Web3 Growth Faces Metadata Surveillance Threat

Web3, the decentralized internet, has seen significant growth with decentralized applications (DApps) increasing by 74% and individual wallets by 485% in 2024. However, this growth comes with a critical issue: metadata surveillance. This problem is not going away and poses a significant threat to user data security.

Metadata, the overlooked raw material of AI surveillance, is lightweight and easy to process en masse. It reveals patterns of behavior, networks of contacts, personal desires, and ultimately, predictability. Unlike end-to-end (E2E) encrypted communications, metadata is legally unprotected in many regions. This makes it a goldmine for surveillance systems, which can harvest it for profit.

Blockchain transactions are no exception to this metadata surveillance. The public nature of blockchain ledgers means anyone can observe the flow of coins. Pseudonymous addresses do not provide meaningful anonymity, as anyone can harvest the counterparty addresses of any given transaction and reconstruct the chain of transactions. This makes it possible for surveillance systems to de-anonymize our financial traffic.

There are at least three general metadata risks across Web3. First, fraud: financial insecurity and surveillance are intrinsically linked. The most serious hacks, thefts, or scams depend on accumulated knowledge about a target. Second, leaks: wallets that permit access to decentralized tokenomics rely on leaky centralized infrastructures. Pseudonymity is pointless if people’s identities and patterns of transactions can be easily revealed through metadata. Third, chain consensus: chain consensus is a potential point of attack.

To secure Web3, anonymity networks are needed. Virtual private network (VPN) technology is decades old and lacks advancement. Decentralized solutions like Tor and Dandelion are still vulnerable to surveillance. More advanced tools are needed to obscure patterns of communication and de-link metadata like IPs from metadata generated by traffic.

Anonymizing networks have emerged to anonymize sensitive traffic like communications or crypto transactions via noise: cover traffic, timing obfuscations, and data mixing. In the same spirit, other VPNs like Mullvad have introduced programs like DAITA (Defense Against AI-guided Traffic Analysis), which seeks to add “distortion” to its VPN network.

Whether it’s defending people against the assassinations in tomorrow’s drone wars or securing their onchain transactions, new anonymity networks are needed to scramble the codes of what makes all of us targetable: the metadata our online lives leave in their wake. The state of capture is already here. Machine learning is feeding off our data. Instead of leaving people’s data there unprotected, Web3 and anonymity systems can make sure that what ends up in the teeth of AI is effectively garbage.