchain,” they concluded. So, is the freedom from Big Data claim still true even now?
The solutions are ready and waiting to be implemented
Privacy issue on the internet is a tale as old as time. Likewise, there have been technologies invented specifically to solve or at least reduce the damage of sharing your private data digitally. In a crypto industry, a cryptographic key is usually used to encrypt, decrypt, sign data, or verify a signature.
HSM (Hardware Security Module)
The most popular mode of cryptographic key among crypto companies is called HSM (Hardware Security Module), which is specialized physical hardware designed to keep keys secure and carry out cryptographic operations. However, HSM is not infallible. In 2019, researchers were able to hack a well-known HSM. Moreover, HSM hardware is still prone to key misuse by internal employees.
sMPC (Secure Multiparty Computation)
In response to issues occurring to HSM, developers invented a more enhanced security system called sMPC. This technology allows different parties with their own private inputs to conduct a joint computation. The parties learn the outcome of the computation, but each learns nothing about the other parties’ respective inputs. This allows geographic separation and independent controls over secure cryptographic data. The distributed keys and encryptions also improve the security by leagues and for once solve almost all problems of the infringement issues. You can read more analysis about HSM vs sMPC here.
However, the downsides of implementing these technologies are many, one of them is to temporarily put any growth plan on hold until the system is 100% secured. Predictably, stakeholders distaste this idea since it hinders their business objectives. Thus, they have been collectively setting aside this overdue problem. Moreover, the general public has been warming up to DAO and stakeholders only see this as a great chance to scale up the use of blockchain. But in the end, is it wise to offer someone a service you know is flawed and has the potential of hurting your customers?
Read More: Web 3.0 Technology (That We Have So Far)