Privacy As A Cultural Issue
As all bull markets, the recent bitcoin bull market has created a wave of hopium for the adoption of Bitcoin and the Lightning Network. While most are incredibly eager for their potential, privacy risks are too often ignored. In the recent pushes toward the hyper-adoption of bitcoin, we seem to have lost sight of our goal.
The goal of Bitcoin is to shift power from governments and banks to the people. For this experiment to work, the censorship resistance of Bitcoin is the most important aspect to keep in mind. As famously stated by Hal Finney on the cypherpunk mailing list, “The computer can be used as a tool to liberate and protect people, rather than to control them.” But controlling them is mostly what we are seeing with the advances of surveillance technologies today.
Efficient surveillance technologies did not fall out of the sky, but are often a product of the uneducated consent of users. For example, many don’t see a problem in giving their data to Facebook, as they believe they have nothing to hide. What individuals issuing such statements miss is certain paragraphs in the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which allow for the monetization of anonymized private data through third party corporations.
Using hosted services on the internet is a trade-off usually made for convenience, as it is easier to utilize the services of Google for email and document sharing than setting up one’s own server instances. The advance of hosted services on the internet, which function as surveillance tools on the flip side, was brought on by demand. Developers saw a need for such tools to exist, but abandoned the protection of user privacy in exchange for convenience.
As surveillance is slowly beginning to spin out of control, users are starting to put a bigger emphasis on the protection of their privacy, which has led to the creation of easier self-hosting solutions such as Nextcloud. The problem is that we cannot simply add privacy solutions on top of a system built without privacy in mind. For example, using the Tor browser to access Google.com will not keep your identity hidden. To achieve censorship-resistant systems, privacy must be built into the infrastructure. Privacy is a cultural issue — hence we must unlearn close to everything we know about our behavior on the internet and change our mindset around privacy to bring on demand for easy-to-use privacy enhancing technology.
When building out the Bitcoin and/or Lightning Network, it should therefore be seen as essential to not make the same mistakes that were made in the development of the World Wide Web. User privacy should always be the primary focus of Bitcoin development to strive for censorship resistance, and achieve the goal of a shift in power. If this emphasis isn’t set, we are running the risk of building the most efficient financial surveillance technology we have seen in history, instead of a tool for the liberation and protection of the people.
“Any man’s death diminishes me, because I am involved in mankind, and therefore never send to know for whom the bells tolls; it tolls for thee.” — John Donne, Devotions upon Emergent Occasions, 1624
Getting Lost In The Crowd
The question that is often raised is why one should even care when others wreck their user privacy on Bitcoin and the Lightning Network. After all, we all make our own decisions, and no one is responsible for any other person. This common misconception has stood firmly for the past few decades: user privacy only regards our individual actions — while the reality is that our own privacy affects the privacy of everyone we interact with. This point was just recently vividly proven in a study conducted by Nature Communications, which found that an artificial neural network can identify individuals with 14.7% accuracy out of a database of 43,606 anonymized users, when only given information about the target. However, when the network is fed additional data about the individual’s social interactions with their known contacts, the percentage of correctly identified individuals rises to 52.4%.
Imagine using a pseudonym on public forums such as Twitter or Telegram, and closely interacting with people who are not pseudonymous. A perpetrator can now easily make assumptions to de-anonymize your ‘nym. For example, if you’re interested in Bitcoin and engaging with a lot of people based out of Berlin, the perpetrator may assume that you are also based in Berlin. A perpetrator may then find a local meetup and engage in social engineering attacks to identify you based on metadata, such as topics that interest you. The same goes for our bitcoin transactions. Imagine frequently paying a small amount of sats to a node which has doxxed its location via an IP on clearnet, or by claiming its node on one of the popular block explorers. A global adversary may monitor transactions via timing analysis — comparing what sizes of packets are sent when and received where. They may now find out that this node belongs to a coffee shop, and conclude that the targeted person lives close to the coffee shop’s location. Again, the person targeted can then be identified via metadata, such as the time the payments take place.
Privacy-enhancing technology only works when we are able to hide in the crowd. A person wearing a mask to conceal their identity in public may easily be targeted when no one else is wearing a mask. This has been true for regular web traffic anonymization tools as mixnets, as well as in Bitcoin anonymization tools as CoinJoins. When not enough people use the tools available, those who are using them will stand out from the crowd like circus clowns in a funeral home, rendering the technologies built to protect our privacy as useless. To put it in Eric Hughes words in an entry on the cypherpunk mailing list from March 9, 1993: “Privacy only extends so far as the cooperation of one’s fellows in society.” It is therefore essential to engage in privacy-protecting practices not only to protect our own privacy, but to protect the censorship resistance of the entire network.
Bitcoin’s Eternal September
By pushing towards the hyper-adoption of Bitcoin without being able to support basic user privacy on an infrastructural level we are working towards the eternal September dilemma the World Wide Web still suffers from today: a continuous influx of new users silencing the few critical voices with over-excitement, leading to a complete loss of moderation and consequently a loss of basic understanding for the possible risks of the technologies in question. Beginning in 1993, every September new university students gained access to computers; Usenet forums — where early internet adopters explored the possibilities of online social interaction — were flooded with large groups of new users, drowning all attempts at a reasonable development of the World Wide Web in the shrieking of the crowd. With internet service providers such as AOL granting continuous access to the formerly popular internet forum, this new influx of users became a continuous phenomena, giving way to the promotion of surveillance technology as a means for communication for the uneducated user.
The adoption of a technology through the wider population before all of its implications are known and infrastructural solutions are built out to negate possible risks will always result in the hyping-up of applications and platforms which in the worst case may end up ruining the privacy of the entire user base. Experts will arise giving advice on such tools, while voices critical of technology catering to the masses will remain lost in the swamp of excitement, until such developments are too far along to reverse. Despite (or rather precisely because of) all the hope that lies in Bitcoin to bring upon freedom of transaction, we should stay critical of onboarding large groups of people to Bitcoin and/or the Lightning Network just for the sake of growth, as an uncontrollable influx of people can push development in a direction that prioritizes usability, and potentially even harmful to the network.
“We must die as egos and be born again in the swarm, not separate and self-hypnotized, but individual and related.” — Henry Miller, Sexus, 1949
To achieve our goal of shifting power from governments and banks to people, we must be clear on the long-term goals of Bitcoin. If new users are taught to see no issues in the use of centralized or closed-source services, compromising security in return for convenience, or giving up their privacy for the sake of a better user experience, they must unlearn everything they’ve understood once we reach the point of super-surveillance of the Bitcoin network, which firms such as Chainalysis are working towards today. Yet unlearning things is an incredibly hard thing to do, which can be seen in the development we are seeing in the World Wide Web today.
Bitcoin without censorship resistance will be of no use to any of us. We should therefore all set priorities to shift towards privacy-preserving, peer-to-peer solutions. Such a shift will in return not only serve Bitcoin and Lightning Network users, but also those investing in Bitcoin and Lightning Network services, while furthering adoption on a slower, more sustainable level. In the end we are all to be held responsible for the products and improvements being built in a decentralized network. Each decision we make towards the more private use of Bitcoin and the Lightning Network is a decision for the vision of Bitcoin overall. Let us therefore not forget that we must not only keep our own best interests at heart while furthering the adoption of…