Crypto has undergone an impressive spate of growth recently. We’ve gone from a few hundred users of non-fungible tokens (NFT), a couple of thousand Ethereum node operators and maybe a multitude more of bitcoin holders to several million investors and users across the industry. It’s wonderful there’s an open online world where anyone can create, build and explore without permission. That value is being created, and freedom preserved. But there’s something being lost in the mix: privacy.
Web 3, the buzzy corner of crypto that spans everything from play-to-earn gaming to collectibles to decentralized finance (DeFi), seems to be repeating the same missteps of Web 2. Although touted as a solution to the perils of internet centralization by letting people own their own data and earn rewards for the value they create, Web 3 is failing on these big promises. And with some of the biggest Web 2 builders entering the Web 3 space, the problems may only get worse.
Tor Bair is the founder of the Secret Foundation, an organization dedicated to building, researching and scaling adoption of open-source, privacy-first technologies. This article is part of CoinDesk’s Privacy Week series.
The Web 2 economy was built on a simple idea: collect a cheap resource at scale, user data, then repackage and monetize access to it as an expensive product. It gave users near unlimited ability to create content and connect globally while giving advertisers a captive audience. Companies including Facebook and Google built trillion-dollar businesses and “walled gardens” around this arbitrage, then changed their names (Meta, Alphabet) to distance themselves from the extractive platforms that allowed for their obscene growth.
Along the way, user privacy was not merely ignored – it was abandoned. It was only after the Cambridge Analytica whistle-blowers came forward that we truly became aware of how our data was being misused and resold, occasionally at the expense of democracy itself. Almost every Web 2 company has dealt with massive privacy failings and data breaches, from Uber to Equifax to LinkedIn to Alibaba.
Despite all the lofty promises of Web 3, it has not solved this core issue. While the blockchain world is indeed far more open than Web 2, it is actually far less private. Blockchains leak all user data by default, and not just to Cambridge Analytica but to anyone who glances at the blockchain. The dominant public-by-default model means users must give up control of their data by default as well.
This failure means Web 3 is not becoming user-centric after all. Public-by-default systems and blockchains recentralize and converge to winner-take-all structures. Whoever has the resources to make best use of all the publicly available data will capture the majority of value. In other words, the rich get richer, and users lose their control.
Web 3 companies like Chainalysis have achieved multi-billion- dollar valuations on this play. Miners, the computers that secure and order blockchains, routinely frontrun users based on their privileged view into publicly available data.
Meanwhile, Web 2 companies like Meta (the former Facebook) are clearly seizing the next multi-trillion dollar opportunity by concentrating their entire focus on the emerging metaverse. The same companies that shattered online privacy in the age of social media are now angling to control our open metaverse, wielding war chests of billions of dollars in hopes of capturing trillions.
These are two bad choices: an open metaverse that leaks all data by design and a metaverse owned and operated by the same companies that routinely exploit user data. We need to actively reject both.
See also: The Metaverse Needs a Constitution | Opinion
As we watch the metaverse emerge and build its foundation, we must be aware of and actively work towards a better model. Web 3 and the open metaverse must embrace privacy by design, protect users by default and allow them to consent to and benefit from the use of their data.
It’s not just a dream: Tens of thousands of users in our community around the world are already building and using private-by-default, decentralized, and self-sustainable applications that are truly empowering. We’ve been working towards this vision since 2015, and with the stakes higher than ever, this is the perfect moment to join our fight.
A metaverse that protects our privacy is the only one worth creating, and the only one worth living in.