Crypto pioneer David Chaum says web3 is ‘computing with a conscience’

David Chaum is a giant in the realm of computer security and, not surprisingly, cryptocurrency. His focus since the early 1980s, his company DigiCash sent the first digital payment in 1994, and he has since doubled down on blockchain and security.

Chaum and his new company, xx.network, are future-proofing messaging by releasing the first “quantum-resistant” messaging app, a service that is purported to hold up to brute force attacks for decades to come. Called xxmessenger, the app launches today.

“As has become obvious over the last 10 years, the most valuable resource in the 21st century is metadata,” said Chaum in an interview. “It can be used to better sell products, or better find answers, but it can also be used to better propagandize, track dissidents, and control populations.”

Chaum’s ultimate goal is absolute security and privacy when it comes to everything from payments to voting systems, and, as he said, “the inability for service providers to gain an advantage over their users.” And he sees Web3 and blockchain as integral parts of that equation. 

We spoke with Chaum about why web3 and blockchain are the future, and why we should be worried about the NSA reading our messages.

Most of what we want to do digitally (and financially) is possible today, but it exists within a structure that lets a select few manipulate it for themselves. David Chaum

TechCrunch: I’m sure you have an opinion on the current tech climate. What’s your take on the idea that web3 is owned by the VCs? Is web3 a real thing?

David Chaum: In any iteration of the web, there will be powerful entities that come in and try to own the space. But VCs are not inherently bad — projects that help the greater good need to get funding from somewhere. The presence of VCs in the space simply indicates that there will be money to be made in DApps and in building the new, open-source, decentralized web. 

It is telling the extent to which major players like Facebook have gone out of their way over years to knowingly push the false narrative that “strong end-to-end encryption” is the be-all and end-all of privacy, while at the same time flailing wildly to distract attention from the metadata capture they were engaged in, which is central to their monetization scheme. Also, you can start to see it now: They are starting to prepare for the fall of their secret metadata monopoly and trying to get into payments over messaging as a monetization scheme that they can switch to.

There will be difficulties to overcome in the mass move from a web owned by five main entities to one owned by absolutely no one, but we’re laying the stepping stones for that. Web3 is not complete, it’s just getting started. 

You’ve been in the industry for decades. What has changed in the past few years?

Seems to me that Bitcoin and the like have created something that could no longer be ignored. Now the question is: How can it be brought to the general public in a way that they can readily adopt this next generation of information technology?

The major platforms have been caught selling their users out, and in the process, deeply damaging the world. Davos attendees listed “lack of social cohesion” as one of the top issues today, 27% of them, whereas it has never even been in the traditionally slow morphing top ten of past years.

But there has not been a way for the public to react. There has not really been an alternative or replacement product with low “switching cost” (partly because of the monopoly facilitating nature of network effects), and that is what is needed so people can vote with their feet.

What is the value of web3? Blockchain? What does it give us?

The promise of decentralization is the ability to build self-sovereign democratic systems for digital services that serve the users instead of corporations. Because these systems will not be owned by either existing web giants or by new ones, they will offer users control to build their own products more easily (apps, games, etc.).

[With our product we also added] quantum-level transaction security, and the transparency of open-source software levels the playing field for individuals or small businesses to earn money with innovations. This means transparency not only in the code but also in the financial incentives. Decentralization and blockchain have rewritten the playbook for monetization and control of services on the Internet. 

Web3 is web2 with a conscience. Most of what we want to do digitally (and financially) is possible today, but it exists within a structure that lets a select few manipulate it for themselves. 

Is the industry moving in the right direction in terms of security, control and safety?

The centralized web2 world is getting increasingly better at internet security and safety at the expense of privacy and individuals’ control over their own data. In fact, the lack of control over one’s own data has been the defining feature of the monetization of the Internet in web2.

The decentralized Internet is supposed to fix this through tokenization and user-controlled keys. But due to today’s blockchains having slow speeds and cumbersome interactions, centralized services have cropped up as middlemen to streamline developers’ and users’ interactions with the blockchain. As a result, the center of the decentralized world has, which really should be extremely embarrassing, become centralized exchanges and platforms with all the same faults and failures of web2. 

In the early days of web2, companies used to fantasize openly about “world domination” with accompanying macho metaphors of pillage and slaughter. The ugly results of this way of thinking still dominate today’s Internet.

Let’s turn to another cutting-edge tech. At what point do you expect quantum computing to become commonly available?

Our thesis is that it simply does not matter when general scalable quantum computers exist, but rather that it is widely accepted that they will reach a point where the cryptography currently used widely to protect peoples’ messages is fully broken.

Perhaps the more important question is: How do we prepare for it? When quantum computing arrives, there’s the obvious matter of ensuring that our critical infrastructure has been migrated over to quantum-secure cryptography: Finance, communications, energy, transportation, defense, etc. While it seems governments are taking this seriously for their most sensitive infrastructure, we haven’t seen that urgency in the private sector, and everybody seems asleep at the switch when it comes to privacy.

As a result, we’re on track for a date uncertain at which quantum computing is available to governments and a handful of large corporations, and even bad actors who could potentially decimate their competitors’ public key infrastructure in a very surreptitious manner. 

The result could be disruption of much of the global economy as companies shut down their services until they can migrate to quantum-secure cryptography. In this regard, centralized services have a great advantage over web3 and the decentralized future in their ability to quickly recover from catastrophic failures like this. Without centralized control of infrastructure and user identities, it’s much more important for the decentralized space to preemptively prepare, as the ability to react quickly is limited.

Crucially, and very differently, there’s the matter of historical data. We’ll all move over to quantum-secure cryptography eventually, but what about all the encrypted data that’s currently flowing across public servers? Groups are already hoarding encrypted messages and key-establishment communications.

One day, with access to a quantum computer, someone, somewhere may be able to decrypt those end-to-end encrypted messages you’ve been relying on, and analyzing them will be easy for even today’s machine learning. Given the inherently sensitive nature of private communications, we could see political dissidents, whistleblowers, journalists, or even ordinary citizens threatened by conversations or data they shared under the assumption of true privacy. 

This is why the xx network’s focus on quantum security is not just about whether your bank or Bitcoin eventually moves to quantum security to protect your assets before quantum computing arrives. It’s about whether or not the words and actions you’re taking right now in private, eventually, become public and threaten you.

Why do we need tools like yours?

By being an easy-to-use and easy-to-switch-to app that offers this quantum leap in privacy — metadata shredding and quantum security — that all the others have failed to offer, it raises the bar of public expectation for all communications offerings. It changes what is acceptable. It calls into question what motivates other messaging systems. And it provides a new safe harbor for people to use.

Tools like this are needed in the same way that enumerated rights are needed in a written constitution. Surveillance enables abuse. When you’re under surveillance, you act differently and you avoid certain behaviors. That’s true for everyone from the Wall Street tycoon to the President to the ordinary person on the street. I believe in digital sovereignty, that individuals should seamlessly and easily control their own keys and data. This is free speech for the Internet, and it’s fundamental for all free association and free-market commerce online. 

The truth for most companies that provide messaging services: they watch you so they can sell your metadata. Even the more secure messengers that claim to operate in good faith, such as WhatsApp, still rely on private, centralized infrastructure. This creates trust and control issues where the users are forced to rely on the good intentions of organizations that have opaque incentives. With centralized infrastructure, it’s impossible to know what data is being gathered. We want to change that dynamic with a platform where such surveillance cannot occur.