Molly White

Abuse on the blockchain (Lecture transcript)

by Molly White on
← Back to the collection

This is a transcript of a guest lecture I gave at Stanford University on March 7, 2022. This lecture was for two courses that run in parallel—POLISCI 243C: The Politics of Internet Abuse, and CS 152: Trust and Safety Engineering. There is also a Q&A portion at the end.

The recording is available on YouTube. The Google Slides are also publicly available (as well as embedded inline below as images).

The content in this lecture overlaps quite a lot with two of my essays: "Abuse and harassment on the blockchain" and "Anonymous cryptocurrency wallets are not so simple".
Abuse on the blockchain

Thanks everyone for having me. It’s great to be able to talk to you, and thank you for the introduction. I’m glad you gave a little bit of background on how I came into this. With my professional work, I don’t do, actually, anything to do with blockchain or cryptocurrencies or finance or anything like that. But it is something I sort of became interested in somewhat recently, as I started to see the potentials for harm and abuse, that I was seeing in the technologies. So let’s go ahead and get started.

Background context. • Private vs. public blockchains. • Where possible, I will talk about blockchains in broad strokes rather than describe any specific one.

A little bit of background context just on blockchains: so I know that you have at least a basic understanding of what blockchains are, so I won’t go into a ton of context there, but I do want to just sort of set the stage a little bit for what I’m going to be talking about. So, there are multiple types of blockchains right? There’s private blockchains, or permissioned blockchains, and then there’s also public blockchains. And private blockchains add a layer of permissioning to the blockchain that doesn’t exist with public blockchains. With a private blockchain, only authorized users can write to the chain. They’re primarily used in enterprise use cases, and that’s not what I’m going to be talking about today, because with web3 what you’re pretty much always talking about is a public blockchain, which anyone can write to and anyone can read from. I’ll also say that, where possible, I’ll just talk about blockchains in broad strokes rather than describe any specific ones. Even though people sometimes talk about “the blockchain”, there’s usually a specific blockchain that they’re talking about. Where I do need to talk about any specific one, I’ll usually talk about Bitcoin or Ethereum, just because those are two of the most popular ones. They use the same consensus mechanism and they power two of the most popular cryptocurrencies in use today. Ethereum is also the blockchain that popularized smart contracts, and that’s the chain on which many decentralized apps (known as dApps) are built, and that’ll be an important part of this discussion as well. So, where I’m talking about a specific blockchain I’ll try to be explicit about that.

Characteristics of blockchains. Immutable • Append-only (no deletion). • Entries can't be modified after they're added. Decentralized • Nodes contain copies of blockchain data, and each node verifies its validity. • No single source of truth.

Some characteristics of blockchains that are kind of important to what I’m going to be talking about today: they’re immutable. So that means that you can add things to your blockchain but you can’t delete anything once it’s been committed. You also can’t edit anything once it’s been committed, that’s sort of an intrinsic part of the technology. If you were to change an entry after it was added to the blockchain, it would change the hash, and that would invalidate all following blocks in the chain and it would make any change very apparent. Blockchains are also decentralized. This means there’s no single point of truth, no one database that everyone reads from, but there’s instead a lot of nodes, each of which is responsible independently for storing, validating, and sharing data.

Characteristics of blockchains. Pseudonymous • Transactions are shown between wallet addresses that look like 0x3781d92e5449b5b689fee308ded44882085b6312, and are not necessarily connected to an identifiable person. Public* • Transactions are visible to anyone who cares to go look.

They’re also pseudonymous. The only identifier directly tied to a transaction is the wallet address, which looks kind of like this. Some people choose to tie their real life identities to their wallet address, or to one wallet address if they have many, but a lot of people don’t. And then finally they’re public, so transaction data is completely public. The asterisk here is because the level of transparency does vary a little bit between chains. Chains like Bitcoin and Ethereum are very public, where you can kind of see everything. There are other chains that are called “privacycoins” that are primarily used for cryptocurrencies, and don’t support smart contracts, and those obfuscate parts of the transaction. But again, that’s sort of tangential to today’s discussion.

The future ✨ (according to many crypto proponents) • Blockchains provide the datastore for most web services. • Cryptocurrencies achieve widespread adoption or replace 'fiat currency'. • Many platforms are built atop any given blockchain, allowing people to interact with the data via a selection of different services (or access data directly from a node if they so please)

So now let’s talk a little bit about the future, at least according to many proponents of cryptocurrencies. So in this imagined future of the web, there’s the idea that blockchains will provide the data store for most web services. The stated benefit of this is that it will provide users with more ownership over their data, and they’ll be able to move between services as they like without actually losing data. So for example, if you were to currently decide that you wanted to stop using Twitter and only use Facebook, you would lose all your tweets because Facebook doesn’t have access to that data. But on the blockchain, you could potentially go between services and retain your data between them. In this imagined future, cryptocurrencies will also achieve widespread adoption or even replace fiat currency—“fiat currency” being the popular term for what most people just refer to as “money”, which is currency issued by governments like the United States. Some people envision a future where fiat currency no longer exists and cryptocurrencies are the only currency used, other people envision a world where they’re used together. And then finally, this is somewhat the case today, but this imagined future also involves many platforms that are built atop any given blockchain, allowing people to interact with the data through any service that they might like, or directly from a node if they decided to. You already see this a little bit today: for example, there are multiple marketplaces that all allow you to buy and sell NFTs on the Ethereum blockchain and, at least in most cases, you can view, buy, or sell any given NFT on any Ethereum NFT marketplace. These goals, particularly the first two, might seem a little bit extreme. And indeed there are people who have a more moderate view of this future, but this is not just a small number of crypto fanatics who believe in this more revolutionary vision. These beliefs have been espoused by major players in the crypto space, so it’s not to be dismissed.

Immutability • Reasonable feature for ledgers of financial transactions! • Not a great feature for many (most?) web3 projects outside of finance. • Definitely not a great feature to underpin the entire web.

To go a little bit into immutability: great for financial transactions, right? If you are trying to keep a complete database of financial transactions, and you send someone five dollars, there aren’t many good reasons that you would ever want to go back and modify that entry, aside from fraud. You could, and I have, make the argument that there are better ways to accomplish this than with blockchains, but that’s again somewhat tangential to today’s conversation. Regardless, most people can agree that there is a decent use case in financial ledgers for an immutable record. And besides that, there are also some projects that don’t necessarily suffer when immutability is introduced, but they also don’t really benefit from it either. But for most cases, and for many cases, it’s extremely bad to have a write-only database with no edit functionality or delete capabilities. And unfortunately some web3 advocates seem to believe that blockchains should underpin the entire web, including for software that really needs to be edited and deleted.

Social networks. Screenshot of a page from the website on the Lens Protocol, which reads: 'Dig into the key functions. Mint a profile, follow others, create and collect any publications, including posts, comments, and mirrors, completely on-chain. Unlike social media platforms of the past, Lens Protocol and its content are powered by dynamic NFTs, giving the power and control over content directly to the users, allowing for native content monetization.' Screenshot of a page from the FAQ on the Deso (formerly BitClout) social network: 'Yes. With BitClout, all profiles and posts are stored on the blockchain forever. You cannot remove a profile or post from the blockchain once it has been created and mined into a block.'

A good example of one use case that’s been popping up more and more are social networks. To be clear, there have been social networks that have incorporated cryptocurrencies for some time now. There’s a project called Minds which has existed since 2015. But typically with projects like that, the posts are stored in a more traditional database and the cryptocurrencies are sort of incorporated on top of that, to provide some sort of incentive structure for posting or commenting or liking posts. Now, I’m not sure if these projects have stored content in other types of databases because they realize the abuse potential, or simply if it’s because of the enormous volume. But storing large amounts of content, including images, video, etcetera on chain tends to be expensive, slow, and difficult to scale—especially with some of the more popular blockchains like Ethereum. However more recently we’re beginning to see protocols and projects that actually store social media content to the blockchain, I think partly because more blockchains and sidechains can support that kind of volume and at least make it a little bit more expensive—less expensive, rather. But this is sort of where my alarm bells start to ring, because there’s no way to edit or delete posts on such a system.

Let's begin with fairly benign examples of why this maybe isn't a great idea. Three images. 1: Two young girls make silly faces with their eyes crossed and tongues out. The picture is overlaid with purple and blue text and hearts which reads 'I have a hand, and you have another. Put them together, and we have each other.' 2: A conversation from early Facebook, on an event that shows a person is in a relationship. Commenter 1: 'Who?' Original poster: 'I didn't think ud get a notification about this. Anyway, not gonna tell u' Commenter 1: 'Ok never mind then...' Original poster: 'its not just you. i'm not telling anyone.' Commenter 2: 'SO why are u posting it on fb if u dont want us to knox (congratulations btw)' Original poster: 'Coz i didn't think anyone would see it (thx)' 3: Seven girls who look to be in their late teens pose in clubbing clothes, holding drinks.

To start with some sort of benign examples of maybe why this isn’t such a great idea: I suspect many of you who’ve grown up in the age of social media have made social media posts that didn’t really stand the test of time, right? In some cases it’s cringy pictures and posts that you made when you were a kid, and you don’t really wish for them to exist on the internet forever, like in the left two examples. Or maybe you’ve heard advice from career counselors or parents or professors who’ve said to prune your social media when you’re looking for a job, in case prospective employers go searching through it to get a read on you or evaluate your suitability. But storing posts to blockchains, there’s no way to remove these posts, even shortly after you make it or years after you make it. You can’t delete them yourself, and the platform can’t even go in and delete them for you. So those cringy posts from a 13-year-old who thought they were being deep will be preserved forever.

Photograph of a pit bull/german shepherd/husky mix who is mostly black with some white. He is sitting on a couch with his head turned to the side. He is wearing a collar with three tags on it, all of which are turned so that only the backs of the tags with no text are visible. Next to the image is a stock photo of a dog tag that reads 'John Smith, 142 Basin St. NW, Ephrata, WA, 509-754-2760'

Here’s another good example of where this can be a problem. Here’s a really cute picture of my dog. He’s looking really handsome, it’s a nice clear picture, his ears look huge which I think is funny. So, a great picture to upload to social media, right? So my friends can see how cute my dog is. Well, in this particular example, his head is turned to the side and his dog tags are turned around, which is why I used it in the slideshow at all. But in a lot of pictures I have of him, his dog tags that would help someone return him to me if he were to hop the fence and run away will also tell someone exactly where I live and what my phone number is. And I don’t know about you, but I don’t tend to intentionally post my home address and phone number all over social media where it’s publicly visible to anyone who wants to see it. But it’s definitely possible that I might get distracted, or just be enamored with how cute my dog is, and not realize that I’ve inadvertently posted this to a social network. Similar things happen if someone tries to take a picture of the meal that they’ve made or some cute picture of their cat, and they don’t realize that there’s an envelope in the background that has their home address on it. This happens all the time. And it’s certainly not great when you go and upload this to an existing social network, because people do get to be able to see it for a period of time, and could download it or preserve it themselves, but typically you can delete it if you realize that you’ve revealed more than you intended to. If this is stored to the blockchain, what are you supposed to do? Move?

Screenshot of a tweet, with some information blurred. Text reads, '@DLoesch you and [blurred] are still at [blurred] in [blurred] TX right? Just want to make sure I am letting everyone know the right address to come share their view with you on the NRA

Here’s another good example of abuse that you see online. So, this is Dana Loesch. She was a spokesperson for the National Rifle Association. Someone obtained the home address for her and her family and tweeted it publicly with what appeared to be an incitement for people to show up at her house. Now, this is an egregious form of abuse called “doxing”, which is unfortunately somewhat common on social media and is usually handled pretty swiftly by reports to the platform since it endangers someone’s life in some cases. On the blockchain, if this is stored to the blockchain, there’s really nothing you can do to remove it. It’s there forever. And there’s all kinds of other things that a person could post on social networks that really shouldn’t be there. It can range from copyrighted content, trade secrets, spam, promotion of fraud. All the way to things like hate speech or revenge porn, gore, or child sexual exploitation imagery.

Speaking more broadly... Any time a platform enables user-submitted content, they have to consider bad actors. • Comments • Ratings and reviews • Forums • Chat and messaging apps • Blog posts • Videos and livestreaming • Photo sharing • Wikis • File sharing • Music and podcasts • Video game mods • Online marketplaces • ...

So, speaking a little bit more broadly: I specifically mentioned social networks because that’s an example we’ve probably all used, but the topic of removing objectionable content spans basically any platform that involves user-generated content. And user-generated content is an enormously broad category. And with dApps being created to mimic every possible web platform, you can see how this might be a broad-ranging concern. So, surely someone has come up with a way to remove or hide these posts, right? Like, this is taking off, people are starting to use these things, there’s got to be some solution.

Decentralization. Screenshot of a portion of the Ethereum.org website, which shows a megaphone emoji, and reads 'Free from censorship. You can't be blocked from using a dapp or submitting transactions. For example, if Twitter was on Ethereum, no one could block your account or stop you from tweeting.'

This brings us to another characteristic of blockchains, which is decentralization. Many web3 communities, projects, and protocols speak about decentralization in terms of censorship resistance. This screenshot here is taken directly from the Ethereum website, and talks about how you can’t be blocked or “stopped from tweeting” in a lot of projects. This seems to be sort of the greatest fear: being blocked, banned, shadowbanned, or cancelled. Many of these platforms point to centralized platforms like Twitter and Facebook and they see things like the enormous moderation teams that work there only in the negatives. Right? It’s the pesky team that suppresses someone’s free speech if they post something too racist, too conspiracist, or too threatening, and by god they’re gonna build a new platform where not only does that not happen, it cannot happen. But by and large they don’t seem to address the types of content moderation that these platform teams do that most people would agree is good: the removal of child sexual abuse material, for example, doesn’t tend to get that many people arguing in the contrary case. But the problem with decentralization is much like the problem with immutability: you can’t really do it partway. So as soon as your technology is a little bit editable, or you can delete things sometimes, then it’s mutable. And as soon as you can put in a little bit of centralization such that there’s some group that makes decisions on what stays or goes, then your protocol is not decentralized. And as soon as a technology like a blockchain becomes a little bit mutable or a little bit centralized then you might as well throw the whole thing away, because you’re left with an enormously inefficient database that has no reason to be there. The whole point of the electricity cost, say, of proof-of-work blockchains like Bitcoin or Ethereum is because that’s how they achieve immutability and decentralization in a trustless environment.

How is this handled in current projects? An illustration of a chain of blocks, one of which contains '{...}' and an arrow pointing to an image that says 'STOLEN' over it. An overlaid screenshot of an API call to OpenSea that returned JSON shows a highlighted portion, the 'image' key, with a value that is a URL beginning with https://lh3.googleusercontent.com

So how is this handled in current projects? Social networks built on blockchain still haven’t really taken off that much, so let’s look at a space that’s maybe a little bit more mature: NFTs. An NFT is just a token stored on the blockchain, and it’s associated with an arbitrary piece of data: often an image, but it could be a video or really anything. And because these NFTs are tokens (so, associated with arbitrary user-generated content, again, often an image) the risks that I mentioned before are at play. There’s nothing stopping someone from creating an NFT of something truly horrific, but by far the most common issue that would normally trigger platform intervention is copyright infringement. Many NFT creators have taken to just blatantly ripping off artists and trying to sell their work as NFTs because there’s so little done to prevent it, and there’s money to be made. But if an artist does see their artwork stolen and being sold as an NFT, what can they do? Well, first of all, they either have to already be well-versed in the technologies to know what options are available to them, or they have to know someone who is, and that’s kind of a huge way that poor behavior is being amplified in the space. It’s difficult to know what’s even possible without knowing the technology somewhat. But if we assume that they’ve made it over that hurdle, we’ll look at the best case scenario. As I mentioned, the bit of the NFT that’s actually stored on the blockchain doesn’t usually include the image itself, but rather a pointer to it, usually a URL. If the artist is lucky, the NFT creator has just stored the image somewhere that’s very web2, right? Like a Google hosting account or an Amazon bucket. In that case, the artist can just submit a copyright takedown to Amazon or Google for the image, and usually the platform will take it down, and that’s the end of it. But this is a very anti-web3 way of doing things, and people who have been stealing artwork have also sort of wised up to it a little bit. Fairly often, the NFT image is actually stored in a system called IPFS, which stands for “InterPlanetary File System”. That itself is not a blockchain, but the storage mechanism is peer-to-peer in a very similar way, and that means there’s no way to just call up Amazon or Google and have them remove the image. It’s available from any number of a possibly large number of nodes that all replicate it. So in this case the artist is really only left with the option of going to the marketplaces where the NFT is being shown, and ask to have it taken down from there. But there’s another hitch there.

Same slide as before, which reads 'How is this handled in current projects?' The screenshot of the API call is gone and replaced with logos of major NFT platforms: OpenSea, SuperRare, Gem, Foundation, LooksRare, X2Y2, KnownOrigin, and Rarible.

Let’s assume for the sake of argument that this is the Ethereum blockchain, which is the most popular blockchain used for NFTs. Here are just a few of the marketplaces currently built on top of Ethereum. An artist would have to file a takedown request with each of these marketplaces, and in any given marketplace that’s usually not a one-step process. Some of the platforms don’t respond to takedowns at all. And even if we do assume that a person managed to get many or all of the platforms to take down their work, the token and the IPFS address would still be visible on-chain in the wallet of whoever owned the NFT, and they could still transfer it as they pleased. So, so far asking OpenSea to take down an NFT has been fairly effective in these cases, and that’s because OpenSea controls an enormous amount of the NFT market. But banking on the fact that there will be one outsized player in what is supposed to be a decentralized ecosystem, and who can control all access to data on the blockchain, is completely opposed to the ideals of web3. And for many of the objectionable things that can be put on a blockchain, saying something like “well 95% of people can’t see it” is not sufficient.

Speaking of transfers... • There is no way to block a transaction. • If someone does send you something you don't want, you have to pay to get rid of it (and it doesn't really get rid of it)

Speaking again of transfers: I mentioned that if the NFT was taken down a person could still transfer it around on the blockchain. There is also no way to block a transaction. This is a little bit unlike most other services on the web today. Most social networks allow you to prevent people who haven’t explicitly added you as a friend from contacting you, and if you do want someone who has contacted you to stop, you can usually block them. With things like email, there’s not usually a limitation on who can initially email you, but most providers allow blocking there as well. But with blockchain transactions, anyone at all can send something to your wallet if they know the address, and if you want them to stop? Too bad. If someone sends you something you don’t want—say, an NFT that has a picture of your front door and your address on it—you have to pay to get rid of it. While some of these wallets are beginning to add “hide” functionality, that allows you to hide an NFT that’s been airdropped to you from showing up to others who view your profile on the platform, that’s platform-dependent and not actually a part of the protocol itself. To get rid of an NFT that was abusively transferred to you, you have to transfer it out of your wallet, either to another person or to what’s called a “burn address”. And like any other transaction on the blockchain, this costs money. Ethereum gas fees are something like ten dollars recently, to swap an NFT around, so you have to pay ten dollars to get rid of an abusive NFT that was airdropped to you. Even if you did do that, even if you did send it to the burn address, it’s still visible on-chain. There’s no way to actually delete it. The one upside of these transaction fees is it does provide somewhat of a disincentive to bad actors to send abusive transactions. I saw a recent case where someone sent transphobic harassment via Ethereum transaction to a non-binary web3 community member, and it cost them like seven dollars to do that. So that doesn’t actually happen all that often, just because most people aren’t willing to spend money to do this. But proof-of-work platforms have been undertaking projects to reduce gas fees, and many other blockchains that use other consensus models or are less popular have considerably lower fees and don’t disincentivize it inherently.

Public transactions. A screenshot from Etherscan showing a table of Ethereum transactions for one wallet.

I touched on this a little bit earlier, but transactions on blockchains tend to be public. That’s certainly the case with Bitcoin and Ethereum, and like I said, while there are various privacycoins that obfuscate parts of the transaction, these are solely for cryptocurrencies (not smart contracts) and are not as widely used. They also face their own inherent challenges, such as the fact that exchanges tend to be a little bit less willing to cash out coins that are heavily associated with criminal activity. To dive into this a little bit more: in the current state of the world, if you’re just trading a few NFTs or taking a gamble on a new cryptocurrency token, it’s not usually the end of the world to have your transactions visible to the public eye. It might be embarrassing if you made a bad choice on an investment and you lost a lot of money, but for most people, it’s not the end of the world if people see that. But if we think about this future world where all, or at least many more, transactions happen with cryptocurrencies, this has some serious ramification. Imagine if your entire credit card or Venmo history was publicly visible to anyone who wanted to go see it. Imagine if that guy you went on one date with could see all of your financial decisions, such as you splitting a check with some other person that you went on a date with. Or that monthly transfer to pay your therapist. Or the debts that you’re paying off, or not paying off. The charities that you’re donating to, or not donating to. Or the amount that you’re putting in a retirement account. What about if they could see the location of that corner store right by your apartment, where you go so frequently to buy a pint of ice cream at 10pm. And what if it’s not just your one-off date who can see these transactions, but your ex-partner, or your estranged family member, or your stalker. What if your prospective employers could check out all of your financial transactions, and they could go back as far as they wanted? Or what if the person evaluating your suitability for a loan could see all of your financial decisions? What about the already intrusive advertisers who try to make ads more targeted and more tailored to you? What if they could see all of the purchases that you’d made in the past? And what about something like AI that’s trying to predict whether you’re likely to commit a crime?

Is anonymity a solution? • It is trivial to create a new, anonymous cryptocurrency wallet. • It is not trivial to put money into that wallet. Mining? Cash → crypto? Transferring crypto from another wallet? • It is not trivial to keep that wallet anonymous

I already mentioned that cryptocurrency wallets are identified only by a string of random characters, and unless someone chooses to tie their identity to the wallet, that’s got to be a solution, right? Well, if we are continuing to talk about this future world where crypto is widely or even only used, there are a lot of things that would threaten the anonymity of a wallet address. If you go and buy a gallon of milk, the cashier at the corner store who knows your name also now knows your wallet address. Many of the everyday payments that we make, even if we’re not paying physically in person, requires someone to know who you are. They need to know the address to put on the package, or the house or apartment to apply the mortgage or rent payment to. And even if we’re talking about the current day, where people can be pretty choosy about what they use crypto for (and are frankly fairly limited in what they can use crypto for), people face pretty serious challenges even today. Creating an anonymous crypto wallet is pretty easy. But putting money into it so that you can actually do something with it is not so much. Mining used to be the simple solution to this. You could just fire up your computer, mine a couple new Bitcoin that had no transaction history attached to them, and you’d be good to go. But these days that’s not really possible. Using a personal computer to mine Bitcoin or Ethereum independently is not feasible; you just can’t compete with the sophisticated equipment that’s being used in these mining farms. It’s technically possible, although not particularly profitable, to join a pool of computers with your personal computer and contribute computing power towards mining, but I did the math and even with my fairly decent graphics card it would take me about four months to mine a hundred dollars worth of Ethereum, and that’s assuming that I ran my computer 24 hours a day and my GPU didn’t just melt while I tried to do that. So that’s kind of out of the question. What if we thought about maybe converting cash to cryptocurrency? With cash it’s fairly hard to tie a specific dollar bill to a given individual, and so maybe that’s an option here. But those are limited options as well. If you put the cash in the bank and then use your bank account to put the money into a crypto exchange, your wallet is now tied to your bank account which is tied to you. And this is visible at least to the exchange, if not the public. If you live in a fairly populated area there are things called Bitcoin ATMs that are kind of what they sound like: you can put cash in and they will put Bitcoin into your wallet. But these first of all skim a lot off the top: it’s like 10 or 20%, I think, to transfer cash to crypto in that case. And those typically require identification as well, so a phone number if it’s a small amount, but more and more identification depending on how much you’re trying to actually put into a wallet. There is always the option of meeting up with someone in person who will take your cash and give you crypto in return, but even if you ignore the obvious risks of doing a deal like that, you’re also now taking on the risk of owning cryptocurrency that, for some reason, someone doesn’t want to exchange through a standard crypto exchange, which means it is often involved in shady dealings. And you probably don’t want to have to try to convince law enforcement that you actually did hand some guy in a park a suitcase full of cash for some Bitcoins, and of course only after he finished doing something shady with it. So that leaves a third option, which is transferring existing crypto from some other wallet. You can’t, obviously, transfer it from a wallet that is publicly linked to you, because that transaction is all public and so people can put two and two together. People do sometimes try to transfer funds from one wallet to another through something called a cryptocurrency mixer or tumbler, which breaks the link between a source wallet and a destination wallet by pooling together large amounts of currency from many different sources and then distributing it back out at random times to the destination wallets. But some sophisticated chain analysis technology is at least beginning to claim to be able to un-tumble funds that were tumbled in this way. Even if that is just marketing, and that’s not actually the case, there are also more and more services that actually refuse to accept cryptocurrency that has been through a cryptocurrency tumbler because there’s an enormous association between tumblers and criminal behavior. So even if we do assume that you are able to get some money into your fresh new anonymous crypto wallet, you are still faced with the challenge of keeping that wallet anonymous, and that means never accidentally using it for a transaction that could be linked back to you, not even once. I don’t know about you, but personally I have a hard enough time keeping two email addresses straight, and not accidentally sending emails from the wrong one. And the stakes are high when it comes to not messing up a crypto wallet transaction. If you make one little mistake, now all of those transactions on that wallet that you were hoping to keep anonymous are irrevocably tied to you.

Conclusion. • It's not ethical to wait until a technology or protocol has already been built to ask 'how can this be used for evil?' • It's extremely difficult to tack on abuse-prevention as an afterthought. • Blockchains have been around for thirteen years, and no one has come up with a viable solution.

To conclude, it’s really not ethical to wait until a technology or a protocol has already been built to ask “how can this be used for evil?” Abuse and harassment are known problems on the web as we know it, right? Doxing isn’t new, stalking is not new. But there’s nothing about a blockchain that makes human behavior suddenly change. We know exactly what issues have been faced in the past, with things like decentralized social networks and low- or no-moderation communities, and building out projects without a single thought to these things is completely irresponsible. It’s extremely difficult to tack abuse prevention on as an afterthought to a project that already exists. We’ve watched social networks go through this exact process, and with social networks, they are not fighting against limitations that are built into the technology at the core of the project. Finally, people will often address concerns about blockchain technologies by saying things like “it’s still the early days” and that “projects are very new and they’re still working out the kinks”. But we have to remember that Bitcoin has existed since 2008 or 2009. Over a decade. And there is still no good solution to many of the inherent problems, at least not one that doesn’t involve adding centralization. So, there are proposed solutions around permissioning and centralized services that are built on top of blockchains, but those are sort of antithetical to the web3 ideology, which is decentralized, trustless, and immutable. So, I just urge you to keep in mind that there are enormous abuse potentials for blockchain-based technologies, and that it’s not acceptable to say that you will just wait and address those in the future. Thank you.

Questions and answers

What are some of the resources you’ve used to learn about blockchains and crypto?

Yeah, I think I mostly just learned about it online. There’s a lot of really good lectures that I’ve seen on it. Nicholas Weaver just did one at Berkeley that he published that’s very good, around the underlying technology. There’s a lot of bloggers and people writing about the space who are doing really excellent work.

What do you see as the solution to abuse on the blockchain?

I mean frankly, I’ve spent a long time looking for solutions to problems like this with blockchains and the technologies that are being built on top of them, and I have not found good solutions, which has honestly led me to think that there’s really not a future for blockchain technologies, at least not in the way that they’re being proposed. I think it’s just not acceptable to use a technology like that for anything that does require things like deletion or editing. So, if someone is just dying to use it to power their speculative currency, that’s fine I guess, but until they find a solution to the privacy issues and the stalking issues that are on top of it, I’m just hoping that it doesn’t take off.

Have you received abuse for your work in this space?

I have. There’s something kind of unusual, I think, about cryptocurrencies and blockchains, in that people are enormously… they take criticism and skepticism of the technologies extremely personally. I think because a lot of people have money tied up in it, there’s a lot of… people get very upset when you question their investments, or when you threaten to do something that might hurt their value. It’s very unusual in that way. But yeah, there is sort of an enormous amount of toxicity, I think, in the cryptocurrency communities that is just not being reined in by members of that specific community, which I think is also not a great sign.

Who would be legally liable for abusive material and things that platforms are required by law to take down?

That’s an excellent question. I think we have yet to see that play out in the courts, and so it’s a little hard to say how an actual court might decide that. I do think that the platforms are feeling, at least to some extent, responsible for the material that is being displayed through their platforms. That’s why OpenSea has been willing to take down copyrighted content and things like that. But there is a huge legal question around storing objectionable material. One thing about the blockchain is that every node that is operating as a part of the blockchain has to store the content of that blockchain. Some of them store the entire history of the blockchain, some of them store just the more recent stuff, it sort of depends. But there is some question about whether someone who is operating a blockchain node might be held legally responsible if there’s something like child sexual abuse material being stored on-chain. Would every person who’s running a node on that chain be held responsible for it? That hasn’t really happened so far. There’s also not been an enormously widespread issue of people uploading that content to it because it’s mostly been cryptocurrencies that don’t actually support that much extra data until pretty recently, but I think we will start seeing those questions play out in court.

How is the cryptocurrency and blockchain space for members of communities who tend to be targeted and harassed on existing social media platforms, and who may not find anonymity and decentralization a good thing in the same way that “cryptobros” might?

I think it’s a little hard to say. I think they’re… I mean, in my experience, the cryptocurrency communities are very, very white, male, you know, Western. And there’s not a lot of diversity in that community, which I think is a terrible sign for pretty much any emerging technology. There definitely have been efforts to try to bring marginalized people into cryptocurrency projects, and there are some people who are involved in initiatives around that, but in some cases it’s also a little bit difficult to distinguish from affinity fraud, which is basically saying that “oh, we have this new technology, and it’s going to be so uplifting for women or people of color”, or whichever group you might focus on. There was one recently that was specifically around the LGBTQ community. And when they use that language of empowerment and, you know, “you can make it big off of making your NFTs”, and “we’ll empower you to build generational wealth” and things like that, it’s often used as a tactic to actually exploit marginalized communities. I think it’s a really complicated topic. There are people who are marginalized who are parts of the crypto community and who are very passionate about it, but they also I think face a lot of abuse as a part of that community.

What is the role of the state when it comes to blockchain abuse? Do you think of the government as a benevolent actor that is taking action to prevent abuse?

I think so far the government has taken a very hands-off approach to it. They probably just have more… you know, bigger fish to fry, and have not taken aggressive steps to try to regulate things like cryptocurrencies. But a part of it also is that things like regulation tend to be very trailing. And so we see sort of a lag between when people start to actually widely abuse something like cryptocurrencies and then when regulation starts to come in. There was a big boom in 2017 of people doing something called ICOs, which are initial coin offerings. It was kind of like an IPO for a company, but instead of speculating on the potential value of a company that actually does something, you are speculating on the potential value of a cryptocurrency. We’ve recently seen a lot of lawsuits around these ICOs, and basically crackdowns around whether or not they were unregistered securities and things like that. But there were several years where people were able to engage in ICOs without basically any regulation. And now we’re seeing people who are aware of that regulation that’s beginning to come into this space and so they’re starting to incorporate things like DAOs and other ways that they claim to add value beyond just speculation, that they are hoping will allow them to sidestep regulators. But I think as we wait and see how regulators react to this space, I think there’s going to be more and more of that as well. And I think now that we’re starting to see more and more high-profile uses of cryptocurrencies—I think the Russia and Ukraine war is kind of a good example, where there’s a lot of cryptocurrency being transferred to Ukraine. There’s also the question of whether or not cryptocurrency is empowering the Russian government to bypass sanctions that are being imposed by other governments. Now that there’s an enormous, high-profile case of cryptocurrency potentially being used in wartime by enormous governments… There’s also questions around North Korea, who has been accused of using cryptocurrency ransomware profits to fund their missile programs. So, now that I think it’s becoming closer and closer to the things that the government tends to care very much about, like war, and sanctions, and threats to various economic models, I think we’re going to see more and more government intervention. And I think that’s going to be a problem for the cryptocurrency space, where a lot of the money that’s been made is based off of the lack of regulation and the ability to do things that are frankly illegal in the traditional financial market, but have not experienced a lot of crackdown from the SEC or various other regulators.

Do you think generally cryptocurrency will help or hurt the lives of Ukrainian people during the war? Or in general, do you think it does more to empower oppressed groups than it does to hurt them?

Yeah, that’s a good question. Frankly I think that’s one of those situations where the current opportunities transfer money to people across the border, or if they’re under authoritarian regimes, or what have you, is very poor. And so sort of any solution to that can be better than what we have now. But I also think especially in the case of Ukrainians, people are sort of pointing to this as a success story of cryptocurrency. You know, giving money to people who desperately need it to be able to escape war, for example. And that is absolutely true, I will not deny that there has been positive impact of that. But they are largely able to benefit from it because the Ukrainian government has been involved. It’s actually the Ukrainian government who’s receiving an enormous amount of these transactions, or in some cases there are non-profits or various other centralized groups that are on the receiving end of the cryptocurrencies, and who are handling things like transferring cryptocurrency into fiat currency, right? Like money that people can actually spend to buy a train ticket or food for their family or whatever it might be. Weapons, in the case of the government. For the most part, when it comes to transferring cryptocurrency to support people who are, say, under authoritarian regimes, or who maybe don’t have a good store of value in their country for whatever reason, or who don’t have access to the banking system, there’s a lot of other issues that you run into, in that you can’t usually use cryptocurrency to buy food at the grocery store or pay for your rent. You have to find someone who’s willing to transfer that into cash for you, and sometimes that’s a cryptocurrency exchange, but sometimes you don’t have access to that either, or sometimes it’s illegal for you to use those. And so you have to find someone who’s willing to do it under the table, in which case you get into a lot of predatory behavior around skimming a lot of the money out of it or stealing money outright. So I think it’s maybe better than some of the options that we have today for getting money to people who are in really, really, really bad situations, but I think there’s a lot of complexity to it. What’s been happening in Ukraine is really just not a great example of the majority of cases, because the government has been able to step in and do that conversion or distribute it to people, and that’s sort of, again, antithetical to the purpose of cryptocurrency, which is supposed to bypass the government or traditional banking entirely.

Disclosures for my work and writing pertaining to cryptocurrencies and web3 can be found here.

← Back to the collection