Privacy Overview

Criteria: Distributed ledgers must provide privacy infrastructure to shift the dial meaningfully on social scalability, where privacy enables the ability to achieve self sovereign identity, empowering the end-user. The degree to which the privacy implementation adheres to the self sovereign identity principles without impeding user participation will determine the extent to which the network can socially scale.

Privacy is the simple ability to protect ourselves from outside influences and intrusions. This extends beyond protecting your data in a hyper connected world, to even the simple concepts such as privacy of space, time and thoughts.

Privacy has always been intrinsically tied to our existence and interaction, the need for it waxing and waning with the evolution of human progress. As individuals we ceded trust and privacy to small degrees but to known participants by joining groups (tribes) that afforded us the ability to “[lower] cognitive costs while increasing the value of information flowing between minds, reducing vulnerability, and searching for and discovering new and mutually beneficial participants.” (Nick Szabo)

As we sought to continue expanding for greater value we pushed the limits of tribes through innovations, technological or otherwise, allowing us to scale information flow from a few connections to millions. The internet has further heightened the scaling to billions, creating a hyper connected world that requires participation in the form of a digital life, leveraging self-interested actors to create mutually beneficial relationships which benefit the broader network. However, in such a world, even minimal participation in a digital life requires giving information to unknown third parties. This requirement and our desire for greater value through scaling has led us to cede a far greater degree of trust and privacy than what we should be comfortable with.  

It should be noted that in order to assist social scalability to even greaters heights and values, rectifying the trust required aspects of our society is an important paradigm shift to consider. Trust minimization attempts to eliminate the vulnerabilities associated with potential harmful behaviour that network participants, outsiders and intermediaries may instigate – cultivating a secure environment for scaling.  Blockchain and DLTs have been able to provide this aspect of trust minimization.

“Satoshi’s breakthrough with money was to provide social scalability via trust minimization: reducing vulnerability to counterparties and third parties alike. By substituting computationally expensive but automated security for computationally cheap but institutionally expensive traditional security”(Nick Szabo)

Whilst the predominant direct social scalability benefit of blockchains is trust minimization, we still have to address privacy.

“Another way to estimate social scalability is by the extra benefits and harms an institution bestows or imposes on participants, before, for cognitive or behavioral reasons, the expected costs and other harms of participating in an institution grow faster than its benefits.” (Nick Szabo)

For example, the internet allowing for hyperconnection through participation in a digital life increasingly sees the benefits we gain from connectivity compromising our basic rights to privacy. While at present, privacy can be layered on top of our digital lives as a series of measures we can take, “each of these measures almost inevitably denigrates in some way the online experience, making it less convenient or even impossible to make commercial or social transactions.” (Giovanni Buttarelli)  Essentially this limits participation to achieve privacy, where freedom of participation is the crux of social scalability. Therefore It is important then that any innovations that we implement to scale socially, DLTs inclusive, must equally address privacy as a core requirement without compromising participation.

While a completely trustless and privacy adhering network eliminates impediments to participation and information flow, ultimately allowing for indefinite social scalability, it is largely improbable that we will ever achieve such an absolute state. However, with privacy applied on top of DLTs, we are best positioned to shift the dial on social scalability with current technological capacity.

Self-Sovereign Identity – the next step in privacy

In the modern landscape where the digital life is all pervasive, the protection of personal data becomes the core tenet of Privacy. To briefly indulge in an oversimplification, individual identities can be thought of as a comprehensive amalgamation of our personal data and information. Such identity forming data then weaves the social fabric, intrinsically tying identity to social structures and functions making identity inseparable from social scalability.

It is then not surprising to discern that the nature of identities has also evolved along with the advancements in social scaling throughout our history. Just as social participation evolved from tribe or clan based interactions to the sizeable possibilities offered by the internet, so too have the defining elements and scope of our identities. The internet’s innovation of “user-centric designs turned centralized identities into interoperable federated identities with centralized control” (Christopher Allen).

Within the innovation of the internet itself, we saw a paradigm shift from identity authentication by centralised authorities and organisations towards user-centric identities which cede more control to the user in the form consent. However, despite ceding a certain degree of autonomy to the user, meaningful participation still requires the users to relinquish their identity to third parties that could collect, store or distribute information.

The next step in the evolution to protect our personal data is to empower the data subject with a self sovereign identity. Self sovereign identities enable users to independently own, store and transact their data in order to meaningfully participate without ever having to cede their personal information to a central repository or identity storage. “Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity.” (Christopher Allen).

The defining traits of DLT’s – trustlessness and immutability – offer the fundamental means by which we can achieve a network of self sovereign identities; the best case scenario for protecting personal data in the current landscape. However, the technology is still evolving to both guarantee network immutability and trustlessnes while providing privacy and security for the individual.  

At present there are no privacy tools that fully comply and cater to the requirements of a holistic privacy solution for DLTs. Among the existing tools that are being developed, technologies that leverage homomorphic encryption to achieve obfuscation of data on blockchains are leading the debate on the most effective method. The breakdown of the leading technologies such as ZK-STARK, zk-SNARKs, SMPC, and Ring Signature, currently solving for the privacy layer and the extent to which they are able to do so will be discussed in an upcoming article.

Principles of a Holistic Privacy Solution for Self-Sovereign Identity

The concept of self-sovereign identity follows certain guiding principles that inform the holistic framework for data protection; ensuring that user autonomy remains at the heart of privacy. The ability of privacy tools on DLTs to observe these principles will essentially determine the extent to which they can successfully cater for privacy without impeding user participation – continuing to propagate social scalability.

We will refer to Monero’s ring signature based privacy model, presently one of the most tested DLT networks as an example to demonstrate the industry’s current standing in fulfilling the principles required to achieve self sovereign identity.


  1. Consent : the data subject is required to agree to the use of their data, deliberately and with full understanding of the purpose and implications of the data processing. The consent granted should be just as easily withdrawn if required. Example: The view key and spend key are only shared with select parties at the discretion of the user facilitating consent. However, the view key is not redeemable, thus withdrawing consent is not easily achieved.
  2. Right to Access: the data subject, upon having provided consent, has the right to freely access information from controllers to understand the nature of their personal data usage – whether or not personal data concerning the data subject is being processed, where and for what purpose. Example: In the absence of centralised controllers in a DLT system, it is up to the discretion of the  data subject granting the consent and the party to whom it has been granted to set parameters around access external to the system.
  3. Right to rectification/erasure: the data subject should possess the right to require the data controller to rectify inaccurate personal information in a timely manner, completely erase the subject’s data upon request and accordingly terminate any present or future data processing of the subject’s personal information. Example: Monero is an opaque network and thus prevents any form of traceability or linkability making the need for erasure obsolete.  However, once a private view/spend key is shared or compromised, the data pertinent to that address cannot be erased from the ledger.
  4. Data portability: the data subject has the right to transfer their personal data from a given entity to whom the data was previously provided to, to another entity of their choosing. Example: Portability is not possible on Monero because the transaction history is appended to the Monero ledger.
  5. Automated individual decision-making: Outside of the parameters of binding contracts, legal requirements and explicit consent, the data subject shall have the right not to be subject to a decision based solely on automated processing. Example: There are no automated decision making elements on the Monero network. All transaction initiatives and data sharing decisions are made by the user.
  6. Breach Notification: Data processors are required to notify breaches to  data controllers and data subjects, immediately upon becoming aware of the data breach. Example: Monero network does not provide any automated breach notification systems. Breaches may only be detected upon suspicious or incongruent activity.
  7. Privacy by Design: Entities that seek to obtain and use personal data should ensure that data protection measures are systematically built into the very fabric of systems and operations from the outset as opposed to adhoc implementations. Example: Monero is a leading network in preserving privacy by design. – Sender anonymity achieved via Ring signatures. – Transaction amount anonymity achieved via Ring CT. – Transaction broadcast anonymity achieved via KKovri (I2P Router). – Receiver anonymity achieved via stealth addresses
  8. Privacy by Default: No product or service released to the public should require manual inputs from the end user to ensure that the privacy settings apply, rather the strictest privacy settings should be elected by default. Example: Monero’s primary objective of being a secure, private and untraceable chain ensures the protection of user data by default and does not require any manual user input to achieve this.
  9. Minimalisation: When collecting or disclosing data, only the minimum requirement to complete the task should be disseminated. Access to this data should also be limited to the minimum number of personnel required to complete the data processing. Example: The use of Ring CT function homomorphically encrypts transaction data using a blinding factor,  revealing just enough information for the network to confirm the transaction without disclosing the contents.
  10. Security: Entities that obtain and use personal data should ensure that appropriate technical and organisational measures are taken to effectively offset the risk exposure of data whilst it is being processed or stored. Example: Privacy by design provides security while it is being processed or stored.  For example, the use of Monero’s IP obfuscation tool Kovri and the I2P network ensure that data is encrypted during passage through the network, where only the minimally required instructions to aid the passage of said data is accessible to peers.
  11. Protection: In the case that a conflict arises, preserving the freedom and the rights of the individual should be prioritised over the needs of the network. Example: In a decentralised network such as Monero, the sanctity of the network is intrinsically tied to the protection of individual users. If individual freedoms and rights are compromised, the network in essence is also compromised.

While the above principles are commonly acknowledged and supported by privacy projects as well as regulatory bodies, the biggest point of contention surrounding privacy remains that it may condone bad actors and malicious activity.  With the added layers of privacy provided by complete obfuscation technology, existing methodologies of protecting participants from bad actors in the legal system become less effective.

However, in face of this concern it is important to bear in mind the increasingly detrimental effects society and individuals are exposed to as we continue to relinquish our privacy in exchange for a false sense of security. It would be lacking in foresight to continue compromising privacy in apprehension of a minority bad actors.

“ if we were going to empower a bunch of humans, are they going to use their power more for good or more for evil. …if we empower billions of humans they will use it much much more for good, they will protect each other from poverty and disease and they will support their families. They will do for each other through economic exchange what they have already started to do with the internet.”  – Zooko Wilcox, founder and CEO of the Zcash company. (Unchained)

The decisions made today about privacy will have enduring implications for the future of governance and society. To concern ourselves with it now, when it is easy to disengage with the debate on security and data control will meaningfully shape our participation in society and define the trajectory of how we scale.

© 2018 | All Rights Reserved.