Privacy Lessons From TikTok: A Look At NuCypher
As the adage goes, “if you are not paying for the product, you are the product”. Data privacy has always been a controversial topic for many consumer tech companies. This controversy once again jumped to the forefront of public discussion with recent allegations and revelations about TikTok, the hugely popular social network based out of China with over 2 billion downloads worldwide. Above and beyond the constant, familiar critique from privacy advocates against the “old-school” tech giants (Google, Amazon, Facebook, etc), TikTok’s practices have breached beyond normal consumer privacy concerns to geo-political and national security concerns. Amazon reportedly recently banned employees from using TikTok, and President Trump is apparently mulling a U.S. ban of TikTok.
In a utopian society, tech companies and governments collect this information only to provide you with the best content. But in a dystopian society, tech companies resell your information to governments who use your data to surveil and censor their political opponents and to other malevolent third parties.
Decentralized applications and blockchain-based solutions have long aimed to solve these privacy and surveillance concerns, but public blockchains present their own challenges. At its core, a blockchain is an immutable, public ledger of transactions. Every transaction is visible to anyone running a full node. The entire history of the entire user base is recorded on chain, available for anyone with the tools to see.
Public Blockchains are not Private
Privacy and censorship resistance have been core value propositions among blockchain advocates. A core ethos behind blockchain technology and cryptocurrencies is to minimize trust and maximize user control over their data. For instance, Blockstack’s goal is to “give users direct ownership of their internet assets and protect user privacy” and Filecoin’s mission is to create a decentralized and trustless storage system. There are also whole classes of privacy tokens like Monero and Zcash that allow users to make transactions privately, and mixer apps like Tornado.cash that allow users to anonymize Ethereum transactions.
Even then, public blockchains like Ethereum still suffer from privacy issues. The public nature of Ethereum is a double-edged sword, because although it allows apps to run transparently, it also exposes user information, even if it is only pseudonymously. This limits use cases for blockchains as users cannot safely transfer sensitive information like personally identifiable information on Ethereum. Public blockchains need a decentralized privacy and encryption layer the way today’s web apps rely on protocols like SSL to ensure data privacy and integrity.
NuCypher to the Rescue
NuCypher is a potential solution to this problem of user privacy on public blockchains. The protocol is a privacy layer for blockchains, and it enables end-to-end encrypted data sharing on public blockchains (e.g. Ethereum) and decentralized storage solutions (e.g. IPFS). NuCypher allows users to conditionally grant and revoke access to data with multiple users at a time. As a result, it provides the backbone for applications that involve the transfer of sensitive data but also want to leverage the trustless security model of public blockchains.
The NuCypher protocol’s key technology is its proxy re-encryption (PRE). PRE is a way of encrypting data and then having an untrusted middleman, or proxy, transform that encrypted data so that recipients can decrypt it. The proxy does not learn anything about the underlying data, nor has access to private keys, thereby ensuring the data’s privacy.
The ability for proxies to perform this transformation is solely controlled by the data owner and therefore PRE gives the data owner ultimate control over the ability to grant and revoke decryption rights. Additionally, PRE is a more scalable privacy solution compared to other public key encryption technologies because 1) it is more suitable for communication that involves arbitrary numbers of data producers and consumers, and 2) it does not require knowing the eventual recipient of the encrypted data beforehand.
Below are some of the new use cases for decentralized applications that can be unlocked using NuCypher:
1. Sharing encrypted files (“Decentralized Dropbox”)
Files can be encrypted client-side and stored in decentralized or centralized filesystems. These files can be shared with approved third-parties securely and access permissions can be revoked at any time. Nubox is an example of this type of application and is currently live on NuCypher’s testnet.
2. Patient-controlled electronic health records (EHR)
Patients can own and control access to their medical data, as opposed to storing it with centralized systems like Epic. When patients want to share their data with a hospital or insurance company, they can grant temporary access. A recent NuCypher hackathon project built an application that leverages Nucypher to let patients securely share their medical data.
3. End-to-end encrypted group chat
NuCypher allows group messaging apps to grant multiple users access to end-to-end encrypted messages, instead of having to encrypt and send the same message individually to each participant. This allows for more scalable encrypted group chat apps.
Stay tuned for our deep dive into NuCypher next week to learn more about how NuCypher is bringing data privacy to decentralized applications.
This blog post is being distributed by Amalgamated Token Services Inc., dba “CoinList,” or one of its subsidiaries. This blog post and use of the CoinList website is subject to certain disclosures, restrictions and risks, available here.