In July, some friends and I spoke on a panel at Hope.net, the biennial hacker conference held by the underground-computing magazine 2600 that began in 1994. The title of our panel was “Plausible Deniability and Cryptocurrency Privacy.” The other 3 panelists were: Lane Rettig (early EF developer and current Spacemesh CTO), Ahmed Ghappour (Nym General Counsel), and Arctic Byte (early crypto miner).
We covered a fair amount of ground, including
- Each of our motivations for being interested in privacy
- The misconception that cryptocurrency transactions are private
- Famous forensic analyses that led to arrests
- Defining the level of privacy you want, and ideas for how to achieve it
The conference was live-streamed, and the video for this panel will be made available on 2600’s YouTube channel in a few weeks. I’ll update this post with the link when it’s ready.
[Update on 16 Aug 2022: full video added below]
We also conducted a 3-hour workshop covering the privacy attack surface, walkthroughs of forensic investigations on the blockchain, and demos of privacy options in crypto (wallets and protocols). Here are the slides to the workshop.
In this post, I want to reiterate some of the things we discussed on the panel and at the workshop, and throw in some things we didn’t get to cover. If you want a practical list of tools and tricks to stay private in your cryptocurrency transactions, please refer to Lane’s awesome blog post and this article by one of my fav Medium reads, Stakingbits.
What does “privacy” mean to you?
Everyone has a different dFreeefinition of privacy. My favorite definition of privacy is “selective disclosure.”
For example, even though I refuse to give a random cafe my email address just to get WiFi, I still have a Facebook account. Thus the cafe cannot email me unwanted marketing emails or, worse, keep my info in a poorly secured database and then have my data stolen and sold on the dark web. On the other hand, when I choose to post “Who’s around?” on Facebook while visiting New York, only my chosen friend circles will see that (and Facebook can creepily market NYC restaurants to me, that’s fine…).
Why I care about privacy
I care about privacy because I care about freedom. I care about people being able to act without the constraints of being unfairly judged, controlled, and penalized.
Until and unless we are a homogenous assembly of identical robots, we will be different from one another, and we will inevitably pass judgment on each other.
The homophobe may pass judgment on the homosexual, but equally the LGBTQA may pass judgment on the homophobe (just look at today’s climate of being intolerant of intolerance). Everyone has the right to their own opinion. When we start trying to control how people think, we get close to a dystopia.
But your personal opinion should not negatively impact someone else’s real life circumstance, i.e. discrimination. And since we cannot deploy an infinite amount of resources to erect institutional structures that protect people from discriminatory acts, the next best solution is to help people to keep their lives private from other people.
When someone doesn’t even know that they have a reason to not like someone else, they don’t have a reason to judge, control or penalize.
My other panelists had other reasons for caring about privacy:
- Lane observes that many values core to modern society today were once fringe ideas, e.g. attitudes towards human rights, gender identity, race. Being able to privately organize until you have the critical mass to turn the tide is essential to democracy
- Ahmed has spent much of his life defending people who were detained, sometimes unfairly. He is acutely aware of how people may lose their freedom after unexpected changes in social and governmental powers
- Arctic Byte observes that someone who knows a lot about you can control you by controlling what information you are fed back. Amazon feeding you purchase ideas, and Facebook feeding you information from groups with specific agendas, are some examples
“If you want privacy, you must have something to hide”
This is a commonly used argument that is deeply flawed. Unless you expect to die tomorrow, no one is safe from this argument over the long run. As the world whipsaws between extremes, mainstream attitudes and behaviors are being challenged at an accelerated rate with the help of social media. Who knew that looking up abortion clinics could land you in prison in 2022?
Remember what the German Lutheran pastor Martin Niemöller said about the silence of German intellectuals and certain clergy — including, by his own admission, Niemöller himself — following the Nazis’ rise to power:
First they came for the socialists, and I did not speak out —
Because I was not a socialist.
Then they came for the trade unionists, and I did not speak out —
Because I was not a trade unionist.
Then they came for the Jews, and I did not speak out —
Because I was not a Jew.
Then they came for me — and there was no one left to speak for me.
For the majority of people who fall right smack in the middle of the mainstream for most dimensions (lifestyle, preferences, race, education, etc), it can be challenging to imagine what it’s like being a minority, and thus difficult to understand why privacy is important to freedom. By not personally experiencing the injustice of discrimination, their cost-benefit analysis of protecting privacy usually concludes that staying silent is the net positive outcome.
Further, I find the “nothing to hide” argument inherently manipulative. Have you ever started a genuine debate on a topic (such as the right to privacy as a human right), only to have your counterpart throw a red herring in to derail the debate? The topic is the validity of a human right, but instead of debating that specifically, your counterpart casts aspersions on your character. It’s a lazy (or intentionally fallacious) form of debate.
Let’s change the narrative from “What do you have to hide?” to “Why do you want to know? You sound like a creep”
Security vs Privacy
I struggle with this dilemma. Security and Privacy are often diametrically opposed. An obvious example: if the government could intercept all forms of communication, they could easily catch all criminals. An opposing example: if people could communicate and transact 100% privately, the US would *never* have caught Osama bin Laden.
But Security is obviously not everything that civilization is designed to protect. To live freely, without being unduly controlled by others, is also a critical human condition. Without Privacy, one can nary have freedom.
I think what’s lacking is not an understanding that Security and Privacy are both necessary (most people agree they are); what is missing is an ongoing dialogue about where and how to draw the line.Governments are expanding the surveillance state as far and as quickly as possible (spending billions in the process), embarrassedly pulling back only when they are called out by concerned citizens. In some cities, we have woken up seemingly overnight to thousands of installed CCTVs without the prior knowledge of the residents they are spying on.
We need a bi-directional dialogue, between government and the people, about where we as a society are prepared to draw the line, making tradeoffs on either side. After all, isn’t democracy about “government for the people, by the people?”
One fact we have to concede is that governments and the authorities are biased towards solving for Security primarily due to a closer alignment in timeline.
The effects of security violations are acute, immediate, and directly attributable. In contrast, the effects of privacy violations are diffuse, slow to emerge (perhaps decades), and often very hard to attribute to a single factor.
The lifecycle of political careers are much closer to that of security violations — “the government failed to prevent that bomb from going off last year.” In contrast, can anyone remember who first established the NSA, all those decades ago? Acknowledging this mismatch in time horizons between political careers and privacy violations will make the Security vs Privacy tradeoff more effective.
Make Narratives, not Hate
I am part of a group of builders in the privacy space in crypto. We all agree that a big missing piece is effective narratives. Nobody wakes up in the morning and says, “I AM GOING TO CREATE PRRRRIVACY TODAY!” Instead, people rally around narratives and causes.
But we still don’t have effective and balanced narratives yet. I’m not talking about dead end arguments like “privacy is a human right, everyone else can go to hell,” because that is impractical in a society where law enforcement (and the security argument against total privacy) is a big pillar for civilized societies.
I’m talking about narratives that expose:
- What happens when you totally give up privacy (standard dystopian stories)
- What happens when you have too much privacy (another kind of dystopia, though less explored)
- The incentive misalignment arising from the mismatch in timelines between political careers and the impact of privacy violations
I am curious about how we are going to make people wake up and take control of their future. Or, if we fail to do so, how accurate the book 1984 will be about the year 2084 (it will probably be banned then).
My thoughts on privacy evolve. The above reflects where I currently stand, but I’m open to new inputs. If you have a privacy project you’re working on or would like to discuss anything greater depth, please reach out on Twitter at @michlai007.