Privacy is one of the most crucial yet underrated aspects of the crypto space. Many people dismiss it with the classic "I'm good, I have nothing to hide" statement. In this article, we'll delve into the importance of privacy, explore the ongoing battle between lawmakers and builders, and discuss why a lack of privacy in crypto could potentially lead to an unprecedented surveillance state.

Why Privacy

Blockchain technology, with its secure and transparent transactions, is a cornerstone of the digital age. However, its public ledger can expose one's entire financial history, leading to potential risks. Companies could exploit customer spending patterns, thieves could target victims with high-value transactions, and nations could monitor and potentially manipulate citizen spending. Without proper privacy tools, a transparent blockchain could lead to extortion, surveillance, and unprecedented public data exposure.

Examples:

Cyber Extorsion

Tod uses its Ethereum wallet to purchase online products, and hackers track website data and create deeper and deeper profiles of Tod, Using data leaks or even government tax data the hackers can quickly know the emails and personal data of Tod, starting phishing attacks until they stole Tod's money or even worst, extort Tod to do several actions with its wallet, like illegal trafficking buy a specific coin and more.

👉 UNC School Of Law: La Crypto Nostra: How Organized Crime Thrives in the Era of Cryptocurrency

In Real Life Extorsion

The unlucky Tod visits a clothing store and purchases a new pair of jeans using his Ethereum Wallet. Amanda, the store manager, can access all of Tod's transactions and gain insights into his private activities and history, using this private data without adhering to any Privacy Law. The situation worsens as Tod typically shops near his home, which could potentially allow thieves to determine his residence. They could then follow him and attempt to steal money from his ledger or even operate like a mafia, extorting money from all the shops and people in Tod's neighborhood. Or Tod can even be murdered if it sells a specific token or NFTs.

👉 NYT: Bitcoin Thieves Threaten Real Violence for Virtual Currencies

👉 People: Missing Crypto Millionaire, 41, Found by Children Dead and Dismembered in Suitcase in Argentina

👉 CVT News: Ontario crypto king apologizes to investors in video while appearing badly beaten from kidnapping

👉 Independent: Teen crypto trader and investment influencer found shot dead in his Porsche

👉 I&T Today: 4 Crypto Billionaires Found Dead Under Mysterious Circumstances During FTX Collapse

Entities Extorsion

The unlucky Tod is captivated by Application A and wants to use it with his Ethereum wallet. However, Application B wants to stifle competition and discourage the use of Application A by creating economic disincentives for its users. In the real world, we have anti-trust laws to prevent such practices, but in the crypto world, this is starting to become common. Tod should have the ability to anonymize himself and use Application A without leaving any trace for Application B to exploit.

👉 Boxmining: Blur Increases Loyalty points if users don’t list NFTs in Open Sea

👉 Coin Telegraph: Friend.tech threatens to punish users if they use copycat apps

Country Extorsion

The unlucky Tod lives in a country that wants to use the information stored in the blockchain for a Social Credit Score system (if you're pro-Social Credit, this article and my thoughts may not align with yours). The country might even create economic and legal incentives to steer its citizens towards spending their money on a particular application or buying specific products. This would effectively strip citizens of their freedom to choose the products that best suit their needs.

👉 YT: Self-explanatory clip from a Valuetainment video

These are just some examples of what Blockchain payments without privacy tools can empower in the years to come.

Why The privacy situation is critical in crypto and not in traditional banking?

In Western Civilization, the banking system safeguards the privacy of people's funds by keeping transactions confidential. However, in recent years, particularly in Europe, regulators have started facilitating the transmission of user transactions to national commissions to combat terrorism or tax evasion.

Even though banking doesn't completely preserve privacy between individuals and the state, it does maintain privacy among individuals.

Moreover, using banks as custodians for assets significantly complicates the process for thieves attempting to extort money from individuals. In contrast, in the crypto world, users have direct access to wallet funds without intermediaries, leading to a new set of challenges. These issues can only be addressed if countries participate in the conversation and strive to ensure taxpayer security and privacy, rather than solely focusing on taxation.

History

Since Bitcoin and its private ledger came along, people discussed the value of privacy, the implications of a public ledger, and its risks. Even Satoshi stated that this could become a problem.

As the crypto ecosystem evolved, people began using Centralized Exchanges in an attempt to anonymize their wallets and enhance their security. However, Centralized Exchanges have a significant issue. These tools used for privacy depend on a centralized entity that holds highly sensitive data. These entities can either fall victim to data breaches or misuse their power to extort users. In the worst-case scenario, they could even collude with terrorists by sharing false data about wallets and reserves, leading institutions to flag the wrong wallets. As such, there's been a momentum shift towards enhancing privacy in public blockchains through advanced technological solutions.

One of the earliest substantial privacy measures that gained traction was CoinJoin. This method allowed small groups of users to pool their coins in a single transaction, making it challenging to trace specific input-output pairings on the chain.

Monero expanded on this concept by employing a linkable ring signature mechanism, enabling users to blend their coins with a select few, eliminating the need for interactions outside the blockchain.

As technology evolved, the participant pool in each blend expanded, amplifying each transaction's potential origin points. Yet, these recurrent small-group blending methods weren't devoid of data vulnerability.

The next significant step in cryptographic privacy came with the integration of universal zero-knowledge proofs, showcased in blockchains like Zcash and smart contract systems like Tornado Cash. These systems enabled the potential origin of each transaction to encompass the entirety of prior transactions. The industry and academic sectors often dub these zero-knowledge proofs as "ZK-SNARKs."

Tornado Cash emerged as a decentralized and encrypted privacy tool for Ethereum users, with zero reliance on third parties and 100% security.

👇This is when things started to get weird👇

I’ll never forget that August, 8 2022, I was driving to San Sebastian, Spain for a small surfing vacation, I stopped in a gas station, unlocked my phone to read some news and my twitter timeline was full of posts about the Tornado Cash sanction.

Indeed, following this, GitHub cancelled and blocked the accounts of anyone who interacted with the Tornado Cash repository. $USDC blocked the Tornado Cash contract, Infura and Alchemy were compelled to block RPC to the Tornado website, .limo ceased hosting tornadocash.eth and GitCoin removed the TC grant page.

Two day after, the Tornado Cash founder Alexey Pertsev was arrested in Amsterdam by Netherlands’ Fiscal Information and Investigation Service (FIOD) without any sentence and any possibility of defence in front of a jury.

👉 Bitcoin.com: Suspected developer of crypto mixer Tornado Cash arrested

Based on the evidence available at the time, Alexey Pertsev's only action was deploying open-source code on a public virtual machine (Ethereum). While it's clear that North Korean terrorists used Tornado Cash (TC), this in no way implicates the TC developers who published an open-source public good for privacy. This incident raised significant concerns among Web3 builders, sparking fears about the potential illegality of writing open-source code and speculation about who might be the next target.

👉 Tech Crunch: Crypto Community Responds to Tornado Cash Sanctions, Privacy Advocates Say 'There Are Many Legitimate Reasons to Seek Financial Anonymity'

The influence of the FOMC over companies and WEB3 app providers spread faster than ever before. Some apps introduced (and later removed) a FOMC-compliant interface for their smart contracts because the founders were afraid of facing the same unfortunate and unjust fate as Alexey Pertsev.

I'll never forget the palpable sense of injustice that permeated the ecosystem, especially coming from the U.S., a country that, in theory, should uphold privacy and freedom of speech.

👇This episode from Bankless resume the mood of crypto builders during that time👇

In March 2023, Ethereum's hero, Ameensol, launched PrivacyPools, a solution for Tornado Cash to comply with regulators. Essentially, it extends the Zero-Knowledge (ZK) proof of Tornado Cash to verify that the sender's wallet involved in the privacy transaction is not one of those sanctioned by the FOMC, while still maintaining privacy for the sender.

👇Here you can see it in action👇

This idea was initially suggested by Vitalik Buterin, soon after the FOMC sanction to Tornado Cash.

👇 Here an infographic 👇

In August 2023, other two Tornado Cash developers, Roman Storm and Roman Semenov were arrested and charged with facilitating terrorism through wash trading. This is an unprecedented question for the decentralized ecosystem. Lawmakers have set a precedent where any smart contract developer can be held accountable for crimes committed using their application.

👉 Coin Desk: Tornado Cash Devs Charged With Helping Hackers Launder $1B, Including Infamous North Korean Attacks

The U.S. Department of Justice (DOJ) indicted Roman Storm and Roman Semenov, the developers of Tornado Cash. The DOJ alleges that they designed Tornado Cash with various privacy features, knowing that their service could be used for illegal activities. Furthermore, the DOJ claims that despite their public statements to the contrary, Storm and Semenov maintained control over Tornado Cash. This control could have been used to implement transaction monitoring or other anti-money laundering features to prevent illicit use of the service.

👉 Justice.gov: US Gov Roman Storm and Roman Semenov sentence

The US regulators, for the first time charged a team, because they have (even if via governance proposals) the possibility to update the network and make Tornado Compliant with the FOMC. This also raised concern for every team who run upgradable DAOs and their legal implications against anons votes.

But, you know… I always sad that upgradable contracts should be regulated and this is the precedent. Upgradable Contracts is the point of fail for an application and makes founders in a tricky situation. Sad but true! 👇

Vitalik Buterin with ameensol, Jacob Illum from Chain analysis, Fabian Schär and Mat Nadler double down in the conversation with a Paper:

👉 Blockchain Privacy and Regulatory Compliance:Towards a Practical Equilibrium

In this paper, they described Zero-Knowledge proofs, the importance of privacy in blockchains, and how solutions like Privacy Pools are crucial for both builders and regulators to find common ground.

Countries

The response from countries, particularly in the West (the champions of Freedom and Human Rights), to crypto, privacy, and regulations has been disappointing. These countries are implementing complex structures to track the crypto holdings of their population and levy taxes on them. However, they are not providing clear regulations to help taxpayers maintain their privacy on-chain, nor are they establishing rules and standards for entrepreneurship. Furthermore, they are doing nothing to curb the scams that persist in the market, thereby failing to protect the money of inexperienced taxpayers.

The situation get worst from the facto that Countries require more and more data from On-Chain transactions about citizens, let them to be more and more at risks of extortion, surveillance, and public data exposure, but without help them in any way possible.

I criticised several times western countries for:

🔮 In this tweetstorm from Nov. 2022, I strongly criticized why countries aren't defending taxpayers and why they aren't taking any action to regulate Centralized Exchanges (Cexes)

🔮 Here I express how Western Countries are stressed to regulate tax but they don’t even try to build simple regulation to secure tax payer money

👇Long Story Short 👇

What we have learned from the TC situation?

• If you can upgrade the contracts (no matter if via DAO or not) developers are legally responsable if the contracts are use by terrorist or wash traders.

• We still don’t know the governament approach in a situation without upgradability features.

• Regulations are still unclear.

• If terrorist use your app to wash-trade you’re legally colluded with them.

• In this situation, anyone who operates a secure and permissionless application could potentially face imprisonment in the blink of an eye.

What’s next?

All Ethereum enthusiasts MUST vocally demand that governments provide clear regulations and tools to preserve privacy. This will allow builders to create privacy-focused and decentralized solutions for their users, without the risk of facing legal repercussions due to regulatory uncertainty.

Solutions like PrivacyPool from Ameensol have the potential to significantly alter the landscape, striking a balance between anti-terrorism needs and privacy for end users. However, given the current market situation, any DAO or upgradable dapp is at risk based on this precedent. Western lawmakers must quickly decide whether they want to prevent a mass surveillance scenario, which could lead to a dystopian future or even serve as a source of data for competing countries.

Currently, scammers are allowed to steal billions in taxpayer assets, while privacy advocates and builders of secure smart contracts, who have zero possibility of stealing customer assets, face the threat of imprisonment. They live their entrepreneurial journey with constant anxiety about the legality of doing the right thing for their users' security.

A Western Civilization that has grown over decades by incentivizing innovators and imprisoning scammers is becoming the exact opposite in the crypto space.

Crypto enthusiasts, spread the word. Regardless of who your current president is, they will change in the coming years. However, your public transactions and your data will remain forever, potentially becoming the biggest problem of your future. Let's share this message and take action!

🔮 Follow me at @baseToschi on X