(This article presents my internal thoughts on privacy issues. It explores the world of payments privacy. Please remember this is not financial advice. You are encouraged to read, recommend, revise, or critique this content.)

The text focuses on how blockchains can address privacy issues within the payment system. This research aims to understand how to better improve and scale fintech and social networks.

Acronym list

• AI - Artificial Intelligence

• ECB - European Central Bank

• FED - Federal Reserve System

• LLM - Large Language Model

• NSA - National Security Agency

• OFAC - Office of Foreign Assets Control

• SWIFT - Society for Worldwide Interbank Financial Telecommunication

• ZK - Zero-Knowledge

“Privacy is freedom. It gives us space to live our lives in the ways that meet our needs without having to constantly worry about our actions will be perceived by all kinds of centralized and decentralized coercive political and social entities.” - Vitalik Buterin

Privacy is far more critical than simply hiding criminal transactions. The world shifted from cash (fiat) to credit cards and then to mobile (tap) payment systems. We moved from a world of anonymity, where users spent in cash without attaching sensitive, real-time information, to one where applications, banks, centralized government and attackers know exactly when, where and on what each person spends their time and capital.

Mobile payments unlocked greater accessibility to the cashless world. Simultaneously, they unlocked a world of almost perfect surveillance.

When we pay in cash, we do not issue a document containing confidential transaction details. However, credit card systems were developed to require this sensitive information for every retail and service transaction. At scale, this leakage of data with each transaction creates significant threats for every individual using this financial system.

While the surveillance system on social networks is often criticized, a widespread increase in sensitive data is occurring within the most essential payment systems. In this hyper-connected world, people are more exposed. Companies providing key services hold information that can restrict users. The world becomes more judgmental because “everyone” knows everything about “everything.”

The Payments Surveillance State

In payments, government, fintech applications, commercial banks, and central banks know every detail of your spending life. Worse, as data becomes a commodity, it is sold to other companies. Your data is everywhere. Ordinary individuals are exploited, and key individuals are targeted. Everyone is under threat due to these recent world innovations.

This situation violates the American Fourth Amendment:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures …” - NSA forth Amendment

The NSA Snowden case demonstrated that the NSA’s ****bulk collection of Americans’ phone records was ruled illegal under the Fourth Amendment by federal appeals courts. Bulk phone records are no worse than bulk transactions. In fact, bulk transactional information without a warrant is arguably a greater threat, and this occurs in real time.

Presently, 90% of the entire payment system is controlled by the SWIFT system, a centralized, member-owned cooperative of worldwide banks that can see everything. On top of this, central bank systems, like the FED or ECB, enforce OFAC rules.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say” - Snowden

In every transaction, you give critical data to banks and payment networks:

• Merchant details: Where you are paying.

• Amount and currency: How much you are paying.

• Transaction date/time: When you are paying.

• Card details, Billing address, Device fingerprint: Information about your identity and device

This critical information can be bulked to determine:

1. Your physical path: Location where you are and have been.

2. Your spending balance: Amount of capital you have.

3. Your preferences: What you like and when you like it.

4. User behavior trends: How you change over time.

5. Personal patterns and real-time information

This shows how sensitive this data is and why protection is essential.

Blockchain’s privacy failure and solution at the same time

The path we initially built with blockchains creates an even worse scenario. This information is not only centralized to a small number of organizations but is also exposed globally. Anyone with internet access and some technical understanding can find all the sensitive information mentioned above, simply by knowing your wallet address.

“Bitcoin’s blockchain records are permanent. This means the ledger of every transaction ever made is public forever. This is worse than any traditional banking system in terms of privacy, because banks don’t publish everyone’s transactions publicly - but with bitcoin once your identity is linked to an address, your entire financial history is exposed eternally. “ - Snowden

This model is a step backward, deteriorating user privacy. We must solve this fundamental flaw.

“I’ve been warning bitcoin developers for ten years that privacy needs to be provided for at the protocol level. The clock is ticking. This is the final warning. “ - Snowden in 2024

Relying on mixers or Layer-2 tools is insufficient because the base-layer blockchain itself is a permanent, surveillance-friendly database.

Blockchain technology can solve this problem. Early solutions like ZCash and Monero identified and unlocked the solution. It is critical that records be private or ephemeral by default, at the base-layer.

Ethereum is now also shifting toward this. The recent Kohaku upgrade aims to unlock privacy at the protocol level. We are finally making the move that is critical for users to live a safe, internet-connected, digital life.

Solving payment privacy with blockchain technology is a critical global problem that cannot be solved otherwise. The tech is available, and we must implement it. This provides tools for applications to offer services without acquiring sensitive user data. It protects privacy while still enabling key features.

We are moving from a world of centralized surveillance to global surveillance. Now, we must move to a private world where privacy matters, as we have reached a peak scale of information. People care about privacy. Massive AI companies will use sensitive human data without “real” consent. The current system—requiring users to accept endless cookies and 100 pages of privacy information—does not meet the “real” consent criteria.

Humans will suffer when a few companies generate massive profits using their data, while AI and LLM impact jobs and lives because privacy was ignored. More people care about privacy now; Google Trends shows we are at a 20-year peak of interest, with massive growth since AI and LLM’s became mainstream in 2022.

Developed countries are more aware of these consequences because they use more fintech and mobile payment systems, and their demand for privacy reflects their understanding of the threat.

Privacy at the base-layer.

We should have a world where payments are private at the base-level. Users will pay for products and services with their mobile devices and blockchain systems without unleashing sensitive information to everyone every time. No entity can see or acquire sensitive information about your spending.

ZK technology allows the network to verify that a transaction is valid without revealing the sender, receiver, or amount information. This protects sensitive data in an open ledger that can operate without centralized control. This system is better than any traditional one; it protects citizens and provides the services everyone needs.

ZK is a solution not just for the payment world, but also for social networks. Each account requires to feed a massive centralized database with sensitive data to operate efficiently, forcing platforms to store all sorts of sensitive information. Algorithms run on top of this databases.

All of this can be protected in a ZK world. Algorithms can run on ZK systems to validate operations, recognize interests, and match connections without unlocking critical information at the protocol level. By protecting privacy at the protocol level, you secure privacy for your users.

• No central server ever sees plaintext data.

• Matching algorithms can happen on ZK.

• Interest recognition can run on ZK.

• Advertising algorithms can also run on ZK.

There is no need to create a threat that allows data brokers or attackers to steal, sell, or unlock critical data.

Blockchain plus ZK technology unlocks features that are valid, important, and critical for the next 100 years.

Humans must not be treated as mere data points for AI. A system that works privately in the social network area is essential.

Zupass is one example. It creates a digital passport that adds private ZK badges like: “I attended Devcon”; “I’m a Gitcoin donor > $5k”; or “I’m from Europe.” Apps can query: “Show me all users who attended Devcon AND donated to Gitcoin.” Zupass can provide this match without revealing which specific events or how much you donated.

Privacy by default is ready to go mainstream. Applications can be private by design and still provide better services and algorithms to users. If privacy is the default, users will provide more reliable and critical information. When trust exists, human interaction flourishes.

This is a good thing.

Thanks,

Joao