Some thoughts on privacy

I wanted to share a few thoughts after the confusion and debate around the “Breaking Mimblewimble’s Privacy Model” article.

I’d like to encourage folks to take a step back and appreciate the nuance required for privacy. Privacy is not achieved through purely technological means. Humans are the ones seeking privacy and the space between a user seeking privacy and a technological solution providing privacy in a vacuum is vast. It is our job as researchers, engineers and activists to reduce this gap as much as possible.

In an ideal world we can provide technology that seamlessly offers privacy to humans. We can realize this world as we make technology that relies less on perfect human operation requiring high levels of knowledge and sophistication. We want privacy solutions accessible to all persons not just those that understand complex threat models who are able to pick and choose which tools to use for the right situation.

Zooming in a little closer to cryptocurrencies, Bitcoin for an average user is not private. Amounts are public, a user may reuse addresses, a user probably uses a centralized wallet, users with private wallets probably do nothing to obscure their IP and the list goes on. However despite all of this people have been relying on a combination of Bitcoin, Tor and other privacy tools to protect their anonymity under the global adversarial threat model for years. How is this possible if Bitcoin is not private? Privacy is nuanced.

In the Bitcoin example above, if the tool used were Grin instead of Bitcoin with the same threat model, users would have even more privacy and less reliance on other tools to achieve privacy. However just like in the example above, other tools would still be required to achieve an operational level of privacy in the same threat model. The same is true for any other privacy-driven cryptocurrency- the ability to exchange value privately in a vacuum is not sufficient to provide the average user with privacy.

The nuance must be considered of what happens with a transaction before it becomes part of consensus or even what happens as the cryptographic signature is generated on the users device. All of these could compromise privacy even though they may not be strictly part of a particular privacy tool or protocol one is explitictly using to preserve privacy. Having an understanding of and ability to adapt to these situations is key to securing privacy.

Right now the onus of securing privacy is heavily on the user. There has not been enough incentive historically for any company or government to provide this for the user in the form of comprehensive privacy preserving tools (privacy from device to network to destination and back). Cryptocurrencies are beginning to shift this incentive for builders to have greater opportunities to achieve this. We are making advances in hardware security, on-chain privacy, network privacy and more all thanks to cryptocurrency related projects. Grin as a currency protocol project is only a part of a larger system needed to achieve privacy for the average user.

As a community we are a long way from the dream of all users achieving privacy simply by using a piece of software. However, the more we can appreciate the nuance involved in achieving privacy, the better the solution we will be able to provide will be. There is no magic protocol, software or company that can give a user complete privacy. Either the user must have advanced knowledge of threat models and operational security, or the technology must provide comprehensive solutions at all layers of possible interactions. A perfectly private cryptocurrency doesn’t help users in a world where you still need fiat and exchanges violate privacy in every other possible way, ISPs harvest and sell network activity, governments eavesdrop and inject on communications networks, microphones are cameras are invited on every digital device we own and when there is no incentive to change this.

This does not mean we should abandon the idea of a perfectly private cryptocurrency even if the concept of a perfectly private anything is impossible to deliver to users at scale for the forseeable future. We should however spend time in and appreciate the nuance involved in privacy as these areas are probably where we can make the biggest impacts.

Awesome writing. Thank you Joltz.

Good comparison would be the use of TOR by people shopping at dark places. Using TOR alone does not make you really private. Using a good VPN providers and PGP besides TOR increases your chances of being really private. Ultimately, making a fake MAC address and using some public free Wifi would really do the job. (just be care full for camera’s and the manhunt time). The same counts for the Grin project. While building to other aspects, it is just “TOR” at this moment, and thus we should not be fooled by it’s limitations. But I have no doubt, that in the near future the privacy features will be increased.

Just need to think about this. That sent money to that. But how much? If you don’t know it, other things are useless. The amount of grin can hide completely. Right? So there is a main point.

@minexpert i disagree, the transfered amounts are not the only information that could be of relevance for an entity that wants to track the Transactions.

Scenario 1: A US citizen wants to exchange Grin for Fiat at an Exchange and get paid out. But the crypto exchange knows that the customer has received Grin from Venezuela, which is on the US sanctions list. The Exchange blocks the account in order not to get into trouble itself.

Scenario 2: An authoritarian state learns the Grin address of a dissident and can now track from which side he receives financial support.

In both scenarios the spent amounts would not matter that much. Still the outlined flaw (Bogatyy was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network) could have catastrophic consequences for grin-users who assume that their Transactions can not be tracked because there are “no adresses”.