Privacy will unlock blockchain’s commercial potential
Bnews platform editor
Innovative solutions, such as selective disclosure and dual-asset systems, can strike a balance between data protection and compliance, paving the way for widespread adoption and innovation in Web3.
Blockchain has made remarkable progress since it emerged from its esoteric fringe into the global discourse 16 years ago, and has even recently received sustained support from Wall Street incumbents. Despite this, the technology has sadly yet to fully unlock its commercial potential. A core challenge remains: too much sensitive data remains publicly exposed.
The heart of the matter
The heart of the matter is that businesses must keep business data confidential, while individuals strive to protect their personal information as much as possible. However, once data is placed on a public blockchain, it becomes irreversible and permanently exposed.
Even if businesses take every possible precaution to conceal data, mistakes made by others or vulnerabilities in the system may still expose sensitive on-chain data or metadata, including the identities of participants. This can lead to privacy breaches, compliance violations, or both, undermining the underlying assumptions of blockchain as a trusted technology and highlighting the importance of strong measures to protect sensitive data.
On the other hand, concealing activity on the blockchain can open the door to money laundering, which in turn triggers negative government responses. In the case of incidents like this, a false impression is created that governments are against Web3 privacy, which is the fundamental need for enterprises to adopt this technology.
No matter how you look at it, protecting on-chain privacy is a real and complex problem facing Web3. Until we solve this problem, enterprises should not and cannot cross this gap.
Governments are not against blockchain privacy
Web3 entrepreneurs are increasingly concerned that companies building decentralized applications and providing financial anonymity may get into regulatory trouble. Look at the founder of Samourai Wallet being charged with money laundering, or the developer of Tornado Cash being sentenced to 64 months in prison for similar reasons.
These responses have led to a consensus that governments are against privacy on blockchain.
But this is not the case. Governments are not against privacy, but rather demanding it to be guaranteed across industries. Data protection laws like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) are designed to ensure that companies protect our customer data from misuse and security threats.
The real problem revealed by these high-profile cases is that the measures Web3 uses to protect data provide opportunities for abuse, thereby facilitating criminal activities such as money laundering, which reasonably raises serious concerns for governments. Blockchain's data protection capabilities should not undermine cross-jurisdictional laws that are designed to protect the global community from terrorism, human trafficking, fraud and other crimes.
The question is: how to achieve privacy correctly?
Selective disclosure
When used on blockchains, protecting sensitive data is usually achieved by keeping the data off-chain, or encrypting the data on-chain. However, the latter is not a durable privacy protection, especially in the context of quantum computing's rapid cracking of encryption technology.
The emergence of zero-knowledge (ZK) technology provides users with a new way to ensure that sensitive data remains off-chain, but by sharing proof of the validity of the data. In Web3, zero-knowledge technology has become a transformative privacy enhancement method, which enables untrusted third parties to verify that a transaction occurred without sharing any information about the transaction.
Decentralized applications can enforce privacy through selective disclosure, choosing whether to put data on-chain (full disclosure), put it on-chain and encrypt it (disclosure by viewing a key), or use zero-knowledge to publish only proofs about the data (providing utility without revealing any information). However, selective data disclosure only solves half of the privacy problem, it does not take into account metadata.
The Next Frontier of Privacy
Metadata — the information surrounding our data — is an overlooked component of sensitive information exposed by blockchains. Even when the data itself is hidden, metadata can be used to make inferences, creating an additional layer of vulnerability.
For example, through transaction metadata, investment and trading strategies and other behavioral patterns can be inferred. For businesses, this can impact their ability to grow and maintain a competitive advantage. They cannot afford to have trade secrets and strategies, or even the identities of the parties they transacted with, publicly leaked.
Protecting metadata and eliminating the ability to infer is critical to security and can be addressed by using private tokens. However, this ability can also be abused and used as a tool for money laundering.
If using private tokens is not a solution, and using public tokens does not provide sufficient confidentiality, the solution to this challenge is to completely rethink Web3’s approach to protecting metadata. We need to combine the strengths of both approaches and create a dual-asset system where public and private tokens are used. Each asset operates independently and can be subject to specific restrictions to prevent illegal activities such as money laundering, while retaining all other advantages.
A powerful framework
The dual-asset system enables confidentiality without the metadata protection issues, making compliance and business policy enforcement possible. By combining this token economic structure with selective disclosure, privacy and compliance can coexist on the blockchain, which will have a profound impact on adoption and innovation.
