Web3 has a metadata problem, and it’s not going away

Opinion by: Casey Ford, PhD, researcher astatine Nym Technologies

Web3 rolled successful connected the question of decentralization. Decentralized applications (DApps) grew by 74% successful 2024 and idiosyncratic wallets by 485%, with full worth locked (TVL) successful decentralized concern (DeFi) closing astatine a near-record precocious of $214 billion. The manufacture is also, however, heading consecutive for a authorities of seizure if it does not aftermath up. 

As Elon Musk has teased of placing the US Treasury connected blockchain, nevertheless poorly thought out, the tides are turning as crypto is deregulated. But erstwhile they do, is Web3 acceptable to “protect [user] data,” arsenic Musk surrogates pledge? If not, we’re each connected the brink of a planetary information information crisis.

The situation boils down to a vulnerability astatine the bosom of the integer world: the metadata surveillance of each existing networks, adjacent the decentralized ones of Web3. AI technologies are present astatine the instauration of surveillance systems and service arsenic accelerants. Anonymity networks connection a mode retired of this authorities of capture. But this indispensable statesman with metadata protections crossed the board.

Metadata is the caller frontier of surveillance

Metadata is the overlooked earthy worldly of AI surveillance. Compared to payload data, metadata is lightweight and frankincense casual to process en masse. Here, AI systems excel best. Aggregated metadata tin uncover overmuch much than encrypted contents: patterns of behaviors, networks of contacts, idiosyncratic desires and, ultimately, predictability. And legally, it is unprotected successful the mode end-to-end (E2E) encrypted communications are present successful immoderate regions. 

While metadata is simply a portion of each integer assets, the metadata that leaks from E2E encrypted postulation exposes america and what we do: IPs, timing signatures, packet sizes, encryption formats and adjacent wallet specifications. All of this is afloat legible to adversaries surveilling a network. Blockchain transactions are nary exception.

From piles of integer junk tin look a goldmine of elaborate records of everything we do. Metadata is our integer unconscious, and it is up for grabs for immoderate machines tin harvest it for profit.

The limits of blockchain

Protecting the metadata of transactions was an afterthought of blockchain technology. Crypto does not connection anonymity contempt the reactionary relation of the manufacture with illicit trade. It offers pseudonymity, the quality to clasp tokens successful a wallet with a chosen name. 

Recent: How to tokenize real-world assets connected Bitcoin

Harry Halpin and Ania Piotrowska person diagnosed the situation:

“[T]he nationalist quality of Bitcoin’s ledger of transactions [...] means anyone tin observe the travel of coins. [P]seudonymous addresses bash not supply immoderate meaningful level of anonymity, since anyone tin harvest the counterparty addresses of immoderate fixed transaction and reconstruct the concatenation of transactions.”

As each concatenation transactions are public, anyone moving a afloat node tin person a panoptic presumption of concatenation activity. Further, metadata similar IP addresses attached to pseudonymous wallets tin beryllium utilized to place people’s locations and identities if tracking technologies are blase enough. 

This is the halfway occupation of metadata surveillance successful blockchain economics: Surveillance systems tin efficaciously de-anonymize our fiscal postulation by immoderate susceptible party.

Knowledge is besides an insecurity

Knowledge is not conscionable power, arsenic the adage goes. It’s besides the ground connected which we are exploited and disempowered. There are astatine slightest 3 wide metadata risks crossed Web3.

• Fraud: Financial insecurity and surveillance are intrinsically linked. The astir superior hacks, thefts oregon scams beryllium connected accumulated cognition astir a target: their assets, transaction histories and who they are. DappRadar estimates a $1.3-billion nonaccomplishment owed to “hacks and exploits” similar phishing attacks successful 2024 alone. 

• Leaks: The wallets that licence entree to decentralized tokenomics trust connected leaky centralized infrastructures. Studies of DApps and wallets person shown the prevalence of IP leaks: “The existing wallet infrastructure is not successful favour of users’ privacy. Websites maltreatment wallets to fingerprint users online, and DApps and wallets leak the user’s wallet code to 3rd parties.” Pseudonymity is pointless if people’s identities and patterns of transactions tin beryllium easy revealed done metadata.

• Chain consensus: Chain statement is simply a imaginable constituent of attack. One illustration is simply a caller inaugural by Celestia to adhd an anonymity furniture to obscure the metadata of validators against peculiar attacks seeking to disrupt concatenation statement successful Celestia’s Data Availability Sampling (DAS) process.

Securing Web3 done anonymity

As Web3 continues to grow, truthful does the magnitude of metadata astir people’s activities being offered up to recently empowered surveillance systems. 

Beyond VPNs

Virtual backstage web (VPN) exertion is decades aged astatine this point. The deficiency of advancement is shocking, with astir VPNs remaining successful the aforesaid centralized and proprietary infrastructures. Networks similar Tor and Dandelion stepped successful arsenic decentralized solutions. Yet they are inactive susceptible to surveillance by planetary adversaries susceptible of “timing analysis” via the power of introduction and exit nodes. Even much precocious tools are needed.

Noise networks

All surveillance looks for patterns successful a web afloat of noise. By further obscuring patterns of connection and de-linking metadata similar IPs from metadata generated by traffic, the imaginable onslaught vectors tin beryllium importantly reduced, and metadata patterns tin beryllium scrambled into nonsense.

Anonymizing networks person emerged to anonymize delicate postulation similar communications oregon crypto transactions via noise: screen traffic, timing obfuscations and information mixing. In the aforesaid spirit, different VPNs similar Mullvad person introduced programs similar DAITA (Defense Against AI-guided Traffic Analysis), which seeks to adhd “distortion” to its VPN network. 

Scrambling the codes

Whether it’s defending radical against the assassinations successful tomorrow’s drone wars oregon securing their onchain transactions, caller anonymity networks are needed to scramble the codes of what makes each of america targetable: the metadata our online lives permission successful their wake.

The authorities of seizure is already here. Machine learning is feeding disconnected our data. Instead of leaving people’s information determination unprotected, Web3 and anonymity systems tin marque definite that what ends up successful the teeth of AI is efficaciously garbage.

Opinion by: Casey Ford, PhD, researcher astatine Nym Technologies.

This nonfiction is for wide accusation purposes and is not intended to beryllium and should not beryllium taken arsenic ineligible oregon concern advice. The views, thoughts, and opinions expressed present are the author’s unsocial and bash not needfully bespeak oregon correspond the views and opinions of Cointelegraph.