Tue, August 09, 2022

Financial Privacy Without the Risks of a Mixer

Jill Gunter

Jill Gunter | 6 min read

Until recently, financial systems worldwide offered users very few choices. There was a limited set of currencies you could access depending on where you lived. There were certain assets you might be able to trade and invest in through tightly controlled sets of middlemen... but only if you met strict qualifications. There were a handful of institutions who could be trusted (mostly) to hold onto your assets.

Cryptocurrencies have created brand new, open source, freely accessible, infinitely customizable choices for what alternative financial systems can look like. There has been a lot of chaos, and sometimes very real damage, along the way, but the last ten years of innovation in the cryptocurrency industry has also created something extremely powerful in providing fresh choices to empower participants in the financial system. 

In crypto, you can much more freely choose what types of assets you hold and trade and with whom you exchange them. You can choose whether you custody those assets yourself or whether you want to rely on any number of third parties. You can even configure the precise circumstances under which your assets can be exchanged, or earn yield, or be moved and transferred. This is the power of decentralized finance. 

Yet there is one area in which cryptocurrencies have provided users very little in the way of choice or empowerment. When it comes to privacy, there have—to date—only been two options broadly available to users. They can use systems like Bitcoin or Ethereum that publicly announce all transactions and in which all notions of privacy should be considered compromised. Alternatively, users can choose to use systems that provide privacy, but in a way that risks exposing them to illicit activity of all kinds – risks which the user cannot manage. Mixers, privacy coins, and other protocols fall into this category.  The risks of using these systems will be worthwhile for some users, but will include any range of potential reputational, business, or AML/sanctions issues. Those risks might also be ideological if a user does not want to provide liquidity or contribute to the anonymity set for certain activities like funding for the Russian invasion of Ukraine, hack proceeds by authoritarian and oppressive nation-states, or child exploitation as a matter of principle.

We are not here to debate what types of systems should exist or how they should be treated. But what we will say is that the binary choices available to crypto users when it comes to data privacy are not reflective of crypto’s promise to provide more choices to users in how they interact and transact. For many users, some degree of privacy some of the time is desirable. And for many of those users—perhaps the vast majority—fully private mixers or privacy tokens subject them to risks that they do not want to take..

This sounds like a simple, even self-evident, idea but it is hard one to understand when so much of the discourse around privacy is so political and ideological. Often, however, needs around privacy are much more mundane and practical.

Individuals might want personal financial privacy simply because it is uncomfortable for their net worth, their trading track record, their transfers and purchases and donations to be broadcasted to the world. For some, having all this data publicly exposed may even result in threats to personal safety. For none of these use cases is the full anonymity targeted by mixers necessary or even desirable.

The privacy track record of “Web2” and the incumbent financial system is not exactly stellar. From data breaches at major credit institutions to credit card companies selling customers’ purchase history to advertisers, there are many reasons to look for a new system that improves on these dynamics. But Web3 currently provides much worse privacy guarantees to most of its users. We can all be grateful that advertisers have not yet started to target us based on our on-chain data. 

It's not just individuals who benefit from improved data privacy, though. Institutional investors in crypto who have proprietary investment strategies risk exposing their approaches as soon as the world discovers their wallet addresses: an increasingly regular occurrence. Similarly, major market participants who have exposure on DeFi platforms subject to liquidation under certain conditions might find their adversaries actively pushing markets against them. A lack of data privacy also prevents many potential major users from even exploring cryptocurrency: no commercial entity will accept or make payments in a medium of exchange that exposes significant data about the state of the company to their competitors in real time. 

There are a lot of reasons why users of all kinds want some level of privacy without requiring full anonymity. And if you don’t need full anonymity, you probably don’t want a product that provides it given the additional risks. What is needed is therefore a way to provide users with more options around the privacy of their transactions. 

This is what we have developed with CAPE, or Configurable Asset Privacy for Ethereum. CAPE is a first-of-its-kind protocol and product that we designed for users who want more fine-grained options around data privacy than exist in today’s binary world of transparent ledgers and mixers. 

You can try CAPE on Ethereum’s Goerli testnet today by following the instructions in the docs here.

CAPE makes a few intentional design choices to make it suitable for those who want a level of privacy without the risks of mixers: 

  1. CAPE puts the power to determine who sees transaction data and what can be seen in the hands of asset creators like stablecoin providers, NFT artists, and DAO admins. This is different from the “view key” or “compliance notes” associated with other crypto privacy products which do not ultimately provide oversight or reporting abilities to the asset creators. 

  2. CAPE creates a marketplace for privacy functionality. There can be many versions of the same underlying Ethereum asset within CAPE (for example, many versions of WETH) that all have different privacy parameters and oversight by different parties. It is up to users to decide which they are comfortable with. 

  3. As a corollary to this, CAPE empowers users to understand and opt into (or out of!) assets based on who will be able to see their transaction information and at what level of detail. 

  4. Finally, importantly, every asset in CAPE will require someone to have the ability to view what is happening on-chain under any circumstance. This capability might be assigned to the asset creator, to an exchange, to a blockchain analytics company, to an individual, or to another third party. 

CAPE, no matter the configuration of privacy used within it, is an enormous improvement over the fully transparent systems that support the vast majority of blockchain transactions. CAPE is not, however, a product designed to fulfill ideological requirements for full financial anonymity.  Those products already exist, and our goal is to provide greater optionality for users.

If the only options for privacy in cryptocurrency remain synonymous with illicit activity, then privacy will not be adopted by the majority of users. This is a problem for everyone..

We believe that we can do better and that crypto can fulfill its promise of expanded choice and user empowerment when it comes to privacy, too. If you think so too, check out CAPE on testnet and learn more about what we are building with Espresso Systems

Articles you may be interested in

Sign up to get invited to our product releases