Earlier this year, Buzzfeed journalist Katie Notopoulos unmasked the two main founders of popular, celebrity-lauded non-fungible token collection Bored Ape Yacht Club.
The senior technology reporter argued that uncovering the men behind the wildly successful, $2.4 billion simian art collection was justified on the grounds of holding powerful businesses accountable. Others, including vocal members of the Web3 community, disagreed.
In its investigation, Buzzfeed failed to find any red flags, such as criminal history or extreme political leanings, but still went forward with publishing the founders’ identities.
The State of Anonymity in Web3
Although the Bored Ape founders engage pseudonymously as Gordon Goner and Gargamel with online communities, their real names are listed on public-facing business documents that register the company as a limited liability company in the state of Delaware. In the event of reported illegal activity, the government had access to their identities the entire time.
Regardless of discerning right and wrong, the event points to a worthy conversation: What role should anonymity play in Web3?
Rethinking Privacy in Web3
Digital personas have played a fundamental part in cyberspace — from cringey, instant messenger screen names to “catfished” MySpace profiles — since its inception. As the web has matured, its vast, endlessness has been staked out by a handful of centralized platforms owned by just four companies. Google, Meta, Apple and Amazon happen to know nearly everything about us, creating the impetus for a decentralized, sovereign internet.
Ironically, to be lesser known in Web3, you have to first identify yourself. The radically transparent nature of blockchain is what establishes its trustless and permissionless operations. Because everyone can see each transaction taking place, there is no longer a need for a central authority to verify accounts or activity. By facilitating autonomy amongst users, it allows them to choose how they will — and will not — be identified while also holding them accountable for their activity via the public ledger.
The introduction of Web3 technologies has flipped the script on our concepts of identity and privacy. On a blockchain, they are no longer forces working in opposition. Instead, an identifier can actually grant a user personal privacy without compromising public trust. After all, we still do not know who Satoshi Nakamoto, the pseudonymous creator of Bitcoin, actually is.
In this way, a pseudonym is emblematic of Web3’s overarching purpose — instating users with autonomy over their online presence.
Understanding Anonymity vs. Privacy
With that being said, there is still an overhanging stigma associated with bad actors using anonymous accounts as a shield for unethical behavior such as hacking, rug pulls, pump-and-dump schemes and insider trading. Without detection, anonymity is a gateway to money laundering made easier and financial terrorism — with a few crypto platforms already being used in these ways.
Whether anonymity should be considered a best practice is the trial and error of today’s pioneering platforms. As identified in a Medium post by decentralized cloud computing network CUDO, the Bored Ape reveal may serve as a continuation of the ethos that spurred cypherpunks, Nakamoto and crypto natives: a commitment to taking part in a community while remaining in complete control of your online presence.
“Depending on how [the metaverse] is constructed and the imperatives that guide it,” the post reads. “The metaverse could either be the next step in totalizing web surveillance or a liberating moment for the construction of our digital selves.”
What’s the Difference? Anonymity vs. Pseudonymity
As we know it, the Web3 space runs pseudonymously. This is due to the transparent nature of a blockchain — users can always be traced back to the alphanumeric key tied to their public wallet. Pseudonymity is the ability to act in a way where a user can be identified, but the identification itself still shields the user behind the screen. For example, the majority of NFT community members exercises pseudonymity by using obscure Ethereum name service addresses and art as avatars.
This is not to be confused with anonymity on the internet, which remains to be a topic of contention in cyberspace. While some claim anonymity a regular practice in their online habits, others limit anonymity to a concept, impossible to be absolutely achieved. The safest frame of mind considers anonymity in levels but as long as there is a connection between a machine to an internet service provider, there is always a link that can be traced.
The blockchain-based applications of Web3 do not allow — at least at the user-facing level — the coverage enjoyed by Twitter trolls and cyberbullies on Web 2.0. They do, however, allow users to navigate platforms without capturing every piece of personalized data attached to every click.
Online activity that cannot be pinned to a precise IP address or tracked by back-end GPS data is the closest someone on the web can get to being truly anonymous. Relative anonymity — masking IP addresses with a virtual private network, communicating through end-to-end encrypted platforms and exclusively using private search engines with anti-tracking browser extensions — oftentimes suffices for most.
Per the Supreme Court, anonymity is a reasonable expectation for users who wish to virtually remain unknown. Justices stated that anonymity is a “shield from the tyranny of the majority” and serves as a vehicle “to protect unpopular individuals from retaliation ... at the hand of an intolerant society” in the 1995 ruling of McIntyre v. Ohio Elections Commission.
On the other hand, those harmed by unlawful anonymous speech — defamation or misappropriation of trade secrets — also have a right to seek compensation for injury by requesting a subpoena of an anonymous or pseudonymous user’s ISP information.
Who Decides Who Gets to Stay Anonymous?
The outed Bored Ape founders said that Notopoulos identified them against their will, albeit through completely legal means accessed via public record.
With enough interest, connecting the dots of a user’s online presence can be fairly easy in this day and age — nudging other major Web3 players in a different direction.
Teddy Cleps, a co-founder of blockchain educational hub YellowBlock better known as Crypto Freak, chose to mesh his likeness with his Web3 accounts from the start. He later realized it as a strength, saying it only added credibility in a world made up of cartoon avatars. Aside from mild security concerns and targeted attacks to his spam email address, he’s reported relatively low conflict while growing his Twitter audience, now at 147,000 followers.
After a project has taken off, some creators opt to disclose their information for various reasons. They may want to bridge trust with their community or as a defense mechanism, doing so on their own terms if they suspect to have become the target of an open hunt.
In the case of pseudonymous developer Zagabond, an act of good faith blew back in his face. Written in a blog post titled “A Builder’s Journey,” the Azuki co-founder unveiled his heavy hand in three failed projects — CryptoZunks, Tendies and Phunks — that were presumed rug pulls. (A rug pull is an exit scheme, where a developer attracts enough investors to pour money into a project with plans to jump ship before launch.) Within 24 hours, the Azuki floor price was cut by nearly two-thirds and he lost troves of support within the NFT community. In response, Zagabond cited “a lack of product-market fit and a disconnect between creator-consumer expectations,” which didn’t help his case or that of anonymous founders at-large.
January struck another loss of confidence in the cryptoverse when it was revealed that the treasury manager behind Wonderland, a cryptocurrency exchange platform, was linked to guilty fraud charges. The alias 0xSifu was linked to Michael Patryn, a co-founder of QuadrigaCX, which was a Canadian exchange — exposed as a Ponzi scheme — that collapsed in 2019 after its founders disappeared with $169 million.
Patryn’s criminal history included credit and bank fraud in 2005, which predated burglary, theft and computer fraud charges in 2007. One year before the downfall of QuadrigaCX, he and his partner “lost access” to $115 million in customer funds. Patryn served 18 months in federal prison. In light of the news, the price of the Wonderland token, TIME, crashed overnight.
“Sometimes it literally pays to be anonymous, not just with monetary reasons, but with your freedom.”
Without proper regulations in place, de-anonymizing crypto users may serve as a last resort for watchdogs when they detect suspicious activity.
An investigation by CoinDesk found that two brothers, Ian Macalinao and Dylan Macalinao, used 11 pseudonymous developer profiles to “make it look like a lot of people were building on [the] protocol.” The army of anons then enlisted a Sybil attack, double-counting value accrued on stacked protocols, which temporarily inflated Solana’s value by $7.5 billion.
Acts like this are rarely few and far between. Scammers stole a record $14 billion in cryptocurrency in 2021 alone, according to blockchain analytics firm Chainalysis.
“I don’t think anonymity is impacting the Web3 space positively,” Mark Fidelman, founder of decentralized finance marketing firm SmartBlocks, said.
Fidelman hosts the podcast Cryptonized!, where he regularly contributes to the live Web3 narrative in his interview with crypto natives. From these conversations, Fidelman measures a consensus. He recognizes that there are legitimate reasons to operate under an alias. For example, as hospitals amend medical records to newly adopted blockchain technologies, safeguards — such as an alternate identifier — must be in place to protect medical records so as to not violate HIPAA laws.
“Sometimes it literally pays to be anonymous, not just with monetary reasons, but with your freedom,” Fidelman said, noting the countries that outlaw crypto trading and the general, Wild West landscape of Web3. “For the most part, people are afraid of their governments. … We’ve seen people locked up and charged because of a law created out of thin air.”
Fidelman looks forward to common-sense regulation. In his mind, it’s drafted as an offshore, independent trusted body that would verify accounts, enabling pseudonymity in a way that doesn’t harm the credibility of the entire industry.
The Argument for Pseudonymity
Given the highly public nature of blockchain — essentially a window into your wallet and transaction history — nickname handles next to animated profile pictures are a common practice in Web3. Here are a few reasons why that is.
Pros to Online Pseudonymity
- Freedom of speech
- Builds trust in a trustless environment
- Nurtures a culture of consent
- Returns to cypherpunk ethos
- Psychological restart
From a practical stance, maintaining a level of anonymity online prevents hackers from accessing sensitive information. This includes credit card transactions, passwords, banking information and personal information that paves the way for identity theft.
As an added benefit, keeping basic information offline — like name, gender, age, location or profession — can shield a user’s personhood from direct online harassment or being tracked in a real-world pursuit.
In the context of a cryptocurrency economy, users meet every security precaution to protect their digital assets from prowling hackers. This extends to real-world worries, with consistent reports of aggravated assault targeting notable influencers and deep-pocketed holders.
Freedom of Speech
Historically, the web has served as an open forum for people to voice their opinions, including those most controversial. Anonymity can allow a user to air unpopular opinions with a reasonable expectation of protection and an opportunity to inspire awareness.
Builds Trust in a Trustless Environment
Sounds antithetical, but hear us out. The nuance between privacy and pseudonymity is important to recognize here. Privacy allows a user the ability to keep things to themselves, while the latter allows others to observe a user’s online activity, albeit indirectly. Privacy is what users crave when they’re surfing websites “not safe for work” whereas pseudonymity is made of use by whistleblower types, who want their identity protected but their voice heard. When enlisting pseudonymity, users can build an online reputation without it following them into everyday life.
Nurtures a Culture of Consent
Pseudonymous personas equip users with autonomy over their privacy in a decentralized setting. They act as a protective layer between personal information and the public, allowing the user to choose how much of themselves they want to reveal on the internet. Reframing privacy around consent may be a new concept made possible by a decentralized internet, as custody rights over personal data return to their rightful owners — the users.
A Return to Cypherpunk Ethos
Cyber revolutionaries are perhaps more comfortable tracing the role of anonymity and pseudonymity back to an ethical code amongst coders, outlined by cypherpunk movement forefather Eric Hughes in his 1993 manifesto. Cypherpunks are code-writing activists that see the widespread use of strong cryptography and privacy-enhancing technologies as the way to social and political change.
In his paper, Hughes dreams of a sovereign internet kept by its users. They take responsibility in its maintenance, keeping information free, carefully encrypted and accessible to all. Many of Hughes’ decades-old descriptions — “anonymous transaction systems” — have only recently been made a reality. Building anonymous systems with blockchain-like technologies, he says, is how privacy can be permanently restored to our social contract “for the common good.”
Detached, online identities can serve as a form of self-expression or a type of psychological restart. It allows users to explore a virtual self, unbounded by physical limitations or bias. For example, members of marginalized communities may be able to escape or speak out against prejudice, discrimination and harassment while also gaining access to certain opportunities intentionally obstructed from them.
Others may simply seek to reinvent themselves — more than they already do on social media. The digital self concept revisits what we learned about the human psyche from cultural phenomenons like The Sims and Second Life, allowing users a virtual shot at reality.
Regardless of the motive, pseudonymity may be an average user’s best bet when navigating blockchain networks designed to record their every move, publicly and permanently.
Possible Solutions for a Safer, Decentralized Web
Actors — good or bad — require regulation. What regulation looks like in a decentralized context is still being hashed out. Luckily, the race to Web3 has inspired solutions among leading innovators.
Before Phillip Shoemaker became the executive director at Identity.com, a non-profit focused on KYC compliance and transparent identity verification, he was the director of the app store at Apple.
“Once people knew what I did at the company, I had stalkers,” Shoemaker said. “I had people waiting for me by my car at night. I had people tracking down my house. Death threats. It got really bad.”
Shoemaker ended up buying his own identity off of the dark web for $5. When he moved on from Apple and into the crypto space, Shoemaker shifted his focus on extracting identity-thieving honeypots from a decentralized context.
He knew that, even in a highly regulated environment like Apple, rogue clients re-entered the space all of the time, registering under a different name until further violation.
Operating via the Civic token, Identity.com relies on a protocol known as identity staking. This system provides certifications to a user after their credentials have been verified rather than having to directly exchange personally identifiable information peer to peer. Once the personal information is verified, the data is immediately washed from the system.
“This way we can at least provide a little bit of data, kind of like a background check, to let people know that the company they are investing in are not money launderers, there’s no criminal record. We can give them some sort of peace of mind,” Shoemaker said. “I want to encourage pseudonymity so people don’t have to travel with security details.”
Self-regulatory organizations like the Global Digital Asset and Cryptocurrency Association are being established to guide the evolution of Web3 technologies within a regulatory framework designed to build public trust. The idea here is that the more integrity built into blockchain-based applications, the more growth and scalability will be experienced by the market. At this stage in Web3’s infancy, the misstep of one app impacts the reputation of all.
“This isn’t just about giving [the] industry the right to regulate itself; it’s about creating a system that protects everyone and works in the public interest most effectively, and most efficiently,” CEO of Global DCA Gabriella Kusz told Built In. “That’s the other piece of the puzzle that needs to fit in order for this to work.”
Kusz explained the five phases to a better regulated decentralized economy:
- Phase one sees protocols establish general standards and guidance.
- Phase two takes on the educational aspect, training developers on how to implement the set benchmarks.
- Phase three focuses internal movement within firms, building capacity to create policies and procedures that align with the standards.
- Phase four features a pilot system rollout, to inspect for flaws.
- Phase five covers the action that follows once the foundational layer is constructed. At this stage, firms are given a chance to put protocols to work, usher in industry stewardship, accrue economic growth and develop a system of enforcement.
“You don’t want to crowd out opportunities for growth and development in an industry,” Kusz said. “But you do want to start to get as many people building in the right direction as possible.”
The awkward growth spurts, wherein companies at full scale are being built out in beta versions amid overlapping market phases, are a necessary step in getting past a flimsy chapter of reactionary regulation toward one stabilized by anticipatory standards.
“The goal is not to catch people doing things wrong — it’s to prevent people from doing things wrong in the first place,” Kusz said. “My goal is to build, not to shut things down.”