2021 seems to be the year that we all accepted the term “Web3” as the way to refer to the collective movements of decentralizing infrastructure and empowering users to be in control. It means the next generation of the Internet and beyond, which includes the tokenization of things for digital management, the utilization of advanced cryptography for increased security and the distribution of control of data and governance. Although the term Web3 might seem new, the concepts are not. Many of us have been working on these technologies for years.
It has been 10 years since Zooko founded Least Authority (in the US) and 5 years since we moved the company’s operations to Berlin, Germany, and I took over the role of CEO and Managing Director. This change enabled Zooko to focus on the Electric Coin Company, which launched Zcash, a privacy-protecting digital currency to empower economic freedom.
In speaking about Least Authority in 2017, I said “Our mission is to build an affordable, ethical, usable, and lasting data storage solution and to let the control of the data stay where it belongs – in the hands of the user. We believe that it requires free and open source software, end-to-end cryptography, user-friendly interfaces, and a sustainable economic model.” This was and is still in alignment with the vision of Web3.
Five years on, we continue to be driven by – and have made major advances towards – our broader mission of building and supporting the development of usable technology solutions and ethical business practices to advance digital security and preserve privacy as a fundamental human right.
In 2021, this included:
- Developing the Web3 infrastructure for storage and file transfer, and supporting access to it for at-risk user groups;
- Helping to expand the use of advanced cryptography in Web3, like zero-knowledge proofs; and
- Strengthening the Web3 ecosystem with our security consulting services.
Development of Web3 Infrastructure
We’ve been working on distributed storage with Tahoe-LAFS since the project was co-created by Zooko. With our soon to be released SaaS product PrivateStorage we aim to make this technology available to more people.
Tahoe-LAFS is a well-known object-capability model (OCAP) project designed to ensure authority is managed by the users, not a centralized entity. Utilizing user-controlled capabilities instead of centrally controlled logins, it provides a fundamental building block of the original vision of distributed systems and is more compatible with other Web3 infrastructure.
In 2021, we advanced the infrastructure development of Web3 by making some important contributions to Tahoe-LAFS through both PrivateStorage and our community contributions to the Tahoe-LAFS project. We continued to plan the launch of PrivateStorage and made significant progress on revamping Magic Folder, the syncing functionality of Tahoe-LAFS. We also supported the Tahoe-LAFS community to port the codebase from Python version 2 to 3 and their participation in the Internews BASICS program. Lastly, we launched the HRO Cloud to offer the benefits of the Tahoe-LAFS, Magic Folder, ZKAPs and Gridsync open source projects as a hosted infrastructure for human rights organizations.
We also advanced identity-less file transfer with our completion of the “Magic Wormhole for All” (MW4ALL) second phase project funded by the EU’s NGI Trust program, in which we are pursuing a product based on the magic-wormhole protocol. We are excited to enable more privacy-enhancing technologies like easy file transfer without the need for users to provide personal identity data. We also participated in and won the best performance award in the NGI Tetra Bootcamp.
Applications of Advanced Cryptography
As illustrated by the Zcash spin-off, our interest in seeing the use of advanced cryptography, like zero-knowledge proofs, implemented in accessible and usable technology are rooted in our long-held belief that privacy matters. Since the launch of Zcash, the premier cryptocurrency implementation of zero-knowledge proofs, we’ve seen more zero-knowledge proofs implemented in blockchain projects as they are essential to achieving the full potential of the Web3 vision.
In 2021, we promoted the use of zero-knowledge proofs by releasing our ZKAPs Whitepaper to share with the world how usage of this advanced cryptography in simple use cases can fundamentally change the paradigm of privacy for SaaS businesses like PrivateStorage. In 2022, we look forward to giving this option to more customers as they seamlessly pay for storage without their payment metadata being related to their use of the storage service.
We also made significant progress on our soon to be published MoonMath Manual about how zk-SNARKS can be implemented to securely scale blockchain-based solutions and offer a new paradigm for privacy.
And throughout this, we continued to offer important security consulting services to our clients and their respective projects. This included three consecutive audits of cLabs’ Plumo Protocol (one of which has been published), an audit of Aleo’s Trusted Setup, and an audit of Loopring’s zk-SNARK Circuit. In addition, we conducted several other zk-SNARK related security audits in 2021 that we hope to share and publish in 2022.
Privacy and Security Matters
Whether advising others working on Web3 through our security consulting services, contributing to the advancement of Web3 technologies or developing our own products, we remain committed to a ‘Security-by-Design’ mindset. We believe security is important for the availability and the integrity of our data and systems, along with the confidentiality of our data — or, as we often say, security enables privacy. With the current efforts of building Web3, we all have an opportunity to incorporate Security- and Privacy-by-Design.
Amid the new contributions brought by the excitement of making Web3 a reality, we encourage the continuation of practices that make security and privacy a priority. As we are building the foundations now, we must ensure they are built to be resilient and incorporate our values of user-control, which requires data privacy to be protected. With this in mind, we decided to launch a Pro Bono Security Consulting Program, in 2021, to help more privacy-enhancing technologies improve their security. The Program was also established to mark the achievement of completing our 100th security audit. This was a major milestone for us as we try to contribute to the overall security of the Web3 ecosystem. In 2021, we were able to publish 27 of these security audit reports.
While a shared term, Web3, may not seem like much on its own, it provides a basis for a shared understanding from which we can all work better together. Least Authority cannot achieve our mission alone — we rely on many others to work with us. From partnering with our clients to engaging with our user communities, we work as part of a larger movement to advance technology in a way we all think makes for a better world. Our efforts in 2021 towards our mission have helped to build a solid foundation for opportunity and growth in 2022, both for us as a company and for the collective Web3 movement.
Let’s work together to advance Web3 in 2022.