Analysis. In the past, the word blockchain was automatically associated with cryptocurrencies. Such a system designed for digital transactions is Bitcoin, with opinions around it being split between supporters and critics. Enthusiasm for Etherum, a new game player, reached new peaks in 2017’s Q1, with 93.8% of 1100 survey respondents feeling positive about it. An explanation is Ethereum’s design that allows for a lot more than just digital transactions. This article describes what makes it special and how it impacts user privacy. While, on the one hand, open-source, distributed and programmable blockchain enhances user privacy, it also gives rise to new risks in this area.
I have recently heard, for the first time, about Ethereum. Something, something, cryptocurrency, something, something. It’s supposed to be revolutionary. Unfortunately, I did not get much of what the revolution is about. So I met with Troels Plenge who is an Ethereum enthusiast and an organiser of the Ethereum Copenhagen Meetup. A coffee and a very good chat during which he explained basic concepts from the Ethereum ecosystem.
Ethereum is based on blockchain technology. The blockchain is a public ledger (a journal, a record book) where transactions are recorded and confirmed anonymously. It’s a record of events, a record that is shared (distributed) between all the actors involved. Therefore each actor has a real-time updated copy of this public ledger. When a transaction happens, this event is grouped together with other transactions that happened in the last 10 minutes in a cryptographically encrypted block. Once information is entered, it cannot be altered.
All in all, blockchain is a new way of storing and recording transactions and connecting them cryptographically in blocks, making sure they resist tampering (intentional malfunctioning or sabotage). The fact that every transaction processor has a copy of the database (blockchain) makes the system fully transparent. Imagine blockchain functioning like an “internet brain”, with multiple computers working in the same time and knowing the same thing. Hard to cheat, innit?
This technology was first used to create a cryptocurrency – the Bitcoin, whose market cap (total value of the cryptocurrency economy) is at the moment of writing at approximately 39 billion USD and with a value per bitcoin (BTC) slightly over $2400. When Bitcoin appeared, the internet was amazed at the possibilities enabled by cryptocurrencies, but even more at the other applications of blockchain itself. Bitcoin was just the beginning of blockchain technologies, based on a peer-to-peer mindset that was present in the past in projects such as the defunct Napster, torrent, filelist etc. Among other cryptocurrencies that followed Bitcoin, there is Ether (ETH). Ether (Ethereum’s cryptocurrency) is trading at around $230, with a market cap at 21 Billion USD. Ether’s growth rate in the 23 months since its appearance puts it right behind Bitcoin.
In a recent article for The New York Times, Nathaniel Popper argues that:
if recent trends continue, the value of Ethereum’s virtual currency could race past Bitcoin’s in the coming weeks.
In this context, it seems that Ether becoming the largest cryptocurrency in the world is just a matter of time. How did this happen?
A platform for dApps
Ethereum is a public programmable blockchain that enables smart contracts to be used for digital contractual agreements. Compared to Bitcoin’s blockchain that is designed only for making payments, the programmability of Ethereum increases the system’s flexibility in that it can be used for a wider variety of applications. Behind Ethereum is the Ethereum Foundation, whose mission is to promote and support research, development and education to bring decentralized protocols and tools to the world that empower developers to produce next generation decentralized applications (dApps), and together build a more globally accessible, more free and more trustworthy Internet.
Developers use the Ethereum network to create and showcase decentralized applications (dApps). A dApp is a set of smart contracts. The dapps work on a peer-to-peer basis, just like the rest of blockchain tech, a paradigm that consists in eliminating the middle-man. Imagine an Airbnb, in which users simply trade directly with each other. Instead of having a User1 – Airbnb – User2 relationship, now it’s all happening on a User1 – User2 basis.
A decentralized, open-source, community-based network
Blockchain technologies function on a decentralized principle. Decentralisation is possible on blockchain – based Ethereum as the blockchain serves as a database to store and run software and transfer assets. Not all data should be stored on a blockchain, as it is costly solution. Therefore decentralized storage systems are created, where a user or a system can store their own data and share them with others if needed. Such a storage system is a dApp, decentralized applications developers can create on top of Ethereum.
Decentralised storage systems are a type of dApp that allow data to be stored encrypted across multiple computers , while the data owner can decide who should access those data. Using Ethereum, developers can build a system that incentivizes users to put their storage online. Two examples of such projects are StorJ and SWARM, the later developed by Ethereum Foundation.
Troels Plenge explains the benefits of storing content and data in a decentralized manner:
Normally a lot of data is being used to serve, for example, a website. Suddenly, if you load a dApp, that data is no longer hosted on a server, centrally. The content will be stored in one of the decentralized storage systems, while the source code will be on the blockchain. This ensures transparency and puts users in control of their data.
In the same time, dApps are open source. This means that the code behind each project is open for the community to review it and replicate it, if desired. Being open, the community can check and compare whether the original project or any of its different replicas is better. For example, if the community finds holes in the original code of a dApp, they can verify the other replicas to check whether those faults have been fixed and whether there are other that need to be addressed. Developers would have the option to choose which project to support after they looked at all the available options. In this way, transparency increases the quality, hence the value of the project.
Crowd-funding 2.0. – Validation, Adoption, Value
Anyone can create their own currency on Ethereum by issuing tokens. Tokens in the Ethereum ecosystem can represent any fungible tradeable good: coins, loyalty points, gold certificates, IOUs, in game items, etc. These tokens are compatible with the wallet that holds Ether too. Developers who want to build a new project on Ethereum can crowdfund it by issuing a new token, to be used whenever interaction with their online product occurs. The developers can then sell the tokens to investors or supporters of their project. The more a particular token is used, the more value it has, hence the more valuable a dApp becomes. Once the number of adopters increases, the value of the project increases. Therefore, by getting involved with a project, each user makes an investment into the project. In this way, anyone can crowdfund their own project on Ethereum. Ethereum becomes an alternative to existing stock market, aimed at developing open source projects.
Some notable crowdfunds were those of Status, Gnosis and the Brave Browser. Status, a messaging platform and mobile browser for interacting with decentralized applications that run on the Ethereum Network, managed to raise over $60 million. Moreover, Gnosis, a platform for prediction market applications, raised $12,5 million in minutes. Finally, the Brave Browser, a fast, free, secure web browser with a built-in AdBlock, tracking and security protection, managed to gather $36 million in 30 seconds.
dApps in practice
There are several types of dapps in the Ethereum ecosystem, where projects are working on providing decentralized identity, decentralized computing, decentralized storage, decentralized internet, instant and cheap payments, stable currencies, decentralized social media, open source browsers, decentralized human ATM’s and much more.
For instance, Althea provides decentralized internet by enabling you to put your own antenna on your roof and provide internet access or to connect two cities or villages with a fibercable and get paid for providing this internet service. And it would all be totally anonymous.
Another interesting project is the Enterprise Ethereum Alliance (EEA) which includes members such as Microsoft, Samsung, JP Morgan, Santander, Intel, British Petroleum, Toyota Research Institute, Thomson Reuters, Rabobank, The National Bank of Canada, ING. The purpose of the alliance is to connect Fortune 500 enterprises startups, academics and tech vendors with Ethereum experts. The goal is to create enterprise-grade software based on Ethereum blockchain. Another notable member of EEA is Consensys. Consensys is a hub, a venture production studio, building dapps and different tools for blockchain with a focus on Ethereum.
Governments and public institutions have a history of adverse relations in what concerns decentralized open-source solutions. But this does not mean blockchain is impossible to implement in the public sector. The Georgian government uses a system based on blockchain technology for developing land registry. The Estonian government’s project e-Residency offers anyone in the world government-issues digital ID. Anyone can therefore register online and manage remotely an EU-based company. It is not yet certain how easy they will adopt Ethereum dApps.What is certain though is that Ethereum’s nature, development speed, efficient solutions and diversity of actors involved in the ecosystem might be a heavy burden for an opposing government.
Talking to Troels Plenge about the applications we use today that can not be decentralized, he points at possible difficulties in creating a decentralized search engines:
When using the decentralized web, people are likely to become more concerned about their privacy. I don’t think they will share as much data as they do today, such as their search history. If there is less data to analyse, a search engine becomes less efficient. But I don’t know yet, I think we have to wait and see how creative people are in finding solutions to problems like this one.
Speaking of which, user privacy is a rather interesting field in what concerns Ethereum and dApps.
Ethereum’s CTO suggests that the “open chain makes people think, think of what data they actually want to place in the wild and what data you want to keep safely locked away on the users’ machine.“. Therefore, the fact that blockchain can not be erased or edited can be the driver of public awakening regarding data sharing.
Secondly, the decentralized nature of Ethereum and dApps prevents data from being leaked, modified without authorization or accessed under governmental orders. For those concerned about government intrusion into private life, Ethereum provides a technical solution that renders such risks impossible. Troels Plenge makes the point that:
It will be more difficult for public institutions to get access to user data, now that everything will be encrypted and decentralized.
Moreover, being open source, Ethereum creates a suitable space for PETs (Privacy Enhancing Technologies). PETs benefit from the community scrutiny, with valuable feedback that strengthens and patches holes in a dApps code. The resulting privacy-enhancing dApp becomes close to indestructible. One example of privacy-enhancing dApp is uPort. uPort makes it possible for users to take ownership over their digital identity when they want to authenticate online. The user can create several authentication options and choose between them, allowing for better control over which information should be disclosed during different sessions that require web login. The Brave Browser , developed by Mozilla’s co-founder, blocks all advertisement by default and offers payment with attention tokens to those who agree to accept ads.
On the other hand, user privacy can be severely affected. Even if users became more aware of the dangers of privacy infringement, this does not necessarily mean users will become more cautious in their online behavior. There are several studies around this privacy paradox, the latest suggesting cynicism as the cause for the disparity between privacy concern and online behavior. Therefore, there is a possibility that increased awareness might not increase responsible online behavior at all.
In terms of governmental access to user data, the restriction mainly applies when data is collected by private entities. If governments introduce dApps in public management, the situation might be slightly different. The celebrated transparency of blockchain will most likely apply to citizens’ personal data, rather than to public money spending, for example. Such trends drive further away from allowing citizens the option to adjust “privacy settings” of their public records. In this context, increased data transparency could surely benefit companies and governments, yet not so much users/citizens autonomous decisions over their privacy.
Finally, the complexity, novelty and continuous adjustment of Ethereum make it impossible for end users to develop personal self-defence tools for digital privacy. Blockchain technology is still being digested by the tech world, while in the same time being developed at high speed. Products and services enabled by communities such as Enterprise Ethereum Alliance might not be based on Privacy-by-Design principles, or even consider the term due to the nature of blockchain solutions. In the future, most online users will probably not even be aware they are using dApps. Such context will make it difficult for those who are concerned about their online privacy to take active measure towards protecting it. With a policy of “Rules defined by adoption”, there is a high degree of responsibility assigned to dApps creators to offer ethical options for adoption. Troels Plenge is positive in this sense:
The Ethereum project is still very young, but I imagine future solutions that will make it easier for end users to make decisions regarding their privacy. An example would be an application that helps comparing the privacy levels of different dApps.
Concluding. A Society Reboot.
Ethereum changes a lot of things. From offering an alternative to classic financial markets, to the way web applications are built and the way code and data are being stored. Public institutions are attracted by the ideas behind this system and big corporate actors are already developing their own versions of dApps. The notion of online crowdfunding is rebooted, giving entrepreneurship a new meaning. Projects manage to raise immense figures by speculating project value, perhaps a new risk for investors.
In this new context, the status of user privacy is unclear. On one hand, Ethereum offers full transparency and allows the knowledgeable to check how a dApp’s code is running. This means dApps could be compared according to the way they collect and process data and their approach to user privacy. Privacy Enhancing Technologies (PET) such as the Brave Browser are likely to prosper in this environment, giving users new tools to protect themselves online. Moreover, governmental bodies can no longer require backdoor access into databases due to the decentralized nature of the Ethereum concept. However, governments are starting to explore these technologies for themselves.
Data becomes more open, it can be shared among different actors, which means private and public entities can use each other’s data bases. Once collected, data cannot be deleted. This has great implications for user privacy and the right to be forgotten, one that is recognized in the EU on legal grounds. Moreover, while users seem to be more concerned when using the decentralized web, this does not necessarily involve less shared data. Research around the privacy paradox proves the discrepancy between concern and change in behavior.
In terms of regulation, Ethereum can not be regulated by legal means. The new EU General Data Protection Regulation, for example, would be very difficult to implement in this setting. The only way Ethereum can be regulated is by its own community. Responsibility falls on those who create sets of rules and those who choose the best sets of rules to follow. It is therefore very important to be aware of who the actors with most decision power are.
If you have further questions regarding the functioning of Ethereum, which you most likely do, it’s probably a good idea to check this article out. You’ll find there a digestible explanation of ether and Ethereum for those without a wide background in blockchain technology, cryptocurrencies and the like.
I would also like to thank Troels Plenge for all the valuable input.