What you need to know about web3 and the future of data privacy in 2023
As part of our Data and Privacy Deep Dive, we explore how emergent blockchain-based technologies including the metaverse, cryptocurrency and non-fungible tokens (NFTs) could reshape the data privacy landscape.
Blockchain technology could eventually put control and ownership of personal data into the hands of individuals. / Adobe Stock
For most of us, the rise of big tech companies has been a double-edged sword. On the one hand, it has provided us with the shiny and powerful technological tools that most of us use and love: everything from the iPhone to Spotify to Gmail. On the other, many of those very tools – in addition to being dangerously addictive – have forced us to sacrifice control over a resource whose value many of us didn’t even realize until it was too late: our own data.
The web2.0 era, which began in around 2010 and extends through the present day, has been the era of centralization. The ascent of major tech corporations Facebook (now Meta), Google, and Microsoft has created a model in which users must provide vast quantities of personal data, which is then used to generate increasingly sophisticated ad-targeting technologies. The users have become the products.
The advent of web3 – a technological ecosystem based upon blockchain technology and which is widely regarded as the third evolutionary phase of the internet – could potentially reverse that trend, putting the control of data back into the hands of individuals. The key, and one of the core principles of blockchain technology, is decentralization – that is, a framework which is controlled in equal measure by a vast number of separate nodes in a network, as opposed to a single, centralized server.
To put it more simply: decentralization makes it impossible for any single entity (be it an individual, a corporation or a government) to control the flow of information.
In addition to being decentralized, blockchain networks leverage cryptography, a practice that uses mathematical principles to protect sensitive information from adversarial entities. Cryptography is nothing new; for millennia, humans have used various forms of encryption to protect personal or institutional secrets. Starting in the mid-twentieth century, we began relying increasingly on digital computers to encrypt (and decrypt) information for us. And in recent years, encrypted messaging services like WhatsApp and Signal have enjoyed widespread adoption.
The rise of those platforms, says Alex Pruden, chief executive officer of Aleo – a company that is devoted to building privacy on blockchains – reflects a growing awareness among laypeople that their activities online are in many cases being monitored and exploited by big tech companies: “People are starting to wake up to the fact that in the digital world, all of our interactions are permanent, [and] we have no idea who is watching anything,” Pruden says. “It is a totally new universe, that humanity is trying to wrap their heads around … this is why you’ve seen crypto be adopted more and more: people who are more tech-forward as they realize the implications, and I think slowly but surely, people will come around to see that we have to have protections, we need to use cryptography to protect our information online.”
The crypto crossroads
Many web3 enthusiasts consider crypto, roughly speaking, to be the lifeblood of the decentralized future, a financial system that’s completely unmoored to the centralizing power of greedy and often irresponsible banks, governments, and corporations. But crypto transactions, contrary to popular belief, are far from private. “The majority of the population thinks about Bitcoin as a private means of exchange, which is very far from true, actually,” says Adam Gągol, cofounder and CTO at blockchain platform Aleph Zero. “I want to claim that it’s much less private than normal bank exchanges. The problem with Bitcoin and many other blockchains is that basically anyone can track your transactions, provided that they interact with you once.”
There are services known as crypto mixers that are capable of scrambling the transaction histories of crypto assets, thereby making them impossible to track (by, say, law enforcement officials). But these have to some extent fallen into disrepute. One example: Tornado Cash, once one of the most well-known of these services, was banned in the US earlier this year.
According to Gągol, the crypto industry has now found itself at something of a crossroads: “We are at this moment where we’ll be defining how private the exchange should be,” he says. “What should be possible to reveal for an auditor? What should be possible to conceal for the user?”
Lost in the metaverse
The metaverse – a vaguely defined virtual space where visitors will theoretically be able to work, play, shop and interact with one another as avatars – also raises some privacy concerns. Or rather, the concern stems from virtual reality (VR) – the technology through which, thanks primarily to the efforts of Meta, has come to be perceived by much of the public as roughly synonymous with the metaverse. According to a recent study, VR can be leveraged by bad actors to glean sensitive data metrics – from weight to income level to age and ethnicity – from users. The authors of the study write: “VR attackers can covertly ascertain dozens of personal data attributes from seemingly-anonymous users of popular metaverse applications like VRChat.”
For all its promise of ensuring data privacy, web3 still has a long way to go before that dream is realized.
From a PR point of view, web3 has been having a difficult year. The onset of the ’crypto winter’ in May, and the recent collapse of the once-leading crypto exchange platform FTX, has caused many to lose faith in crypto as a viable alternative to traditional, centralized banking. Then there’s Meta’s much-publicized internal struggles. Though many dyed-in-the-wool web3 enthusiasts would cringe at being grouped into the same industry as Meta, the company – by hook or by crook – has in many important respects become the public face of the metaverse. Since Meta is starting to experience some serious growing pains (the company recently announced that it would be implementing sweeping layoffs for the first time in its history), some speculation about the viability of virtual reality and the metaverse has begun to percolate. Snap founder and CEO Evan Spiegel, for example, recently said in an interview that the metaverse is “pretty ambiguous and hypothetical.”
Time to walk the walk (albeit with non-existent avatar legs)
That’s not to say that web3 is doomed. Like any other major technological innovation, the widespread adoption of the blockchain will take time. Web3 is still in its earliest stages and, for the time being, some experts insist that the dark night of the soul through which web3 is currently navigating could ultimately be a good thing for the space – a time to reflect, to separate the wheat from the chaff, to dial back on hype-driven marketing and focus instead on the actual value – in terms of data privacy protection and individual empowerment that web3 can (theoretically) provide. “The best thing we can do is rebuild our industry’s credibility, not just in the eyes of the regulators, but in the eyes of the public,” says Pruden. “There are a lot of people in the public, who are very respectable, who view this entire thing as a Ponzi scheme or as a joke … we need to practice what we preach … there’s so much marketing hype around all this stuff about how it’s going to change the world, and the marketing hype bleeds into misrepresentation throughout the space: We talk a big talk, and we don’t walk the walk.”
Ultimately, the promise of web3 to reshape data privacy hinges on one invaluable resource: the freedom of choice. “What blockchain … brings to the table is the fact that users can choose whether they want to reveal their data or not,” says Antoni Zolciak, cofounder, COO and CMO at Aleph Zero. Pruden voices a similar sentiment: “The fundamental thing is choice,” he says. “[Blockchain] enables choice: you choose – it’s your data, you can choose where to share it, you can choose how to protect it.”
For more, sign up for The Drum’s Inside the Metaverse weekly newsletter here.