March 27, 2020

Making Privacy Tech Mainstream

On Friday the Tari community discussed how to bring privacy-enhancing technologies such as Monero and Tari into the mainstream. Especially in light of public mass surveillance to reduce the spread of COVID-19.

Please feel free to keep the conversation going by joining the discussion thread on Reddit.

Transcript of Friday discussion

Please note that unlike Telegram or IRC, Reddit threads are a living document. This is a snapshot taken 19:11:37 UTC Friday, March 27, 2020.

Relaying questions from Telegram: (From: Ad-Lib) (This time the discussion is on Reddit, therefore moving Telegram question to Reddit)

There’s no point building tools for businesses on top of bitcoin as bitcoin isn’t considerable to be used as transfer of value for b2b and b2c. Same about eth - whatever it does, it’s not usable for b2b and b2c because of the lack of fundamental properties. We need to have an infinite scalable and decentralized stablecoin backed with monero with value strictly balanced with basic necessities around the world. We need something fungible, fast, secure, cheap and 100% stable (compared to dollar) and we need to give it to businesses. I’d accept it today in my business. Tari will be as great as usable it will be for businesses. Monero is a great currency and I think Tari could help to bring it to businesses. Right now monero is (let’s be real) only usable for c2c and it’s already the greatest tool for that purpose. Adoption though hides in where the real deal is and the real deal is in economy where businesses using “potential currency” to exchange with other businesses and customers. And to bring that “potential currency” there, volatility and transparency has to be taken off somehow.

I love the idea of a scalable, decentralized stablecoin backed by XMR. This is a future I would personally love to live in. Perhaps Tari as a protocol can be used to help bring this to life in the future. I know many businesses that would accept this flavor of stablecoin.

With regards to volatility, an interesting thing about digital assets is that each asset can have its own liquid market, and its own representative value. This may or may not have an effect on the volatility of underlying assets like XMR or Tari.

The current debate on privacy (to me anyway) seems to centre around two key topics: data protection and digital identity.

It seems obvious that Tari might provide a mechanism for improved data protection (regardless of application or sector)

However, i was wondering if Tari might be a platform for privacy-preserving digital identity, interoperable with the emerging identity management frameworks (which some view as somewhat lacking from a privacy perspective).

Is this something that is being worked on/achievable?

Great question. I would personally agree that privacy-preserving digital identity has value. Others may not agree. From an implementation standpoint, I think many folks working on Tari are focused more on use cases that have the potential to create wide-scale adoption of this future underlying system. In your view, how would privacy-preserving digital identity work? I am assuming something that is fully permissioned by the user including time-based rules, granular controls on context of use etc. would be important features to consider?

In your view, how would privacy-preserving digital identity work?

This is the million dollar question.

At the moment, the protocols are being written, standardised, and developed by a number of semi-competing entities (ID2020, DIF, Sovrin, RWOT, eIDAS, ESSIF, etc)

They all currently suggest little scope for anonymity (or at minimum user controlled pseudonymity).

The ideal solution in my view is some multi-sig solution that distributes identity de-anonymisation mechanisms across a number of entities (Government, Individual, Family, Orgs/Corps, and potentially Data Protection Commissioners) - with features built in so that revealing of identity is transparent when it happens (in the case of criminal investigation, for example).

The 'sub-identity' of an individual is then a Confidential Asset, while the 'master identity' is only revealed if necessary and when 3 of 5 (or some other variation) agree.

I love the idea of applying multi-sig to digital identity. In a functioning government with a reasonably well functioning court system where there is an assumption of due process, one could imagine a scenario where law enforcement is procuring a warrant from a court as being a 2 of 5 in a multi-sig scenario. Who could the 3rd party be to unlock someone's master identity?

View in your timezone:
Friday, March 27th 14:30 UTC

Question 1
Looking back at the COVID-19 angle of the post, is there a case where undoing the privacy of all people to save more lives is worthwhile? I'm curious to see how many people agree to forfeit their location data in order reduce the spread of the pandemic.

Question 2
In Westworld Season 3, there is an all knowing AI called Rehoboam. If it was possible for an AI to aid people in their lives (ex: career advice) without revealing it to the outside world, would that be acceptable? (more of an AI question not privacy)

Question 3
This seems to be the reason why we need privacy coins TLDR:

Dollars are already digital. Banks have digital $ fed accts. Consumers have digital $ bank accts. Read: Digital dollar is about accounts, not dollars. Every consumer will get direct access to a Fed Account.

Sounds sort of bad :/

Really good questions. I guess a perspective here is that there are middle grounds across the board. Privacy is a spectrum. Do we need absolute surveillance to achieve the goal of saving maximal lives? I don't think that's true. I think there is probably a middle ground where privacy is preserved at some level while ensuring the parties that need access to "anonymized" info around viral spread have it.

Q1: would you undo the privacy of all people to save your life?

that's a slightly disingenuous framing of the problem, though. as undoing the privacy all people, in this context, leads to saving more than one life.

It is still the privacy of all people

i never said it wasn't - just that your framing of the problem was disingenuous (in this context)

I wonder if any governments have been pushing big tech companies to do this. It would be unprecedented though.

of course they have. its started already in a number of countries.

Regarding the "digital dollar" proposal, I think there is a lot that needs to be fleshed out with regard to what the Fed is thinking. I personally don't have a lot of hope that it will be privacy-preserving. A story I make up is that there are many in government that fall down the law enforcement rabbit hole that privacy solely enables bad actors to do their dastardly deeds vs. preserving freedom. To me this is a foundational challenge.

Re: question 1’s framing: People are already forfeiting their location data, often to dozens of apps on their phones at once. It’s just a matter of optics as to how it’s presented to them.

Yes I think Moxie coined the term "oblique surveillance" aka surveillance by choice. We are all choosing to be surveilled 24/7 by carrying portable GPS trackers + WiFi-enabled devices in our pockets at all times. There is no way to anonymize this data. In my view, anyone who says that there is a way to accomplish this is disingenuous.

That's fair. In regards to u/midipoet earlier, I suppose government could just buy public data on people without having to go to big tech for location data...

Governments don't have to buy anything. They just have to "ask" for it.

“In our view, the only way for privacy-enhancing technologies to take off is if the intended user of the technology has meaningful societal and legislative influence and absolute privacy to conduct their affairs.”

What do you mean by this?

I'll answer by giving an example: copyright law in the US. Copyright law in the US has shifted a few times over the last century driven by the needs of large copyright owners. I am not suggesting this is a good or bad thing, I am simply stating it as fact. If large digital asset issuers require privacy to conduct their affairs, then that increases the utility of a default private digital asset system. Perhaps it makes privacy a pre-requisite vs. a nice to have. I personally can't think of a single business that owns IP that wants the world knowing about transactions involving their assets unless they can control that story. They are story owners and tellers after all.

Cash is the historical private mainstream everyday medium of exchange. Would that model still apply for private cryptos, where private cryptos are good for small day to day transactions instead of large ones (where regulatory hurtles become a thing?)

I've been thinking about the same from a regulatory standpoint, would it be easier to get private crypto acceptance by regulators if the cryptos were called "digital cash" and only used for small day to day transactions such as buying coffee. Coincenter has a good piece on this.

I guess the downside is that this would rely on some L2 currency else you have to wait for several minutes for your coffee. Maybe it's not that bad since Tari has a 1 minute block time

EDIT: As always, only speaking for myself here. I am not a lawyer or a regulator. I am a human on the internet with no credentials of any kind. All of that being said, as far as I understand it there are many types of transactions that have many different types of treatments by regulators. Someone can wire someone else $1MM USD with no pre-approval or authorization by a regulator. Does that transaction need to be reported in some fashion in the future? Yes, it does. And that is where I think there is an interesting debate. What exactly is wrong with a disclosure-based universe vs. one where every single transaction is automatically surveilled? Yes there will be people who fail to disclose. That is the case no matter what. Will some of those people run away without facing consequences for failing to disclose. Yes. But will we all be freer and treated more equally as a result? yes. To me thats worth the cost of some folks failing to disclose and therefore breaking some law of the land.

What are optimal form factors or "trojan horses" for private cryptocurrencies or even broader privacy-preserving technologies to become more mainstream?

Chat apps, for now, have had the most consumer adoption. Some of these chat apps are integrating crypto. Right now you can send XLM on Keybase, albeit it is not private.
There are blockchain storage apps like Sia's skynet
What are other vehicles of privacy transmission?

TBH I always am a big fan of private cryptos x chat. I saw mobile coin and I immediately thoughts of buying something anonymously on a chat app, then wondered about actual delivery if it's a physical good...
Perhaps markets could be explored. If haven / Openbazaar supported private cryptos that would be great. Though there still is a shipping issue if it's a physical item.
Private DeFi? idk how many people actually are interested in DeFi though