Plugging the metadata leaks

in the Ethereum ecosystem

2 November 2018

Devcon 4, Prague

Péter Szilágyi

Ethereum Team Lead

Web 2.0

Diving into Etherscan

Easily check your balance / tokens

What happens behind the scenes?

YouCloudflareEtherscanGoogle AnalyticsDisqus

Etherscan + HTTP referrers + external services = 💔

HTTP referrer headers track web request origins

DisqusArbor - Marketplace for people-dataAppNexus - Marketplace for advertisingLiveRamp - Identity resolution serviceNarrative I/O - Data trading platformZetaHub - AI marketing platform
DisqusYouTubeVimeoTwitter (tweets)Facebook (status, video, photo)Instagram (photo only)GiphyImgurGoogle MapsSoundcloudVine
Social services Tracking services Embedded services

Plug the referral leaks

Providers must protect their users

Users must protect themselves

* YouTube & co. are neither, but will still happily track you

Plug the geolocation leaks

You Infura
YouCloudflareEtherscanMyCrypto / MyEtherWalletInfuraMetamask / DApp

Would you publicize your location and Ethereum address?

Anonymize your IP address with Tor!

Web 3.0

Diving into discovery

Phases of connecting to Ethereum

Nodes maintain a Kademlia routing table

Portable devices + Ethereum nodes + DHT = 💔

You - Last month - San FranciscoEthereum DHTYou - Last week - BerlinYou - This week - PragueYou - Next week - LisbonYou - Next month - ShanghaiRandom node 1Random node 2Random node 3...Random node N

Node IDs and node IPs are public knowledge

Nodes should switch to ephemeral IDs (?)

Diving into light clients

Light clients + on-demand retrieval + limited servers = 💔

Mist - eth_getBalance(your_addr, 6585725)Light clientMist - eth_getBalance(your_addr, 6585726)Mist - eth_getBalance(your_addr, 6585727)Mist - eth_getBalance(your_addr, 6585728)Mist - eth_getBalance(your_addr, 6585729)Mist - eth_getBalance(your_addr, 6585730)Light server #1Light server #2Light server #3

Light clients only retrieve useful data

Anonymize your IP address with Tor (?)

Takeaway nuggets

Full nodes are the most powerful anonymizers in crypto, because they make everyone look the same and act the same. Every shortcut is an exchange of privacy for convenience!

Privacy on Ethereum is currently worse than the surveillance paradise of the legacy web. We have the knowledge to fix it (Tor, I2P); let's prioritize and fund it before inertia sets in!

Privacy is not up to users to get right, because they won't know any better. It is our job as platform-, dapp- and decentralized system developers to protect them from ourselves!

Thank you

Ethereum Team Lead