Aleo will go live in the coming weeks. Alex and Howard discuss privacy regulation
1. About the mainnet launch:
PANews reported on January 26 that according to The Block, the programmable privacy network Aleo will be launched on the mainnet in the next few weeks once the last few loopholes are resolved. Alex Pruden, executive director of the Aleo Foundation, said that the third phase of testnet three has just been completed and listed a list of vulnerabilities we discovered during this process. The vulnerabilities were discovered through six audits and two bug bounty programs. After the mainnet goes online, Aleo Systems will relinquish all control of the Aleo network, which will operate independently of its founding company, similar to other decentralized systems such as Ethereum.
2. Privacy supervision issues:
On January 18, when Alex and Howard participated in a ZK podcast at the same time, they once again expressed their views and opinions on privacy regulation.
Question:
I want to switch gears a bit and talk about privacy, which is obviously at the core of the Aleo project. Howard, privacy was kind of like your topic goal when we first spoke on this podcast. When Aleo was founded, we always focused on privacy. I know that in our field, in the ZK field, there are many teams that may start with privacy and eventually target expansion. As far as Aleo is concerned, you have always insisted on privacy. I’d like to talk about your personal and maybe corporate views on privacy if there’s any development on that front, especially now that we’ve got some ZK products out in the world. In particular, Tornado is considered a dangerous form of privacy, at least by the U.S. government. I wonder if this has any impact on your views on privacy. So tell me about the evolution of Aleo’s views on privacy.
Howard:
Yeah, so when we first talked about Aleo in 2020, the idea was actually to make the entire system completely private. What we’ve learned through this journey is that it’s really more about a spectrum of privacy and you want to provide a developer platform that can provide everything from completely public to completely private depending on your needs. Developers hope so, because there is some information you absolutely want to make public and other information you absolutely want to keep private. I think the classic example is in governance where you want the vote to be kept secret but you want the count to be made public, right? So key information related to it is publicly viewable by all parties, and we’ve really doubled down on its flexibility.
Therefore, in the early days of Aleo, each application’s state was completely private. Just like there is no concept of public state, there is no concept of hosting public state on-chain. Even with some of the newer platforms like zkApps, I think on the new Mina platform, it’s still the model where you have complete privacy in this area. We realize this is a huge challenge as many applications require some form of public verification. Therefore, we introduce the concept of public and private state into programming languages, stacks, and chains so that we can host them there. What I’m saying is, from a Tornado perspective, I really think it’s time for people to realize that ZK can be used for good and it can be used for bad. This is exactly the same point that technology shows us. Just like no new technology can escape this argument.
I mean, if you look at Napster and Spotify, you’ll find the same end goal, but very different ways of getting there. correct? Some people say, let us avoid, let us circumvent. The other says, let’s be compliant, let’s be integrated. I think what Aleo is trying to do is very much like the Spotify story, which is say, let’s take this approach to using technology to achieve compliance and show you how to integrate it into a stack that can be used in real-world applications program. I think Tornado goes very fast. This is the first approach and it was the early waves that showed you how not to do this. But I think there’s a real opportunity to provide you with stronger attestations and credentials than your existing Web2 stack.
Alex’s point about identity is a good one, we can actually use this technology for good, and it’s almost necessary to provide that. I mean, I mentioned in my last podcast that one of the big challenges with Web3 payments today is that every time you make a transaction, you’re giving away all your information, including your identity. If you’re planning on using this for real-world payments, I guarantee you that this won’t stand up to banking privacy laws or any kind of web compliance like GDPR or CCPA. There is no way to erase this information. This is a classic example of the UI/UX journey being broken. If I just want to buy my spouse an anniversary gift, then the fact that we’re married means I probably know my spouse’s wallet address, right? I can look up and see, when did you remember our anniversary is coming up? How much did you spend on my anniversary gift? Where did you buy this gift?
It just tells you that the UI/UX is broken. If this is how we use USDC in the real world in 5 years and 10 years, I’m sorry but I won’t be able to use this technology. I think I’d rather stick to the traditional banking track because there’s value in it. It’s just, that’s not the right user journey. I think that’s where privacy really opens and opens up for us. It’s the ability for developers to provide privacy where it’s needed, and I think it’s a fundamental piece that’s missing in the programming stack.
Alex:
Yes, exactly. I think the USDC example is great because in every cryptocurrency business group I attend, my favorite question to ask is how many people here get paid in cryptocurrency and inevitably a few people will raise their hands, but they There are few contracts available, but the vast majority of people working in this industry are paid through the traditional banking system. Why is this happening? Because disclosing your salary is just socially, in most places, not something people do, right? So even the people who are building this technology are basically not going to use it because it’s not proprietary, right? This is an example of privacy being taken for granted. I think some people would say, oh, no one cares about privacy. They absolutely do. If they didn’t, they’d be posting their salaries everywhere, but they don’t, right?
But of course there has to be a balance. That’s I think the important point I want to take away from what Howard said is that this technology, the technology itself can be used for bad things or good things, but I think the advantage of having a very rich technology is that it can enable a lot of different things You can find the right balance, right? You can both protect children online with a strong age verification framework and prevent terrorists from using that framework to launder money, right? By using the same technology. ZK can basically be used for on-chain KYC payment, right? For each stage of the payment process, payments above or below a certain amount can be defined as the regulator or issuer wishes, right? So I think that opens the door to…actually, I think, stronger regulation in some aspects, right? Because not only does it provide more privacy for individuals and therefore more protection, but it also provides potential regulators, legislators and existing agencies the ability to define, hey, what do we consider legal or compliant of? Then you can write a program that basically proves you’re compliant. So you get the best of both worlds, which is unique to ZK.
Question:
Have you read Vitalik’s article about the return to cypherpunk? How do you square that with the origin story of cryptocurrency? And your origin story, Howard, I just remember a few years ago you were very insistent on privacy first. Do you think anything has changed here?
Howard:
From my perspective, I’m doubling down on privacy. I think this is an underutilized feature in cryptocurrencies. We haven’t realized how bad it is because we’ve been living in a bubble where real-world applications don’t exist. When you don’t have real-world applications, you won’t have real-world impact. Without real-world impact, people wouldn’t realize that privacy is still a necessary feature and a necessary feature. I think this is exactly the point that Alex made in terms of the identity use case and the payment use case, that if we really want to use this technology with real people, we need to have a form of privacy, a concept of privacy. In the real world. This is something I continue to echo and something I continue to feel strongly about. I think the Tornado Cash example is honest and a good example of what can go wrong when you don’t respect technology.
This is an opportunity for us to go in another direction and actually show people and policymakers that, in particular, this is a very enabling technology and I can start doing inspections that previously could only be done in audits and after the fact, and I can now let you For compliance purposes before taking action. And these types of rails can be used to keep the action on the door and guard it. I think this is a huge opportunity and once regulators realize this, I think this will grow like wildfire.
Question:
Let’s move on to this regulatory concept. So, I just think that when Tornado happened, there was this kind of self-evaluation in the ZK space. Many teams have to make certain decisions. I think you’ve described how regulators are almost able to use an Aleo-like system, but how do you talk and think about your relationship with regulators as a cyber person? Have you ever had a conversation like this?
Alex:
Yeah, I can accept that because a big focus of the Aleo Network Foundation is to be stewards of the network and encourage its use in a positive way, right? For example, we will not encourage its use for bad behavior, such as breaking the law, and in fact, we will use all the power we have to actively suppress this behavior. But I want to clarify here, going back to the first thing we said, this is a decentralized network. There’s not a server in the closet running it all. correct? It’s like Bitcoin, right? So it’s not just our network. It has to be a collective community effort to ensure this. correct?
So we as a foundation are absolutely committed to doing that. Of course, we’ve had an impact in a lot of ways because a lot of us worked on Protocol and we have great minds like Howard, who will continue even though he’s the CEO of the company, he’ll continue Serves us as a member of the Foundation’s Technical Advisory Board. So I think we have influence, but at the end of the day, our relationship with the network is that of stewards rather than owners. To me, that’s a very, very critical part. A, because I think, I don’t want anyone to misunderstand that we can do anything unilaterally, right? Because that’s not the case. B, because I think that’s actually what we want. I think the promise of blockchain technology is that you own these communities, it’s community ownership, right? It’s like the optimistic, techno-optimistic vision of open source software, right? But instead, everyone who owns it can essentially realize its value as it grows.
So, yes, we’ve been thinking about how to engage all the communities, including regulators, policymakers, everyone, because I think what Howard said is true, right? This is of huge value to regulators. For example, I think if you were designing a CBDC, you obviously wouldn’t want to give away all the bank account information of everyone in your country, right? You really need to think about this, right? And then maybe you’ll issue it, I don’t know, maybe that’s too optimistic, but maybe in 5 years, someone will issue a CBDC on Aleo. I think this could be a good use case.
Yeah, that’s my take on it. The last thing I want to say, though, is that, frankly, people are scared of the concept of privacy. They see people in jail. I think it just shows that this is serious technology. I think people shouldn’t be afraid of building this technology, but people should also take it seriously because of how the impact, I like this quote, is like no application, no impact. I mean, privacy technology has real applications and has real impact, right? I think we have to take this space seriously. This is important technology worth spending time on and worth building.
