The privacy, identity, and real names problems in cryptocurrency
I recently started looking into cryptocurrencies (crypto) after being introduced to the Ethereum Name Service (ENS), Namebase and the Handshake Protocol, and the Argent Smart Wallet.^[I encountered ENS months before but found the introductory marketing material to be too difficult for beginners like myself so I forgot about it. This is all to say that I do not know much and to not take me too seriously. ] According to Wikipedia, Ethereum's native cryptocurrency called Ether is the second largest cryptocurrency by market capitalization after Bitcoin. A few years ago, in early 2017, I was dismissive of the concept of Bitcoin as a borderless and decentralized digital currency, but I am impressed by Ethereum's ability to double as a cryptocurrency and as a way to build and power decentralized applications (Dapps), facilitate decentralized finance (DeFi), and to create non-fungible tokens (NFTs).
In the recent weeks, I noticed two potential problems with cryptocurrencies that seem to be not discussed enough or not taken seriously enough in the introductory literature and marketing on cryptocurrencies. I call these two problems the Privacy and Identity Problems (I do not know what others call these problems). These problems are probably not unique to Ethereum, but I am more familiar with Ethereum than I am with other cryptocurrencies, so I will be discussing these problems in the context of Ethereum. I believe that Ethereum has promising potential to build a powerful ecosystem for Dapps, DeFi, and NFTs despite these problems, but that these problems should nonetheless be discussed more.
Background
Perhaps the biggest why cryptocurrencies like Bitcoin and Ethereum are worth anything is because the transactions are processed carefully using cryptography and these transactions are tracked on a public record called a blockchain. Bitcoin and Ethereum have their own blockchains. Although Ethereum is often referred to as a cryptocurrency, Ethereum is actually name of the blockchain, and the things that people trade as currency (the 'coins') are things called Ether (ETH for short) that exist on Ethereum. There are other coins built on top of the Ethereum blockchain, such as USDC or DAI, but Ether is the main/native one. The existence of the blockchain as a public record means that the coins cannot simply be produced, replicated, or eliminated. The Ether cannot be created or destroyed "out of thin air", so to speak. This means that Ether is scarce and that its ownership is verifiable on the blockchain.^[The scarcity and verifiability of ownership are ultimately what make digital goods valuable. Consider, for example, the domain names apple.com and amazon.com. They are scarce and you can verify their ownership on WHOIS records. There is only one of each of these names, so only one person or company can use these names for their website. ]
To store the Ether, one needs special software (e.g., browser extension or mobile app) or hardware to interact with the Ethereum blockchain. These software programs are called "wallets" and they can have one or more unique locations on the blockchain called "addresses". Wallets are products that companies and engineers develop and addresses are 42 character strings such as 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
that people control using their wallets. People can own multiple wallets (e.g., one or more on their phone, one in a browser extension), and thus control/own multiple addresses. When people send Ether to and from each other, they send Ether to and from addresses that they control.^[I say that people can send Ether to and from addresses that they control instead of addresses that they own because thieves steal money by transferring money from addresses that they do not own but have obtained control over. ]
Let us look at specific wallets for more specific examples. The official website for Ethereum, ethereum.org, has a section on how to choose a wallet based on which features you want. As of this writing, Argent is the only wallet that supports all these features: buy crypto with a card, explore Dapps, access to financial tools, limits protection, high-volume purchases, decentralized token swaps, and multi-signature accounts.^[Limits protection is protection from unauthorized transactions. Decentralized token swaps is trading different types of coins without permission from a centralized authority. Multi-signature accounts require multiple signatures to withdraw certain amounts of funds. ] In addition to these features, Argent does not, unlike many other popular wallets such as MetaMask, require you to remember a secret key called a "Seed Phrase" to restore your account in the event that your phone is lost or stolen. Instead, Argent can help you restore or secure your account by using multi-factor authentication (text message and email) and authorization from your trusted contacts (such as your MetaMask wallet or your friends' or family members' wallets). Because of these mechanisms, Argent is called a social recovery wallet. Vitalik Buterin, co-founder of Ethereum, wrote about why we need wide adoption of social recovery wallets earlier this year.
Each mobile device can have one Argent wallet, and each wallet can has (at least for now; this will change) one address on the Ethereum blockchain while an instance of MetaMask wallet (i.e., one copy of the browser extension on one browser) has one or more addresses on the Ethereum blockchain. People do not need to be using the same type of wallet to send each other Ether; someone with an Argent wallet can send Ether from their Argent wallet to someone else's (or their own) MetaMask wallet by specifying which address to send the money to. When sending Ether from one wallet to another, the transaction needs to be recorded on the blockchain, and that requires some computers to perform the necessary cryptographic calculations, so the sender needs to pay a 'network fee' (also known as 'gas').
The Privacy Problem
The Privacy Problem is that, since all transactions on the Ethereum blockchain are recorded for the public to inspect, if you know the address of someone's wallet, then you can see a record of their transactions. You can see how much money they have at that address, which addresses that money came from, which addresses they previously sent money to, and when each of these transactions occurred.
For example, a well-known website for searching records on the Ethereum blockchain is Etherscan.io (another is blockchain.com/explorer). You can search for the records of an address, such as 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
, on Etherscan and see its transaction history. You can see that, at the time of this writing, this example address has performed a total of 799 transactions, it has $12,924.15 worth of Ether (at $1,792.55 per ETH), it has $2,618,870.48 in ERC-20 tokens (non-ETH coins on the Ethereum blockchain) and which kind of tokens they are (KNC, OMG, etc.), and it has 23 ERC-721 tokens (non-fungible tokens). You can see that this address received 0.0034968 Ether from 0xd8bb7a9415d9D5A85E64abFBe8330845c148BA17
18 days and 13 hours ago and that its first transaction was 2001 days and 22 hours ago. You can also download a CSV of this address's activity for your records or for further inspection.
The transactions on the Ethereum blockchain are searchable and available for inspection for forever. People do not have the right to be forgotten on the Ethereum blockchain and do not have the right to perform transactions without anyone else knowing. This is in contrast to popular apps for exchanging fiat currency such as Venmo, which lets you hide your transactions from others, including your friends and family. If a stalker knows your address on the Ethereum blockchain, then they can guess who your friends are by tracking which addresses send and receive money to and from your address regularly. Governments can follow your transactions and retroactively punish you for interacting with what they see to be the wrong people, companies, institutions, or organizations. They might not be able to stop you from sending or receiving the money, but they can nonetheless see you do it and act accordingly. If you create a new address from a new wallet and transfer your funds from your old address to your new one, then there is a link between the two addresses that stalkers and governments could follow if they had the time and resources.
The Privacy Problem is not a tangible people for many problem. Although it is theoretically possible for one to track who is sending and receiving money to and from whom, I am not sure how feasible it is to do. Nevertheless, that a problem is not that tangible for many does not mean that it is serious for some or otherwise genuine. Some cryptocurrencies, such as Monero, do not suffer as much from these privacy problems because the blockchain is obfuscated, but Ethereum and many other cryptocurrencies continue to have them.
The Identity Problem
When you want to send someone an email for the first time, you need to ask them what their email address is, find it on their website, or find it in a directory, such as one provided by your school or workplace. When you want to call or text someone for the first time, you need to do the same thing with their phone numbers. A similar problem exists with people and wallets. When you want to send someone cryptocurrencies, you need to learn what their wallet's address is. There is no simple and easy way to match people's real life identities and their cryptocurrencies, so it is quite easy to send money to the wrong person if you are not careful. The problem of having to match people with addresses and vice versa is what I call the Identity Problem.
One solution to the Identity Problem is called the Ethereum Name Service (ENS). The ENS allows people to register domain names (e.g., name.eth
, name.xyz
, name.club
, name.art
), connect them to the Ethereum blockchain, and point them to a wallet address. Then, when someone sends money to the ENS name, the money is sent to the wallet address that the name points to. Some wallets, such as Argent and MetaMask, are integrated with the ENS, so they allow you to type someone's ENS name into the Recipient field of the app when sending coins. Rather than having to remember someone's 42 digit wallet address, you can simply remember their ENS name. These wallets allow you to add these names to your in-wallet Contacts so you only have to type them the first time you send money to them.
Let us consider an example. The example address that I have been using throughout this post is 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
. This address is controlled/owned by Ethereum co-founder Vitalik Buterin. There are a few ways to learn this, and the way depends on whether you start with the address or the name. If you know that you want to send money to Vitalik Buterin, you might visit his Twitter profile at twitter.com/VitalikButerin and see that his profile name is vitalik.eth
. Then you can search vitalik.eth
on Etherscan.io or the ENS app. From there, you can see that the name vitalik.eth
points to this address. If you know the address, then you can search the address on ENS and see which name it belongs to (you can call this "reverse searching"). You will find the name vitalik.eth
, and see that its url
text record points to https://vitalik.ca
, which is Vitalik Buterin's website. Then you can find Vitalik Buterin on Twitter, and see that vitalik.ca
is indeed Vitalik's website, and confirm that the address is indeed Vitalik's. In each way, you rely on Vitalik's status as a verified member on Twitter since his Twitter username is not immediately visible on his website. You can use similar techniques to find the ENS names or addresses for other people.
The Ethereum Name Service is a pretty neat solution to the Identity Problem. On Venmo and Cash App, if you know someone's username (their $Cashtag on the Cash App) but nothing else about them, then you can send them money. The issue with ENS, however, is that it exacerbates the Privacy Problem discussed earlier. If people know what your ENS name is, then they know what your wallet address is, so they can find and track your transaction history. On Venmo and Cash App, having people know your username is not really a problem because they cannot track you if you do not let them (they can, I suppose, incessantly request money from you, but I guess you can report or block them for doing that). On the Ethereum blockchain, if someone knows your ENS name, then there is no way to stop them from tracking you.
The Real Names Problem
The ENS as a solution to the Identity Problem, when combined with the Privacy Problem, creates the Real Names Problem: whether to use your real name on the Ethereum Name Service and similar products and platforms.
Some wallets, such as Argent and Authereum, create an ENS name for you based on your username. Argent gives you username.argent.xyz
and Authereum gives you username.auth.eth
. Although you cannot, as far as I know, find someone's username based on their address, you can find someone's address based on their name. When you register an ENS name at the ENS App, you can choose which address your name points to, but when you create an Argent or Ethereum wallet, your name is tied to your address, and it cannot be changed after creating your wallet. These wallets also require you to pay a fee to create your wallet because they are smart contract wallets (they have additional computational costs that allows them to have features like withdrawal limit protections and seedless recovery that normal wallets do not have). Thus, to avoid paying extra fees, you want to choose your username once.
Real names and pseudonyms (also known as aliases and gamer tags) each have their own advantages and disadvantages. If you use your real name, then it is easier for people to send you money (and thus easier for you to receive it) because people do not need to associate you with your pseudonym and if they know you, then they probably know how to spell your name and variations of it.^[For example, vitalikbuterin
, vbuterin
, vitalikb
, vitalik
, buterin
. ] If you create a new pseudonym, then you need to remember it and it is harder for your contacts to find and remember you because they need to create an association in their mind between your real name and your new pseudonym. If you use a pseudonym that you used in another context, then if stalkers know your identity in the other context, they can still find your wallet address on the Ethereum blockchain because they can track the address associated with your pseudonym while they tracking the address associated with your real name (they can and will have multiple 'suspects' to track). Also, if your username is your real name, then it is easier for an attacker to guess your username when trying to break into your Argent or Authereum account, but an attacker who is targeting you specifically will likely know your pseudonym anyway.
Furthermore, for the ENS name to be useful as a solution to the Identity Problem, you must give your name to other people. Once you give it to someone, they will know that you are associated with that name, and they could share information about that association with potential stalkers (willingly or not). If you are protective about your username to make it harder for people to guess, then your ENS name becomes less useful.
The problem of whether to use your real name is relevant to any users of Argent, Authereum, and the Ethereum Name Service. It seems that the Real Names Problem has no obvious solution since there are advantages and disadvantages for going either way, and it is not clear that some strongly outweigh the others. Nevertheless, my intuition is that it is likely better to use a pseudonym than to use one's real name for their ENS name and Argent or Authereum username so it is more difficult to guess. A skilled stalker will still be able to find your username, but at least it will be more work. Whenever someone sends you money, they should be careful to confirm your ENS name, username, and address regardless of whether you are using your real name or a pseudonym. Therefore, unless you do not think you will ever care about your transactions being public forever, and you are quite famous, and want to use your ENS name to promote ENS or Ethereum, then it is probably better for you to use a pseudonym.