The recent Tesla “brake failure” incident has become the focus of public opinion, and Tesla’s subsequent release of accident vehicle driving data has brought the key issue of the digital economy-user privacy-to the forefront.
In the general environment of the new crown epidemic, people’s daily life is more dependent on the Internet, and many companies that were not involved in online business are forced to expand new channels online.
People interact with different platforms, businesses, and applications to generate a large amount of data, and algorithms use data to more accurately meet user needs.
With the advancement of science and technology and the shift of business paradigm, the way of realizing data has taken a geometric leap, which also makes data the largest market in the 21st century. Those who have the data have the world. However, data without privacy protection is like gold scattered all over, and major Internet platforms greedily swallow and abuse these valuable “raw materials” that they have no ownership of.
This is a problem that cannot be ignored.
When it comes to data privacy, most users’ first reaction is: I don’t want to provide private information, but I have no way not to provide it.
Indeed, the essence of Internet applications in the Web 2.0 world today is that users exchange personal data for services. To put it mildly, how can your takeaway be delivered to your home without providing information? How can you not provide information applications to serve you more comprehensively? In desperation, you can only choose to run naked on the Internet.
What’s more frightening is that everything is interconnected, and Internet applications are no longer limited to your computer and mobile phone. Gradually, everything that you can see and touch around you will become an application that continuously acquires data. At that time, users will not The second is to actively and selectively provide data, but is passively “monitored.”
This should not be the case. The ownership of data should belong to the data producer rather than the data user (application service provider), and service providers should not use user data for rent-seeking behavior.
Is there a privacy solution in the world of Web 2.0?
Insufficient technology, manual remedy. Over the years, manual operation has become the only compromise solution whenever technical conditions do not allow it. This is true for all issues, and privacy is no exception.
The solution to privacy issues in the Web2.0 era is to improve legislation.
All countries have established data privacy protection departments and have enacted legislation. In China, the civil law protects data rights, the criminal law defines the crime of infringement of personal information, the economic law regulates the data sharing and circulation, and the antitrust guidelines on the platform economy promulgated by the State Administration for Market Regulation and so on.
But can these bills really guarantee user privacy? Can user data really not be abused?
The answer is no.
In December last year, it was revealed that the “star health treasure photos leaked” incident. In a certain generation of filming groups, at first, you can buy 1 star health treasure photos for 1 yuan, and then there are 3 yuan that can be packaged with 7 people in the “tnt era youth group”. After that, there were 2 yuan to pack more than 70 artist health treasure photos, more than 1,000 artist ID numbers for only 1 yuan and so on. Not only the celebrity information can be searched out, as long as the name is searched, the person’s avatar and nucleic acid detection information will be displayed.
Even on a certain food delivery platform, for the same order, the same merchant, the same delivery address, and the same time period, members spend more than non-members. The platform uses big data to price different groups of different groups and seek rent-seeking. Cases are not uncommon.
What’s the problem? Unclear legislation, asymmetric information, and insufficient penalties ultimately lead to difficulties in discovery, proof and identification, and platforms take risks.
There are always flaws in the mechanism, there will always be blind spots in the law, and manual control is not a long-term solution.
The world of Web3.0 returns privacy to users
Imagine that if the user does not need to provide any information, or that the platform cannot get any information from you, but can still provide you with services as usual?
All this sounds amazing, but it’s actually all mathematics. Yes, zero-knowledge proof can achieve all of this.
Zero-knowledge proof is an encryption protocol in which the prover can convince the verifier that a certain assertion is correct without providing the verifier with any information about the certified message.
After reading this short story about Alibaba, you can intuitively understand what is zero-knowledge proof.
Alibaba encounters a robber, and the robber wants to get a spell to enter the cave from his mouth, but Alibaba is afraid that the robber will not leave him a way after learning the spell. Alibaba thought to himself, how can he prove the fact that he knows the spell without revealing the spell?
Alibaba has a plan. Ali Baba kept the robbers far enough away from him, so far that he couldn’t hear the spells he chanted clearly. When the robber raised his left hand, Ali Baba would let the door of the cave open. When the robber raised his right hand, Ali Baba would not chant the spell. After repeated verifications, the robbers determined that Alibaba really knew the spell to open the cave. Alibaba also proved to the robbers the objective fact that he knew the spell without revealing the spell itself.
In real life, the user is the prover, and the service provider is the verifier. As a result, through zero-knowledge proof, users can allow service providers to still provide services without leaving any traces of data that can be extracted.
There are already many applications on the chain that use zero-knowledge proof, the most typical one is the well-known anonymous coin Zcash. Zcash uses zk-SNARKs (concise non-interactive zero-knowledge proofs) consensus proofs to allow users to transfer money when the information is fully encrypted, and to ensure the verifiability of transactions for nodes to verify. Specifically, Zcash addresses are divided into concealed addresses (z-addresses) and transparent addresses (t-addresses). Transactions between concealed addresses will also appear on the chain. Everyone will know that a concealed transaction has occurred. It will also be paid to miners, but the transaction address, transaction amount, and remarks fields are all encrypted and invisible to the public. The owner of the address can also choose to disclose the hidden address and transaction details to a trusted third party to respond to audit and regulatory requirements. The transaction between the two transparent addresses is no different from the Bitcoin transaction, and funds can be transferred between the hidden address and the transparent address.
Let’s go back to the recent case where Tesla announced driving data. Tesla is self-certified and disclosed the accident vehicle data information to the public without the user’s permission. If the information is encrypted and transmitted to the Tesla algorithm protocol through the zero-knowledge proof, Tesla will not be able to obtain metadata. If Tesla wants to use user data, it must obtain user permission in advance. After an accident, if the judicial department needs to collect evidence and the user is willing to cooperate with the investigation, the encrypted information can be made public.
It is envisaged that with the help of zero-knowledge proof in the future, users can prove their health without providing their names, photos, and whereabouts, or users can prove that they are immune to the new coronavirus, but do not need to provide how they are immune to the virus (have produced antibodies) Or get a vaccine). Perhaps one day, people order food without providing their name, phone number, and address to the platform, and robots can deliver food to their doorstep.
Zero-knowledge proof is not a new product. As early as the early 1980s, the “interactive zero-knowledge proof” theory was proposed by Goldwasser et al. In the late 1980s, Blum et al. further proposed the concept of “non-interactive zero-knowledge proof”. But why don’t today’s Internet platforms adopt this technology?
First of all, from a technical perspective, any innovation from theory to practice requires decades of hard work and precipitation. In recent years, zero-knowledge proof has truly become an applicable technology. However, compared with traditional solutions, the cost of using zero-knowledge proof is still too high and the efficiency is low, which is unacceptable for the platform and users.
From an economic perspective, users have formed a solidified mindset that they must provide information to obtain services, and it is logical for the platform to obtain information now. In the face of huge interests, it is difficult for platform giants to compromise. From the user’s point of view, most users have not yet realized the importance of privacy and the value of the data they generate, so users do not have a strong will to promote privacy solutions.
From the perspective of technical solutions, Aleo is a good example of a promoter. Aleo starts with the application on the chain, which reduces the barriers to the development of privacy applications and the cost of use, and makes privacy the default attribute of applications. This is of great significance for the large-scale use of privacy applications, just as the Cosmos SDK and Substrate play a role in promoting the application chain paradigm.
However, user education may be the top priority of all issues. If the user cannot realize the importance of privacy, then the user will always succumb to the control of the Web2.0 platform, and any extra cost will be rejected. Users should understand that the ultimate platform is only the provider of the algorithm, not the owner of the data, and has no right to abuse user data.
Author/ Translator: Jamie Kim
Bio: Jamie Kim is a technology journalist. Raised in Hong Kong and always vocal at heart. She aims to share her expertise with the readers at blockreview.net. Kim is a Bitcoin maximalist who believes with unwavering conviction that Bitcoin is the only cryptocurrency – in fact, currency – worth caring about.