As Apple And Google Introduce Coronavirus Tracking Tech, Public Blockchain Privacy Remains Mixed Bag

As the response to coronavirus shuts down businesses across the world, the blockchain industry has been relatively fortunate. Many companies in the industry had long worked from home, developing distributed teams and work environments. Other than a brief shock and awe as COVID-19 shut down the western world, the industry proceeded uninterrupted.

“Probably the biggest thing we’re all missing is getting together at conferences,” says Dr. Steven Waterhouse, CEO of Orchid Labs, developer of a crypto-powered virtual private network. “Although perhaps there were too many conferences, so we’ll have a few less, which will be a relief for my travel schedule.” 

That’s the human aspect of the industry. On the technological side, the so-called “new normal” has forced Orchid to rethink its strategy. “We worked on mobile first,” said Waterhouse, who in the early aughts worked at Sun Microsystems on distributed storage and peer-to-peer technologies and later went on to co-found blockchain investment fund Pantera Capital. “We didn’t have any desktop apps. We’re now prioritizing developing desktop apps, because more people are sitting at home with their computers trying to connect to Zoom, Google Apps, and so on.” 

Increasingly, they’re concerned about their privacy, says Waterhouse. “That’s certainly been a shift for us. And, in general, we’re very focused and conscious of these new changes and new awareness that people are having around the balance between privacy and surveillance, and what kind of surveillance can be thought of as in the common good and public health interest, and how that is implemented.” 

Orchid has been trying to understand these new trends better, and Waterhouse says there are a number of approaches in which to apply blockchain to privacy applications. He references Google and Apple’s contact tracing app. “Looking at the Apple and Google implementation, they’ve taken quite a lot of steps and care to try and anonymize, as much as possible, the information about who has or who hasn’t tested positive [for COVID-19],” he said. 

The Apple and Google framework is akin to a technology stack that can be used in different ways for different implementations. “There are certainly some concerns about what happens when someone has tested positive and what disclosure is then given, and who is that then given to. Certainly, in a more general sense in the future, the concept of decentralized identities and owning your identity, versus having somebody else own your identity, could be a positive thing, and applications of zero knowledge proofs [can be integrated] into those frameworks.” Zero knowledge proofs allow a person or entity to prove possession of certain information to another person or entity without revealing the information itself or any other additional information.

In the very short term, Waterhouse doesn’t see any breakthroughs in blockchain privacy. “It’s a bit like waiting for a vaccine,” he said. “Perhaps next year, we may see some solutions in that space. But, the [blockchain] technology stack currently, and [in particular] the user interfaces, are relatively primitive. On a theoretical basis, I can see certainly the way that particular aspects of blockchain and associated technologies like zero knowledge proofs could be applied.” 

Bitcoin lacks anonymity. It is, instead, a pseudonymous system. “Public blockchains like Bitcoin are obviously a very mixed bag as far as anonymity goes,” said Waterhouse. “It’s literally more traceable than cash, of course, because it’s on a blockchain. So, as we’ve seen, in situations where hacks have happened, people will be able to figure out where coins are and how they’ve moved and, in some of the more publicly and widely reported cases, public blockchains have actually been used to track people and catch people who have been responsible for hacks or other criminal activities.”

Certain privacy coins, such as zCash, may have truly private features. “But, we are really a couple of years short of anything, which is really truly anonymous, like cash is,” he said. 

Many people have talked about blockchain as being the solution to privacy. “But, blockchain is just an architecture, and you can use that many different ways and many different applications,” said Waterhouse. “The way you design your applications, with either a privacy mindset or not, is really the determinant of whether or not an application is going to be offering you privacy or the opposite.”

For instance, central bank stablecoins do the opposite. “They’re actually building in more tracking capabilities into the blockchain feed using the blockchain features that give the issuers of those coins even more control and information about who’s doing what.”

Say a central bank distributes a stable coin to welfare recipients. “The issuer could say things like, ‘This welfare recipient may only spend this currency on a list of allowed items.’ For example, food or other basic needs and so on, but may not spend them on other things like tobacco and alcohol or other things they may decide that are not allowed.” 

A balance must be struck. “To what extent are we deciding that certain things are in the public good, and we agree that the state or issuer should be or should be allowed to control? To what extent are we allowing this kind of money to be censorship resistant? So, that’s a very poignant balancing act right now, when we think about tracking information and balancing the public good of information about who has a virus and who has been near a certain person, how that information is stored, and how people are tracked.”

Orchid is focused on improving people’s privacy with its decentralized VPN architecture. “It’s a client that connects to multiple nodes in a distributed network, each of which are providing secure encrypted bandwidth connections for you,” said Waterhouse. “You can string multiple nodes together to give you more security and privacy. We are hoping to change the landscape of privacy using this technology.” The payment for the connections is in the form of the cryptocurrency OXT, the cryptocurrency Orchid developed.

In Orchird’s initial release, the company partnered with certain VPN companies, the privacy policies of which they trust, like not logging and disclosing information to third parties.  “In the future, anyone can run a node,” said Waterhouse. “You could run a node in the Orchid network, and it’s very unlikely that your IP address is gonna be listed in some database, which says that you’re running a VPN.”

Orchid also allows people to string multiple nodes together. “That prevents the endpoint or the web address from knowing exactly who you are or any of the nodes in between. So, the VPN provider will know who you are and the next node you went to, but they’re never going to know the final address.” This is called onion routing and is used in technologies like the Tor Browser. 

Waterhouse recalls the perception of privacy in the early days of the internet. “I had an email address back in 1989, when I first got to Cambridge, and was using Gopher and FTP sites and so on in my research, before we had web browsers,” said Waterhouse, who used the first web browser, Mosaic. 

Back then, there wasn’t really a sense of knowing who was who on the web. “The concept of having a Facebook account that was verified or having an email address so that people definitely knew it was you was really left to your email address on, say, a university server,” remembers Waterhouse. “And so, there was a type of KYC at that point, where you could kind of assume that a certain researcher was who they said they were.”

The real change he saw in the dotcom days was the introduction of cookies, a small piece of data from a website and stored on the user’s computer by the web browser. “And, at the time, there was a very strong push back,” he said. “Cookies were useful from the standpoint of being able to maintain state, so that you didn’t have to constantly keep authenticating yourself as you move from one page to another within a stateful environment, a web page or a web server.” 

And then, cookies were proposed to be cross site and used to essentially authenticate web surfers across multiple sites or provide tracking information. The AdTech business later adopted them. “There was quite a strong pushback on that idea,” said Waterhouse. For business purposes, ultimately, it became commonplace.

“And, then again, with the emergence of social networks, there was an initial pushback when people were saying, ‘Are people really going to sacrifice the privacy for these conveniences?’”It turned out that people were willing to accept that, too.

“For really the best part of a decade, the concept of privacy being an issue was really forgotten about,” said Waterhouse, who while at Sun Microsystems worked with CEO Scott McNealy, who famously declared privacy dead. “The real emergence of a public awareness started with Edward Snowden’s revelations around exactly how much tracking was happening, not just on the internet, but also on cell phone data, and what’s now emerging, such as facial recognition around camera data, and the awareness of exactly how much information is being recorded about you—who knows exactly what purposes it’s being used for.”