With the development of the internet and the popularization of smart devices, personal privacy leakage has become a blocker in the development of the internet industry in recent years. Recently, the topic of privacy has once again become the public focus, the reason being that there is a media report that someone is selling 1 billion resident records on the dark web, in no time, public opinion was in an uproar, including CZ himself also posted an article on enhancing the privacy protections for the platforms.
This Twitter Space is hosted by our marketing lead Grace of BOOM, the topic is: Your privacy and security in Web3 Era, and the guests are Willian, the Eco Product Manager of Oasis, Tommy Deng, Director of Beosin, Holly, Asia Pacific marketing Lead of Manta Network and finally Bingo, who is the former Microsoft Cloud Computing Senior Network Expert.
You may find the full recording here (in mandarin):
https://twitter.com/boomapporg/status/1544872854248128512
Q1: What do you know about the information leakage of 1 billion resident records recently reported by the media?
Bingo: It is said that a hacker named “ChinaDan” posted on a hacker forum called Breach Forums on June 30th to explain the leak, and at that time he directly sold the 1 billion information, which is equivalent to 10 Bitcoin. It didn’t get much attention as no demo was provided. Until July 3, he released a demo with around 750,000 sample records. In fact, many people saw that demo, because there were a lot of links around, and the forum was not actually on the dark web, so you don’t need “special tools” to get access to it. Many people have proved that the demo records are 90% plus accurate. As this was slowly spreading out, the outside world started to believe that the 1 billion information was really a thing, it could be the largest data leak by hackers in Chinese history.
Q2:If the rumors are true, what impact might such a large-scale privacy breach have on the market?
Holly: As for the impact on the market, I don’t think it will have much impact on the market unless hackers can take advantage of this information leak, like stealing a large number of assets from centralized exchanges. I feel like this has more impact on individuals. Although everyone is more or less affected by various privacy leaks in daily life, such as harassing calls, marketing text messages or marketing calls, etc. Such a large-scale privacy leak is still very shocking, important information such as phone numbers and identity information are all necessary information for us to carry out various daily operations or asset management. If that information is used by criminals to conduct various phishing attacks or scams, it may threaten our assets in various centralized exchanges. In addition, this privacy leak may also deepen the prejudice against cryptocurrencies to a certain extent.
Tommy: This whole thing is not easy to analyze because there is no result yet. From the perspective of a security agency, if you find out that your information is leaked, it is recommended to call the police first, and the second thing to do is to quickly change your password, and then let the police help you find out how your information was leaked so that you can be more cautious in this regard in the future, especially for some institutions that are not very trustworthy or well-known, try not to provide too much personal information.
Bingo: I think the impact this time will have on the market, especially for Web3, is actually minimal, and even I think it may be good for Bitcoin in the short term, because there may be many people who will buy such a large chunk of data, because if 1 billion is real data, 10 bitcoins are not particularly too much based on the price of this information on the dark web. But in the long run, it’s not necessarily the case, and the person who receives it may also sell it too.
Q3: In terms of privacy protection, what are the current mature solutions?
William: There are several common types of privacy protection: trusted execution environment, ZK zero-knowledge proof and multi-party secure computing. The trusted execution environment is also adopted by our Oasis network, and we use the trusted execution environment as the implementation mechanism of privacy computing. In this way, we can know the results of these data, but we will not know what the data itself is so the data is accessible but invisible.
Zero-knowledge proof is a branch of cryptography, a relatively common explanation. The prover can provide any useful information to the validator. It is called zero knowledge — so without having to provide all the information, the prover can convince the verifier that a certain assertion is correct. For example, let’s say we know there is a cave with treasure, we know its spell, we are caught by robbers and force us to say the spell. If we say the spell, it will be useless and the robber will kill us. But if we don’t say it, the robbers will kill us too. Therefore, the zero-knowledge proof is equivalent to thinking in such a way: letting the robber stand in a place where the spell cannot be heard, and then we whisper the spell to open the door, so that the robber does not know what the spell is, but he knows that we do know the spell. This is the concept.
Secure Multi-Party Computation is also a branch of cryptography. It not only requires the joint participation of multi-party participants but also is decentralized and can be carried out on the premise of ensuring the security of multi-party information. For example, if we are going to take something valuable from a safe, opening the safe requires the cooperation of multiple people present or in custody to take it out, and in the process of collaboration, the solution is different each time, people can’t tamper with it, and it can’t be disclosed in advance. This is basically what multi-party secure calculation is, that is to say, it requires the joint participation of multiple parties.
Q4: How does blockchain technology help us solve the problem of privacy protection?
Holly: In fact, Web2 is an area with very serious privacy issues. Its biggest problem is that the ownership of data is controlled by some centralized giant companies or countries. Everyone does not control their own data. Who controls yours? Whoever owns the data has the right to use the data. Moreover, the security model in most of these centralized agencies is not secure — once the database is attacked or leaked, like the example we mentioned tonight, it may cause long-term damage to hundreds of millions of users, which is also a flaw that a centralized data model cannot overcome, that is, a single point of failure.
William: First, blockchain allows the users to retain control over personal information. Because of blockchain, a distributed storage technology can effectively resist external attacks. As mentioned by Holly and the others, even if it is attacked, it will not cause such a large-scale spread and impact as traditional Web2 does.
Moreover, users can create an independent identity system on the blockchain, which is Decentralized Identity, aka DID. As long as we control this identity, we can effectively protect our privacy.
And all the transaction data on the blockchain are transparent to everyone on the chain, which can also facilitate us to more closely track the use of our own data, and then strengthen our personal monitoring of information.
Secondly, the blockchain can protect the privacy of users from being stolen by other users. Blockchain technology creates a transaction such as a data network, and non-traders cannot access user data through any means. Blockchain, an asymmetric encryption technology, we all know that it is in the form of a public key and a private key. The public key is the publicly accepted information, and the private key is the decryption of private information. The private key is to take this advanced encryption strategy to limit the access of others.
Thirdly, the decentralized architecture of this blockchain can effectively reduce the risk of user privacy leakage. The blockchain adopts a distributed network structure, and devices can maintain consensus without verification with a centralized server or database. Moreover, this decentralized architecture does not have a central data service provider, meaning that there will be no problem with large-scale user information leakages, such as this one or a previous large-scale user privacy leakage from Facebook.
Finally, the status of each node in the blockchain is equal, and the problem of privacy leakage can also be greatly avoided by connecting with each other through relaying.
Q5: In the world of Web3, what are the common privacy leakage scenarios? How can we avoid it?
Holly: Because we just mentioned that the blockchain is a solution to the Web2 privacy problem, it does not mean that the blockchain must be private. In fact, the blockchain is only anonymous when you don’t disclose your personal info on the internet, because we all know that the blockchain is a public ledger, and all the information on the chain, including your address, transfer records, etc., is public. Now through machine learning or big data, these technologies can actually obtain users’ information. Compared with the Web2 era, in fact, the privacy issues in the Web3 era are also very serious. For example, on-chain transfers and the leakage of transaction privacy will bring a series of problems, such as your transaction being sniped, sandwich attacks, etc. And the Web3 concept is slowly getting adopted, as well as the developments such as DeFi, GameFi, and SocialFi, there will be more and more scenarios where people need privacy.
Tommy: Actually, I can talk about it from two aspects. They are suggestions for Web2 users, because many people still need infrastructures and some software based on Web2. First of all, don’t put your passwords, your passphrase, your keys and other sensitive information into a file, especially on an online document. It is very dangerous. Secondly, your passwords should not be set all the same, especially the passwords of financial agents should be different from those of your social media. This way even if your social media accounts get hacked, your bank, your wallet, etc. will not get hacked. Finally, get into the habit of changing your password regularly. Here are some suggestions from Web2.
As for suggestions for Web3, you need to do better than what I just said. In addition, it is recommended that when you store very important and valuable assets, put them on a device that is not connected to the Internet. For example, if you buy a new iPhone, and then don’t install any social software or log in to any other account for this iPhone, You put this wallet here, and you put your important NFT assets in it. In this way you are segregated from the whole world. Because in fact, the safest way is not to connect to the Internet, then there will be no leakage of privacy.
Host: Indeed, privacy protection is a very important and very long-term issue. Our discussion this time is actually the tip of the iceberg. But I believe that with the rise of people’s awareness of privacy protection, the addition of Crypto and Blockchain technology, and the joint efforts of all practitioners, the future privacy protection is very promising.
__________
About BOOM Talks
BOOM Talks is a series of Space events started by the official BOOM Twitter, focusing on industry trends and hot topics, regularly inviting celebrities, pioneers and KOL from crypto to share their views and opinions.
See More:
BOOM Talks 1 Recap: Is SocialFi Gonna be the Next Big Trend?
BOOM Talks 2 Recap: Survival in a Bear Market
BOOM Talks 3 Recap:If mining crisis comes,how do we survive?
About BOOM
BOOM is a SocialFi platform connecting Web2.0 and Web3.0. Since it was launched in January, the early users have exceeded 100K and Boom has now become the most popular decentralized Crypto Lovers community in 2022.
Website | iOS APP | Android APP | Google Play APP | Twitter | Telegram | Medium
