How zero-knowledge proofs enable privacy-focused Web3 social networks to ensure secure communication and decentralized identity control.
0
Zero-knowledge proofs (ZKPs) have been the foundation behind many privacy coins, including Zcash. Zcash used zk-SNARKs to make crypto transactions fully private, unlike Bitcoin.
However, ZKPs are finding themselves in the limelight again for their more innovative implementations in Web3 social apps for ensuring social network privacy and a trust-first model.
These decentralised social apps target the exploitative model of Web2 social apps, which collect, use, and sell user data without full consent and invade their privacy. Scandals like the Facebook-Cambridge Analytica, Equifax breach, and The Work Number have proved that Web2 apps cannot be trusted as the next internet of value and identity.
ZK proofs work on mitigating these factors at the infrastructural level, giving users freedom of expression without jeopardising their privacy. But what are knowledge proofs, and why are they important for social network privacy? Let’s find out.
The privacy paradox can be described as a contradiction or dichotomy where social media or e-commerce users crave community yet desire anonymity.
A research paper by Susanne Barth and Menno D.T. de Jong explains, “𝘸𝘩𝘪𝘭𝘦 𝘮𝘢𝘯𝘺 𝘶𝘴𝘦𝘳𝘴 𝘴𝘩𝘰𝘸 𝘵𝘩𝘦𝘰𝘳𝘦𝘵𝘪𝘤𝘢𝘭 𝘪𝘯𝘵𝘦𝘳𝘦𝘴𝘵 𝘪𝘯 𝘵𝘩𝘦𝘪𝘳 𝘱𝘳𝘪𝘷𝘢𝘤𝘺 𝘢𝘯𝘥 𝘮𝘢𝘪𝘯𝘵𝘢𝘪𝘯 𝘢 𝘱𝘰𝘴𝘪𝘵𝘪𝘷𝘦 𝘢𝘵𝘵𝘪𝘵𝘶𝘥𝘦 𝘵𝘰𝘸𝘢𝘳𝘥𝘴 𝘱𝘳𝘪𝘷𝘢𝘤𝘺-𝘱𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘣𝘦𝘩𝘢𝘷𝘪𝘰𝘳, 𝘵𝘩𝘪𝘴 𝘳𝘢𝘳𝘦𝘭𝘺 𝘵𝘳𝘢𝘯𝘴𝘭𝘢𝘵𝘦𝘴 𝘪𝘯𝘵𝘰 𝘢𝘤𝘵𝘶𝘢𝘭 𝘱𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘷𝘦 𝘣𝘦𝘩𝘢𝘷𝘪𝘰𝘳.”
Users have an understanding of the risks involved and a greater awareness of privacy protection strategies, but these aren’t sufficient motivators for actual protective behavior or the application of strategies.
Web2 social media networks like Meta, X, and TikTok capitalize on this paradox. Social media users easily share private information if they are getting some retail value or personalised services in return.
For instance, privacy provisions like limiting wall post access, sending private messages, and restricting photo tags are superficial and ineffective. Whenever a user is setting up their profile, sharing photos and texts, or even using the app, these third parties map all the user data and behaviour in the background.
These social media apps own all user data and have often indulged in the misuse and sale of this information to third parties. The Cambridge Analytica and Facebook scandal involved the compromise of personal information from more than 50 million user accounts.
The paradox finds that despite privacy concerns, users don’t restrict themselves from sharing information on social media. Even a simple sign-up today involves information sharing.
The question persists: Can trust exist without information sharing?
Web2 continues to exploit users. But Web3 has found the answer in ZK rollups.
Web3 makes the internet more open, user-centric, and secure, but the information flow on public blockchains requires stronger mechanisms for user privacy.
ZK proofs allow systems and networks to be built on a trust model without sharing the actual information. ZK proofs, or Zero Knowledge proofs, are cryptographic protocols that allow one party to prove to the other the knowledge of a piece of information without exposing the actual information.
For instance, signups on a social media platform can be made with decentralised identities (DID) based on ZK proofs. The DID may contain important government documents or certificates. The ZK proof hides these critical documents while supplying the platform with the cryptographic verification that the information provided is true.
Also Read: All About Blockchain Rollups
Let’s take an analogy to understand better.
Debora drew a red card from a stack of 52 cards. She cannot reveal to Simon which specific red card she has drawn, but she needs to prove to Simon that the card drawn is indeed a red one.
Debora has a clever way of proving the fact to Simon.
Simon only knows she drew a card from the stack, which is kept face down before him. Debora takes the 51 remaining cards and shows Simon all 26 black cards one by one.
Since Simon now knows all 26 black cards are intact in the stack, he can conclude that Deborah must have drawn a red one.
That’s how zero-knowledge proofs work. The card could have been any of the 15 hearts or 16 diamond cards. Simon gets ‘zero knowledge’ about Deborah’s card, but he knows she has a red card.
Zero-knowledge proofs have three main features:
ZKPs can preserve user privacy and lend them control over the information they share and with whom they share it, while maintaining complete trust and security. This privacy-preserving nature makes ZK-based messaging a true fit for social networks.
ZKPs can handle various aspects of social networks to lend privacy, security, and trust:
ZKPs can be used to prove that the user is a human and not a bot without the need to reveal any biometrics or personal data. ZKPs also promote sybil resistance and data leaks prevention.
Communities remain authentic with real human users and no fake accounts.
A real-world example of ZKPs providing proof of personhood is the Worldcoin project. The platform scans the irises of users and assigns them a World ID. This digital identity employs ZKPs. Users can use their World IDs to verify their identity without revealing their iris or any personal information.
However, Worldcoin has often been criticised for posing centralisation and single point of failure risks.
ZKPs can be integrated into badges or proofs of contribution, reputation, or membership. These verifiable credentials are great engagement tools for social media users, who feel rewarded for their contributions.
ZKPs, here, verify the eligibility of users for the membership/reward/badge, while preserving user privacy.
Sismo is a zero-knowledge protocol that lets projects define a data group, for instance, donors of a particular Gitcoin grant. Reciprocally, users interested in the private group membership can produce a ZK proof of membership and get entry to that group.
The system mints a ZK badge if the proof of membership is valid. The ZK badge to import history, prove membership, or get access. Sismo offers zkConnect, an integration that allows other apps to accept verifiable Zk attestations from users for secure login and verification.
ZKPs enable users to maintain their identity privacy and selectively prove any aspect of their identity, including name, age, nationality, membership, etc., without disclosing other sensitive information, documents, or revealing any identity linkages.
Polygon ID is a platform providing self-sovereign identity (SSI) built on ZK proofs on demand. Users can easily generate proofs from verifiable credentials stored off-chain. These proofs are capable of interacting with smart contracts while preserving user privacy. Such proofs are called interactive proofs.
Polygon ID can be used for reusable proofs for KYC verification, gated access to DAO membership, passwordless communication, anonymous voting, and the reuse of credentials across apps. For instance, you won’t be required to prove again and again whether you are a teacher or musician.
FYI: Non-interactive Zk proofs allow one-time identity verification using a single message, and no further communication between the prover and verifier. Most ZKP use cases for social media concern only interactive ZK proofs.
Citadel on Dusk Network is also an SSI-based platform that users can use to store rights and prove ownership in zero knowledge.
Although ZK proofs promise a privacy-first online world where user ownership and trustless verification preserve user autonomy, the market, technical, and regulatory hurdles have prevented their adoption on a large scale:
ZKPs go against the way compliance has traditionally been verified. Don’t you remember how, every time you needed to prove your identity, whether online or offline, you were asked to submit your social security number, passport, or driver's license, etc.?
The authorities use actual data to enforce anti-money laundering, child safety, and other safety protocols. ZKPs rely on concealment or selective disclosure of confidential data, which goes against the norms.
If ZKPs are to be integrated in social platforms and online systems, frameworks need to be evolved to recognise verifiable proofs as legally valid. Steps are being made in this regard.
A few authorities have started promoting the use of DIDs for verification. The MiCA and US Digital ID pilots hint at solutions, but large-scale efforts are missing.
We talked about the privacy paradox earlier, which explains how users trade off their privacy and security for convenience and personalised services. Similarly, if a tool promises high privacy and security, but it feels complicated, most users won’t opt for it.
User experience is probably the biggest hurdle the Web3 industry, including ZKP-led apps, is currently facing. A Web3 app requires users to manage digital wallets, sign proofs, and navigate on-chain interfaces. Decentralised social networks that use ZK proofs require wallets to just post or verify, manual proof generation, and use complex jargon, which isn’t everyone’s cup of tea.
To match the seamless user experience that Web2 social apps offer, Web3 developers have to hide the cryptography and let ZK proofs run silently in the app background like an invisible security and blockchain identity layer.
The Worldcoin project can be a good example of how monopolistic practices can harm user sovereignty in the long term, despite ZKPs. When a single organisation controls identity issuance, biometric capture, key management, and the entire registry of user credentials, even ZKPs’ promise of preserved on-chain identity and censorship resistance can be undermined.
A single data leak can expose sensitive data of millions of users, or a change in gatekeeping rules can make such an entity a pseudo-owner of your own data.
ZKPs have travelled far, from being a conceptual framework in academia to becoming the tour de force behind privacy-first,trust-led Web infra. Real-world applications like Polygon ID, Worldcoin, Sismo, Citadel, etc., have built ZKP-led systems from scratch, which can be added as integrations in social networks and payments.
However, the road to adoption isn’t as smooth. Regulations need to evolve to recognise ZKPs as valid substitutes for disclosure. We need UX that hides the wiring. Users don’t need to understand proof circuits. The best ZKP apps will abstract complexity and make the user experience effortless, and privacy will be inherent in the app.
Lastly, information can bridge gaps, shorten learning curves, and support change. Informing users of the idea of digital dignity and its advantages can bring some change into how users perceive their privacy and digital safety.
Lastly, social apps need to redefine the social contract and move away from surveillance to rewarding participation. ZKPs prove just enough instead of sharing everything. That should be just enough in a digital-first era.
Head over to NFT.EU for many such interesting reads and daily news!
0
