Lines

Confidential Computing Will Secure Our Secrets in Web3

Industry InsightsOctober 14, 2021
New image

Web2 was built on data harvesting but the next phase of development must be about protecting that data, not exploiting it.

Often the true consequences of a technological shift only become clear later – and when they do, they can drive the next shift. That is certainly true of the “social web”, or Web2, which dominated web development in the first two decades of this century and is now slowly being supplanted by Web3. Web2 gave us so much, but the world is waking up to what it took from us. And we want it back.

Web2 revolutionized not only how we communicate, but in many ways, how we live. It changed the nature of the web from static, one-way information portals to dynamic, collaborative information sharing. It introduced the mobile, interconnected, cloud-based internet that now underlies most services – users expect to be able to access information and services seamlessly wherever they are, whatever device they are using, and to log in for a personalized experience.

It also got consumers used to accessing free services built on the value of user data. Or to use that now well-worn phrase, if you aren’t paying for the product, you are the product. At first, users generally assumed they were “paying” with their time and attention, and why not put up with a few ads? But it’s gotten creepier over the years, as it became clearer just how targeted those ads are, and how much we’re being snooped on. Seeing a product you looked at once follow you across a dozen websites is annoying. Seeing ads pop up in response to a conversation you thought was private – that’s far worse.

Public fights over the activity tracking that fuels all this targeted advertising go back at least a decade (Microsoft even attacked Google over it, although it faced similar criticisms itself soon after). But until fairly recently, it seemed that most people were willing to shrug off privacy and security worries. That is changing.

Why privacy matters – Especially now

There’s a common argument that if you have nothing to hide, you needn’t worry about privacy. But this is simply wrong, for many reasons. One is that state surveillance poses a fundamental threat to free political action and thinking – as eloquently set out by journalist Glenn Greenwald. Citizens who live with the constant awareness that their actions may be seen naturally behave very differently; it’s a way of repressing dissidence before it even starts.

On the corporate side, data harvesting results in a concentration of economic power, and hence, market distortion. We have seen how the emergence of tech monopolies (driven in part by exactly this data exploitation) has made the erosion of privacy seem unavoidable: where are the alternatives? It also creates the potential for truly dangerous manipulation, as was seen in the Cambridge Analytica scandal. And then, on top of all that, there’s the risk of having centralized data hoards exposed to criminals.

Over the past year and a half, repeated lockdowns drove a digital revolution that pushed an already connected world further and faster into digitalization. Suddenly everyone had to get comfortable with remote working technologies, while telehealth, online shopping, and food delivery took on far greater importance. Masses of data were accumulated on remote servers that offered an inviting single point of attack. In this rush, and amid the existential terror of the global pandemic, data security was not exactly top of mind – which resulted in not only more data breaches (especially in the sensitive healthcare sector) but a higher cost for those that occurred.

In just the past few months, millions of private records have been exposed in incidents at T-Mobile, Microsoft, LinkedIn, and elsewhere. LinkedIn defended itself with the argument that it wasn’t really a breach since the information was legally scraped – which is, if anything, even more hair-raising. Clearly, user privacy is pretty low on the agenda for these companies. But the same can no longer be said for their customers, or for regulators.

Perhaps the clearest indicator of how the mood is changing is how hard WhatsApp has been hit this year. First, a terms of service update prompted millions of users to switch to other platforms, as they realized their private information was not actually that private. And then the company was hit with a record €225 million fine over GDPR non-compliance.

WhatsApp is a classic Web2 case study, with an irresistibly convenient mobile communication offering that just begged to be turned into a data harvesting machine. Although at first it was supported by nearly free ($1) downloads or subscription payments, once Facebook bought the company in 2014, the writing was on the wall. Privacy promises are all very well but so much juicy data was just too good to resist. It’s become clear that privacy must be built in by design, not left to policies that can be changed.

The path to protection in Web3

While Web2 was distinguished by an interconnected experience, that impression was only skin-deep, with the client-server model of computing undisturbed. The new generation features distributed computing, as well as interaction, and depends on the secure interoperability of numerous systems. The new decentralized web aims to build a “fair internet where users control their own data, identity and destiny”. In this vision, users should retain sovereignty over their digital identities, while companies should be able to harness the power of data-generated insights without actually having access to that underlying data.

Although Web3 is underpinned by blockchain technology, which is transparent by nature, data security can be achieved through various means. One option is the use of trusted execution environments (TEEs) – a hardware element that enables data to be processed according to defined rules without anyone, even the system administrator, being able to view the dataset. Because the component can be remotely attested, it is suitable for use on a decentralized network. TEEs also accommodate the crucial right to deletion of your data. That opens up a world of possibilities – from collaboration between competitors to trustless smart contracts and GDPR-compliant cloud services.

Another well-known privacy protocol with applications for Web3 is zero-knowledge proofs. This refers to a mathematical way of verifying data without actually revealing it – it’s based on probabilities. The technique has applications in core blockchain use cases such as cryptocurrency transactions and digital identification. But as yet, ZKP is not generally market-ready; the method is abstruse and computationally heavy. And it doesn’t easily comply with the right to erasure – although data is not revealed, there is a risk of exposure should your private key be leaked at any point. TEEs have the advantage of being already mainstream and intrinsically compliant.

The nature of monetization is also changing. In the Web2 model, profit was derived from first building a vast user base, and then monetizing it, often through data harvesting (as seen with WhatsApp). In contrast, Web3 applications often feature tokenized protocols that create innate alignment between the companies and the users’ interests.

A fundamental shift in value

In the new web generation, we will see new drivers of business value. Web2 companies differentiated themselves by offering great convenience, but the unseen cost turned out to be too high. At this point, customers expect that convenience, but are not willing to pay for it with data.

The importance of data certainly hasn’t changed. Web3 – a spatial network of machine-readable data, deeply integrated with the physical world – will be built on ever more leveraging of information for business insight. But it will have to be insight without access. The new business differentiator will be built-in security and privacy. Web2 was engineered for exploitation; Web3 must be built for protection. That is the change we need, and it’s already happening. And as is the nature of evolution, those that can’t adapt to the new paradigm will soon find themselves redundant.

First published on Cryptonomist on September 27, 2021.

You Might Also Like

New image
Industry InsightsMarch 02, 2024

The Potential of Tokenizing Assets: From Houses to Private Equity & Whisky

New image
Industry InsightsFebruary 16, 2024

Embracing Unpredictability: The Role of Randomness in Blockchain

New image
Industry InsightsFebruary 01, 2024

Uncovering Blockchain Consensus Mechanisms: Proof-of-Stake, Proof-of-Work & Beyond

New image
Industry InsightsJanuary 17, 2024

Decoding CBDCs: Advantages & Challenges in the Digital Monetary Landscape

New image
Industry InsightsDecember 19, 2023

Unleashing Scalability and Speed: The Importance of Layer 2 Blockchain Solutions

New image
Industry InsightsNovember 24, 2023

Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines

New image
Industry InsightsNovember 14, 2023

The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software

New image
Industry InsightsOctober 25, 2023

How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control

New image
Industry InsightsOctober 17, 2023

KYC in Web3: How DiD is Saving the Day for Projects & Companies

New image
Industry InsightsSeptember 13, 2023

Blockchain in Aerospace: Reducing Costs & Enhancing Efficiency

New image
Industry InsightsAugust 15, 2023

DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?

New image
Industry InsightsMay 11, 2023

Web3 Bounties: Rewarding Developers with Tokens

New image
Industry InsightsApril 27, 2023

Digital Twins: Increasing Efficiency Without Compromising Privacy

New image
Industry InsightsJanuary 31, 2023

AI and Blockchain: The Combo of the Future

New image
Industry InsightsDecember 15, 2022

L2 in Blockchain: TEE Sidechains vs ZK Rollups

New image
Industry InsightsAugust 16, 2022

Blockchain: Back to Basics

New image
Industry InsightsJuly 27, 2022

From Web 2.0 to Web3: A Step Forward

New image
Industry InsightsJuly 07, 2022

XCM Integration: What Is It and How Does It Work?

Lines