The largest government database leak in internet history was revealed last week, exposing the personal information of one billion to the dangers of the dark web, and it has reminded the world of the risk of gathering too much data into a centralized database guarded only by an authorization portal. While most people are already aware of (and mostly apathetic toward) the risk of data leaks presented by Web2 companies and world governments, many aren't aware of the risks presented by Web3 in its current state, despite many being enthusiastic supporters of mass-adoption.
Web3 is the "third generation" of the internet, built on blockchains (such as Bitcoin, Ethereum, and Dogecoin) to provide digital property ownership and to facilitate peer-to-peer value transfer and trade, among many other potentially useful functions. Public blockchains are designed for recording all transactions made on-chain, which are visible forever so they can be audited independently. This means the only privacy feature is pseudonymous accounts, which can still be linked to their owners through doxxing. While the internet of Web2 may eventually forget due to link rot and server hardware failure, as well as providing users the ability to erase or modify inconvenient data, a blockchain never forgets what is (or was) stored on it. What happens on the blockchain stays on the blockchain... forever.
Last week, Fortune reported on China's cybersecurity data breach, which contained 23 terabytes of personal data belonging to one billion Chinese citizens, each entry offering every detail of the citizen's life. This event inspired a Twitter post made by Manta Network contributor, Kenny Li (@superanonymousk), who talked about the danger of Web3 in its current form and the need for on-chain privacy protocols before it attempts to reach mass-adoption. In this post, Li touches on Web3's expanding use cases, the need for laying the right security foundations, and changing the narrative around privacy being for criminals.
New Security Protocols Are Needed
Whereas a hacker must bypass a government's security protocols to gain access to its database, there exists no security protecting data stored on a public blockchain. Without encryption to hide on-chain data, this takes everything that is already dangerous about Web2 and amplifies it through Web3's immutable transparency and ability to store and transmit value. Use cases like blockchain voting systems, NFT and token purchases, smart contract interactions, payments and account holdings, and much more are all forever stored in a publicly visible location for each account, and can be found by anyone with an internet connection who knows how to navigate a block explorer. All it takes is one dox and a user's entire on-chain history is forever exposed, which includes their present and past asset holdings and every transaction they have ever made.
While privacy blockchains like Monero and Secret Network are fully functional, world governments and agencies have made it clear they are not okay with such networks existing, or with people using them. The narrative has always been that privacy protects criminals, crypto scams and theft, and money laundering, and that law-abiding users shouldn't have anything to hide behind the cryptography of privacy protocols. However, as the Shanghai leak has shown, if a lot of personal data is being recorded and there is little or no security guarding it, then the insufficient (or complete lack of) privacy becomes a legitimate threat to everyone's safety, regardless of their intentions.
While Web3 is a highly promising frontier that stands to change the world's economic systems, it is still experimental and sometimes dangerous in its current form. Today, all on-chain activities will be forever recorded and visible to one's descendants, no matter how inconvenient those activities were. New cryptographic protocols are necessary for the mass-adoption of Web3, just as they were vital for the internet. While Web3 could change the internet, it is also highly experimental and carries risks that should be considered carefully before using it, and is in no way ready to be adopted by billions of internet users who will trust it with their personal data.
Sources: Fortune, Kenny Li/Twitter