April 19, 2022 - 11 min read
In recent years, blockchain has been touted to address a number of consumer privacy issues. Many believe blockchain is a solution for preserving privacy in areas such as digital payments, healthcare, and IoT. However, while blockchain has many useful applications in these areas, it could actually be eroding privacy in the very ways that it is thought to be reinforcing it.
In conventional blockchains, each node is allowed to access the content of each block in order to verify transactions. If a node cannot access the content of a block, it cannot verify the subject transaction, making the information practically and legally unreliable. However, when the node accesses the content of a block, it obtains significant information about the transaction, which naturally erodes privacy. Therefore, it can be said that current blockchain protocols face a significant trade-off between utility and privacy.
The more public information that can be accessed on a blockchain, the easier it is to verify a transaction and ensure the reliability of the blockchain; but each bit of public information reduces the level of privacy for the user.
Even for blockchains that attempt to provide significant anonymization, in many cases, it is possible to reconstruct a user’s identity with semantic analysis of the metadata generated by the blockchain.
However, despite the major issues with privacy that currently affect blockchain, it can confidently be said that, in many scenarios, blockchain does provide a high level of data protection.
Before diving deeper into the potential privacy issues and solutions that may be caused or solved via blockchain, it may serve to discuss the important differences between data privacy and data protection.
Privacy can broadly be defined as an individual or entity’s ability to control the information that is collected about them. In contrast, protection is the ability to secure the data that has been gathered on the individual or entity. For instance, a user may allow a website to collect data on them via cookies, which, as long as the option is made clear and the user answers in the affirmative, would not be a violation of privacy. However, if that information is easily hacked by a third party, it would be a violation of data protection.
Blockchain data is immutable, which means that a user cannot effectively remove personal data from a blockchain, even if it is outdated or inaccurate. In addition, as previously mentioned, data is publicly available to all blockchain participants, and data is kept forever.
This puts blockchain in direct violation of a user’s “right to be forgotten,” which is a major part of the EU’s General Data Protection Regulation. As succinctly stated by technology commentator Daniel Newman, “blockchain is good for security but bad for privacy.”
The issues we have discussed above are regarding public blockchains, but public blockchains are far from the norm for many blockchain use-cases, particularly when blockchain is used for enterprise healthcare, banking, insurance, or IoT data. Private blockchains are, by their nature, not public, so they do not face the same type of privacy issues that public blockchains like Bitcoin or Ethereum do.
However, private blockchains are generally centralized in nature, meaning that the majority of nodes are controlled by one group and can act in unison to approve new blocks. This takes away the “trustless” nature of the blockchain in question, as the accuracy, and ultimately, the security, of the blockchain rests on a centralized authority. For example, a blockchain used by health insurance companies to store patient data may be more resistant to outside hacking or tampering, but it could still face threats from within, such as IT employees who could exploit the centralized nature of the blockchain to steal and sell patient data.
Therefore, while private blockchains may increase data privacy and data protection, they are far from perfect, and more innovations could certainly be utilized to increase both the decentralization and the privacy of these “private” blockchains. So, while private blockchains are private to the outside world, they may or may not provide privacy to individuals whose personal information is stored on private blockchains.
While hailed as the ultimate privacy solution for financial transactions, in truth, the Bitcoin blockchain is perhaps the most public blockchain in existence. While Bitcoin transactions do remain somewhat anonymous, there is still a strong potential that the user can, ultimately, be identified. Much like the difference between privacy and protection, there is also a major legal and practical difference between anonymity and potential identifiability, with Bitcoin transactions having some degree of anonymity, yet a strong degree of potential identifiability.
The same can be said of financial transactions on many other blockchains, such as Ethereum, Cardano, and Solana. Like with users transacting on the Bitcoin blockchain, on the surface level, the user may be unknown, but with sufficient digging, they can often be identified.
Cryptocurrency privacy, however, is not black and white, and exists on a range, from the most public, to the most private. For example, some users are hailing cryptocurrencies like Monero due to their increased privacy. Unlike Bitcoin transactions, Monero transactions are harder to trace due to the fact that they use ring signatures and stealth addresses. A ring signature is a specialized type of digital signature that can be performed by any member of a set of users that each have keys. According to Investopedia:
Stealth addresses have the potential to make blockchains truly private by effectively concealing users’ identities, but, on the other hand, their increased privacy has led to concern by governments and law enforcement agencies that cryptocurrencies utilizing stealth addresses could be used to facilitate illicit activities. If a blockchain or cryptocurrency is truly private, there is, of course, no way to determine whether the additional privacy is being used for good or bad, which is a dilemma that the industry, users, and governments will continue to face as blockchain privacy issues continue to come to the forefront of public discourse.
Other cryptocurrencies that provide a relatively high degree of privacy include ZCash, which provides users the option to shield their transactions from the public with cryptographic tools called Zero-Knowledge Proofs. Users can send crypto to each other without revealing their addresses, and they can also conceal their transaction amount from the public. Another popular cryptocurrency, DASH, allows users to activate a PrivateSend feature to conceal the origin of their transactions.
Crypto exchanges, even centralized ones, used to be able to claim a certain degree of privacy for users, due to the fact that they did not always collect personally identifiable information on their users. However, this has all changed with increased regulation of crypto, and with it, increased know your customer (KYC) requirements, intended to prevent issues such as tax evasion and to bring exchanges into compliance with anti-money laundering (AML) regulations.
These KYC requirements, of course, almost completely eliminate the privacy benefit of transacting in cryptocurrency, as a user’s personal information is now accessible both to the exchange as well as relevant government agencies. As long as one has agreed to this transfer of information, one could potentially argue that the process is still private.
However, unless the exchange and any government agency the information is shared with are themselves using a highly-secure blockchain or another type of secure data storage system, the information is hardly protected. Hence, we are now in a situation where most crypto users effectively experience little data privacy or data protection.
While privacy proponents may not like these developments, on the other hand, it can be argued that there are good reasons for these requirements. Money laundering can be used for far worse activities than tax evasion.
For example, international intelligence agencies, including U.S. intelligence agencies, have all but confirmed that North Korea has used cryptocurrency-based money laundering to fund its nuclear weapons and ballistic missile program, activities which most informed individuals would find both dangerous and destabilizing to international security. This is just one prominent example, as money laundering, whether crypto-based or otherwise, can also be used to fund activities such as human trafficking, terrorism, and the smuggling of deadly drugs, like fentanyl, across international borders.
Despite the push for KYC requirements, there are still some crypto exchanges out there that do not require users to jump through these hoops, significantly increasing potential user privacy. However, these exchanges are often unavailable in the United States. Some U.S.-based users may be able to access U.S-prohibited exchanges through VPNs, though this could be considered a violation of federal law. Whether U.S. citizens can utilize these non-KYC blockchains outside the U.S. is questionable, but it may be better for users to air on the side of caution.
Some popular non-KYC exchanges include:
Cryptocurrency transactions are already less than private, due to the fact that they are all recorded publicly on the blockchain for all to see. However, in theory, some degree of privacy is retained as long as the participants are unknown.
Wallet-to-wallet transactions, in which the wallet user is not required to submit any personally identifiable information, therefore, seem to be one of the only current use-cases of blockchain payments in which privacy can be somewhat upheld. Wallets in which the user does have to enter KYC information, such as name or phone number, automatically reduce a user’s privacy.
One potential application where blockchain can provide some degree of privacy is blockchain-based, decentralized cloud storage. Current solutions, such as DropBox, Google, and OneDrive, are both insecure and somewhat expensive, particularly for companies that deal with large amounts of data.
Sia is one example of a relatively private and decentralized blockchain storage protocol. The service provides distributed, encrypted cloud storage across a decentralized network. Neither Sia nor node operators, which act as storage providers, have any access to a user’s data.
In addition to storing data online with a higher degree of privacy than traditional methods, blockchain also has the potential to make internet browsing more private. In a 2020 study, Brave, a decentralized, blockchain-powered internet browser, was ranked as the most private internet browser on the market. While it’s not necessarily clear that Brave’s blockchain integration is what makes the browser more private, it does offer users an unprecedented amount of control over their user experience, particularly with regard to advertising. Advertisements are automatically turned off on the browser, with users having the option to turn ads on in order to earn crypto in the form of Brave’s basic attention token (BAT).
Despite the potentially massive privacy issues that blockchain technology represents, there are a variety of projects attempting to integrate greater privacy standards into blockchain technology.
One major effort is the Secret Network, which supports encrypted inputs, encrypted outputs, and encrypted states for smart contracts. Like other blockchains, the Secret Network is a decentralized network of computers operating as individual nodes. However, unlike other blockchains, each node, which the company refers to as a “secret node” uses trusted execution environments (TEEs) to facilitate private computation and encryption. A trusted execution environment is a secure area of a main processor which guarantees that the code and data inside is confidential.
According to the company, their “TEEs function like a “black box” for data processing and are utilized in all types of everyday platforms, such as smartphones and video game consoles.”
Users who wish to view their encrypted data can use a “viewing key” to do so. The firm says that these keys “can be shared with third parties like auditors, wallets, and explorers [and] allow users to maintain control over their data and decide what is shared – and with who.”
When taken as a whole, blockchain has both the potential to undermine and the potential to reinforce the privacy of ordinary internet users, all depending on how it’s used. As previously mentioned, there is often a trade-off between the utility of a blockchain and its privacy, but this doesn’t always have to be the case.
Traditional cryptocurrencies based on public blockchains have, so far, proved to be less private than users once expected, and, with growing KYC requirements on crypto exchanges, these exchanges are now no less private than opening a bank account.
However, new blockchains, such as the Secret Network, designed with privacy in mind, could upend this trend by creating truly encrypted smart contracts that still have a high degree of trustlessness and functionality. In addition, other uses of blockchain technology, such as blockchain-based cloud storage and internet browsing, may provide significant privacy benefits to users.
Blockchain, like any other technology, can be used in a myriad of ways, but in general, truly private applications of blockchain must start with privacy as a core value. While blockchain has an incredible ability to secure data, its ability to keep the owners and users of that data private is still in question. Only time will tell if blockchain contributes to– or erodes, the privacy of individual internet users.
Sign up for the Supra newsletter for company news, industry insights, and more. You’ll also be the first to know when we come out of stealth mode.