Privacy might seem like a simple concept at first. If you have control over the information you want to share — or don’t want to share — with others, then you have privacy.
But this quickly becomes complicated in the real world. Over time you might change how much you value certain information being public or private. Third parties keeping your data might become more or less trustworthy. Technology might change making it easier or harder to secure data.
To help make sense of this, here at OB1 we’ve been doing our best to explain how we view privacy. We’ve discussed how we can help fix the problem of privacy online, how we view privacy fitting in with ecommerce, and why promises about privacy aren’t good enough.
We focus on building new technology, and because that’s super-exciting to us we sometimes forget that not everyone finds the discussion about distributed network architecture or end-to-end encryption as fascinating as we do.
So in an effort to discuss privacy in simpler terms, we’re creating a privacy glossary. Our first entry in the glossary is trust.
What Is Trust as Relates to Privacy?
Trust in terms of privacy means that you are choosing to share some information with another party that you don’t want them to share with anyone else.
You trust your doctor with your personal medical details.
You trust your friend not to tell everyone about that one embarrassing thing you did years ago.
You trust online marketplaces with the details of your online shopping history.
You trust messaging platforms to keep your conversations between the participants only.
The person or organization is often called a party, and if they aren’t directly involved with the piece of information you want to keep private — but still are storing, moving or otherwise accessing it — then they are called a trusted third party.
For example, if you and your friend share a secret between each other, then you are only trusting the other person with that secret. If you communicated that secret via email, then the email provider you used becomes a trusted third party.
Trusted third parties are everywhere. Our financial system is full of them, with banks and credit card companies storing information about transactions between buyers and sellers. The big online platforms most of us use everyday are monitoring our actions, and assuming we don’t want those actions broadcast publicly, they become trusted third parties too.
As you might expect, trusted third parties pose a problem for privacy. They, well … require trust! If those parties aren’t trustworthy (and unfortunately, many aren’t) then your data might be sold or stolen.
Is it possible to not need trusted third parties online?
The answer is kinda-sorta, sometimes.
If you are able to design a system that allows people to avoid sharing information they want to keep private, or to only share it directly and not be dependant on any third parties, then you have a trustless system.
If your email address is the piece of information that you want to keep hidden online, and you use a platform which doesn’t require you to ever enter this information, then there’s no trust involved, because no other party has the information.
Some networks have this trustless quality where you aren’t forced to give certain information to trusted third parties at all. OpenBazaar and the Bitcoin network don’t require you to sign up for an account and give them your email address or identity to use them.
You don’t need to trust an organization to keep that information private, because on those specific platforms, it just doesn’t exist.
These networks are able to achieve this because everyone using the network is connecting directly to everyone else, so there’s no one organization running everything. This also means that communication on these networks only happens between the participants in a conversation or transaction. For example, on Haven chat messages are only accessible from the phones of the participants in the conversation. No third parties can see the unencrypted messages.
If trustless systems let you control what information you create and who you share it with, then why say that it’s only kinda-sorta, sometimes possible to not need to trust third parties online? Can’t we all just adopt trustless systems online right now?
Not really. Trusted versus trustless isn’t black and white but a spectrum. On one end you fully trust multiple third parties with highly sensitive information, and on the other end you don’t need to trust any other parties with any information at all. As privacy technology improves (check out zero knowledge proofs if you’re interested) we are able to get closer to the fully-private end of the spectrum, but there’s still a long way to go.
Systems built for privacy still have many places where they put trust in third parties. It’s incredibly difficult to build a system which doesn’t place trust in any third parties. Apps and services like DuckDuckGo or Signal try to reduce the amount of information they need to be trusted with, but ultimately they still require you to place trust in them.
Where does Haven fall on this spectrum of trust?
Haven requires some trust. It is built on OpenBazaar, an open source peer-to-peer network with encryption, but it still requires you to trust OB1.
Over time we are learning how to trust third parties with our privacy less and less, and perhaps one day we will have systems which are completely trustless and online privacy will reign supreme. Until that time though, you can keep supporting the fight to create better privacy-enhancing tools by using services which do their best to minimize what information they require and can collect.
Enjoy a place where you can shop, chat and send cryptocurrencies privately right from one mobile app with Haven. Learn right when it launches by joining the email list below.