Last week I was a panellist on an ongoing salon series put together by Fight For the Future and Amnesty International on Human Rights and Web3. This month’s panel was focusing on privacy. Each panellist was given 5 minutes to introduce themselves and the topic and then it took a Q&A format. Included here is a link to the full panel on youtube, and the text of my introduction. (My mic was dying so the audio from me is sadly below what I’d have liked).
I am Dan Ballard, Director of Engineering at the Open Privacy Research Society, software research and development non profit, my pronouns are he/him.
Open Privacy has 3 core tenants
The first of which is
- Decentralize Control: meaning that Technology should prioritize anti-surveillance and consent. No one party should be able to exert power over the whole system. The second tenant is
- Design for the Margins: It is vital to understand the risks faced by underrepresented, persecuted, or victimized communities. Only through that understanding can we build systems that empower, rather than oppress. and finally our last tenant is:
- Privacy through Transparency: The only way to build a robust system is to open it up to the world. Processes and protocols should be well documented and free for anyone to inspect and comment on.
To that end, our main project for the last 4 years has been developing a metadata resistant, privacy preserving, peer to peer messaging app called Cwtch, the name being a Welsh word that translates to “a hug that creates a safe space”.
Web3, Decentralization and Privacy
Web3 is sometimes seen as synonymous with blockchain tech, but more broadly it is describing the trend of decentralizing power, especially away from the centralized social media hubs that were built as part of web2.0, it’s in part reaction against web2. Cwtch as an example, is a peer to peer decentralized messaging system working over Tor, with no blockchain component. It has different properties than blockchain tech. They share the lack of centralized control, but with out a blockchain, there is no one Cwtch network, instead just lots of peers interacting with each other in smaller adhoc networks with no centralized record of activity, identity, or any metadata.
There are many early examples of successful distributed software. Bittorrent, launched in the early 2000s is a great example of the swarming power of decentralized software, and the power to circumvent censorship in some cases, but on the other hand it provides very little privacy. Early Skype is another example and was actually quite the decentralized piece of engineering, with the company mostly only have to run a small set of servers to manage billing. The calls themselves were dynamically routed across the network of users, with no centralization. This did in fact provide some privacy to the users of Skype in that it made it very hard to tap for authorities. Sadly, later, Microsoft bought Skype, and the first thing they did was rip out all the efficient, low cost to run, scalable, and user privacy preserving distributed architecture and replace it all with a centralized system.
When we were starting Open Privacy, we were very aware of the risks being a for profit startup/corporation could have for our users in the long term, from investors asking us to compromise privacy to harvest data, to eventually being purchased and having what happened to skype happen to our software and users. This led us to form Open Privacy as a not-for-profit and do all our work as open source, so that we’ll never have to deal with conflicting motivations, and our software will always be available in its best working form to users, even if we go away.
More broadly, I think the decentralization aspect of the web3 movement is fantastic, and can be a key ingredient in a new generation of privacy focused software for users. Decentralization offers many pros when designing systems. It’s a systems design practice with a long, rich history and with lots of establish knowledge to draw from. It’s only sad that it is often discarded or left unconsidered by many companies when designing new systems because it would make it harder to monetize users and their data.
If as, an organization, privacy is of the utmost importance to you then you need to think carefully about the software you are using, from its design and implementation, to supplier. It takes more than just distributed design to preserve privacy. There is nothing inherent in decentralized design or web3 that is privacy focused or providing on its own. We at Open Privacy focus specifically on privacy in our design work, and also employ other relevant design practices such as Consentful design. Because of this we are already seeing some exciting examples of early adoption of Cwtch by folks with incredibly strong privacy needs.
I’m excited to start diving into some of these topics with the panel