Opinion by: Casey Ford, PhD, researcher at Nym Technologies
Web3 emerged amidst a surge of decentralization. In 2024, decentralized applications (DApps) saw a remarkable 74% increase, and individual wallets soared by 485%. The total value locked (TVL) in decentralized finance (DeFi) reached an almost unprecedented $214 billion. However, if the industry does not take action, it risks becoming ensnared by outside forces.
As discussions arise regarding the possibility of placing the US Treasury on blockchain—albeit with questionable reasoning—the landscape is shifting with the deregulation of crypto. The pressing question is whether Web3 is equipped to “safeguard [user] data,” as proponents assert. If it isn’t, we are dangerously close to a widespread global data security dilemma.
This predicament stems from a significant vulnerability in the digital realm: the metadata surveillance that pervades all current networks, even the decentralized ones within Web3. AI technologies are fundamentally integrated into surveillance operations and act as catalysts. Anonymity networks present a potential solution, but this initiative must commence with robust metadata protections across the board.
Metadata as a New Surveillance Frontier
Metadata is the frequently disregarded backbone of AI surveillance. When compared to payload data, metadata is comparatively lightweight and easily processed in large volumes, making it an area where AI excels. Accumulated metadata can disclose far more than mere encrypted messages—it reveals behavioral patterns, connections, personal preferences, and ultimately, the ability to predict actions. Legally, however, it does not enjoy the same protections as end-to-end (E2E) encrypted communications that are afforded in select jurisdictions.
Even though metadata is inherent in all digital assets, the metadata that spills out from E2E encrypted exchanges compromises our activities: IP addresses, timing signatures, packet sizes, encryption types, and even wallet details are fully comprehensible to observers tracking a network. Blockchain transactions are no exception to this rule.
From heaps of digital clutter can arise a valuable trove of detailed insights into our activities. Metadata serves as our digital subconscious, readily exploited by any systems capable of harvesting it for gain.
The Limitations of Blockchain
The protection of transaction metadata has often been an afterthought in blockchain development. Crypto does not genuinely provide anonymity, despite the industry’s frequent connections to illicit activities. Instead, it offers pseudonymity, allowing tokens to be stored in a wallet associated with a chosen name.
Recent: How to tokenize real-world assets on Bitcoin
Experts Harry Halpin and Ania Piotrowska have pointed out the issue:
“[T]he public nature of Bitcoin’s ledger of transactions […] means anyone can observe the flow of coins. [P]seudonymous addresses do not provide any meaningful level of anonymity since anyone can gather the counterparty addresses of any given transaction and reconstruct the chain of transactions.”
Since all transactions on the blockchain are public, anyone operating a full node can monitor chain activity comprehensively. Moreover, metadata such as IP addresses linked to pseudonymous wallets can potentially reveal individuals’ locations and identities if the tracking technologies are sufficiently advanced.
This encapsulates the fundamental issue of metadata surveillance in blockchain: surveillance systems can effectively unmask our financial traffic at any party’s discretion.
Knowledge as a Double-Edged Sword
The saying goes that knowledge is power; however, it is also the foundation of exploitation and disempowerment. There are at least three overarching metadata risks present in Web3.
-
Fraud: Financial vulnerability and surveillance are inextricably connected. The most significant hacks, thefts, or scams hinge on accumulated knowledge about a target: their assets, transaction histories, and identities. DappRadar has projected a loss of $1.3 billion due to “hacks and exploits,” including phishing attacks, in 2024 alone.
-
Leaks: The wallets used for accessing decentralized token economies depend on insecure centralized infrastructures. Research on DApps and wallets has highlighted the incidence of IP leaks, stating: “The existing wallet infrastructure is not in favor of users’ privacy. Websites misuse wallets to fingerprint users online, leading to the leakage of users’ wallet addresses to third parties.” Pseudonymity becomes meaningless if individuals’ identities and transaction patterns can be easily exposed through metadata.
-
Chain Consensus: Chain consensus presents a potential vulnerability. For instance, a recent initiative from Celestia aims to add an anonymity layer to obscure validators’ metadata against attacks targeting the chain consensus within Celestia’s Data Availability Sampling (DAS) process.
Ensuring Web3 Security via Anonymity
As Web3 expands, so does the amount of metadata concerning individuals’ activities that is readily accessible to increasingly powerful surveillance entities.
Going Beyond VPNs
Virtual private network (VPN) technology has been around for decades, and the lack of innovation within this space is astonishing, with most VPNs still based on the same centralized and proprietary frameworks. Decentralized solutions like Tor and Dandelion have emerged but remain vulnerable to global surveillance through “timing analysis” of entry and exit nodes. More sophisticated tools are necessary.
Noise Networks
Surveillance seeks out discernible patterns in a chaotic network. By further masking communication patterns and unlinking metadata such as IPs from traffic-generated metadata, the potential points of attack can be greatly diminished, and metadata patterns can be obfuscated into randomness.
Anonymizing networks have been developed to safeguard sensitive communications or crypto transactions through noise generation—cover traffic, timing obfuscations, and data mixing. In a similar vein, some VPNs, such as Mullvad, have initiated programs like DAITA (Defense Against AI-guided Traffic Analysis) to introduce “distortion” within their VPN networks.
Obscuring the Codes
Whether protecting individuals from drone warfare in the future or securing their on-chain transactions, innovative anonymity networks are essential to conceal the factors that render us targetable: the metadata our online activities generate.
The state of capture is already a reality. Machine learning systems are consuming our data. Instead of leaving individuals’ information defenseless, Web3 and anonymity systems can ensure that what is available for AI analysis is essentially worthless.
Opinion by: Casey Ford, PhD, researcher at Nym Technologies.
This article serves general informational purposes and is not intended to be legal or investment advice. The views, thoughts, and opinions expressed are solely those of the author and do not necessarily reflect the views of any affiliated organization.