With any online digital interaction, there is a certain amount of information exposed to the user in the process. There are privacy settings on social media and bank accounts, but the nature of a decentralized ledger must be transparent.
Péter Szilágyi recently engaged in an interview to talk about the various components of the Ethereum blockchain and Geth's software, in particular talking about the information that consumers have disseminated. As he says,
"People do not realize how much information is available in the open".
What Szilágyi seems to talk about is how little people have looked at the Ethereum network layer, which exposes a lot of information about the individuals involved. Bringing this kind of awareness has helped to encourage research on how to hide it better from the application, considering how it is hosted on a transparent system that is placed directly on the blockchain.
Speaking during the interview, Szilágyi said that the various peer-to-peer components that contribute to the massive blockchain are more of a "black magic thing".
This problem was brought to light by Szilágyi when he spoke to Devcon4, an annual developer conference that was hosted in Prague. Among the many concerns, he talked about the possibility that the metadata were leaked on users, which would essentially provide the wrong hands with the positions of each individual user.
When Szilágyi began to pursue a side project – his decentralized alternative social media option and privatized to Facebook, he found that the risk of metadata losses is the biggest obstacle to anonymous interactions. He explained,
"We do not have it in Ethereum, and the reason these losses begin to bother me is because of that project."
On Friday, Szilágyi added further concerns, such as the fact that problems run so deeply into the core of the Ethereum blockchain that it is almost impossible to work on them without ruining everything. However, he believes there are ways to get around this problem. Adding to his interview with CoinDesk, he said,
"Most people in blockchain and Ethereum, they want to build on top, while there's a team at the back that does the dirty work."
He added, "It's not that they are unsolvable problems, but someone needs to understand that they exist."
There are two ways in which Szilágyi believes this could happen – through websites or through apps. One of the examples of this website is Etherscan, which creates a link to the IP address of the user with his own Ethereum address.
IP addresses are associated with a particular location, which could mean a big problem for users and their Ethereum wallet accounts. The Etherscan comment tool – Disqus – also gets access to this information. In particular, said Szilágyi,
"Disqus actually reveals the mapping of IP-to-Ethereum addresses on Facebook, Twitter and Google Plus."
As if this were not a sufficient risk, Disqus is already integrated into 11 different services, including websites like YouTube and Vimeo, which means that location information is provided. Szilágyi said there are other "strange trackers" with the tool, such as AI platforms and data marketplaces. However, these problems are not just about Etherscan, but affect any decentralized app that uses the tools.
He added: "This is a problem because you're essentially associating IP address mapping with Ethereum and revealing it to a lot of services."
Etherscan has worked on ways to eliminate these risks, even going so far as to make the advertising network internalized. Unfortunately, there are many dApps that are less proactive. Szilágyi explained,
"We get Etherscan to solve it, but can we get the number of random App 2000 to solve it? Probably not, so users have to protect themselves too."
This information is still shared on services like MetaMask, MyCryptoWallet and Infura.
Fortunately, Szilágyi does not come without the solutions in hand. Based on your information, there are subtle ways to get around these problems, like using the Tor network to hide the user's IP address.
The Brave browser is also an option, although it mainly blocks trackers from following the IP address. However, Szilágyi also refers to "light clients", which are ways of accessing low-level access to the network, which still have two different ways of tracking users.
The main way in which Szilágyi is displayed is called the "discovery protocol". Every time someone connects as a light client to the network, the IP is shown. The reason why this is risky is because the protocol makes it possible to show the position of the user in real time. Explaining, he said,
"Every time I connect to the network, I'm actually telling the network that this car, which is in Berlin last week, was in Prague this week."
Considering how public this information can be, it would not be difficult for someone to do a network scan to find the current position of many users.
Szilágyi continued saying:
"If you are willing to do it, for example, every day, just try to scan the network every day, so you can actually create an extremely accurate history of where every single Ethereum node moved in time."
Light client software reduces the tasks they need to perform, reducing traffic, bandwidth and latency. However, the shortcut leaves many details exposed to users, including the IP address and physical location.
"The luminous servers will be able to statistically map that this particular IP address is of interest to a particular address." The process is very similar to the discovery protocol, as information is easy to obtain. As Szilágyi said,
"Now we do not have a world map of moving IPs, we now have a global map of Ethereum addresses on the go, and similar to the Ethereum discovery protocol, this can be done publicly by everyone."
Ultimately, there is no simple way to correct this damage or protect users, since many have to do with the operation of some of the individual lighting clients. Despite this, Szilágyi managed to offer some advice to users and developers to help them protect themselves. The three specific ways include:
- Users should run complete nodes. A complete node allows users to store data locally, protecting them from other users. Although some users prefer not to use complete nodes, Szilágyi considers them "the best anonymous in the Ethereum ecosystem".
- Developers should refer back to the work done by the Tor and I2P browser to learn how to protect metadata. Szilágyi encourages users to "learn from their results" in any attempt to solve localization problems.
- Developers should not blame users for privacy issues. Szilágyi believes that the responsibility for privacy lies with the developers of dApp and the platform to be solved.
Szilágyi left a warning to the participants to protect themselves. The integration of privacy functions from the start is fundamental and Facebook is a perfect example of the repercussions that may occur. He noticed,
"I do not think Facebook was created to collect user data, it was not created to abuse the elections, it just happened, we do not want to fix it to protect users not just from outside attacks. protect users from ourselves ".