Why I support privacy
2025 Apr 14
See all posts
Why I support privacy
Special thanks to Balvi volunteers, Paul Dylan-Ennis,
pcaversaccio, vectorized, Bruce Xu and Luozhu Zhang for discussion and
feedback.
Recently, I have been increasingly focusing on improving
the state of privacy in the Ethereum ecosystem. Privacy is
an important guarantor of decentralization: whoever has the
information has the power, ergo we need to avoid centralized control
over information. When people in the real world express concern about
centrally operated technical infrastructure, the concern is sometimes
about operators changing the rules unexpectedly or deplatforming users,
but just as often, it's about data collection. While the cryptocurrency
space has its origins in projects like Chaumian Ecash, which put
the preservation of digital financial privacy front and center, it has
more recently undervalued privacy for what is ultimately a bad
reason: before ZK-SNARKs, we had no way to offer privacy in a
decentralized way, and so we downplayed it, instead focusing exclusively
on other guarantees that we could provide at the time.
Today, however, privacy can no longer be ignored. AI
is greatly increasing capabilities for centralized data collection and
analysis while greatly expanding the scope of data that we share
voluntarily. In the future, newer technologies like brain-computer
interfaces bring further challenges: we may be literally talking about
AI reading our minds. At the same time, we have more powerful
tools to preserve privacy, especially in the digital realm, than the
1990s cypherpunks could have imagined: highly efficient zero knowledge
proofs (ZK-SNARKs) can protect our identities while revealing enough
information to prove that we are trustworthy, fully homomorphic
encryption (FHE) can let us compute over data without seeing the data,
and obfuscation may soon offer even more.
Privacy is not about standing apart. It's about standing
together.
At this time, it's worth stepping back and reviewing the question:
why do we want privacy in the first place? Each
person's answer will be different. In this post I will give my own,
which I will break down into three parts:
- Privacy is freedom: privacy gives us space to live
our lives in the ways that meet our needs, without constantly worrying
about how our actions will be perceived in all kinds of political and
social games
- Privacy is order: a whole bunch of mechanisms that
underlie the basic functioning of society depend on privacy in order to
function
- Privacy is progress: if we gain new ways to share
our information selectively while protecting it from being misused, we
can unlock a lot of value and accelerate technological and social
progress
Privacy is freedom
Back in the early 2000s, it was popular to have viewpoints similar to
those epitomized by David Brin's 1998 book The
Transparent Society: technology would make information all
around the world much more transparent, and while this will have
downsides and require adaptation, on average it is a very good thing,
and we can make it fair by making sure that the people can surveil (or
rather, sousveil)
the government as well. In 1999, Sun Microsystems CEO Scott McNealy famously
exclaimed: "privacy is dead, get over it!". This mentality was
common in the early conception and development of Facebook, which banned
pseudonymous identities. I personally remember experiencing the tail
end of this mentality at a presentation at a Huawei event in Shenzhen in
2015, where a (Western) speaker casually mentioned in an offhand remark
that "privacy is over".
The Transparent Society represented the
best and brightest of what "privacy is over" ideology had to offer: it
promised a better, more just and fair world, using the power of
transparency to keep governments accountable rather than repressing
individuals and minorities. In hindsight, however, it is clear that even
this approach was a product of its time, written at the peak of
enthusiasm about global cooperation and peace and "the end of history",
and it depended on a number of overly-optimistic assumptions
about human nature. Primarily:
- The top-level layers of global politics would be generally
well-intentioned and sane, making vertical privacy
(ie. not revealing information to powerful people and institutions) more
and more unneeded. Abuses of power would generally be
localized, and so the best way to fight those abuses is to
bring them out into the sunlight.
- Culture would keep improving to the point where
horizontal privacy (ie. not revealing information to
other members of the public) would become unneeded. Nerds, gays, and
ultimately everyone else could stop hiding in the closet, because
society would stop being harsh and judgemental toward people's unique
traits and instead become open-minded and accepting.
Today, there is no single major country for which the first
assumption is broadly agreed to be true, and quite a few for which it's
broadly agreed to be false. On the second front, cultural tolerance has
also been rapidly regressing - a mere twitter search for phrases like
"bullying
is good" is one piece of evidence of this, though it's easy to find
more.
I personally have the misfortune to encounter the downsides of
"transparent society" regularly, as every single action I take outside
has some nonzero chance of unexpectedly becoming a public media
story:
The worst offender was someone who took a minute-long video while I
was laptopping in Chiang Mai, and proceeded to post it on xiaohongshu,
where it immediately got many thousands of likes and reshares. Of
course, my own situation is far from the human norm - but this has
always been the case with privacy: privacy is less needed for
people whose life situations are relatively normal, and more needed for
people whose life situations deviate from the norm, in any
direction. And once you add up all of the different directions
that matter, the number of people who really need privacy ends
up being quite a lot - and you never know when you will become
one of them. This is a big reason why privacy is often underrated: it's
not just about your situation and your information today, it's also
about the unknown unknowns of what happens to that information (and to
how it affects you) going forward forever into the future.
Privacy from corporate pricing mechanisms is a niche concern today,
even among AI advocates, but with the rise of AI-based analysis tools it
is likely to become a growing issue: the more a company knows about you,
the more they are also to offer you a personalized price that maximizes
how much they can extract from you multiplied by the probability that
you will pay up.
I can express my general argument for privacy as freedom in one
sentence as follows:
Privacy gives you the freedom to live your life in a way that
best suits your personal goals and needs, without having to constantly
balance every action between "the private game" (your own needs) and
"the public game" (how all kinds of other people, intermediated by all
kinds of mechanisms including social media cascades, commercial
incentives, politics, institutions, etc, will perceive and respond to
your behavior)
Without privacy, everything becomes a constant battle of
"what will other people (and bots) think of what I'm doing" - powerful
people, companies, and peers, people today and in the future. With
privacy, we can preserve a balance. Today, that balance is being rapidly
eroded, especially in the physical realm, and the default path of modern
techno-capitalism, with its hunger for business models that find ways to
capture value from users without asking them to explicitly pay for
things, is to erode it further (even into highly sensitive domains like,
eventually, our own minds). Hence, we need to counteract this effect,
and support privacy more explicitly, particularly in the place where we
most practically can: the digital realm.
But why not allow
government backdoors?
There is one common reply to the above reasoning: the disadvantages
of privacy that I described are largely disadvantages of the
public knowing too much about our private lives, and even where
abuse of power is concerned, it's about corporations, bosses and
politicians knowing too much. But we're not going to let the
public, corporations, bosses and politicians have all this data.
Instead, we'll let a small group of highly trained and well-vetted law
enforcement professionals see data taken from the security cameras on
the streets and the wiretaps on the internet cables and chat
applications, enforce strict accountability procedures, and no one else
will find out.
This is a quietly, but widely, held position, and so it is important
to address it explicitly. There are several reasons why, even if
implemented at a high standard of quality with good intentions, such
strategies are inherently unstable:
- In practice, it's not just the government, it's also all
kinds of corporate entities, of varying levels of quality. In
traditional financial systems, KYC and payment info gets held by payment
processors, banks, and all kinds of other intermediaries. Email
providers see huge amounts of data of all sorts. Telecom companies know
your location, and regularly illegally
resell it. In general, policing all of these entities at a
sufficient level of rigor that ensures that they truly have a high level
of care for user data is so effort intensive on both the watcher and the
watched that it is likely incompatible with maintaining a competitive
free market.
- Individuals who have access will always feel the pull to
abuse it (including by selling to third parties). In 2019,
several Twitter employees were charged
and later
convicted for selling personal information of dissidents to Saudi
Arabia.
- The data can always get hacked. In 2024, data that
US telecommunication companies were legally required to collect was
hacked, allegedly
by state-affiliated hackers from China. In 2025, large amounts of
sensitive personal data held by the Ukrainian government was
hacked by Russia. And in the other direction, highly sensitive
government and corporate databases in China also
get hacked, including by
the US government.
- The regime can change. A government that is
trustworthy today may not be trustworthy tomorrow. The people in charge
today may be persecuted tomorrow. A police agency that maintains
impeccably high standards of respect and decorum one day may find itself
reduced to all kinds of gleeful cruelty a decade later.
From the perspective of an individual, if data is taken from them,
they have no way to tell if and how it will be abused in the future.
By far the safest approach to handling large-scale data is to
centrally collect as little of it as possible in the first
place. Data should be maximally held by the users themselves, and
cryptographic means used to enable aggregation of useful statistics
without compromising individual privacy.
The argument that the government should have the capability to access
anything with a warrant because that's the way that things have always
worked misses a key point: historically, the amount of
information available to be obtained with warrants was far lower than
what is available today, and even what would be available if the
strongest proposed forms of internet privacy were universally
adopted. In the 19ᵗʰ century, the average conversation happened
once, via voice, and was never recorded by anyone. For this reason: the
entire moral
panic around "going dark" is ahistorical: the average conversation,
and even financial transaction, being fully and unconditionally
private is the multi-thousand-year historical norm.
An average conversation, 1950. Exactly zero words of the
conversation were ever recorded, spied on, subject to "lawful
intercept", AI analyzed, or otherwise viewed by anyone at any time other
than the participants in the conversation while it is happening.
Another important reason to minimize centralized data collection is
the inherently international nature of large portions of global
communication and economic interaction. If everyone is in the
same country, it is at least a coherent position to say that "the
government" should have access to the data in their interactions. But
what if people are in different countries? Certainly, in principle you
could try to come up with a galaxy-brained scheme where each
person's data is mapped to some lawful access entity that is responsible
for them - though even there you would have to deal with a huge number
of edge cases involving data that relates to multiple people. But even
if you could, it is not the realistic default outcome. The
realistic default outcome of government backdoors is: data becomes
concentrated in a small number of central jurisdictions that have
everyone's data because they control the applications - essentially,
global techno-hegemony. Strong privacy is by far the most stable
alternative.
Privacy is order
For over a century, it has been recognized that a key technical
component making democracy work is the secret
ballot: no one knows who you voted for, and furthermore,
you do not have the ability to prove to anyone else who you voted for,
even if you really want to. If secret ballots were not a default, then
voters would be accosted with all kinds of side incentives affecting how
they vote: bribes, promises of retroactive rewards, social pressure,
threats, and more.
It can be seen that such side incentives would completely break
democracy with a simple mathematical argument: in an election with N
people, your probability of affecting the outcome is only roughly 1/N,
and so any considerations related to which candidate is better and which
is worse inherently get divided by N. Meanwhile, "side games"
(eg. voter bribery, coercion, social pressure) act on you
directly based on how you vote (rather than based on the outcome of the
vote as a whole), and so they do not get divided by N. Hence, unless
side games are tightly controlled, they by default overwhelm the entire
game, and drown out any consideration of which candidate's policies are
actually better.
This applies not just to nation-scale democracy. Theoretically, it
applies to almost any corporate or governmental principal-agent
problem:
- A judge deciding how to rule in a case
- A government official deciding which company to give a contract or
grant to
- An immigration official deciding to grant or reject a visa
- An employee in a social media company deciding on how to enforce
content moderation policy
- An employee in a company contributing to a business decision (eg.
which supplier to buy from)
The fundamental problem in all cases is the same: if the agent acts
honestly, they absorb only a small share of the benefit of their action
to the entity that they are representing, meanwhile if they follow the
incentives of some side game, then they absorb the full share of those
benefits. Hence, even today, we are leaning on a lot of moral
goodwill to make sure all our institutions don't get completely taken
over by a chaotic maelstrom of side games overturning side games.
If privacy decreases further, then these side games become even
stronger, and the moral goodwill required to keep society functioning
may become unrealistically high.
Could social systems be redesigned to not have this problem?
Unfortunately, game theory pretty much explicitly says that this is
impossible (with one exception: total dictatorship). In the
version of game theory that focuses on individual choice - that is, the
version that assumes that each participant makes decisions independently
and that does not allow for the possibility of groups of agents working
as one for their mutual benefit, mechanism designers have a very wide
latitude to "engineer"
games to achieve all kinds of specific outcomes. In fact, there are
mathematical
proofs that for any game at least one stable Nash
equilibrium must exist, and so analyzing such games becomes tractable.
But in the version of game theory that allows for the possibility of
coalitions working together (ie. "colluding"), called cooperative
game theory, we
can prove that there are large classes of games that do not have any
stable outcome (called a "core"). In
such games, whatever the current state of affairs is, there is always
some coalition that can profitably deviate from it.
|
Round
|
A
|
B
|
C
|
|
1
|
1/3
|
1/3
|
1/3
|
|
2
|
1/2
|
1/2
|
0
|
|
3
|
2/3
|
0
|
1/3
|
|
4
|
0
|
1/3
|
2/3
|
If we take the math seriously, we come to
the conclusion that the only way to create stable social
structures is to have some limits on the amount of coordination between
participants that can happen - and this implies strong privacy
(including deniability). If you do not take the math seriously
on its own, then it suffices to observe the real world, or at least
think through what some of the principal-agent situations described
above might become if they got taken over by side games, to come to the
same conclusion.
Note that this introduces another argument for why government
backdoors are risky. If everyone has unlimited ability to
coordinate with everyone on everything, the outcome is chaos. But if
only a few people can do so, because they have privileged
access to information, then the outcome is that they dominate. One
political party having backdoor access to the communications of the
other can easily spell the end of the viability of having multiple
political parties.
One other important example of a social order that depends on limits
to collusion in order to function is intellectual and cultural
activity. Participation in intellectual and cultural activity
is inherently an intrinsically-motivated public-spirited task: it's very
difficult to make extrinsic incentives that target positive
contributions to society, precisely because intellectual and
cultural activity is, in part, the activity of determining which actions
in society are positive actions in the first place. We can make
approximate commercial and social incentives that point in the right
direction, but they too require heavy supplementation by intrinsic
motivation. But this also means that this kind of activity is highly
fragile to misaligned extrinsic motivations, particularly side
games such as social pressure and coercion. To limit the impact of such
misaligned extrinsic motivations, privacy is once again required.
Privacy is progress
Imagine a world where public-key and symmetric-key encryption did not
exist at all. In this world, securely sending messages across long
distances would inherently be vastly more difficult - not impossible,
but difficult. This would lead to far less international cooperation
taking place, and as a result much more would continue to happen via
in-person offline channels. This would have made the world a much
poorer, and more unequal, place.
I will argue that today we are in exactly that place today,
relatively to a hypothetical world of tomorrow where much
stronger forms of cryptography were widely available - in
particular, programmable cryptography, augmented by
stronger forms of full-stack security and formal verification to give us
strong assurances that this cryptography is being correctly used.
The Egyptian
god protocols: three powerful and highly general-purpose
constructions that can let us do computation on data while at the same
time keeping the data completely private.
An excellent source of examples is healthcare. If
you talk to anyone who has been working in longevity, pandemic
resistance, or other fields in health in the past decade, they will
universally tell you that the future of treatment and prevention is
personalized, and effective response is highly dependent on high-quality
data, both data about individuals and data about the environment.
Effectively protecting people against airborne disease requires knowing
where the air quality is higher and lower, and in what regions pathogens
are emerging at any given time. The most advanced longevity clinics all
give customized recommendations and treatments based on data about your
body, food preferences and lifestyle.
However, each of these things are simultaneously massive privacy
risks. I am personally aware of an incident where an air monitor was
given to an employee that "phoned home" to a company, and the collected
data was sufficient to determine when that employee was having sex. For
reasons like this, I expect that by default many of the most
valuable forms of data will not be collected at all, precisely because
people are afraid of the privacy consequences. And even when
data does get collected, it will almost always not be widely
shared or made available to researchers - in part for business reasons,
but just as often because of the privacy concerns involved.
The same pattern is repeated in other spheres. There is a huge amount
of information about ourselves in our actions in documents we write,
messages that we send across various applications, and various actions
on social media, that could all be used to more effectively predict and
deliver the things that we need in our daily lives. There is a huge
amount of information about how we interact with our physical
environments that is not healthcare-related. Today, we lack the tools to
effectively use this information without creating dystopian privacy
nightmares. Tomorrow, we may have those tools.
The best way to solve these challenges is to use strong cryptography,
which can let us get the benefits of sharing data without the downsides.
The need to gain access to data, including personal data, will only
become more important in the age of AI, as there is value from being
able to locally train and run "digital twins" that can make decisions on
our behalf based on high-fidelity approximations of our preferences.
Eventually, this will also involve using brain-computer interface (BCI)
technology, reading high-bandwidth inputs from our minds. For this to
not lead to a highly centralized global hegemony, we need ways for this
to be done with respect for strong privacy. Programmable cryptography is
the most trustworthy solution.
My AirValent air quality
monitor. Imagine a device like this that collects air quality data,
makes aggregate statistics publicly available on an open-data map, and
rewards you for providing the data - all while using programmable
cryptography to avoid revealing your personal location data and verify
that the data is genuine.
Programmable cryptography techniques like zero-knowledge proofs are
powerful, because they are like Lego bricks for information
flow. They can allow fine-grained control of who can see what
information and, often more importantly, what information can be seen at
all. For example, I can prove that I have a Canadian passport
that shows I am over 18, without revealing anything else about
myself.
This makes possible all kinds of fascinating combinations. I can give
a few examples:
- Zero-knowledge proof of personhood: proving that
you are a unique person (via various forms of ID: passport, biometrics,
decentralized social-graph-based)
without revealing anything else about which person you are.
This could be used for "proof of not being a bot", all kinds of "maximum
N per person use cases", and more, while preserving full privacy beyond
revealing the fact that the rules are not being broken.
- Privacy
Pools, a financial privacy solution that can exclude bad
actors without requiring backdoors. When spending, users can prove that
their coins came from a source that is not part of a publicly
known list of hacks and thefts; the hackers and thieves themselves are
the only ones who would not be able to generate such a proof, and so
they would not be able to hide. Railgun
and privacypools.com are currently
live and using such a scheme.
- On-device anti-fraud scanning: this does not depend
on ZKPs, but it feels like it belongs in this category. You can use
on-device filters (including LLMs) to check incoming messages, and
automatically identify potential misinformation and scams. If done
on-device, it does not compromise the user's privacy, and it can be done
in a user-empowering way, giving each user a choice of which filters to
subscribe to.
- Proof of provenance for physical items: using a
combination of blockchains and zero-knowledge proofs, it can be possible
to track various properties of an item through its chain of
manufacturing. This could allow eg. pricing environmental externalities
without publicly revealing the supply chain.
Left: depiction
of privacy pools. Right: the Taiwanese Message Checker app, which
gives the user the choice to turn on or off multiple filters, here from
top to bottom: URL checking, cryptocurrency address checking, rumor
checking
Privacy and AI
Recently, ChatGPT
announced that it will start feeding your past conversations into
the AI as context for your future conversations. That the trend will
keep going in this direction is inevitable: an AI looking over your past
conversations and gleaning insights from them is fundamentally
useful. In the near future, we will probably see people making AI
products that make even deeper intrusions into privacy: passively
collecting your internet browsing patterns, email and chat history,
biometric data, and more.
In theory, your data stays private to you. In practice, this does not
always seem to be the case:
"Wow!
ChatGPT has a bug, and it pushes questions asked by others
to me! This is a big privacy leak. I asked a question, got an error, and
then ‘Retry' generated a question that I would never ask."
It's always possible that the privacy protection worked fine, and in
this case the AI hallucinated by generating a question that
Bruce never asked and answering that. But there is no way to verify.
Similarly, there is no way to verify whether or not our conversations
are being used for training.
This is all deeply worrying. Even more disturbing are explicit AI
surveillance use cases, where (physical and digital) data about people
is being collected and analyzed on a large scale without their consent.
Facial recognition is already helping authoritarian regimes crack
down on political dissent on a mass scale. And the most worrying of
all is the inevitable final frontier of AI data collection and analysis:
the human mind.
In principle, brain-computer interface technology has incredible
power to boost human potential. Take the story of Noland
Arbaugh, Neuralink's first patient as of last year:
The experimental device has given Arbaugh, now 30, a sense of
independence. Before, using a mouth-stick required someone to position
him upright. If he dropped his mouth-stick, it needed to be picked up
for him. And he couldn't use it for long or he'd develop sores. With the
Neuralink device, he has nearly full control of a computer. He can
browse the web and play computer games whenever he wants, and Neuralink
says he has set
the human record for cursor control with a BCI.
Today, these devices are powerful enough to empower the injured and
sick. Tomorrow, they will be powerful enough to give fully healthy
people an opportunity to work with computers, and communicate
telepathically with each other (!!), at a level of efficiency that to us
seems unimaginable. But actually interpreting the brain signals
to make this kind of communication possible requires AI.
There is a dark future that could arise naturally as a confluence of
these trends, and we get silicon super-agents that are slurping up and
analyzing information about everyone, including how they write, act and
think. But there is also a brighter future, where we get the
benefits of these technologies while preserving our
privacy.
This can be done with a combination of a few techniques:
- Running computation locally whenever possible -
many tasks (eg. basic image analysis, translation, transcription, basic
brain wave analysis for BCI) are simple enough that they can be done
fully on locally-running computation. Indeed, locally-running
computation even provides advantages in reducing latency and
improving verifiability. If something can be done locally, it should be
done locally. This includes computations where various intermediate
steps involve accessing the internet, logging into social media
accounts, etc.
- Using cryptography to make remote computation fully
private - fully
homomorphic encryption (FHE) could be used to perform AI computation
remotely without allowing the remote server to see the data or the
results. Historically, FHE has been very expensive, but (i) recently it
has been rapidly improving in efficiency, and (ii) LLMs are a uniquely
structured form of computation, and asymptotically almost all
of it is linear operations, making it potentially very amenable
to ultra-efficient FHE implementations. Computation that involves the
private data of multiple parties can be done with multi-party
computation; the common case of two parties can be handled extremely
efficiently with techniques like garbled
circuits.
- Using hardware verification to extend guarantees to the
physical world - we could insist that hardware that can read
our minds (whether from inside the skull or outside) must be open and
verifiable, and use techniques
like IRIS to verify it. We can also do this in other domains: for
example, we could have security cameras that provably only save and
forward the video stream if a local LLM flags it as physical violence or
a medical emergency, and delete it in all other cases, and have
community-driven random inspection with IRIS to verify that the cameras
are implemented correctly.
Future imperfect
In 2008, the libertarian philosopher David Friedman wrote a book called
Future Imperfect, in which he gave a series of sketches about the
changes to society that new technologies might bring, not all of them in
his favor (or our favor). In one
section, he describes a potential future where we see a complicated
interplay between privacy and surveillance, where growth in digital
privacy counterbalances growth in surveillance in the physical
world:
It does no good to use strong encryption for my email if a video
mosquito is sitting on the wall watching me type. So strong privacy in a
transparent society requires some way of guarding the interface between
my realspace body and cyberspace ... A low-tech solution is to type under
a hood. A high-tech solution is some link between mind and machine that
does not go through the fingers – or anything else visible to an outside
observer.24
The conflict between realspace transparency and cyberspace privacy
goes in the other direction as well ... My pocket computer encrypts my
message with your public key and transmits it to your pocket computer,
which decrypts the message and displays it through your VR glasses. To
make sure nothing is reading the glasses over your shoulder, the goggles
get the image to you not by displaying it on a screen but by using a
tiny laser to write it on your retina. With any luck, the inside of your
eyeball is still private space.
We could end up in a world where physical actions are entirely
public, information transactions entirely private. It has some
attractive features. Private citizens will still be able to take
advantage of strong privacy to locate a hit man, but hiring him may cost
more than they are willing to pay, since in a sufficiently transparent
world all murders are detected. Each hit man executes one commission
then goes directly to jail.
What about the interaction between these technologies and data
processing? On the one hand, it is modern data processing that makes the
transparent society such a threat – without that, it would not much
matter if you videotaped everything that happened in the world, since
nobody could ever find the particular six inches of videotape he wanted
in the millions of miles produced each day. On the other hand, the
technologies that support strong privacy provide the possibility of
reestablishing privacy, even in a world with modern data processing, by
keeping information about your transactions from ever getting to anyone
but you.
Such a world may well be the best of all possible worlds: if all goes
well, we would see a future where there is very little physical
violence, but at the same time preserve our freedoms online, and ensure
the basic functioning of political, civic, cultural and intellectual
processes in society that depend on some limits to total information
transparency for their ongoing operation.
Even if it is not ideal, it is much better than the version where
physical and digital privacy go to zero, eventually including
privacy of our own minds, and in the mid-2050s we get thinkpieces
arguing that of course it's unrealistic to expect to think
thoughts that are not subject to lawful intercept, and responses to
those thinkpieces consisting of links to the most recent incident where
an AI company's LLM got an exploit which led to a year of 30 million
people's private inner monologues getting leaked to the whole
internet.
Society has always depended on a balance between privacy and
transparency. In some cases I support limits to privacy too. To give an
example totally disconnected from the usual arguments that people give
in this regard, I am supportive of the US government's moves to ban
non-compete clauses in contracts, primarily not because of their
direct impacts on workers, but because they are a way of forcing the
tacit domain knowledge of companies to be partially open-source. Forcing
companies to be more open than they would like is a limitation of
privacy - but I would argue a net-beneficial one. But from a macro
perspective, the most pressing risk of near-future technology is that
privacy will approach all-time lows, and in a highly imbalanced way
where the most powerful individuals and the most powerful nations get
lots of data on everyone, and everyone else will see close to nothing.
For this reason, supporting privacy for everyone, and making the
necessary tools open source, universal, reliable and safe is one of the
important challenges of our time.
Why I support privacy
2025 Apr 14 See all postsSpecial thanks to Balvi volunteers, Paul Dylan-Ennis, pcaversaccio, vectorized, Bruce Xu and Luozhu Zhang for discussion and feedback.
Recently, I have been increasingly focusing on improving the state of privacy in the Ethereum ecosystem. Privacy is an important guarantor of decentralization: whoever has the information has the power, ergo we need to avoid centralized control over information. When people in the real world express concern about centrally operated technical infrastructure, the concern is sometimes about operators changing the rules unexpectedly or deplatforming users, but just as often, it's about data collection. While the cryptocurrency space has its origins in projects like Chaumian Ecash, which put the preservation of digital financial privacy front and center, it has more recently undervalued privacy for what is ultimately a bad reason: before ZK-SNARKs, we had no way to offer privacy in a decentralized way, and so we downplayed it, instead focusing exclusively on other guarantees that we could provide at the time.
Today, however, privacy can no longer be ignored. AI is greatly increasing capabilities for centralized data collection and analysis while greatly expanding the scope of data that we share voluntarily. In the future, newer technologies like brain-computer interfaces bring further challenges: we may be literally talking about AI reading our minds. At the same time, we have more powerful tools to preserve privacy, especially in the digital realm, than the 1990s cypherpunks could have imagined: highly efficient zero knowledge proofs (ZK-SNARKs) can protect our identities while revealing enough information to prove that we are trustworthy, fully homomorphic encryption (FHE) can let us compute over data without seeing the data, and obfuscation may soon offer even more.
Privacy is not about standing apart. It's about standing together.
At this time, it's worth stepping back and reviewing the question: why do we want privacy in the first place? Each person's answer will be different. In this post I will give my own, which I will break down into three parts:
Privacy is freedom
Back in the early 2000s, it was popular to have viewpoints similar to those epitomized by David Brin's 1998 book The Transparent Society: technology would make information all around the world much more transparent, and while this will have downsides and require adaptation, on average it is a very good thing, and we can make it fair by making sure that the people can surveil (or rather, sousveil) the government as well. In 1999, Sun Microsystems CEO Scott McNealy famously exclaimed: "privacy is dead, get over it!". This mentality was common in the early conception and development of Facebook, which banned pseudonymous identities. I personally remember experiencing the tail end of this mentality at a presentation at a Huawei event in Shenzhen in 2015, where a (Western) speaker casually mentioned in an offhand remark that "privacy is over".
The Transparent Society represented the best and brightest of what "privacy is over" ideology had to offer: it promised a better, more just and fair world, using the power of transparency to keep governments accountable rather than repressing individuals and minorities. In hindsight, however, it is clear that even this approach was a product of its time, written at the peak of enthusiasm about global cooperation and peace and "the end of history", and it depended on a number of overly-optimistic assumptions about human nature. Primarily:
Today, there is no single major country for which the first assumption is broadly agreed to be true, and quite a few for which it's broadly agreed to be false. On the second front, cultural tolerance has also been rapidly regressing - a mere twitter search for phrases like "bullying is good" is one piece of evidence of this, though it's easy to find more.
I personally have the misfortune to encounter the downsides of "transparent society" regularly, as every single action I take outside has some nonzero chance of unexpectedly becoming a public media story:
The worst offender was someone who took a minute-long video while I was laptopping in Chiang Mai, and proceeded to post it on xiaohongshu, where it immediately got many thousands of likes and reshares. Of course, my own situation is far from the human norm - but this has always been the case with privacy: privacy is less needed for people whose life situations are relatively normal, and more needed for people whose life situations deviate from the norm, in any direction. And once you add up all of the different directions that matter, the number of people who really need privacy ends up being quite a lot - and you never know when you will become one of them. This is a big reason why privacy is often underrated: it's not just about your situation and your information today, it's also about the unknown unknowns of what happens to that information (and to how it affects you) going forward forever into the future.
Privacy from corporate pricing mechanisms is a niche concern today, even among AI advocates, but with the rise of AI-based analysis tools it is likely to become a growing issue: the more a company knows about you, the more they are also to offer you a personalized price that maximizes how much they can extract from you multiplied by the probability that you will pay up.
I can express my general argument for privacy as freedom in one sentence as follows:
Without privacy, everything becomes a constant battle of "what will other people (and bots) think of what I'm doing" - powerful people, companies, and peers, people today and in the future. With privacy, we can preserve a balance. Today, that balance is being rapidly eroded, especially in the physical realm, and the default path of modern techno-capitalism, with its hunger for business models that find ways to capture value from users without asking them to explicitly pay for things, is to erode it further (even into highly sensitive domains like, eventually, our own minds). Hence, we need to counteract this effect, and support privacy more explicitly, particularly in the place where we most practically can: the digital realm.
But why not allow government backdoors?
There is one common reply to the above reasoning: the disadvantages of privacy that I described are largely disadvantages of the public knowing too much about our private lives, and even where abuse of power is concerned, it's about corporations, bosses and politicians knowing too much. But we're not going to let the public, corporations, bosses and politicians have all this data. Instead, we'll let a small group of highly trained and well-vetted law enforcement professionals see data taken from the security cameras on the streets and the wiretaps on the internet cables and chat applications, enforce strict accountability procedures, and no one else will find out.
This is a quietly, but widely, held position, and so it is important to address it explicitly. There are several reasons why, even if implemented at a high standard of quality with good intentions, such strategies are inherently unstable:
From the perspective of an individual, if data is taken from them, they have no way to tell if and how it will be abused in the future. By far the safest approach to handling large-scale data is to centrally collect as little of it as possible in the first place. Data should be maximally held by the users themselves, and cryptographic means used to enable aggregation of useful statistics without compromising individual privacy.
The argument that the government should have the capability to access anything with a warrant because that's the way that things have always worked misses a key point: historically, the amount of information available to be obtained with warrants was far lower than what is available today, and even what would be available if the strongest proposed forms of internet privacy were universally adopted. In the 19ᵗʰ century, the average conversation happened once, via voice, and was never recorded by anyone. For this reason: the entire moral panic around "going dark" is ahistorical: the average conversation, and even financial transaction, being fully and unconditionally private is the multi-thousand-year historical norm.
An average conversation, 1950. Exactly zero words of the conversation were ever recorded, spied on, subject to "lawful intercept", AI analyzed, or otherwise viewed by anyone at any time other than the participants in the conversation while it is happening.
Another important reason to minimize centralized data collection is the inherently international nature of large portions of global communication and economic interaction. If everyone is in the same country, it is at least a coherent position to say that "the government" should have access to the data in their interactions. But what if people are in different countries? Certainly, in principle you could try to come up with a galaxy-brained scheme where each person's data is mapped to some lawful access entity that is responsible for them - though even there you would have to deal with a huge number of edge cases involving data that relates to multiple people. But even if you could, it is not the realistic default outcome. The realistic default outcome of government backdoors is: data becomes concentrated in a small number of central jurisdictions that have everyone's data because they control the applications - essentially, global techno-hegemony. Strong privacy is by far the most stable alternative.
Privacy is order
For over a century, it has been recognized that a key technical component making democracy work is the secret ballot: no one knows who you voted for, and furthermore, you do not have the ability to prove to anyone else who you voted for, even if you really want to. If secret ballots were not a default, then voters would be accosted with all kinds of side incentives affecting how they vote: bribes, promises of retroactive rewards, social pressure, threats, and more.
It can be seen that such side incentives would completely break democracy with a simple mathematical argument: in an election with N people, your probability of affecting the outcome is only roughly 1/N, and so any considerations related to which candidate is better and which is worse inherently get divided by N. Meanwhile, "side games" (eg. voter bribery, coercion, social pressure) act on you directly based on how you vote (rather than based on the outcome of the vote as a whole), and so they do not get divided by N. Hence, unless side games are tightly controlled, they by default overwhelm the entire game, and drown out any consideration of which candidate's policies are actually better.
This applies not just to nation-scale democracy. Theoretically, it applies to almost any corporate or governmental principal-agent problem:
The fundamental problem in all cases is the same: if the agent acts honestly, they absorb only a small share of the benefit of their action to the entity that they are representing, meanwhile if they follow the incentives of some side game, then they absorb the full share of those benefits. Hence, even today, we are leaning on a lot of moral goodwill to make sure all our institutions don't get completely taken over by a chaotic maelstrom of side games overturning side games. If privacy decreases further, then these side games become even stronger, and the moral goodwill required to keep society functioning may become unrealistically high.
Could social systems be redesigned to not have this problem? Unfortunately, game theory pretty much explicitly says that this is impossible (with one exception: total dictatorship). In the version of game theory that focuses on individual choice - that is, the version that assumes that each participant makes decisions independently and that does not allow for the possibility of groups of agents working as one for their mutual benefit, mechanism designers have a very wide latitude to "engineer" games to achieve all kinds of specific outcomes. In fact, there are mathematical proofs that for any game at least one stable Nash equilibrium must exist, and so analyzing such games becomes tractable. But in the version of game theory that allows for the possibility of coalitions working together (ie. "colluding"), called cooperative game theory, we can prove that there are large classes of games that do not have any stable outcome (called a "core"). In such games, whatever the current state of affairs is, there is always some coalition that can profitably deviate from it.
If we take the math seriously, we come to the conclusion that the only way to create stable social structures is to have some limits on the amount of coordination between participants that can happen - and this implies strong privacy (including deniability). If you do not take the math seriously on its own, then it suffices to observe the real world, or at least think through what some of the principal-agent situations described above might become if they got taken over by side games, to come to the same conclusion.
Note that this introduces another argument for why government backdoors are risky. If everyone has unlimited ability to coordinate with everyone on everything, the outcome is chaos. But if only a few people can do so, because they have privileged access to information, then the outcome is that they dominate. One political party having backdoor access to the communications of the other can easily spell the end of the viability of having multiple political parties.
One other important example of a social order that depends on limits to collusion in order to function is intellectual and cultural activity. Participation in intellectual and cultural activity is inherently an intrinsically-motivated public-spirited task: it's very difficult to make extrinsic incentives that target positive contributions to society, precisely because intellectual and cultural activity is, in part, the activity of determining which actions in society are positive actions in the first place. We can make approximate commercial and social incentives that point in the right direction, but they too require heavy supplementation by intrinsic motivation. But this also means that this kind of activity is highly fragile to misaligned extrinsic motivations, particularly side games such as social pressure and coercion. To limit the impact of such misaligned extrinsic motivations, privacy is once again required.
Privacy is progress
Imagine a world where public-key and symmetric-key encryption did not exist at all. In this world, securely sending messages across long distances would inherently be vastly more difficult - not impossible, but difficult. This would lead to far less international cooperation taking place, and as a result much more would continue to happen via in-person offline channels. This would have made the world a much poorer, and more unequal, place.
I will argue that today we are in exactly that place today, relatively to a hypothetical world of tomorrow where much stronger forms of cryptography were widely available - in particular, programmable cryptography, augmented by stronger forms of full-stack security and formal verification to give us strong assurances that this cryptography is being correctly used.
The Egyptian god protocols: three powerful and highly general-purpose constructions that can let us do computation on data while at the same time keeping the data completely private.
An excellent source of examples is healthcare. If you talk to anyone who has been working in longevity, pandemic resistance, or other fields in health in the past decade, they will universally tell you that the future of treatment and prevention is personalized, and effective response is highly dependent on high-quality data, both data about individuals and data about the environment. Effectively protecting people against airborne disease requires knowing where the air quality is higher and lower, and in what regions pathogens are emerging at any given time. The most advanced longevity clinics all give customized recommendations and treatments based on data about your body, food preferences and lifestyle.
However, each of these things are simultaneously massive privacy risks. I am personally aware of an incident where an air monitor was given to an employee that "phoned home" to a company, and the collected data was sufficient to determine when that employee was having sex. For reasons like this, I expect that by default many of the most valuable forms of data will not be collected at all, precisely because people are afraid of the privacy consequences. And even when data does get collected, it will almost always not be widely shared or made available to researchers - in part for business reasons, but just as often because of the privacy concerns involved.
The same pattern is repeated in other spheres. There is a huge amount of information about ourselves in our actions in documents we write, messages that we send across various applications, and various actions on social media, that could all be used to more effectively predict and deliver the things that we need in our daily lives. There is a huge amount of information about how we interact with our physical environments that is not healthcare-related. Today, we lack the tools to effectively use this information without creating dystopian privacy nightmares. Tomorrow, we may have those tools.
The best way to solve these challenges is to use strong cryptography, which can let us get the benefits of sharing data without the downsides. The need to gain access to data, including personal data, will only become more important in the age of AI, as there is value from being able to locally train and run "digital twins" that can make decisions on our behalf based on high-fidelity approximations of our preferences. Eventually, this will also involve using brain-computer interface (BCI) technology, reading high-bandwidth inputs from our minds. For this to not lead to a highly centralized global hegemony, we need ways for this to be done with respect for strong privacy. Programmable cryptography is the most trustworthy solution.
My AirValent air quality monitor. Imagine a device like this that collects air quality data, makes aggregate statistics publicly available on an open-data map, and rewards you for providing the data - all while using programmable cryptography to avoid revealing your personal location data and verify that the data is genuine.
Privacy can be progress for keeping our society safe
Programmable cryptography techniques like zero-knowledge proofs are powerful, because they are like Lego bricks for information flow. They can allow fine-grained control of who can see what information and, often more importantly, what information can be seen at all. For example, I can prove that I have a Canadian passport that shows I am over 18, without revealing anything else about myself.
This makes possible all kinds of fascinating combinations. I can give a few examples:
Left: depiction of privacy pools. Right: the Taiwanese Message Checker app, which gives the user the choice to turn on or off multiple filters, here from top to bottom: URL checking, cryptocurrency address checking, rumor checking
Privacy and AI
Recently, ChatGPT announced that it will start feeding your past conversations into the AI as context for your future conversations. That the trend will keep going in this direction is inevitable: an AI looking over your past conversations and gleaning insights from them is fundamentally useful. In the near future, we will probably see people making AI products that make even deeper intrusions into privacy: passively collecting your internet browsing patterns, email and chat history, biometric data, and more.
In theory, your data stays private to you. In practice, this does not always seem to be the case:
"Wow! ChatGPT has a bug, and it pushes questions asked by others to me! This is a big privacy leak. I asked a question, got an error, and then ‘Retry' generated a question that I would never ask."
It's always possible that the privacy protection worked fine, and in this case the AI hallucinated by generating a question that Bruce never asked and answering that. But there is no way to verify. Similarly, there is no way to verify whether or not our conversations are being used for training.
This is all deeply worrying. Even more disturbing are explicit AI surveillance use cases, where (physical and digital) data about people is being collected and analyzed on a large scale without their consent. Facial recognition is already helping authoritarian regimes crack down on political dissent on a mass scale. And the most worrying of all is the inevitable final frontier of AI data collection and analysis: the human mind.
In principle, brain-computer interface technology has incredible power to boost human potential. Take the story of Noland Arbaugh, Neuralink's first patient as of last year:
Today, these devices are powerful enough to empower the injured and sick. Tomorrow, they will be powerful enough to give fully healthy people an opportunity to work with computers, and communicate telepathically with each other (!!), at a level of efficiency that to us seems unimaginable. But actually interpreting the brain signals to make this kind of communication possible requires AI.
There is a dark future that could arise naturally as a confluence of these trends, and we get silicon super-agents that are slurping up and analyzing information about everyone, including how they write, act and think. But there is also a brighter future, where we get the benefits of these technologies while preserving our privacy.
This can be done with a combination of a few techniques:
Future imperfect
In 2008, the libertarian philosopher David Friedman wrote a book called Future Imperfect, in which he gave a series of sketches about the changes to society that new technologies might bring, not all of them in his favor (or our favor). In one section, he describes a potential future where we see a complicated interplay between privacy and surveillance, where growth in digital privacy counterbalances growth in surveillance in the physical world:
Such a world may well be the best of all possible worlds: if all goes well, we would see a future where there is very little physical violence, but at the same time preserve our freedoms online, and ensure the basic functioning of political, civic, cultural and intellectual processes in society that depend on some limits to total information transparency for their ongoing operation.
Even if it is not ideal, it is much better than the version where physical and digital privacy go to zero, eventually including privacy of our own minds, and in the mid-2050s we get thinkpieces arguing that of course it's unrealistic to expect to think thoughts that are not subject to lawful intercept, and responses to those thinkpieces consisting of links to the most recent incident where an AI company's LLM got an exploit which led to a year of 30 million people's private inner monologues getting leaked to the whole internet.
Society has always depended on a balance between privacy and transparency. In some cases I support limits to privacy too. To give an example totally disconnected from the usual arguments that people give in this regard, I am supportive of the US government's moves to ban non-compete clauses in contracts, primarily not because of their direct impacts on workers, but because they are a way of forcing the tacit domain knowledge of companies to be partially open-source. Forcing companies to be more open than they would like is a limitation of privacy - but I would argue a net-beneficial one. But from a macro perspective, the most pressing risk of near-future technology is that privacy will approach all-time lows, and in a highly imbalanced way where the most powerful individuals and the most powerful nations get lots of data on everyone, and everyone else will see close to nothing. For this reason, supporting privacy for everyone, and making the necessary tools open source, universal, reliable and safe is one of the important challenges of our time.