Tuesday, November 2018
Now Reading:
Coinbase: Can The Crypto Giant Protect User Privacy?
Full Article 7 minutes read

Coinbase: Can The Crypto Giant Protect User Privacy?

 

The gold rush mentality that defined the cryptoassets industry in 2017 and saw the price of Bitcoin approach $20k turned Coinbase into a household name. Chances are if a crypto novice made his or her first purchase last year, it was made on Coinbase’s platform. The numbers bear this out: Coinbase CEO Brian Armstrong noted last week that the company was adding 50k customers a day in 2017. Furthermore, according to a May 2018 report in the Washington Post, Coinbase now has over 20 million accounts, outpacing longstanding industry stalwarts such as Fidelity Investments and Charles Schwab. This rate of growth, combined with its new focus on custody and other services targeting institutional money, turned Coinbase into one of a handful of “structurally significant” companies in the entire crypto industry.

However, while attention has been focused on its trading and investment activities, Coinbase has been quietly working on another key initiative that has the potential to be even more consequential. Originally announced in April 2017, Toshi was built to be mobile crypto wallet and browser for distributed applications on Ethereum. Included in the initial announcement were plans for a strong identity component, complete with a reputation system for individual users. There were even aspirations to integrate uPort, ConsenSys’ native identity system for Ethereum into the project.

All of these developments follow the blueprint first offered in Brian Armstrong’s “Master Plan”, which at maturity would culminate with the completion of a natively open and distributed financial system. The first step was the creation of open protocol layers such as Bitcoin and Ethereum, the second is building exchanges so that consumers and institutions could get easy access to cryptocurrency. Step three is the browser with a friendly user interface, and the final piece of the puzzle would be the creation of distributed applications that would replicate many of the services in use today (loans, identity management, remittance, merchant processing etc).

In the last week Coinbase made some big news concerning its identity initiatives, namely the announcement that it acquired the team behind Distributed Systems, a startup that focuses on the integration of blockchain-based identity systems and distributed applications. Coinbase will merge this team into its ongoing identity initiatives, with some joining the mobile wallet team and others will begin work on an effort to build a “Login with Coinbase” function for its browser. If successful, it would enable users to easily authenticate themselves to various apps on the Ethereum blockchain, which is a significant pain point from a user perspective in crypto.

Being able to maintain a persistent identity across the web is critical to how users interact with web-based applications today.  Imagine for a second that services such as “Login with Google” or “Facebook Connect” did not exist. In this scenario, users would be forced to maintain a different username and password for every single service provider that the individual engages with. While there may be some security benefits with this approach because it eliminates the honeypot scenario – notwithstanding the specific technologies and procedures that a particular entity uses to protect its data – overall it limits utility to the user because this system is unable to provide a user with a holistic view of its attributes, preferences, and data. These pieces of information are critical to offering individuals unique and customized experiences online.

However, in this situation the GAFA companies (Google, Amazon, Facebook, and Apple) have created an oligopoly around the personal data economy, becoming sticky to the point that once users sign up it is difficult to leave, and barriers to entry are too high for most would-be competitors to enter the space. Aside from the security challenges that these centralized solutions present, such as Yahoo’s hack in 2017 that impacted 3 billion users, there are significant privacy concerns with this type of arrangement.  For instance, since these companies have now become market makers within the digital economy, users often have little choice on whether or not to accept their privacy policies. They are also limited in their ability to set the terms and conditions for which their data will be used, or share such data on a granular basis.  Furthermore, as long as the Internet exists as currently constituted this is unlikely to change.

This is where blockchain can come in.  Services such as ConsenSys’ uPort, a “Login with Coinbase” feature, or protocols being built by member organizations of the Distributed Identity Foundation (a mix of key enterprise solution providers, leading startups, and consulting services) offer the potential for users to achieve a state known as self-sovereign identity. In this scenario users create and manage their own identities, private keys and attributes, so they can interact with applications on terms they dictate. Furthermore these self-sovereign identities can be utilized to collect key attributes for verified providers, such as a DMV, who can verify that an individual is a certain age without having to disclose any more information than is necessary.

This scenario has the potential to invert the way that we as individuals interact with the Internet today. That said, it will be interesting to watch how Coinbase builds this product and commercializes it. Whether by accident or on purpose, Coinbase has become a ubiquitous and centralized provider of crypto services, and as a venture-backed company they have an obligation to drive value for their investors. Regardless of how one feels about the legality of ICOs, one benefit that they do have is that once founders complete their sales – often it is the only time they will need to raise money, so they do not have to answer to anyone else regarding strategy. This is not true for firms like Coinbase.

All of that said, Coinbase is taking positive steps to protect user privacy, such as enabling individuals to keep their private keys on their mobile clients, which is different to how their exchange services operate. However, this does not preclude or future-proof their unique ability to track user finances and activities in order to offer customized deals, services and offerings to their consumers, even if this is not on their radar to this point.

Remember, this is the same argument that Facebook CEO Mark Zuckerberg made when he testified in front of Congress earlier this year. He claimed that Facebook was simply a project that he started in his dorm in order to help people connect. However, if one looks at the history of product rollouts and acquisitions, from its Wall to WhatsApp and Oculus Rift, it is clear that despite its benign origin story, the company is making concerted efforts to keep users engaged with its platform in order to drive advertising revenue.

WASHINGTON, USA – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. He faced consistent pressure from lawmakers and representatives regarding Facebook’s failures to protect privacy as it expanded. (Photo by Yasin Ozturk/Anadolu Agency/Getty Images)

It would be a shame to see “Login with Coinbase” lead to the same thing happening with Coinbase.

Fortunately, this does not have to happen. But to avoid this fate it will be incumbent upon executives and product managers to continue to have open and bi-directional dialogue with their customers about privacy concerns, as nobody can predict how this industry will evolve or technology will be used.

Input your search keywords and press Enter.