Viewpoint by: Casey Ford, PhD, investigator at Nym Technologies
Web3 surged forth on the tide of decentralization. The growth of decentralized applications (DApps) hit 74% in 2024, while individual wallets skyrocketed by 485%, leaving the total value locked (TVL) in decentralized finance (DeFi) almost at a historic peak of $214 billion. However, the sector is also careening toward a state of control unless it becomes aware.
As Elon Musk has hinted at placing the US Treasury on blockchain, albeit poorly planned, the currents are shifting as cryptocurrency becomes deregulated. But when that happens, is Web3 prepared to “safeguard [user] data,” as Musk’s representatives assert? If not, we stand on the edge of a global data security emergency.
The dilemma reduces to a weakness at the center of the digital realm: the metadata surveillance across all current networks, even the decentralized ones in Web3. AI technologies are now fundamental to surveillance frameworks and act as accelerators. Anonymity networks provide a potential escape route from this capture state. However, this must initiate with metadata safeguards universally.
Metadata is the emerging frontier of surveillance
Metadata constitutes the neglected raw material of AI surveillance. In comparison to payload data, metadata is lightweight and hence can be processed en masse with ease. This is where AI systems shine. Aggregated metadata can disclose far more than encrypted contents: it can expose behavioral patterns, networks of connections, personal aspirations, and ultimately, predictability. Legally, it remains unprotected in the way end-to-end (E2E) encrypted communications are currently in some jurisdictions.
While metadata is integral to all digital assets, the metadata that leaks from E2E encrypted traffic reveals our actions: IP addresses, timing signatures, packet sizes, encryption formats, and even wallet details. This information is entirely comprehensible to adversaries monitoring a network. Blockchain transactions are not exempt from this issue.
From heaps of digital debris can arise a treasure trove of meticulous records detailing our actions. Metadata represents our digital subconscious, and it is available for exploitation by any machines capable of harvesting it for gain.
The deficiencies of blockchain
Safeguarding the metadata of transactions was an afterthought in blockchain technology. Cryptocurrency does not provide anonymity despite the often negative connotations associated with the industry regarding illicit activities. It offers pseudonymity, the capability to maintain tokens in a wallet under a selected name.
Recent: How to tokenize real-world assets on Bitcoin
Harry Halpin and Ania Piotrowska have analyzed the predicament:
“[T]he public nature of Bitcoin’s transaction ledger […] means anyone can track the movement of coins. [P]seudonymous addresses do not afford any substantial degree of anonymity, as anyone can gather the counterparty addresses of any transaction and reconstruct the series of transactions.”
Since all chain transactions are public, anyone operating a full node can view chain activity comprehensively. Moreover, metadata such as IP addresses linked to pseudonymous wallets can pinpoint individuals’ locations and identities if the tracking technologies are sufficiently advanced.
This encapsulates the fundamental concern of metadata surveillance within blockchain economies: Surveillance frameworks can efficiently de-anonymize our financial interactions by any capable entity.
Knowledge as a vulnerability
Knowledge is not merely power, as the saying goes. It also forms the basis for our exploitation and disempowerment. Web3 grapples with at least three primary metadata risks.
-
Fraud: Financial instability and surveillance are inherently connected. The gravest hacks, thefts, or scams hinge on accumulated insights about a target: their assets, transaction histories, and identities. DappRadar estimates a loss of $1.3 billion attributed to “hacks and exploits” such as phishing attacks in 2024 alone.
-
Leaks: The wallets enabling access to decentralized tokenomics rely on leak-prone centralized infrastructure. Research on DApps and wallets has demonstrated the frequency of IP leaks: “The existing wallet infrastructure does not favor users’ privacy. Websites exploit wallets to fingerprint users online, while DApps and wallets disclose the user’s wallet address to third parties.” Pseudonymity becomes meaningless if individuals’ identities and transaction patterns can be easily uncovered through metadata.
-
Chain consensus: Consensus on the chain serves as a possible attack vector. An instance is a recent project by Celestia to integrate an anonymity layer to obscure the metadata of validators from specific attacks attempting to undermine consensus in Celestia’s Data Availability Sampling (DAS) process.
Securing Web3 through anonymity
As Web3 expands, so does the volume of metadata regarding individuals’ activities that is available to newly empowered surveillance systems.
Beyond VPNs
Virtual private network (VPN) technology has been around for decades. The stagnation in progress is astonishing, with the majority of VPNs still entrenched in the same centralized and proprietary infrastructures. Networks like Tor and Dandelion have emerged as decentralized alternatives. However, they remain susceptible to surveillance by global adversaries capable of performing “timing analysis” through control of entry and exit nodes. Even more sophisticated tools are required.
Noise networks
All surveillance seeks patterns within a network filled with noise. By further obfuscating communication patterns and unlinking metadata like IPs from traffic-generated metadata, the potential attack vectors can be greatly diminished, and metadata patterns can be scrambled into incoherence.
Anonymous networks have surfaced to anonymize sensitive traffic such as communications or cryptocurrency transactions through noise: cover traffic, timing diversions, and data mixing. Similarly, other VPNs like Mullvad have introduced initiatives like DAITA (Defense Against AI-guided Traffic Analysis), which aims to add “distortion” to its VPN network.
Scrambling the codes
Whether it’s protecting individuals against assassinations in future drone conflicts or securing their on-chain transactions, fresh anonymity networks are essential to scramble the identifiers that make all of us targetable: the metadata produced by our online existences.
The state of capture has already arrived. Machine learning is consuming our data. Rather than allowing individuals’ data to remain unprotected, Web3 and anonymity systems can ensure that what reaches the clutches of AI is essentially refuse.
Viewpoint by: Casey Ford, PhD, investigator at Nym Technologies.
This article serves solely for informational purposes and is not intended as, nor should it be considered as, legal or financial advice. The opinions, thoughts, and beliefs expressed here are solely those of the author and do not necessarily reflect or represent the perspectives and opinions of Cointelegraph.