Blockchain and smart contracts dramatically increased the possibilities of what we can build using decentralized technologies, spurring the promise of the “Web3”—a more democratic web that eradicates online monopolies and puts the power back into the hands of its users.
But in their effort to provide the transparency needed to create trust and consensus on the blockchain, major smart contract platforms like Ethereum neglected a crucial component: privacy.
In this article, we’ll explore the consequences of this lack of blockchain privacy, the role privacy could play in building the Web3 and generating mass adoption, and the current state and challenges for building a more privacy-preserving web.
But first, let’s address a few common misunderstandings around blockchain privacy and its utility:
Misconceptions about blockchain privacy
#1 There’s already anonymity on the blockchain
Unlike what many people think, Bitcoin and other major blockchains like Ethereum are surprisingly transparent. These blockchains record all transactions on a public ledger, which you can view with a block explorer.
You can use Etherscan to look up each transaction in every block recorded on the Ethereum blockchain, including wallet addresses, transaction amounts, and the smart contracts and apps they’ve used.
This transparency wasn’t a significant issue back in the early days of crypto, as blockchains provided pseudo-anonymity. Wallet addresses appear as random strings on the block explorer with no personal details attached, so it’s hard to decipher who’s controlling each address.
But with the rise of KYC’ing on centralized exchanges and blockchain analysis firms developing increasingly sophisticated analysis methods, linking people’s cryptocurrency wallet addresses to their real-world identities has become increasingly easy.
And once someone links your identity to your wallet address, they can see what assets you own, who you transacted with, and what you spent your crypto on—from the very moment you created your wallet.
#2 You have to choose between complete transparency or privacy
A big misconception is that cryptocurrencies are either entirely transparent or private. You can use a public blockchain like Bitcoin or one that obfuscates your details as much as possible, like Monero.
The truth is there are many different types of privacy.
Zcash, for example, gives the option to send from and to “shielded” (private) vs. “unshielded” (public) wallet addresses. Smart contract platforms like Secret Network have public code and a public native coin, but the data flowing through the smart contracts (i.e., user data) is encrypted, and data can be decrypted if needed.
This flexibility is crucial for many use cases. DeFi applications, for example, need certain data to be public to make their applications work, and institutions will want to be able to verify the trustworthiness of other parties.
The choice between cryptocurrencies being entirely public or private is a false one. Instead, it’s about finding the right balance of privacy vs. transparency to accommodate the variety of use cases the Web3 will have to support.
#3 Only criminals need blockchain privacy
A common concern is that privacy on the blockchain in the form of privacy coins and protocols will increase criminal behavior and money laundering. The use of privacy coins like Monero on black markets and the mixing protocol Tornado Cash by Korean hackers seem to confirm this.
However, there are very legitimate reasons for “regular folks” (non-criminals) to want privacy, and absolute transparency can be abused by criminals just as much as privacy. We’ll explain both of these points in more detail in our next section.
Ultimately, it’s about finding a balance between trying to eradicate all criminal activity and giving “good” people the privacy they need to stay safe and protect themselves.
#4 Transparency is the characteristic that makes blockchains work
If you already know a thing or two about blockchains, you might wonder: isn’t transparency one of the big selling points of blockchains? Isn’t that what allows anyone to verify what happens on-chain?
While transparency is a key component to making decentralized technologies work, we don’t necessarily need the radical transparency of Bitcoin and Ethereum for every transaction and part of the chain.
Blockchains could use zero-knowledge proofs to prove the legitimacy of transactions and computations without revealing all details. And blockchains like Secret Network make data private by default but give users the option to share it (if needed) with viewing keys.
In other words: there are ways to provide the transparency needed to make the consensus mechanisms in blockchain and smart contracts work without needing to display all user data publicly on-chain—as currently happens.
The consequences of complete transparency for blockchain and smart contracts
Now that we have a better understanding of blockchain privacy, let’s examine the consequences of a lack of privacy for blockchain and smart contracts.
Increased exposure to attacks by hackers and scammers
Completely transparent blockchains provide tons of data that can be mined by everyone—including criminals.
With total blockchain transparency and the possibility to link your wallet address to your personal details, it’s becoming increasingly easy for criminals to identify wallets with valuable assets and perform highly targeted attacks.
Once they find details like your name, date of birth, ID number, and address, they can perform phishing attacks, blackmail you, or target your devices and phone provider to hack your account. There have even been records of physical attacks!
The reintroduction of “single points of failure” and their risks
Many centralized exchanges, blockchain analytics firms, and other platforms that gather and combine customer data protect this data as well as possible.
But gathering vast amounts of (sensitive) data in a single place reintroduces one of the big issues decentralized technologies tried to address in the first place: single points of failure that can, when hacked or compromised in some other way, have devastating consequences.
The last two years have already seen several major hacks of centralized exchanges, including KuCoin and BitMart.
If individual crypto holders don’t have control over what they do and don’t share and have no privacy, data accumulation and the risks and problems that come with it are inevitable.
Unfortunately, it will be the retail investors who get harmed by this, not the criminals. As criminals will find a way around these risks by running their own nodes and software.
Exploitation by authoritarian regimes to censor and control citizens
Privacy isn’t just essential to protect financial assets—it’s also essential to preserve freedom.
With complete transparency for blockchain and smart contracts, all citizen data—the apps they use, how they use them, and the messages they send—are fully visible. And in countries where censorship and repression are a reality, corrupt governments could use this information to shape people’s behavior and control their lives.
Complete transparency also makes it riskier to give humanitarian aid to countries suffering from totalitarian regimes.
The role of cryptocurrencies in the war between Ukraine and Russia showed how decentralized technologies could help give humanitarian support—provided it has privacy. As Vitalik—founder of Ethereum—who used Tornado Cash to donate money to Ukraine noted: “While your own government might be supportive, you don’t want the Russian government to be able to look up all your financial details.”
Why blockchain privacy is needed for Web3 mass adoption
Privacy is essential for many Web3 use cases
With the programmable nature of smart contracts, there are tons of use cases and areas where decentralized technologies could make a huge difference.
We could potentially create decentralized ride-sharing apps that resemble Uber and blockchain-based subscription services like Netflix. NFTs could be used to replace identity authentication systems and make real estate contracts much more efficient.
However, completely transparent blockchains make building usable versions of these apps nearly impossible. Imagine all your Uber data being public on a blockchain: your location, credit card information, and your pick-up and destination locations. Imagine all the messages you send to family and friends being publicly viewable. Would you use these apps?
The vast majority of use cases that Web2 applications currently serve need privacy. And thus, if we want the decentralized web to take off, we need privacy for Web3 as well.
Enterprise won’t embrace decentralized technologies without privacy
Blockchains have great potential to make many processes within companies more reliable and efficient. They could remove data silos between companies by standardizing and aggregating information. Their tokens could be used to ensure the integrity of data, as a token can be held by only one person at a time.
Blockchain technology can optimize supply chains by giving everyone access to the same data, creating “one source of truth” that minimizes the time needed to validate data and simplifies the process of tracking down issues. Smart contracts could also keep track of prices, automate payments, and more.
However, enterprises won’t make the switch if using blockchain and smart contracts means putting all their data online. What company would reveal all customer data, including name, address, and credit card information? Or expose their finances and long-term strategy to everyone—including their competitors?
For the enterprise world to embrace decentralized technologies, we need privacy.
Privacy for blockchain and smart contracts: where we’re currently at
The most interesting privacy projects are in the smart contracts space, as they’ll allow us to build privacy-preserving applications. This development is essential if we want to be able to accommodate all of the use cases web2 currently supports and create a more decentralized web.
However, there’s a reason why we have privacy coins like Monero and Zcash, but only a few private smart contract platforms live on mainnet. And that’s because achieving privacy for smart contracts is a significant technical challenge.
Smart contracts need to be able to be programmed in a multitude of ways, supporting different inputs, outputs, and calculations, while retaining data privacy.
But technology is getting there. Right now, a few solutions offer privacy for smart contracts on mainnet:
Secret Network is a layer-one blockchain built with the Cosmos SDK that features smart contracts which encrypt input, output, and state (i.e. user data) by default. By using “trusted enclaves”—hardware “black boxes” within which computations can be performed without anyone or anything being able to access the data—nodes on the network can validate transactions while ensuring data privacy at all times.
Owners can access or share data at any time using viewing keys, and developers can choose to make certain types of data public to make their app function—for example, a lending protocol like Sienna Lend.
Aztec is a layer-two privacy solution on Ethereum that allows people to use Ethereum’s DeFi apps privately by “shielding” their assets using zk.money.
Users deposit their funds into Aztec’s Ethereum smart contracts, which use zero-knowledge proofs to create encrypted notes representing your assets. You can then use these notes to make private transfers and use Ethereum’s DeFi apps without revealing your financial details. After completing your DeFi activities, you can return to Aztec to reclaim your funds.
The biggest challenges ahead for Web3 privacy
The current biggest challenges for blockchain privacy aren’t just technical but also regulatory.
At least some level of privacy is needed to make the decentralized web safe to use, extend its use cases, and foster mass adoption. However, how can we make sure privacy solutions don’t attract the regulatory banhammer as Tornado Cash did?
We believe the solution is twofold. On the one hand, we need to provide enough flexibility to accommodate the variety of use cases the decentralized web will have to provide. Sometimes, you do want to know exactly who you’re dealing with. But these details won’t have to be public to everyone. Or they’ll have to just be public to the app itself.
On the other hand, we need to improve the image of blockchain privacy and educate the public and regulators about what privacy entails and why it’s important.
As blockchain privacy technology is getting increasingly sophisticated, the possibilities expand, and regulators and the general audience are starting to understand privacy better, we believe we can make privacy an integral part of the decentralized web—as it should be.
Follow us to learn more about blockchain privacy
If you’d like to dive into blockchain hands-on and pioneer Web3 privacy, become a Secret Agent 🕵