In the Era of Web3.0, “Privacy” is No Longer a Luxury

We are in the early stage of transition from Web2.0 to Web3.0. IPFS and Filecoin are trying to help us return the control of data from traditional centralized service providers to its real owners by means of decentralized storage.

With the leakage of sensitive information, people pay more attention to privacy. However, the privacy problem is not directly solved by Filecoin, but needs to be stacked with differential privacy, zero knowledge proof and privacy computing to make Lego Universe in Web3 world.

On June 15, the European Court of Justice issued a notice saying that under certain conditions, data privacy regulators in 27 European countries can take actions to regulate large US internet companies, including Google, twitter, Facebook and apple.

On June 10, China passed the data security law of the people’s Republic of China, which clearly stipulates that data processors shall not infringe upon personal privacy and thus infringe upon the legitimate rights and interests of consumers.

The importance attached to the legitimacy of the extraction of personal data values at home and abroad is evident!

Web 2.0: privacy is a luxury that you like to have, but it’s not the highest priority

The Internet has become an indispensable part of our daily life. In the process of data interconnection, the abuse of personal data and privacy infringement in the era of Web2.0 have emerged, as well as more sensitive business privacy issues.

In the case of Ling Mou v. Tiktok, the plaintiff registered and logged into the Tiktok app with a mobile phone number, but there was no other contact in the phone book, and recommended a large number of “people you may know”, including classmates and friends who have not contacted for many years.

The court held that:

Name, mobile phone number, social relationship and geographical location belong to personal information, which constitutes infringement without the consent of the plaintiff.

In fact, in the era of big data, user’s personal information is very dangerous, not only in this case, but also in many products.

Therefore, on May 25, 2020, the third session of the 13th National People’s Congress adopted the provisions of the civil code of the people’s Republic of China on the right of privacy and the protection of personal information, and officially released the full text on June 1.

At present, various privacy leaks on the Internet are emerging one after another, which is a problem destined to be solved in the process of digitalization.

According to McKinsey’s survey, 71% of respondents said that if a company divulges sensitive information without permission, they will stop doing business with the company. With the public’s increasing awareness of personal data protection, technology companies have launched the “End-to-End Encryption” (E2EE) solution.

However, experts believe that E2EE is not enough because it still has man-in-the-middle attacks and backdoor procedures. For example, there was a “backdoor event” in WhatsApp end-to-end encryption.

Although the end-to-end encryption technology can ensure that network peepers can’t read the message content, even if the third party can’t access the encrypted data, the personal and enterprise data will eventually be controlled and stored by the third party.

In contrast, Web 3.0 communication protocol is distributed and secure, and does not need a third party to store data. This will be a complete set of protocols on the Internet, which literally means network interconnection.

The feature of Ta is network-centered, and the bottom layer of the protocol is to realize network interconnection. Through TCP/IP,HTTP,DNS,TLS and other protocols, it constitutes a complete system to realize free communication between nodes. Web3.0 should be a data age centered on data, and the realization of a set of protocols of Ta’ should aim at the interconnection of data, and realize the positioning, circulation and transaction of data.

Filecoin: Decentralize Google

Data is an asset, which has become a key feature of the transition from Web2.0 to Web3.0. There will be another problem after the user has established the sovereignty over his own data. Although the data is firmly held by the user, the data has no value at this time, and it will have certain value only after it is circulated and processed by algorithms and calculation.

Distributed storage of data and files is very important for data ownership, and personal information is no longer controlled by giant companies. Instead, all users, personal data, applications and networked devices are decentralized. There is no doubt that this is the core element of privacy protection.

Filecoin is such a decentralized storage network based on IPFS. As the largest distributed storage network in the world, it undertakes the infrastructure of the next generation network-storage, which can permanently carry the next generation Internet and human civilization information.

This decentralized storage method will break the monopoly of Internet giants on data, and the data generated by users or enterprises will no longer be served, managed and “protected” by one entity.

At present, the network has also made great progress. It has exceeded 5EiB in just half a year since its launch, and it is still growing at a rate of 30PiB per day. As the Filecoin ecosystem continues to flourish and more miners join, Filecoin is fully capable of storing larger-scale data.

At present, we have seen some traditional centralized cloud service providers (such as Alibaba Cloud, Qi Niuyun, AWS, etc.) gradually participate in decentralized storage projects based on blockchain, such as Filecoin.

Imagine that one day, the storage nodes in these projects are full of Internet giants such as Google, Ali and Baidu.

Although each node belongs to a centralized entity, it is this individual entity that forms a decentralized network. On the other hand, the process of joining this network is to gradually decentralize yourself.

Privacy in Filecoin/IPFS

When we hope that IPFS or Filecoin will take back the ownership of our data from the centralized service provider, although Filecoin and IPFS realize data redundancy and geographically distributed storage, they have no original privacy encryption layer.

About IPFS, many readers have this misunderstanding: when users store files in IPFS system, the system will generate hash values for the stored files. If the hash values (also called CID) are not made public, the stored contents will not be made public.

However, the fact is that after the user stores the file in the IPFS network, the hash value generated by the system may be distributed to any node in the system, and the file needs to be retrieved through the node for later use.

Because if the hash value of this file is not shared with other nodes, no one knows that this file is stored in the system, and other nodes cannot retrieve the file.

The design of IPFS protocol is highly modular, and the protocol lab wants to leave more diversified and customized privacy schemes to the developers of IPFS and Filecoin.

Although the data on IPFS or Filecoin network without privacy protection does not belong to a centralized organization, it still does not belong to the individual users.

The reason is that users lack control over the privacy of data. Privacy in Filecoin/IPFS can be divided into two categories:

1. One is that the data in IPFS itself does not affect privacy, but privacy problems arise after mapping to a specific identity;
2. The other is that the data book contains private information that needs to be protected.

Ipfs.io documents give some solutions to privacy problems:

Build a private IPFS network

Private IPFS network can provide the highest level of privacy, and protect the content from irrelevant people. The working principle of private IPFS network is the same as that of public IPFS network. The only difference is that it only allows nodes in the network to view information.

A node accessing a private IPFS network needs a private key. Therefore, when building a private IPFS network, the most important thing is to protect the private key and prevent leakage.

Content encryption

If files are stored in public IPFS network instead of private IPFS network, users are advised to encrypt the contents of files before uploading them. Although this can’t prevent the hash value from being broadcast, even if someone gets the hash value, they can’t see the original document.

Use gateway

Gateways can also be useful in protecting data privacy. When users retrieve content, they can use gateways to hide their true identities.

Using the gateway to search in the public IPFS network, other nodes only see the gateway searching the content and do not know the users who use the gateway to search.

More specifically, the following theoretical and technical frameworks can be used to solve the privacy problem in decentralized storage:

1. Decentralized identity+differential privacy
2. Zero knowledge proof
3. Multi-party secure computing
4. Homomorphic encryption
5. Trusted hardware: TEE
6. Local encryption

In Conclusion

In the Web3.0 era, data will become an important means of production, just like the land of agricultural revolution, the capital of industrial revolution, and also an important asset.

Although there may be challenges such as platforms, protocols and distributed applications being difficult to supervise, data privacy protection is an important issue that can not be ignored at present and even in the future.

The decentralized nature of Web3.0 can better protect the privacy of user data and improve the autonomy of personal data.

In future articles, we will bring you detailed technical explanations and solutions for privacy issues in decentralized storage market.