Privacy Discussion

Privacy is key to censorship resistance: if all the users are known, it’s trivially easy for a government or big entity to shut down the whole operation. Regulators have gone after DAOs before for violating financial regulations before and have stated that DAO token holders are liable for the actions of the DAO.

It’s my opinion that we should, before launch:

  • find a way to make governance token holders anonymous to prevent the regulators from coming after dao members
  • also figure out how to make voting anonymous, confidential & collusion-resistant while also ensuring validity and being trust-minimized
  • think about privacy solutions for the HUE token that are user friendly (anonymous-zether perhaps? tornadocash is way too much friction for me personally)

Forum won’t let me put more than 2 links in each post Restriction lifted! I’ll add some resources here :scroll:

Thanks for the post. In my unofficial opinion, I tend to think that some responsibility for maintaining privacy (or doing the opposite) should rest on users themselves, since projects cannot realistically guarantee the anonymity of every user (unless we are talking about a privacy-oriented chain environment). Trustless is planning to be governance-minimized and to follow a strict decentralization schedule, so in theory there would be little to no governance voting happening as time goes on.

Having complete anonymity means that incentives for collusion and exploitation are higher, and could also potentially invite more government oversight as we have seen with Tornado Cash and the EU lawmakers’ vote to expand anti-money laundering requirements earlier this year.

That said, I do appreciate the desire for levels of privacy and censorship resistance. There are some cool zk solutions being developed that could help in proving personhood without revealing identity directly. That Semaphore project you linked to is an interesting one, as well as Sismo. If there are any battle-tested solutions for anonymous governance, I would like to know more about them.

1 Like

Thanks for the reply!

In my unofficial opinion, I tend to think that some responsibility for maintaining privacy (or doing the opposite) should rest on users themselves, since projects cannot realistically guarantee the anonymity of every user (unless we are talking about a privacy-oriented chain environment)

I agree with you on this, we should not enforce private transactions for sure as it would come with significant drawbacks such as lack of composability & integration with dapps and a potentially worse UX. However, we should definitely endorse a particular privacy system and try to minimize user unfriendliness (it should have negligible fees and a similar UX to using the token normally w/o the privacy layer) so that we maximize the anonymity set.

Trustless is planning to be governance-minimized and to follow a strict decentralization schedule, so in theory there would be little to no governance voting happening as time goes on.

Yeah, but the lawmakers might not see it that way. They’re not used to crypto and may believe the DAO to be in total control of the protocol, and so that could be a real threat to not just the protocol but also its shareholders, who may be held liable for any actions conducted by the smart contracts regardless of the actual power they exercise over them.

Having complete anonymity means that incentives for collusion and exploitation are higher

I think there was a post on ethresearch about cryptographic voting magic where it was impossible to prove your vote to someone else, but I can’t find where it was

I don’t believe it would increase the incentives for exploitation, because:

  • an attacker could still just Tornado/AZTEC/etc. themselves money and use that to attack the DAO, send the proceeds back through the same way
  • as the ungovernance roadmap goes on, it would be impossible to perform certain (potentially profitable if done) malicious actions

could also potentially invite more government oversight as we have seen with Tornado Cash and the EU lawmakers’ vote to expand anti-money laundering requirements earlier this year.

yeah true

If there are any battle-tested solutions for anonymous governance, I would like to know more about them.

I don’t think there are any, hahaha
I’ll try to find some