On-chain privacy revolution: Bringing full anonymity to web3

For all of web3’s decentralization and anonymity ideals, there is a privacy crisis bubbling underneath the surface, directly threatening the users’ financial and identity security. The public nature of blockchain information makes anonymity particularly crucial to the culture of web3, as for many it is necessary to keep their identity and financial data separate. Behind each NFT profile picture and anonymous identity is a real person who usually employs a burner wallet, preferring that their financial transactions aren’t directly attached to their real name. The slippery nature of metadata and the dark reality of how wallets connect to web3 applications makes this anonymity particularly difficult to maintain.

Metadata leakage is a privacy threat

Since metadata leakage is a threat to the privacy and security of web3, it’s worth exploring exactly what metadata is. Metadata is essentially data about data: information like file sizes, creation date and time, and who is sending data to whom and when. Unlike data itself, which is usually heavily encrypted, metadata is often public and very easy to access and store. Despite some very justifiable historical and current use cases, metadata is harnessed by entities with questionable intentions to compromise your identity and security. Companies, governments, and other groups across the world frequently utilize metadata from many forms of internet communications to conduct surveillance or to sell information about users. Although the content of our internet communications is usually well-encrypted, metadata alone can be used to create an alarmingly complete picture of each user. Even when a well-intentioned centralized entity collects highly sensitive information, that data is collected and put into a server which is highly vulnerable to being stolen by a more nefarious entity.

Web3 aims to address these issues by using decentralization to bring control back to users. Unfortunately, a naive implementation of this actually poses more risk to user privacy, not less. That’s because decentralized networks are often more vulnerable to attack, and individual network members are even less trustworthy than the centralized powerhouses of Web 2.0.

But there is another way, one that protects users by putting privacy first and treating metadata as being just as valuable and vulnerable as data. A mixnet combines and recombines different user data until it is rendered indistinguishable from the other data passing through the network. One of the notable projects that popularized something similar is the onion router, commonly known as TOR. However, TOR’s incentive structure and current node architecture raise important questions about the extent of their security. Since maintaining a node on the TOR network is very expensive, with no rewards provided in exchange, it raises questions about the motivations of those running the network.

How a new approach to mixnets from Swiss privacy project HOPR can protect all Web 3.0 activity from metadata leakage

One of the leading privacy projects in web3, HOPR, has a unique incentive structure which utilizes cryptocurrency to ensure every node runner is properly rewarded. Each node runner in HOPR’s network will be rewarded with the native token $HOPR, but only once they have verifiably completed their job of relaying data to the next “hop” in the network. This extra step, known as proof-of-relay, squares the circle of privacy and incentivization which held back earlier iterations of mixnet technology.

Privacy is often an afterthought for web3 users and developers, many of whom consider that the jump away from Web 2.0 is in itself a sufficient solution. But increasingly people are discovering that privacy isn’t just an issue in web3, but THE issue: without strong protections of metadata, particularly IP addresses, many web3 services are extremely vulnerable to disruption and attack.

This isn’t just about protecting user identities – although of course that’s important. Without strong metadata privacy, fundamental services can be disrupted. Imagine a blockchain that can’t produce new blocks because the miners and validators keep being hit with denial of service attacks, made possible due to exposed IP addresses. Without strong privacy protections on an infrastructure level, the foundations of web3 are build on shifting sands. Luckily an update to decades’ old mixing technology can provide the stability and security the space needs.