web3privacy/Pagency
Mykola Siusko eb6f33df95
Add files via upload
2022-12-14 14:15:32 +01:00
..
img Add files via upload 2022-12-14 14:15:32 +01:00
Pagency - privacy use-case facilitation framework.pdf Pagency - Privacy-enhancing web3 use-cases 
ideation framework 2022-12-13 19:28:59 +01:00
Pagency framework logo.png Add files via upload 2022-12-13 19:55:38 +01:00
Pagency framework v1.0.pdf Add files via upload 2022-12-13 20:52:30 +01:00
Privacy framework template.pptx Add files via upload 2022-12-13 22:08:09 +01:00
Readme.md Update Readme.md 2022-12-14 02:02:26 +01:00

Readme.md

Pagency framework

Pagency framework is a tool to facilitate impactful privacy-enhancing ideas & raise privacy culture in web3.

alt text

Web3 tech stack could empower human privacy

  • Raise awareness about the necessity of privacy protection.
  • Build tools to enhance privacy.
  • Advocate for the following business models not based on surveillance capitalism.

Return human agency for data-driven decision making.

Audiences

  • web3 ecosystems > Help builders come up with feasible ideas
  • hackathons > Help teams deliver impactful solutions
  • individuals > Scale up privacy-enhancing services experimentation
  • educators > Advocate for privacy using a practical tool

The more use-cases would be shipped -> the better Web3-privacy would progress as a habit, lifestyle & basic human right.

alt text alt text

Check PDF version here

Contents

Below is a step-by-step Pagency components introduction. You will find framework-as-a-template plus Brave & Lunar Wallet examples at the end of the page.

Humans

alt text

  • Who are you building for?
  • Why should they care?

Create in-depth human-personas based on interviews or research.

Web3 services usage

  • What kind of web3 services this human uses?
  • What are the data breaches in those services?

Privacy

  • How aware is a person of the necessity for privacy protection?
  • How easily person would give up privacy in exchange for services or product features?
  • Why this human needs privacy protection?
  • What would happen with a human without additional privacy?

Personal data literacy

  • Does a person know how his/her/theirs data has been abused?
  • Does a person know how to protect himself/herself/themselves?
  • What kind of privacy-enhancing solutions does a person use?

Empathy Try to talk with some of those people. Talk broadly about their internet rights, privacy, web3 services, and security. Make products for them & not just for yourself. Humanity-centered design is a practice tool

Suggestions

  • Web2 users - help them to convert to Web3
  • Web3 users - empower their existing services

Hint: focus on humans as communities, not just individuals.

Data

alt text

  • What kind of data are you protecting?
  • Why does this data matter?

Write down a list of sensitive data you aim to protect or re-design business model.

Data is the fuel of blockchain & surveillance capitalism. Its regularly exploited & used by third parties without your consent. Not just Google or Facebook, but also Web3-services from wallets to CEXs collect personal data.

Exploited data could be presented in different forms:

  • transactional data
  • IP addresses
  • name
  • age
  • geo
  • wallet address etc

Example Google services track your online behaviour, make look-alike modelling & sell your profile to advertisers. So you become “a product”.

References

Suggestions

  • Explore how Data flows within the internet.
  • Explore how Data brokers collect & sell sensitive data.
  • Explore how Web2 & Web3 data correspond with each other.
  • Analyse how much Data you share with third parties daily.
  • Analyse GDPR practices like Data Protection Impact Assessment

Hint: think of both on-chain & off-chain data when you are doing research.

Challenge

alt text

  • What are the main barriers on your way?
  • How do they compromise the person, you, industry?

Write down a list of challenges that stand between humans & your idea.

Web3 isnt a transparent or regulated market. Thats why its easier to spy on humans. At the same time, humans dont know how to choose the correct privacy-enhancing service.

Examples

  • unregulated blockchain-data aggregation
  • third party surveillance
  • lack of privacy literacy
  • “fake privacy” within existing solutions
  • existing architecture allows third parties to spy on personal data

Suggestion Analyse the Tornado Cash case from open-source development & DAO governance perspectives.

Hint: think of the ZK market that solves the challenge of preserving sensitive data while validating parts from KYC to age verification.

Threat Actors

alt text

  • Who is threatening privacy-balance?
  • How do these bad actors use personal data?

Write down a list of multiple actors challenging web3 privacy from the data-analytics companies to marketing agencies.

Specify what threats these actors cause: selling, spying, stealing data etc.

Examples

  • Corporations - Google is at the heart of surveillance capitalism, selling humans data to advertisers.
  • Hackers - exploit vulnerabilities in tech, sell databases with personal data.
  • Scammers - malicious actors behind stolen funds.
  • Governments - think of the NSA or Pegasus cases dealing with gov surveillance apparatus.
  • Data brokers - specialises in collecting personal data or data about companies, mostly from public records but sometimes sourced privately, and selling or licensing such information (Experian, Equifax, Acxiom).

References

  • Chainalysis used the block explorer website to collect wallets & other data: click
  • ConsenSys revealed that it collects user data: click

Hint: actors could be both web2 or web3 native.

Privacy layers

alt text

  • What privacy layer are you contributing to?
  • Whats a trade-off compared to other layers?

Choose one of the different approaches to the web3 privacy-enhancing: from embedded to total anonymity. The approach depends on compliance-readiness & moral beliefs.

Definitions

  • Embedded - network-level privacy that allows seamlessly deploy privacy within dApps. Privacy by default. Example: Manta Network
  • Configurable - is a configurable approach to privacy that lets humans disclose their transactions to third parties. Example: Aztec
  • Enterprise ready - enterprise grade & government compliant privacy protection standard. Example: NYM
  • Total anonymity - human-centric privacy without compliance compromises & invisible to law enforcement units. Example: DarkFi

Resource: Web3 privacy layers overview from embedded to total anonymity article

Hint: think of a privacy implication complexity: KYC+AML could be great for accountability in the USA, but it means the death penalty in Iran

Solution

alt text

  • How your idea empower humans?
  • How sustainable is your solution in 1-3-5 years?

Brainstorm the bravest ideas without the limits. Then, visualise them using traditional or digital surfaces.

Apply the following filters to choose idea you like the most:

  • Privacy-first: its in line with privacy-enhancement
  • Usable: its easy to use &/or implement
  • Empowering: it empowers humans lives
  • Impactful: it shapes existing surveillance vs privacy balance
  • Feasible: its possible to develop an idea from tech, open-source & economic points

Examples (web3-native)

  • dVPN hides your actual IP address from third party websites & apps
  • Messengers protect your private communication from exploitation
  • Private currencies could protect human identity in front of oppressive government

Suggestion double-check existing Web3 privacy-enhancing solutions: Web3privacy now database

Hint: lots of web3 solutions complement each other - an ecosystem-centric approach simplifies ideation/development

Partners

alt text

  • What partners could scale your idea?
  • What kind of value do these partners add?

Write down actors that could help you to activate or scale the solution.

Make reverse engineering: imagine a time when your solution has been implemented on a broader scale.  What kind of partners do you need to make this happen? 

Examples

  • Investors - cover development & marketing costs, scale up market delivery
  • Developers - implement & adapt the solution to speed up Product-market-Fit
  • Institutions - could advocate & adopt solutions (think of messenger like Signal here).
  • Journalists - they could become ambassadors of your solution
  • Opinion Leaders - both traditional or web3s best actors preaching for change (from Vitalik to Shoshana Zuboff)

Hint: partners should unlock value for you

Resources

alt text

  • What resources do you need for a start?
  • What resources do you need to sustain your idea (1-3 years)?

Write down all potential resources you need to launch your idea & sustain it.

Split idea implementation into phases: MVP, Product-market-Fit, Scaling. Each phase requires a different amount of resources.

Examples

  • Financial expenses
  • Human resources
  • Partners
  • Legal support
  • Investments
  • Community
  • Governance

Study How Rotki is trying to find the Product-Market-Fit being open-source + Gitcoin

Suggestions

  • Think broadly about missing skills from the team (example: developer doing investment relations).
  • Think about the potential business model (grants, sponsorships, subscriptions, fees etc)

Hint: resource management could come in handy, helping to understand feasibility of idea for yourself & wider audiences (from hackathon jury to investors)

Success metrics

alt text

  • How would you measure success?
  • What is the one ultimate metric to track?

Write down a list of metrics that define the success of the product.

Think broadly about metrics: what would they be for humans, partners or hackathon organisers?

Play with the future vision: how metrics would change from MVP to ultimate Product-Market-Fit?

Examples

  • tech-centric: GitHub-readiness: clean code, ease of fork, compostability;
  • human-centric: UX/UI-readiness, ease of use, Web2-to-Web3 conversion rate, the total amount of users, recurring users, word of mouth
  • community: organic growth rate, the value-driven contribution rate

Filter metrics via formula

  • the 1 ultimate metric (example: financial sustainability = revenue + organic growth)
  • 3 key metrics (example: financial sustainability, DAO autonomy, market penetration)

Hint: always separate product performance metrics from the financial side

Implementation

alt text alt text

Principles of privacy-enhancing development

Human centered

Place humans in the centre of your idea. Care about his/her/theirs emotions, crypto & privacy literacy.

Solve an actual privacy-specific problem

Empower humans with practical privacy solutions that could be used here & now.

Accessible to the future Web3 audience

Think about newcomers using your services in forthcoming years.

Ethical

Dont build services for money laundering, criminal activities or violating human rights.

Open-source

Make your idea accessible to the world via GitHub, Devfolio, GitLab.

Idea valuation

Default state: Decentralisation ethos sync - it redistributes power from centralised actors back to humans.

Problem Importance

How important is the problem being solved? (10: extremely important)

Privacy-solution impact (addressable market) 

thousands, millions of humans

Ease of implementation 

How complex is the implementation: budget, team, processes > from 1 to 10

Effectiveness 

How effectively does the idea address the referenced problem? (10: ultimate effectiveness)

Product-market-Fit 

time vs efficiency

Community contribution 

re-usability, compostability

Examples

alt text

Brave browser

alt text

Lunar wallet

alt text

Editible template (PPTX)

Resources

Lectures

  • Kurt Opsahl “The value of cryptocurrencies in supporting of human rights”: watch
  • Jaya Brekke (CSO, NYM) “Privacy, the big picture”: watch
  • Salomé Viljoe "Data Egalitarianism and the Digital Services Act" watch

Web3 privacy-enhancing projects

  • Web3privacy now database: explore
  • Web3 privacy landscape map

Books

  • Shoshana Zuboff “The Age of Surveillance Capitalism”: buy
  • Rebecca Giblin and Cory Doctorow “Chokepoint Capitalism”: buy
  • Danielle Keats Citron "The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age" buy

Hackathons ETH Brno privacy & security edition + Devfolio

Press Coindesk Privacy week materials

Movies The Social Dilemma

PDF version

Available here

Part of the Web3privacy now research project