Foresight Ventures: Understanding the Other Side of Web3 "Privacy"

Author: msfew

Summary

In the era of WEB3.0, users own on-chain data, which is public, transparent, and traceable. We seem to have found a utopia of freedom and equality; on the other hand, how to protect user privacy will be another holy grail.

Below is the mind map of the article:

1. In the Web2 Era, We Had No Privacy

In the tenth chapter of the Bitcoin white paper, Satoshi Nakamoto devotes the entire chapter to describing the privacy model of the Bitcoin network. In the traditional banking model, access to information by participants and trusted third parties is somewhat restricted, achieving partial privacy. However, in a blockchain network, transactions must be guaranteed to be public.

Therefore, Bitcoin's privacy is maintained through the anonymity of public keys. Typically, we cannot deduce who a person is from a randomly generated public key (although we now have tools like whale analysis that can infer this information).

In the example given by Satoshi Nakamoto, the privacy design of the blockchain evolves from "banking to the Bitcoin network." We can extend this example to the privacy design from "Web2 to Web3." We assume that the underlying network of Web3 will be a blockchain network like Bitcoin. Therefore, the privacy we discuss will be premised on public transactions, open-source data, and decentralization.

We have actually realized the importance of privacy on the internet for a long time. When we first encountered the internet, our elementary school information technology teachers and parents would warn us never to expose our real names on the scary internet, as we never know who is behind the screen.

But we also realized the importance of privacy on the internet quite late. Our clipboard is frequently read by third-party applications, our preferences and actions are sent from countless websites to Google Analytics (if you press F12 now, open the browser's Console, and click on Sources, you might see it), and our data is sold at a marked price. These actions are unknowingly stealing our data and privacy.

In recent years, we have belatedly discovered that we have been ravaged by some internet companies for a long time. Thus, we began to use applications like Telegram, DuckDuckGo, Mirror, etc. … Of course, most importantly, in the era of Web3, privacy has finally gained the attention of users and developers with the rise of blockchain. In the open and user-driven era of Web3, privacy protection will become a standard feature.

2. What is Privacy in the Web3 Era?

"Privacy in the Web3 Era = Confidentiality + Anonymity = Data Privacy + Identity Privacy + Computational Privacy."

In the Web3 era, assuming that all our interactions and online traces are interactions within on-chain applications, all our data will consist of transactions and the information contained in those transactions. Taking the transferFrom function in ERC-20 (with parameters _from, _to, _value) as an example, a transaction will consist of the following: the sender of the transfer, the receiver of the transfer, and the transfer amount. Based on these transactions, we can define privacy, anonymity, and confidentiality in the Web3 era.

Anonymity refers to: the sender and receiver of the transaction (real identities) need to be non-public, while the transfer amount can be public (only the _value parameter can be known).

Confidentiality refers to: the transfer amount and other contents need to be non-public, while the sender and receiver can be public (only the _from and _to can be known).

True privacy should be anonymity + confidentiality, meaning: all contents of the transaction, including the transaction sender, transaction receiver, and transfer amount, need to be non-public.

On this basis, further privacy means that Web3 users need to be granted the right to choose whether to make data public before sending a transaction, allowing users to actively decide whether this transaction requires privacy. After the transaction, users actively choose the privacy of the transaction execution, which may be difficult to achieve given the immutable nature of the blockchain.

3. Data Privacy (Confidentiality)

"Data privacy is confidentiality, mainly consisting of two parts: control and ownership of data, and confidentiality of the data content itself."

a) Control and Ownership of Data

"User data should not be a product. Users should have absolute control and ownership over their data, ensuring data ownership and preventing unauthorized operations by platforms, which is a manifestation of privacy.

In the Web2 era, users are the product. Think about it, don't almost all search engines, e-commerce platforms, and video websites have countless ads? Companies in the Web2 era treat user numbers as assets, and users are the source of their advertising revenue. From cookie tracking to Google Analytics, every action you take, every few seconds you spend on a page, is tracked. And you may have just checked a box on a privacy policy that no one ever reads.

In the future, as the internet becomes more widespread, more users and data will flood into the internet, bringing even greater rewards to companies that specialize in data theft. In the Web2 era, the default situation is that users have no privacy, and users have no control or ownership over their data.

Data Control

Data should not be a product, but information. In the Web3 era, users need to have control over their data; every interaction and transaction they make, along with the data generated, should belong to the users themselves. Only users can decide how to dispose of this data. Data ownership should not be determined by applications but should be based on the user's subjective will, which is also a manifestation of privacy.

Web2 platform applications are like farmers, enclosing a piece of land for users and monitoring them 24/7 to generate data. They profit from the data generated. Web3 platform applications are more like personal assistants, helping you manage your data while not prying into or distorting your data without your knowledge. With the help of a public database like blockchain, Web3 applications will transfer data control to users, and the applications will only assist users in better managing their data.

Data Ownership

According to an article by Vincent on how Web3 reshapes data value, users can derive value from all their data. In the Web2 era, data has value, but it belongs to the company; the value does not belong to the user and will not be shared with the user. In the Web3 era, on-chain data is a gold mine, and it is a gold mine owned by the users. The more Web3 applications there are, the more data there is, and the larger the gold mine becomes.

Web3 users can freely surf the internet with their data gold mines. Imagine data interoperability among banks, social media, and video websites… You don't even need to imagine; this is already happening in Web3. Every footprint you leave is recorded on the chain, in your address. When you interact with another DApp, you don’t have to start from scratch because the previous data will always belong to you, accompanying you.

When using chat software in Web2, you are conversing with others on Facebook's centralized servers; whereas in Web3, when you use chat software, you are conversing with yourself, and all data will be stored in your own account, while the chat software will only fetch the data you own from the chain.

The relationship between data ownership and data privacy is not particularly significant, so I won't elaborate further here, but I highly recommend you read the article mentioned above.

Arweave

Arweave is a blockchain for permanent storage. In the least ideal case, Arweave can store data for 200 years (which is considered permanent for an ordinary human). Although it has no competitors in terms of permanent storage, Arweave's true value lies in the permanent control and ownership of data.

Data uploaded by Web3 users and developers to Arweave can never be deleted (> 200 years) and will always belong to the users and the entire decentralized network. Users have absolute control over their data that cannot be taken down. Making data permanent is just the first step; the real focus is that through the entire permanent storage network, all participants in Arweave share the risk of data being taken down. NFTs uploaded to Arweave will never be deleted, which is the true value of NFT ownership for users. An eternally existing NFT and NFT ownership should be essential characteristics of NFTs.

In addition to this, the decentralized Arweave can create a censorship-resistant content platform through open-source contract code (as a data filtering and processing tool) and publicly available on-chain data (as raw data), which is an Alexandria Library that can never be destroyed. This is the last mile of user data ownership in the Web3 era, which is the permanence of data and ownership.

Recently, everFinance created a Mirror search engine on Arweave. Any data is fetched from this decentralized network. Users will not have to worry about whether their favorite media platform will be taken down due to various pressures one day. If you want to build more platforms using Arweave's permanent data, you can try using this open-source library.

Cryptographic Wallets

Cryptographic wallets are a crucial point for data control. As the gateway to the Web3 era, cryptographic wallets are as essential as Google's search engine in Web2 (of course, cryptographic wallets do not collect and sell your data like Google).

All cryptographic wallets (Metamask, Bitkeep, etc.) embody Web3 users' control over data. Every transaction and on-chain operation is signed or agreed upon by the user. Users clearly know what data will be made public, what interactions will be recorded on the chain, and do not have to worry about being tracked by applications. This is a widely existing but often overlooked aspect of privacy in Web3, yet Web3 users have long enjoyed the privacy experience of controlling their data.

Data control and ownership will lead to better UX

Under the trend of Web3, almost all user data can be viewed freely, and how to use this data is up to the projects themselves. Web2 developers would first compete for data, enclosing a piece of land to let users in, turning users into cows that continuously produce data, rather than thinking about how to attract users with better apps.

According to DuckDuckGo's analysis of popular free Android applications, 96% of free applications on Android contain third-party trackers, with 87% sending data to Google and 68% sending data to Facebook. The homogenization of data on the blockchain allows Web3 developers to compete in product interaction and intent, directly improving user experience.

In the Web3 era, users are no longer products, and users' data is no longer controlled and utilized by a single entity. Users' data belongs to themselves, and users have autonomous control and permanent ownership over all interactions. Web3 data also belongs to the entire transparent decentralized network. This is undoubtedly a good thing for user privacy.

b) Confidentiality of Data Content

" The confidentiality of data content is achieved through privacy transaction applications. Through technologies like zero-knowledge proofs and mixers, inputs, outputs, and amounts in transactions can be protected for privacy.

The confidentiality of data content mainly refers to the specific content of transactions or users' transaction records being encrypted or kept private. We can consider hiding the input and output addresses of transactions or obfuscating the specific amounts of transactions as manifestations of data content confidentiality.

Privacy Transactions

The Ethereum account system itself is not "private." When you perform an operation to claim an ENS airdrop, your address will be exposed in the contract interaction records, allowing others to scrutinize all your transactions. In real life, this is akin to going downstairs to buy coffee, where your home and hotel consumption records could be viewed by others. This is also similar to how the movements of COVID-19 infected individuals were completely exposed during the pandemic. Such exposure is beneficial for the overall health system and the security of the blockchain network, but it is quite damaging to individual privacy.

For example, in the image below, a hacker's address is shown; they crawled leaked private keys online, and when a victim claims an airdrop, the hacker can transfer it away. We can clearly see their criminal process. While scrutinizing their criminal process is just, it still leaks their privacy…

A simple and brute-force method to achieve privacy transactions is to encrypt all accounts and transactions and then decrypt them. However, this method is very expensive and time-consuming due to the need for network validation of the transactions.

It should be noted that the privacy transactions here only hide and keep non-public the originally transparent on-chain data. The privacy of amounts on-chain and off-chain will be discussed in subsequent sections.

Aztec (zk.money)

Aztec's zk.money is a zkRollup Layer2 on Ethereum specifically designed to solve privacy issues.

zk.money achieves privacy transactions by abandoning the Ethereum account system in favor of a UTXO system. It directly uses tickets for accounting. A transaction is no longer a change in the state of two related accounts but a change in the ownership of a ticket. Encrypting tickets is much simpler than encrypting transactions between accounts.

Transactions on zk.money are invisible to third-party users. For the entire Aztec network system, while avoiding double-spending and other issues, transaction privacy is guaranteed through zero-knowledge proofs. UTXO owners prove that there is such a ticket in the system and that they own it through their generated proof. Users do not need to disclose their actual transaction amounts to prove the legality of the transaction.

The ownership of zk.money tickets is stored in two Merkle trees, one containing all tickets that have ever been created and the other containing all tickets that have ever been destroyed. When a ticket is destroyed, it is not deleted from the first tree but added to the second tree.

The usage process of zk.money is: Users deposit funds from the mainnet into Layer2, generate proof → Users perform sending operations on Layer2 (with privacy protection) → Users withdraw funds to the mainnet.

tornado.cash

tornado.cash is an on-chain mixer for privacy on Ethereum, somewhat like DASH's anonymous transactions. Its name is quite fitting; you put funds into a tornado, and when you take them out, you no longer know who sent them.

tornado.cash also uses zero-knowledge proofs to hide the receiving account of transactions, achieving privacy transactions by transferring from one hand to another under privacy.

It uses a smart contract as a black box in the middle of the transaction process to break the connection between the sender and receiver. The sender provides a confidential hash when depositing, and the receiver (which can be the sender themselves) only needs to provide a zkSNARK proof to directly receive the deposit.

In addition, there are public chains for privacy transactions like Monero, ZCash, and DASH, which also achieve privacy transactions through zero-knowledge proofs and mixers.

We already have these mature privacy solutions for the basic token function of transaction transfers. Web3 will be built around tokens with different values and functions. The transfer of tokens is just a small part of Web3 usage, but it is one of the operations that most easily exposes privacy. In the Web3 era, our transactions will be private.

4. Privacy Computing (Anonymity and Confidentiality in Data Processing)

" Computational privacy is a deeper extension of transaction privacy in data confidentiality. The computational privacy of smart contract execution is usually achieved through cryptography, AI technology, trusted execution environments, etc., but achieving a perfect balance between performance and privacy is very difficult.

Privacy computing takes a step further in data privacy's privacy transactions, extending to Turing-complete smart contracts. The privacy protection of smart contracts mainly focuses on the execution process of smart contracts, shielding the data and intermediate states involved in execution from third parties and nodes executing the smart contracts. Privacy computing technologies can be divided into three main directions: cryptography (such as multi-party secure computation MPC), AI technology (such as federated learning), and trusted execution environments (such as SGX).

Multi-party secure computation usually relies on various underlying cryptographic frameworks, including Oblivious Transfer (OT), Garbled Circuit (GC), Secret Sharing (SS), and Homomorphic Encryption (HE). This article will not elaborate on these.

Federated learning ensures information security during big data exchange, protects terminal data and personal data privacy, and guarantees legality and compliance while conducting efficient machine learning among multiple participants or computing nodes. In short, it allows data to be shared with others without exposing privacy, thereby enhancing the machine learning process. Federated learning involves more AI content, which will not be elaborated on in this article.

Trusted execution environments are mainly related to hardware. They typically create a trusted, isolated, confidential space within the CPU, independent of the operating system. Since data processing occurs in a trusted space, the privacy of the data relies on the implementation of trusted hardware. The main challenge is how to balance performance and privacy.

Oasis Network

Oasis Network is mainly positioned against Polkadot, separating consensus and computation, using ParaTime parallel chains to handle computation. Oasis Network adopts a trusted execution environment solution (Confidential ParaTime based on SGX) to achieve privacy computing. Under the layered structure and trusted execution environment, there is a good combination of performance and privacy.

Oasis Network's ecosystem has a comparative advantage in privacy computing. At the same time, Oasis Network is EVM-compatible, making its ecosystem highly extensible.

The main use cases of Oasis Network are data tokenization (collateralizing data, generating income, while supporting certain permission controls) and serving as a high-performance EVM L2.

The main drawbacks of Oasis Network are its low composability, overly complex layered design, inability for different ParaTimes to communicate; contracts are stateless, making applications inflexible; and application scenarios remain vague.

PlatON Network

PlatON Network is primarily a public chain project focused on privacy + AI. Its main features are multi-party secure computation and AI, also separating consensus and computation, with on-chain verification and off-chain computation (similar to SCP). Off-chain computation not only brings higher performance but also enables various complex calculations (especially in AI and machine learning).

The main difference between Oasis Network and PlatON Network is that Oasis Network uses differential detection + non-full-node consensus, while PlatON Network uses full-node consensus; PlatON ensures the credibility of off-chain computation through homomorphic encryption.

In addition, there are projects like Secret Network and Phala Network. ICP is also preparing to join trusted execution environments to achieve computational privacy.

Transaction privacy and computational privacy both protect sensitive data from being viewed by third parties. Transaction privacy can be directly achieved through on-chain DApps combined with zero-knowledge proofs or mixers, making it more pluggable and flexible compared to computational privacy. Computational privacy is more complex and must be designed within the blockchain network, involving cross-chain and ecosystem cultivation issues.

5. Identity Privacy (Anonymity)

" Identity privacy refers to anonymity, mainly consisting of two parts: the separation of physical identity and digital identity, and the independence of digital identity.

a) Separation of Physical Identity and Digital Identity

" The separation of physical identity and digital identity represents a detachment between users' real identities and their online identities. In the Web1 era, we could browse without exposing our phone numbers and names, but by the Web2 era, we had to submit information for KYC. This is a serious invasion of privacy, but it remains difficult to solve at this stage.

The separation of physical identity and digital identity refers to a detachment of a person's real identity from their online identity, essentially anonymizing the identity during the process of entering the internet.

It sounds easy to achieve; a whale accumulating Bitcoin just needs to avoid exposing the institution's name, and users just need to use a pseudonym instead of their real name and avoid revealing their actual geographical location. However, this is actually one of the most challenging pain points in perfecting privacy.

We cannot achieve a seamless separation to protect real identities; as long as we go online, telecom operators have the opportunity to obtain our identities; as long as we buy something, e-commerce platforms can obtain our identities; as long as we use ENS, we may be doxxed…

Moreover, various third-party logins on Web2 websites expose a significant amount of our online tracks and real identities. For convenience, we often log into websites directly through Google or Facebook, which actually promotes the monopoly and centralization of these large companies while infringing on our own anonymity.

The most fitting example I can think of for the separation of physical identity and digital identity is the dark web. We must thank the dark web; without networks like the dark web adopting Bitcoin and Monero for payments, the industry might not have developed to its current scale.

What the dark web strives to achieve is a separation between the real and digital worlds, but when users purchase illegal items on the dark web, they still likely need to have them delivered to their hands. Therefore, the dark web has not completely achieved this separation.

The anonymity of physical identity and the separation from digital identity are essentially aspects of Web1, while in Web2, we are exposed under the spotlight. Not filling in our names and phone numbers prevents us from using certain apps, which is an infringement on user experience and privacy.

b) Independence of Digital Identity

On top of the separation of physical identity and online identity, we can further develop privacy by ensuring the independence of digital identity. If our digital identity cannot be directly independent, it means that the digital identity is still "intertwined" with the real identity, and our privacy still has significant leakage and exposure risks.

A certain authoritative institution defines the metaverse as: a virtual world born from the internet, interconnected with the real world, existing in parallel, a virtual space that can map the real world while being independent of it. I personally believe this definition aligns perfectly with my ideal vision of the metaverse concept.

This "virtual space that maps the real world while being independent of it" perfectly combines digitization with privacy. We can enjoy the real world built over thousands of years of history while also "reborn" in the metaverse, becoming residents of the metaverse with independent and private identities.

Digital Identity Socialization

The independence of digital identity complements the characteristics of data ownership in blockchain Web3. Based on the independence of digital identity, we can develop independent digital socialization.

In the Web2 era, we had social or real-time communication products like Twitter, Facebook, and Zoom, but the social relationships within these software are entirely based on real identities and cannot be independent. Independent digital identity socialization will be a significant application of privacy and also a crucial part of the metaverse.

Cultivation and Renewal of Digital Identity

Web3 users can take all their data with them, making the cultivation of digital identity easier. The interoperability of data naturally builds bridges between projects, breaking down data silos. Through your on-chain degen score, CryptoPunks avatars, and governance experiences, we can transparently and credibly cultivate an identity. This makes community building more transparent and efficient, facilitating digital identity socialization.

When you want to transition from a real identity to a digital identity, you can directly bring your KOL or idol career into the digital identity with a new appearance. A typical example is virtual idols. Many times, we fully know who the real identity behind this digital identity is, but the person behind the identity can still cultivate new communities through the new digital identity, generating more memes. Of course, this situation is contrary to privacy.

Even when you no longer want this digital identity, you only need to create a new account to start over (of course, your real identity cannot be exposed in this digital identity), whereas in real life, wanting to start over can be quite risky. All digital identity socialization remains in the digital world. What happens in Vegas stays in Vegas. Your real identity will not be affected at all.

Realy

Realy is a metaverse project that combines street culture with urban scenery, proposing the concept of City DAO. Realy brings 3D virtual clothing, virtual concerts, and offline trendy brands onto the chain, while also hosting virtual concerts and supporting users in governance within the metaverse.

The future metaverse will definitely be "a combination of the virtual and the real," and on this basis, it also needs to exist independently without overly relying on the real world. Realy presents a complete representation of street fashion culture on the chain, which is very attractive to young people. Personally, I enjoy trying different experiences in digital/metaverse identities; my social accounts and gender in games are mostly set to female. This brings countless possibilities to digital identity and socialization.

In Realy, you can embrace street culture freely without the constraints of gender and appearance; you can also disregard geographical location, time, and pandemic risks to participate in virtual concerts in a digital form.

These are all important ways of life and socialization for Web3 users. All of this can be achieved without involving physical identities. All on-chain data, including purchases of trendy clothing and participation records in concerts, will accompany your digital identity, and in other metaverse worlds, your image will also be that of a fan of 88rising and a trendsetter.

Essentially, real-life socialization and privacy are somewhat contradictory. To socialize, you must expose yourself and give up some of your privacy to exchange information with others.

But blockchain Web3 empowers users: data control and ownership, independence of digital identity, and complete privacy of physical identity. We can interact with real life using our on-chain digital identities. At the same time, the existence of new digital identities also gives people a second life and a second way of living.

6. The Contradiction Between Blockchain and Privacy

• The impossible triangle of blockchain performance, usability, and privacy.

" Cross-chain + privacy chains or decentralized applications focused on privacy can enhance blockchain privacy without excessively sacrificing performance and usability.

Contradiction:

In a recent article by BluemountainLabs, it is mentioned that privacy protection needs to be integrated into the overall underlying logic. Vitalik also stated: "Only a globally anonymous set is truly reliable and secure." This implies that perhaps only a globally applicable privacy protection on the blockchain network will be the most effective.

In practice, both Bitcoin and Ethereum have sacrificed some privacy protections to maintain decentralization and computational costs. In Bitcoin, data scraping from whale accounts can expose their selling and transferring operations, leading to a loss of some privacy. In Ethereum's design principles, the term "privacy" is only mentioned in the sections on account systems and UTXO. Ethereum did not adopt a more privacy-protective and scalable UTXO but instead chose a more performant and user-friendly account system.

In the impossible triangle of performance, usability, and privacy, ordinary users and developers currently prioritize solving performance first, usability second, and privacy last. In the Web3 era, perhaps the last darkness before dawn will be the privacy issue.

Solution:

In this contradiction, what we need is: global privacy on the blockchain without excessively lowering performance.

One of the most complete but also the most cumbersome solutions is to create a dedicated privacy chain (like Monero) and then pair it with various cross-chain tools and wallet adaptations to achieve privacy. However, this results in a very poor user experience.

This is akin to wanting to post a photo of your tattoo on social media without letting your elders see it; you would need to add and block them one by one, or even go to another younger social media platform, only adding peers as friends. This is troublesome in both Web2 and Web3 scenarios.

A method that sacrifices some global aspects to enhance user experience and performance is to achieve privacy operations through pluggable decentralized applications or Layer2 (like zk.money). This allows users to enjoy privacy protection without leaving the original blockchain network (and may even provide additional performance advantages).

Pluggable decentralized applications are even better than Layer2 in some aspects. Because in my imagination, the distant and beautiful Web3 will definitely be multi-chain interconnected. A pluggable multi-chain decentralized privacy application can be more flexible and "decentralized" (not centered on a single chain). In this regard, I am very optimistic that more flexible design paradigms can create privacy-related applications, such as SCP on Arweave.

The essence of blockchain data being immutable and public contradicts privacy.

" It is impossible to retract or hide transaction information after the fact. However, users can decide whether to make data public through privacy options before submitting transactions (similar to StarkWare's Volition).

Contradiction:

First, there is the public nature of blockchain data. The inputs, outputs, and contents of transactions are usually visible in blockchain explorers. This makes data protection exceptionally difficult.

Secondly, there is the immutability of blockchain data. Once data is on-chain and written into a block, it cannot be altered. After users submit transactions that expose privacy, they cannot retract or hide them; they may only abandon that address to prove their innocence. This actually violates the EU's data protection regulations (all users have the right to be "forgotten").

Solution:

The public and immutable characteristics of data can actually be viewed together. These two fundamental traits of blockchain are absolutely non-negotiable like performance; privacy is definitely a second-class citizen in the face of these two traits. Therefore, public and immutable cannot be eliminated (we can solve anonymity and confidentiality).

However, we can understand that these two traits exist for security and the openness of the network. We actually have control and ownership over our data. Even if our transaction data could be retracted, it is very likely that it has already been crawled by thousands of bots before the retraction, making such retraction somewhat meaningless. The internet has a memory, and a publicly immutable internet even more so.

While it is not possible to retract or hide data after the fact, it is feasible for users to decide whether to make data public beforehand. This optional privacy feature is user-friendly and can truly apply privacy where it matters.

Similar solutions include the Volition data availability model in StarkWare's immutableX (but note that if there is too much off-chain data, it will still follow the old path of Web2), allowing users to choose whether data is stored off-chain or on-chain. Therefore, if users do not want to make data public and want to retain some privacy on the public network, they can directly choose to store data off-chain.

In fact, most of the time, your on-chain data is your own wealth and value, but for a small portion of data that requires privacy, I believe it is very necessary to protect it through optional privacy features.

7. Conclusion

No one knows what Web3 will be like; most Web3 users do not even know what they want, just as Web2 users took a long time to realize how blatantly their privacy was being violated. The recent influx of funding into privacy projects has actually increased the exposure of this demand for privacy, making more people aware that in the future, a better internet will require privacy.

In the Web3 era, we need data sovereignty, data privacy, computational privacy, and privacy of real identities. At the same time, the ideal best privacy applications should be user experience-centered, achieving characteristics of being pluggable, lightweight, and low cognitive burden.

Web3 = Get + Post + Own. In the Web3 era, everyone will control their own privacy.