Skip to content

Privacy Tokens

sherminvo edited this page Dec 6, 2020 · 1 revision

Early blockchain networks provide a high level of transparency, which makes the history of a token visible to anyone. This compromises the privacy of token holders and also makes a token less fungible. Alternative token systems have, therefore, set out to create more privacy-preserving protocols.

Disclaimer: Most of the below mentioned privacy token examples are subject to frequent protocol changes. Certain details mentioned in the following chapter might, therefore, be out of date by the time of reading this chapter. The content of this chapter, however, is structured in a way that it paints the big picture of designing privacy tokens, independent of future protocol changes.

A payment token is only useful as a medium of exchange if it satisfies the fungibility criteria. Fungibility refers to the fact that individual units of a token are equal, and can be substituted with each other. The level of fungibility correlates with the level of privacy/anonymity a token provides. This requires both “non-individualization” (obfuscating the traceability with identifiable individuals) and intransparency of other data related to transaction flows.

Analogue forms of money, like coins or bills, do not give any information about the transaction history, as there is no economically feasible way to track a list of the previous owners. Cash can therefore be considered as the most anonymous and most fungible form of money. In the past, some countries have provided legal precedent for the necessity of fungibility in a currency. Scotland, for example, determined the fungibility of state-issued money tokens in the form of banknotes and coins back in 1749, saying that the history of an individual coin or banknote was to be considered irrelevant. Such precedents, however, have been challenged by the growing digitalization of our global financial systems. While state-issued money, in the form of cash, allows for a high degree of privacy and therefore also fungibility, cash is being less commonly used in modern economies for payments, in some cases accounting for less than 10 percent of the financial activities of an economy.[^1]

The rise of credit card payments, electronic banking services before the Internet, and Web2 based financial technology services have increased the possibilities of tracing money flows. Even though our personal data is scattered over banks and other institutions worldwide, each of these institutions holds partial knowledge of our digital financial footprint. Electronic records have reduced the costs of monitoring how we use our money with simple algorithms. Furthermore, increasing anti-money laundering (AML) regulation and efforts by taxation authorities have forced financial institutions worldwide to monitor, and sometimes even reveal, information about the financial activities of their clients. AML regulation in the United States dates back to the Bank Secrecy Act of 1970. The rise of international drug trafficking and money laundering concerns of governments worldwide led to the creation of the international Financial Action Task Force (FATF) by G-7 Summit countries in 1989, creating a more global regulatory base. Post 9/11 in 2001, FATF expanded its ALM regulation to combat terror financing. As a result, many countries started to impose Know Your Customer (KYC) regulations that require financial institutions and other regulated industries to establish the identity of their customers, keep records of transactions, and notify authorities of potentially suspicious activities of their customers in case of government-defined “threshold transactions.” Such practices, as a result of regulatory impositions, are gradually eroding the fungibility and hence quality of money.

Privacy of Blockchain Tokens

The Bitcoin network and similar public and permissionless networks use asymmetric cryptography to create online identities in the form of blockchain addresses. This way, a user can create multiple addresses without KYC requirements while trustfully sending and receiving tokens via a public network (read more: Part 1 - Token Security). These addresses consist of an alphanumeric string that does not give any indication of the user’s identity, similar to traditional swiss bank accounts, but this only provides pseudonymity. Public disclosure of one’s blockchain addresses, either via social media or as a result of one’s activity on a token exchange, makes users susceptible to de-anonymization efforts using data analysis. Privacy of nodes can only be guaranteed as long as the real-world identity of a wallet owner cannot be linked to a certain network address.

The publicly verifiable nature of blockchain networks makes transactions traceable. All transactions are registered in plaintext (unencrypted) to the ledger. Transaction data is visible to anyone using a block explorer and can therefore be linked to other transactions made by the same token holder. Such transaction data could potentially reveal sensitive information: the sender’s address, the receiver’s address, the link between these two addresses, and the amount of tokens sent. More complicated smart contract transactions involve even more data, depending on the use case. Furthermore, in the process of broadcasting transactions, nodes can reveal their IP addresses. Metadata from token transactions can be used to trace the IP address of a user, sometimes even when anonymization services such as Tor or I2P are used. With today's data analysis possibilities, such linking does not take much effort, especially by government authorities. As an example: “Researchers at MIT and the Université Catholique de Louvain, in Belgium, analyzed data on 1.5 million cellphone users in a small European country over a span of 15 months and found that just four points of reference, with fairly low spatial and temporal resolution, was enough to uniquely identify 95 percent of them. In other words, to extract the complete location information for a single person from an ‘anonymized’ data set of more than a million people, all you would need to do is place him or her within a couple of hundred yards of a cellphone transmitter, sometime over the course of an hour, four times in one year. A few Twitter posts would probably provide all the information you needed, if they contained specific information about the person’s whereabouts.”[^2]

Most users today purchase tokens in exchange for fiat currency using online token exchanges that are more and more subject to KYC regulation. Even if they are not, fiat currencies that are sent to a token exchange usually require interaction with the banking system, and these banks are subject to KYC requirements. Anyone with access to an exchange’s database can therefore link these pseudonymous addresses to real names. There is growing evidence such data is shared amongst exchanges and with law-enforcement agencies or chain-analysis companies. Simple “chain analysis” and correlation against the digital footprint of a user outside the blockchain network might, therefore, allow the individualization of identities and user profiling. Individual researchers, state authorities, and private blockchain forensic services such as “Chainalysis,” and “Elliptic” can conduct chain-analysis to detect general transaction patterns, including potential money laundering activities, fraud, and other possible compliance violations. Depending on a token’s provenance, individual tokens may not be accepted by merchants due to their tainted transaction history. This reduces the fungibility of a token.

More recent blockchain networks have set out to improve the level of privacy of token transactions. Such “privacy tokens” use various obfuscating techniques to make token history less transparent. The goal of privacy tokens is to design a protocol that reveals the minimum information needed and obfuscates all other information. Depending on the blockchain protocol, various elements of a transaction can be anonymized to different extents: (i) wallet/address anonymity, (ii) confidentiality of transaction data like payment amounts, (iii) privacy about total network state.

  • User privacy (full anonymity): the identity of the user sending or receiving a token is obfuscated in such a way that the user’s actions cannot be linked to their real-world identity.

  • Transaction data privacy: Obfuscating data specific to a token transaction using cryptographic tools, like the sender and recipient address or transaction amount, will make chain analysis difficult, as important data points will be missing.

  • Privacy of network state: If certain transaction data can be made private, the ledger only reveals partial information on the network state. Different attributes of the state could be made private to different users. However, there is a trade-off between individual privacy and the integrity/security of the network that needs to be considered.

History of Privacy Tokens

Over the past decade, a growing list of projects have been experimenting with a range of methods, from transaction aggregation to alternative cryptographic algorithms. This chapter will provide a general overview. A technical deep dive into the full range of cryptographic tools is beyond the scope of this book and would require a separate publication.

Mixing Services: Early methods of anonymizing token transactions started out with aggregation techniques used by tumblers and mixing services. Such services generally mix inputs and outputs of different token transactions, aggregating them into one collective transaction and thereby obfuscating the connections between sender and recipient. “Bitmixer” was one of the earliest projects that tried to increase the difficulty of linking real-world identities to blockchain addresses. The service, however, was not fully decentralized. “CoinJoin” replaced the need for a trusted third party like Bitmixer with cryptographic security, leveraging security provisions of the Bitcoin network. In the early years, however, CoinJoin transactions only had a handful of users, which made the mixing service prone to chain analysis. Furthermore, CoinJoin relied on off-chain coordination, where users had to find other users to run CoinJoin with them. “TumbleBit” used a modified method, which was slightly better, but also had its limitations and never gained widespread adoption. Most privacy tokens and privacy preserving blockchain clients today, except for Zcash, use a variation of such mixing services as part of their obfuscation techniques. In most cases, they use a variation of CoinJoin.

Dash was originally released as “XCoin,” then renamed to “Darkcoin” before it was rebranded as “Dash.” It is a software fork of the Bitcoin codebase that went live in 2014. It is a Proof-of-Work network with different types of nodes, the “diggers” (miners) and “masternodes.” New blocks are created by the miners. Masternodes perform governance and privacy functions: “PrivateSend” (financial privacy) and “InstantSend” (instant transactions). “PrivateSend” uses a variation of the token-mixing methods of CoinJoin. However, Dash resolved CoinJoin’s need for off-chain coordination by incentivizing masternodes with network tokens to perform CoinJoin transactions. “InstantSend” allows for near-instant transactions where inputs are locked to specific transactions and verified by consensus of the masternode network. The block reward is split between miners and masternodes: miners (45%), masternodes (45%), governance and the budget system, which is created by so-called “superblocks” (10%).

Monero was originally based on the “Bytecoin” protocol proposed by an anonymous developer under the pseudonym Nicolas van Saberhagen. The network was forked by several developers (some of which have stayed anonymous) into “Bitmonero” due to protocol issues, and was forked to Monero in 2014 due to disagreements within the developer team over the future of the network. Monero is not only the oldest but also the most widespread privacy token network. The protocol and data structures have been modified several times over the years, including the migration to a different database structure that provides greater efficiency and flexibility. As opposed to the Bitcoin network, where tokens are sent to a public address, tokens in the Monero network are sent to a newly created anonymous address intended for one-time use (stealth addresses). A “private spent key” is needed to create the stealth address and authorize token transactions. Only the recipient of the transaction can “discover” this newly created address with their “secret view key.” The discovery process is performed by the recipient’s Monero wallet, scanning the network for new stealth addresses. Monero currently uses “Ring Confidential Transactions” (Ring CT), a variation of ring signatures that replaced the original ring signature protocol. Minimum ring signature sizes were modified so that all transactions are “private by mandate.” Monero uses a variation of CoinJoin where nodes do not need to coordinate off-chain. Miners can asynchronously batch (and thus mix) transactions in a block. Transaction amounts are obfuscated with the use of homomorphic (Pedersen) commitments, a specific type of homomorphic “commitment schemes,”[^3] in combination with “blinding.” At a certain point, the Monero team was also planning to implement privacy-preserving packet routing into the protocol with the “Kovri” project, which would have allowed users to hide their IP addresses and locations.

Zcash was launched in 2016. It grew out of the “Zerocoin” and the “Zerocash” protocol, using a variation of the zero-knowledge proofs called “zk-SNARKs” (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), which was developed in 2015 and implemented for the first time in the Zcash protocol. Zero-knowledge proofs are a cryptographic algorithm that allow network nodes to prove possession of certain data without revealing the data itself. They can be used to obfuscate transaction data stored on the ledger (sender’s address, receiver’s address, amount transferred), allowing nodes to check the validity of encrypted transaction data without knowledge of the data. In such a setup, the “prover” can prove to the “verifier” that a statement is true, without revealing any information beyond the validity of the statement. The Zcash network offers “optional privacy,” which means that users can choose to use “transparent addresses” or “shielded addresses.” “Transparent addresses” are similar to addresses in the Bitcoin network. Shielded addresses anonymize transaction data. Token transactions can therefore be (i) transparent-to-transparent (similar to Bitcoin); (ii) transparent-to-shielded (shielding transactions that break transaction linkability), (iii) shielded-to-transparent (deshielding transactions that return previously shielded ZECs public without the returned ZECs being linked to prior transparent addresses), (iv) shielded-to-shielded (private transactions where the addresses and transaction value are anonymous); (v) hybrid (partially shielding of sending addresses and/or the receiving addresses). However, sending shielded transactions is computationally expensive, which is why many Zcash transactions were sent in the clear. The Zcash team worked on a protocol upgrade to improve the performance and functionality of shielded transactions that did not change the metrics. At the time of writing this book, most transactions are still sent in clear.^4

Mimblewimble is a proposal for a blockchain protocol with the aim to increase privacy and network scalability. It was introduced in 2016 in a paper by pseudonymous user “Tom Elvis Jedusor.” Mimblewimble uses “Confidential Transactions” and “Pedersen Commitments” to obfuscate transactions that are publicly verifiable without revealing the transaction data. Nodes only have to verify the authenticity of specific inputs rather than the entire ledger, removing the need for storing past transaction data in the ledger. The history of the ledger contains the block headers, system state, and the output signatures of so-called “dummy outputs”. Combined with some other methods, the result is a more compact ledger, which means that nodes need less bandwidth and storage to synchronize the ledger. Network nodes don’t need the full transaction history to check that the state is valid. Similar to Monero, the protocol proposes transaction aggregation by hiding all transaction amounts and balances, and obscuring sender and receiver addresses, but the sender and recipient must coordinate off-chain before making a transaction. While the Monero protocol uses “fake transactions” to bloat the ledger, Mimblewimble merges old transactions. The Mimblewimble proposal inspired several projects: among others, “Grin” in 2017 and the “Beam” project in 2018.

Grin was the first project to implement the Mimblewimble protocol. It was initiated on “Github” by a user with the pseudonym “Ignotus Peverell.” A “Blockstream” researcher published a modified version of the protocol that gained a lot of traction in the Bitcoin developer community. Grin released various testnets before the mainnet was launched in 2019. Grin uses Cuckoo Cycle Proof-of-Work, a consensus mechanism that was designed to be ASIC-resistant, but has turned out not to be ASIC-resistant.

Beam is another implementation of Mimblewimble but uses Equihash as a consensus algorithm. Beam was launched in 2018 on a public testnet, and in 2019 on the mainnet. In addition to confidential payments, the Beam network allows for the creation of privacy-preserving asset tokens and debt instruments, supporting complex transactions such as atomic swaps, time-locked transfers, and escrow payments. Alternatively, the network also allows for on-chain auditability. In compliance with existing regulations, this could allow authorized auditors to see the full list of transactions and any relevant documentation.

Other privacy-preserving token projects are: “Aced,” “Apollo,” “Arqma,” “Arpa chain,” “Beldex,” “Bulwark,” “Bytecoin,” “Bzedge,” “Crypticcoin,” “CloakCoin,” “CUTcoin,” “Cova,” “DAPS Coin,” “Deeponion,” “Digitalnote,” “Dusk,” “Horizen,” “Hush,” “Innovacoin,” “Komodo,” “Loki,” “Lobstex,” “Navcoin,” “Nix,” “Noir,” “Nonerov,” “Origo,” “Particl,” “pEOS”” “Pivx,” “Piratechain,” “Phore,” “Ryo,” “Safex cash,” “Safecoin,” “Solariscoin,” “Spectrecoin,” “Stealthcoin,” “Sumokoin,” “Tarush,” “Tixl,” “Veil,” “Verge,” “zClassic,” “ZCoin,” “Zumcoin,” and “Xuez.” Depending on their evolutionary stages and the combination of methods they use, privacy token networks have varying trade-offs with different strengths and weaknesses. There is no clear case for one protocol over the other. Given the complex socio-economic implications involved with privacy tokens, protocol design questions not only involve technical questions, but also ethical and legal questions, which will be discussed later in this chapter. A full list of publicly traded privacy tokens, including the market capitalization and other data, can be found, among others, on “cryptoslate.com.”^5

Full Web3 Privacy

The projects analyzed above are, for the most part, protocol tokens of classic payment networks. Many other distributed ledgers today offer smart contracts, processed by virtual machines, which need additional processes and Web3 building blocks, that also require inbuilt privacy-preserving features, so end-to-end privacy can be provided. They use similar cryptographic tools and mixing mechanisms to those mentioned above.

At the time of writing this book, everyone can monitor smart contract transactions on the Ethereum network using applications like “DappRadar,” which is why the Ethereum ecosystem has started to develop privacy-preserving solutions. “Zether” is a project that researches resource-friendly private payment mechanisms for Ethereum smart contracts, including applications that build on top of Ethereum, such as payment channels. The “Keen Network” is also developing a privacy layer for the Ethereum network. Their approach is to create off-chain containers for private data to avoid data trails on the ledger. “Starkware” is implementing zk-STARKs, a protocol that focuses on moving computations and storage off-chain while also providing a certain level of privacy. Project “Nightfall” is being developed by EY with the aim to “integrate a set of smart contracts and microservices, and the ZoKrates zk-snark toolkit, to enable standard ERC-20 and ERC-721 tokens to be transacted on the Ethereum blockchain with complete privacy.” The Ethereum network is planning to include Zk-Snarks on the protocol level in a future upgrade. “Parity” is also working on private transaction features that allow the storage, modification, and viewing of encrypted data on the Ethereum blockchain. Other smart contract networks like “Enigma,” “Origo,” and “Covalent” and Oasis Labs (Ekiden protocol) have also started to develop privacy-preserving features natively into their protocols.

Payment channels and sidechains allow users to transact off-chain and only store the summaries of state changes on the main network, which means that any transaction that is settled off-chain, never appears on the main network. However, privacy of the off-chain data depends on the privacy features provided by the respective protocols. “BOLT,” for example, is a solution for a private payment channel using blind signatures and zero-knowledge proofs. It is being built on top of the Zcash network but should be able to interoperate with the Bitcoin and Ethereum network in the future. “Orchid” is an alternative to the Tor network with the aim of making it more difficult to trace Internet activity of users. Such networks need relay nodes and bridge nodes to conceal the location of a computer from network surveillance or traffic analysis. In Tor, there are only around 6000 relay nodes and less than 2000 bridge nodes.[^6] Governments that want to prohibit the Tor network could blacklist all relay and bridge nodes, preventing their citizens from accessing the Tor network. This is why Orchid is developing tokenized incentives to attract more users and institutions to become “relayers” in the network, to increase the difficulty of blocking the network without blocking a big part of the Internet. The Mysterium network is building a decentralized version of Virtual Private Network. “NuCypher” is working on a decentralized key management solution (a decentralized HTTPS) to protect against imposters (so-called “man-in-the-middle” attacks) authenticating the accessed website. It uses “proxy re-encryption”[^7] to protect the integrity and privacy of the exchanged data.

Legal & Political Aspects of Privacy

The Oxford dictionary defines privacy as a “state in which one is not observed or disturbed by other people” or the “state of being free from public attention.” In the context of democratically governed countries, individual privacy is explicitly regulated in various contexts and to various extents, sometimes even on a constitutional level. The secrecy of correspondence act, for example, is a fundamental constitutional right dating back to the 17th and 18th century in countries such as Germany, Austria, or France. It guarantees the right that letters in transit will not be opened by governmental or private institutions. This right has been adopted to later communication technologies like the telephone and the Internet. While the United States does not grant the right to secrecy of correspondence explicitly on a constitutional level, such rights have been argued through case law based on the Fourth Amendment to the Constitution of the United States of America. The Fourth Amendment also regulates the privacy rights related to the privacy of the home and private property. One might be able to reinterpret the secrecy of communication and the sanctity of the private property and the home as the “right to cryptographic encryption.” However, national jurisdictions vary on the “right to use encryption.” In some countries, such as France, the right to cryptographic encryption has been included into the national law.[^8] UNESCO has also published documents with recommendations on the human right to encryption. Other democratic countries such as Germany, the USA, and the UK have no such laws.

While the Internet era has boosted entrepreneurship, revolutionized communication, empowered citizen journalism, and enabled platforms such as Wikileaks, it has also triggered a discussion about how to deal with an increasing digital footprint that Internet applications are generating. In the context of Internet applications in general and e-commerce in particular, regulatory authorities have started to pass increasing privacy-preserving regulation.** **Adopted in 2016, the General Data Protection Regulation (GDPR) of the European Union has inspired other countries outside the EU to adopt similar regulations. According to that regulation, privacy is about “empowering users to make their own decisions about who can process their data and for what purpose.” However, this regulation is deeply rooted in the client-server-centered Web2, in which much of our private data is managed by trusted institutions that are the custodians of our data.

In the context of the Web3, The Czech Republic and Finland have regulations in place that require citizens to hand over their private keys to their wallets in case the law enforcement authority obliges them to do so. Other countries, such as South Korea and Japan, have banned privacy-tokens altogether. In 2018, the German Federal Ministry of Finance expressed concerns about the increased use of privacy tokens such as Monero in the context of criminal activities and Darknet transactions. Recent FATF regulation, passed in 2019, requires all so-called “Virtual Asset Service Providers” to reveal the identity of the transaction parties, making them subject to KYC requirements. Some token exchanges have already started to delist privacy tokens, except for Zcash, which does not provide privacy by default. Monero still seems to be listed on many token exchanges, but it remains to be seen for how long this will last.

Even when privacy, and the right to encryption, are explicitly regulated, the trade-off between individual privacy and public interest is subject to political viewpoints. It is often a matter of human discretion decided by judges, and regulated and enforced with great variation depending on the governance philosophy of a country or a community of nation states. The trade-offs between public and private interests are subject to ongoing public discussions and treated differently by governments worldwide. Legislation can range from granting the right to encryption to all citizens, to requiring de-encryption of personal data on request of government authorities. The General Data Protection Regulation (GDPR) of the European Union and similar privacy preserving regulations contradict the growing reach of anti-money-laundering (AML) and subsequent know-your-customer (KYC) regulation worldwide. It is unclear whether the two contradicting regulatory efforts will coordinate nationally or internationally, in order to find a balance between public and private interests. The issue of our growing digital footprint and subsequent surveillance possibilities have been discussed by activists and authors like Evgeny Morozov (who warned of mass surveillance, political repression, and fake news, calling for a more socio-economic perspective on technology)[^9], Edward Snowden (who disclosed a series of international surveillance programs)[^10], or more lately by authors like Shoshana Zuboff (who wrote about “surveillance capitalism” and the commodification of personal information).[^11]

A similar trade-off between transparency and privacy exists in the Web3 and needs more widespread discussions. The question of “enforced privacy” vs. “public-by-default” for example, is a tricky one. The Monero network uses “enforced privacy” by default for all transactions. As a result, regulatory bodies will have a hard time to coerce users to deliberately reveal their data. In such a setup, users are also protected from accidentally revealing their data. Zcash, on the other hand, uses a “public-by-default” mechanism. Users can voluntarily choose to be transparent or not, which in theory makes this technology more flexible for use cases in regulated industries where certain transparency and auditability is required. However, in such a setup, users can also be penalized by regulators if they make use of private transactions, leading to non-use of privacy features altogether. This might be one of the reasons why most Zcash transactions are still conducted in the open, even though in theory they do provide “shielded transactions.”

The promise of the Web3 is a more empowered and decentralized (inclusive) Internet. But how we design the protocols of these Web3 networks is not set in stone yet, and will need a broad socio-economic discussion. Depending on the level of obfuscation techniques implemented, or lack thereof, blockchain networks can either become liberation machines (more privacy by design), or effective surveillance and execution machines (no privacy by design). In a 100 percent obfuscated network, it would not be possible to, for example, track the provenance of goods or services, and national governments would have difficulties determining and enforcing tax payments, unless there was a more sophisticated “privacy by design” that revealed only selected socio-economic data to relevant entities, while respecting data protection regulation. This, however, is a political discussion that needs to be resolved based on consensus of the members of various internet communities, nation states, and on the level of international institutions.


Chapter Summary

A payment token is only useful as a medium of exchange if it satisfies the fungibility criteria. Fungibility refers to the fact that individual units of a token are equal, and can be substituted with each other. The level of fungibility correlates with the level of privacy/anonymity a token provides. This requires both “non-individualization” (obfuscating the traceability with identifiable individuals) and intransparency of other data related to transaction flows.

Analogue forms of money, like coins or bills, do not give any information about the transaction history, as there is no economically feasible way to track a list of the previous owners. Cash can be considered as the most anonymous and most fungible form of money. While state-issued money, in the form of cash, allows for a high degree of privacy and therefore also fungibility, cash is being less commonly used in modern economies for daily payments and has been replaced with electronic forms of money.

Electronic records have reduced the costs of monitoring how we use our money with simple algorithms. Furthermore, increasing anti-money laundering (AML) regulation and efforts by taxation authorities have forced financial institutions worldwide to monitor, and sometimes even reveal, information about the financial activities of their clients. Such practices, as a result of regulatory impositions, are gradually eroding the fungibility and hence quality of money.

The Bitcoin network and similar public and permissionless networks use asymmetric cryptography to create online identities in the form of blockchain addresses. This way, a user can create multiple addresses without KYC requirements while trustfully sending and receiving tokens via a public network.

Privacy of nodes can only be guaranteed as long as the real-world identity of a wallet owner cannot be linked to a certain network address. The publicly verifiable nature of blockchain networks makes transactions traceable, since all transactions are registered in plaintext (unencrypted) to the ledger, and transaction data is visible to anyone using a block explorer and can therefore be linked to other transactions made by the same token holder.

Public disclosure of one’s blockchain addresses, either via social media or as a result of one’s activity on a token exchange, makes users susceptible to de-anonymization efforts using data analysis. Metadata from token * transactions can be used to trace the IP address of a user, sometimes even when anonymization services such as Tor or I2P are used.

Depending on a token’s provenance, individual tokens may not be accepted by merchants due to their tainted transaction history. This reduces the fungibility of a token.

More recent blockchain networks have set out to improve the level of privacy of token transactions. Such “privacy tokens” use various obfuscating techniques to make token history less transparent. The goal of privacy tokens is to design a protocol that reveals the minimum information needed and obfuscates all other information.

Depending on the blockchain protocol, various elements of a transaction can be anonymized to different extents: (i) wallet/address anonymity, (ii) confidentiality of transaction data like payment amounts, (iii) privacy about total network state. User privacy (full anonymity): the identity of the user sending or receiving a token is obfuscated in such a way that the user’s actions cannot be linked to their real-world identity.

Over the past decade, a growing list of projects have been experimenting with a range of methods, from transaction aggregation to alternative cryptographic algorithms.

Depending on the level of obfuscation techniques implemented, or lack thereof, blockchain networks can either become liberation machines (more privacy by design), or effective surveillance and execution machines (no privacy by design).

Even when privacy, and the right to encryption, are explicitly regulated, the trade-off between individual privacy and public interest is subject to political viewpoints. It is often a matter of human discretion decided by judges, and regulated and enforced with great variation depending on the governance philosophy of a country or a community of nation states. The trade-offs between public and private interests are subject to ongoing public discussions and treated differently by governments worldwide.


Chapter References & Further Reading


Footnotes

[^1]: The use of cash for transaction purposes is only one driver of banknote demand. Cash is also still used as a “store of value.”

[^2]: Hardesty, Larry: "How hard is it to 'de-anonymize' cellphone data?" MIT news: https://news.mit.edu/2013/how-hard-it-de-anonymize-cellphone-data (retrieved March 26, 2020)

[^3]: A commitment scheme is a cryptographic method that allows a user to commit to the value of a piece of data (so that it cannot be changed later) while keeping the data secret.

[^6]: Find up to date metrics here: https://metrics.torproject.org/networksize.html

[^7]: Proxy re-encryption allows someone to transform ciphertexts from one public key to another without learning anything about the underlying message.

[^8]: “Article 30(I) of Law No. 2004-575 of 21 June 2004 on confidence in the digital economy provides that the use of means of cryptology are free” [2].

[^9]: Morozov has been skeptical of the Internet’s ability to make the world more “democratic,” referring to it as “cyber-utopianism.” Instead, it can be used for information control and social engineering. He claims that the Internet provides powerful tools for “mass surveillance, political repression, and spreading nationalist and extremist propaganda.” He calls for a more socio-economic perspective on technology and criticizes “internet libertarians” for their often unreflected claims about the nature of the Internet and describes it as pseudo-open, pseudo-disruptive, and pseudo-innovative.

[^10]: Edward Joseph Snowden copied and leaked highly classified information from the National Security Agency (NSA) in 2013 during his time as a CIA subcontractor, disclosing a series of surveillance programs run by various institutions of different countries. Over time, he revealed thousands of classified NSA documents, which sparked a global discussion about national security and individual privacy. He now lives in Russian exile.

[^11]: Zuboff describes the commodification of personal information. She describes the tendency of accumulation of data, criticizing that many companies and institutions harvest and capitalize personal data without mechanisms of consent. She compares “industrial capitalism” and “surveillance capitalism,” explaining “industrial capitalism” as exploitation of nature, and “surveillance capitalism” as exploitation of human nature.

Clone this wiki locally