Guest post from The Blockchain Badger on Privacy and the problem of reusing seed phrases and private keys across blockchains!
Here’s the Blockchain Badger‘s discussion with the Privacy Platypus about our privacy and public blockchains.
Oh, there you are, P.P. I haven’t seen you for weeks!
Hi B.B., I’ve been keeping a low profile. I’ve been a little troubled.
What’s been troubling you?
Oh, blockchain wallets and wallet addresses. I’ve realised how much privacy we don’t get with blockchain wallet addresses.
Oh, yes, having every transaction you’ve ever done in view of everyone for all time doesn’t have much privacy, I guess.
Yes, that’s true, but I’ve been thinking much about it lately. It turns out it might be even worse than that!
How so? What could be worse than that?
Re-using seed phrases across multiple blockchains: You might not realise how easily your underlying identity can be associated across blockchains, particularly when you start out using cryptocurrencies.
You’re going to have to explain that one, P.P.
We are kicking off with web3 now, and new blockchains abound everywhere for all sorts of purposes: exchanges, NFTs, savings and investments, real-world assets (RWA), decentralised physical infrastructure (DePIN) for VPNs, networks, and compute servers. All sorts of things! You have a wallet on each of these blockchains, and you end up with more and more wallets.
That’s cool. It can be a little cumbersome, but I’ve seen you P.P. You are well organised. You will sort it out!
That’s the problem. I might be better off being disorganised.
How come?
Well, well-organised mammals like me prefer a hardware wallet with a single seed phrase, so every new blockchain I use it on is based on the exact seed phrase.
Nobody gets to see my seed phrase or gets to know any private keys, but for blockchains using Ethereum or COSMOS-style wallet addresses, all these different wallet addresses on different blockchains are all the same number, just represented differently for each blockchain. It is simple to determining what that wallet’s public address would be on other blockchains using the same Ethereum or COSMOS wallet address scheme.
Errrrr, I’m a little lost, P.P.
OK, Consider the COSMOS technology, the “internet of blockchains”. The app chain thesis means a separate sovereign blockchain for each application. Consider just these three blockchains:
- Comos Atom
- Osmosis Osmo
- Stargaze Stars
There are also about 100 more.
Nearly every COSMOS technology chain works the same way – once you know an Osmosis wallet public address, you can easily convert it to the equivalent Stargaze wallet public address. COSMOS technology and Ethereum technology wallet addresses are very simple and transparent. Bitcoin’s multiple (invoice) addresses per wallet is a much better privacy provision. So, with COSMOS and Ethereum wallet addresses, you always reveal the wallet’s unique public address when you interact with another party to make a payment or interact with a smart contract.
I need an example.
So, say you buy or sell an NFT on Stargaze. That necessarily reveals your Stargaze wallet’s unique public address. Anybody researching your Stargaze purchase history can also research your history on all other COSMOS technology blockchains, assuming you use the same hardware wallet (or passphrase or secret key) for all your COSMOS blockchains. So they can see your Osmosis wallet balance, your Cosmos Atom balance, and the balance of ~ 100 other COSMOS technology blockchains. Also, once they see you have an Osmosis Osmo balance, they can check out all the Osmosis transaction history for that wallet address using https://atomscan.com/. It’s not very private, is it?
No, I guess not. And as you said, as we end up using more and more of these blockchains for all sorts of things, the loss of privacy worsens.
Yip.
How can I check wallet balances across many COSMOS technology blockchains?
findaccount works fine at the command line.
You mentioned Ethereum technology chains as well?
Yes, these all use the same addressing scheme, so once you know the address on one chain, you can check the other chains as well,
- Ethereum
- Polygon
- Fantom
- BNB Chain
- Artibrum One
- Optimism
the list goes on.
Just use the https://etherscan.io/address website, enter the wallet address, and press the ‘Multichain Portfolio’ button for the balances on the other chains.
It is the same issue.
What can we do about this P.P.?
I’m not sure ‘Badger. Using separate wallets doesn’t help very much because you always need to transfer funds between wallets, and that will always be traceable, so anybody diligent enough can trace everything. It just makes things more cumbersome without providing any more real privacy. Also, the tools to do this are always getting better. NFT enthusiasts always want to do market research, and the Stargaze websites have many excellent tools to trace things like this. Over time, the tooling will improve, meaning less and less privacy.
This surely will be a disincentive for businesses to be blockchain-first, putting all their transactions on a public blockchain.
Yes, which business will want all their competitors to know everything about their business? DEXs seem to live with it, but most traditional, centralised businesses won’t tolerate that.
App chains may be able to design specific privacy provisions for parts of their application. It will be hard, though, as the DNA of blockchains has been fully open and transparent right from the start. It will be hard to engineer.
Anyway, nice to see you ‘Badger. I better go and think about how to organise my crypto better. Chow.
First published at https://consulting.epatterns.com.au/your-privacy-and-public-blockchains/