Llama Party with Alan (Railgun)
Source : https://www.youtube.com/watch?v=M5cEouZ5QTY
Railgun allows for private cryptocurrency transactions through smart contracts. CurveCap used Railgun to send money privately after making an embarrassing trade they didn't want others to know about.
People use services like Venmo, Cash App, PayPal, and wire transfers for privacy when sending money traditionally.
Cryptocurrency transactions can be faster and more efficient compared to traditional wire transfers, but there are fears that privacy tools like Railgun could face legal troubles from the government's crackdown on cryptocurrency privacy.
Privacy is needed for DeFi (4:00)
Traditional finance provides "actor privacy". When sending money to someone's bank account, you don't get to see their full financial details like account balance, mortgage payments, etc.
This level of privacy doesn't exist in cryptocurrency, where everyone can see all transactions and balances on the blockchain. Lack of privacy in cryptocurrency leads to "voyeurism":
- People routinely look up others' wallet addresses to judge their coin holdings, trading history, etc.
- This kind of financial voyeurism is unique to cryptocurrency and doesn't happen in traditional finance.
For these reasons, privacy is needed for DeFi to be taken seriously. For decentralized finance (DeFi) to be genuinely mainstream, it needs to have privacy elements akin to traditional actor privacy.
The transparency of cryptocurrency transactions should appeal to surveillance states like the U.S. Yet paradoxically, they are cracking down on cryptocurrency privacy tools.
Some regulations like GDPR and California's consumer protection laws promote privacy rights. This contrasts with the surveillance state's opposition to financial privacy in cryptocurrency.
How Railgun and Privacy Pools work (8:50)
On Railgun, users deposit funds into a ZK address bound to their private keys, encrypting their account history.
View keys can be shared to allow accounting/auditing without spending access, and there is a partnership with Koinly allows generating tax reports for ZK addresses.
Privacy Pools allow proving non-interaction : users can generate zero-knowledge proofs showing they are not on sanction lists like OFAC's SDN. The goal is to differentiate good actors from clear "chain abusers" like scammers, rug pullers, etc.
The problem with view keys is that, once they're shared, cannot be revoked and permanently dox the user. Privacy Pools allow making statements about your actions without fully doxing.
For Privacy pools to be effective, we need accumulators of chain abusers, and community efforts like Metamask's Scam Sniffer track abusive on-chain behavior.
Dialogue with authorities
Motivations (17:40)
Alan already engaged with authorities and policymakers. He spoke with officials from OFAC, senators, law enforcement at various events
Alan wasn't originally expecting to engage with DC policymakers when leaving traditional job, but he felt obligated to provide a voice for normal users and builders in this space, as most voices in DC were from individuals later revealed as criminals (FTX, Celsius)
He sees himself as a normal, tax-paying American advocating for protective technology, and believes protecting user privacy should be a priority for builders
Proactive engagement (23:15)
For confidentiality tools to be more widely adopted, it is necessary to engage with authorities :
- It prevents misunderstandings and misconceptions about privacy protocols
- Allows to finding common ground on reasonable use cases
- Helps the space mature and gain legitimacy with authorities
To bridge the gap, we need educating on privacy-preserving mechanisms like viewing keys, zero-knowledge proofs, and avoiding running afoul of law enforcement as the space matures
Authorities ask articulate questions about DeFi, but the reality is that they don't understand it very well.
It is cute to have a "degen" crypto culture, but this alienates outsiders and do ourselves a disservice when talking with authorities.
Mixed feelings with privacy-preserving mechanisms (29:00)
There are lots of reasons to use privacy mechanisms :
- Lack of trust in centralized authorities to protect personal information, given repeated data breaches and leaks by major tech companies.
- Peer-to-peer and encryption place responsibility on individuals, reducing the surface area for attacks compared to centralized data lakes.
- Zero-knowledge proofs can prove "do-goodery" or non-interaction with illicit activities without revealing personal data.
According to Alan, there are differing opinions within government and law enforcement :
Some law enforcement/government officials are worried that such technologies could enable illegal activities by obfuscating data.
But at the same time, others agree that regulatory bodies are doing it wrong, like OFAC delegating responsibility to for-profit companies like Chainalysis, rather than engaging with the initiatives directly.
According to Alan, we shouldn't see law enforcement as a monolith. It's beneficial in engaging differing viewpoints rather than dismissing them outright
Targeting irresponsibility instead of privacy (33:25)
Law enforcement has significant capabilities and resources for conducting due diligence.
They frequently engage with blockchain analytics companies like Chainalysis, CipherTrace, Elliptic, and TRM Labs.
These analytics companies use on-chain heuristics, which have the potential for errors and misattributions, as evidenced in cases like the Bitcoin Fog case.
Zero-knowledge proofs and privacy mechanisms can make investigations easier by eliminating the need for heuristic-based attribution.
The problem is, privacy mechanisms can be unfairly targeted or argued to be facilitating crimes, even when they are not directly involved, such as the example given with Tornado Cash.
The focus should be on irresponsible protocol development practices rather than privacy mechanisms themselves.
Community must "grow up" (39:10)
DAdvisoor noticed that crypto is still largely perceived as a "scam" by the general public, and adopting privacy tools adds another layer of skepticism/negativity.
Although influential figures like Vitalik using them sets a positive example, people currently fear interacting with privacy protocols due to assumptions. So we need to change this perception and educate that privacy is a right
Alan thinks the community has to "grow up" :
- We have to admit we are still early in the technology lifecycle, and manage expectations on the pace of adoption (e.g. credit cards took decades)
- Developers should have realistic total addressable market projections
- We must call out bad behavior, poor security practices more harshly
- Evolving development practices beyond insecure multi-sigs/EOAs
Being a good actor is a challenge (47:25)
Well-intentioned people calling out bad practices often face backlash, that was especially visible when we were questioning Terra/Anchor protocol
ZachXBT, OfficerCIA and others are trying to help people, but they get swarmed by angry mobs/communities loyal to the dubious projects with personal attacks, insults, and "FUD" accusations rather than addressing concerns.
This dynamic disincentivizes good actors from speaking up to avoid harassment
Advocating for privacy (in US)
Why we need privacy (51:20)
We need privacy to prevent doxing and revealing personal information :
- Allows making payments without others judging your transactions (e.g., NFT purchases, shitcoin investments)
- Prevents revealing financial positions that could be exploited (e.g., highly leveraged trades)
Privacy use cases are legitimate :
- Sending payments without unnecessarily exposing personal financial details
- Access to geo-restricted content
Privacy protects against future threats like quantum computing breaking current encryption
As blockchain transparency increases over time, privacy will become more important to maintain reasonable expectations of financial privacy
New technologies are seen as scary (58:15)
Pushback against privacy stems from lack of understanding and fear of new technologies :
- The "Crypto Wars" in the 1990s where encryption technologies were first considered as a weapon
- We can't HTTP anymore as HTTPS is the new norm
Innovations bring uncertainty, but eventually their benefits become obvious. Disintermediation of finance removes traditional compliance checkpoints which is scary, but will also become obvious
That said, regulators' stance may be influenced by protecting existing power structures.
Regulators seem smart, but also seem disingenuous, protecting their Consumer Financial Protection Bureau's power derived from traditional finance. Even if DeFi brings improvements, they can't treat it fairly due to conflicts of interest.
Less explanation, more lobbying (1:03:45)
We need lobbyists and efforts to influence policymakers, not just send smart people to explain crypto/DeFi (lobbying is how things actually get done in politics)
Politicians' opinions are heavily influenced by lobbyists, not just assessing issues objectively. Courts, judges, authorities are not completely separate/isolated from these influencing factors
There are already some crypto lobbying groups, but we need to enhance these efforts :
- The Blockchain Association is doing good educational/advocacy work in DC for crypto/DeFi
- The Proof of Stake Association (PoSA)
- Coin Center is tirelessly educating on crypto tech/freedom
Engage with the political process (1:08:30)
Writing/calling elected representatives (senators, congresspeople) about crypto issues is important
Donating money to crypto advocacy groups is an easy way to support the efforts
Privacy and avoiding overreach by agencies like the IRS is crucial. The IRS hiring 84,000 new agents is concerning for privacy/crypto
Open source developers going to prison over privacy tools is a major risk. We need to advocate and educate to prevent a "slippery slope" on this issue. This is not just a funny meme, real people's lives are at stake
Continuing to enhance privacy tools like Tornado Cash is important, and building beyond just checking OFAC list, toward community-curated approaches
Call to action (1:15:00)
Alan suggests checking out web3privacy.info as it is a good resource for learning about privacy tools being built.
They do a lot of research and due diligence on privacy projects, and it has sections on hiring and contributing to privacy projects.
Engage with the crypto community by following accounts like @railgun_project
Alan encourages people to try out privacy tools and discuss their practical implications with friends. The Railgun Wallet and Terminal Wallet are examples that have integrated Railgun's privacy SDK well.
Alan will be in Australia for the ETHSydney hackathon after previously being in Japan. He gave a talk at Pragma, which was apparently recorded and will be made available later.