Week 39 — Why Privacy Tokens Allow You to Buy Drugs Anonymously

Adriel Fong
6 min readJun 8, 2021

Early on in the project, an ex-colleague of mine was adamant that transaction privacy isn’t important, to businesses and to individuals. He insisted stubbornly that all transactions that a business partakes in should be displayed all for to see. This kind of binary thinking (as pointed out expertly by Peter Hu last Friday) serves no one and only seeks to be divisive.

Although I couldn’t articulate the issue well, I knew intuitively that the nature of his thinking was fundamentally flawed and there was nothing that I could say at that point of time that would convince him otherwise.

On hindsight, I should have instead requested his bank statement for the purposes of analysing and scrutinising his spending behaviour.

That would have probably shut most people up.

Money as a Medium of Exchange

In order for a token to be accepted as a money, it needs to have 3 capabilities: It has to be a unit of account, has to have a store of value and finally as a medium of exchange.

Money is a great medium of exchange because it is an extremely fungible token. It is lightweight and therefore can be carried around relatively easily (even if you were to carry a million dollars on you).

That is just one aspect of token fungibility. The other aspect of fungibility relates to the anonymity that that the token can provide. How traceable is the transaction flow of a token. The more transparent and traceable a token is, the less fungible it is.

That is why money is so effective as a medium of exchange. Whenever a transaction is made via money, there is no way to track the transaction history of the bills. There is also no way to verify that you are the payee, unless you hold on to a receipt that corresponds with all the purchase information. Note how a receipt that is paid in cash holds NO information about you. The same cannot be said if you were to pay via credit card or debit card.

How AML/ATF Protocols Have Eroded Privacy

Ever since the Scottish ruling passed in 1749 that the history of a coin or banknote was to be considered irrelevant, times have changed drastically and the growing digitalisation of the economy has challenged that school of thought.

Centralised web-based platforms have facilitated the widespread surveillance of how money is being transacted. Think about it for a moment, you’ve just paid for your meal via apple pay, if you think no one’s watching your spending behaviour, you’re probably living in a delusional world (this also explains why tech companies are rushing to attain a digital banking/ wallet license).

The need for AML (anti-money laundering) and ATF (anti- terrorist financing) regulatory efforts have also undermined transaction privacy. Financial institutions are now forced to monitor and at times reveal transactional information of their clients when called upon by the court of law.

On top of that, all financial institutions have KYC (know your customer) protocols that they have to adhere to and therefore are legally liable to hold incredible amounts of personal information (where you live, your email, phone number, the list is inexhaustible) on their customers.

They also have a legal obligation of alert the authorities on any suspicious activities that their clients may be involved in.

Privacy in Blockchains

To talk about how privacy is demonstrated in blockchains, we always start with Bitcoin.

When you have a Bitcoin wallet, what you have to identify yourself by is simply a string of alphanumeric string of characters. This does not give away your full identity and therefore is classified more accurately as providing pseudonymity.

Now, obviously if you go ahead and share your address to a friend or on your social media (as a way to receive donations), anonymity is forfeited completely.

Why is that the case? Well, almost all blockchains have a block explorer. On this block explorer, it allows you to key in almost anyone’s address and analyse their transactions immediately. Of course the transaction is masked in such a way that no one has any idea what you were transacting, but people can figure out quite easily what address you were using and who you were sending it to as well as how much was being paid.

It is also possible in some cases to uncover the IP address of the user. Especially after cross-referencing to social media, where your location is being tagged very frequently.

All of this detective work is called chain analysis and it is used to correlate a persons’ digital footprint outside the blockchain network.

That is why privacy tokens were designed! To ensure that as little amount of information about a transaction is released and all other personal information is masked/ left out.

Monero & it’s Shady Reputation

Monero is one of the oldest and most popular privacy token protocols out in the market now.

It’s value proposition is in the ability to mask a users’ identity by constantly creating addresses for you to use for transactions. This is a one-time use address and so raises the difficulty level when trying to analyse transactions.

The ability to create stealth addressed is then coupled with Ring CT (Ring Confidential Transactions). Ring CT is a way to achieve consensus with minimal information published. This ensures that Monero transactions are private in nature and all transaction information is obfuscated (as much as possible).

The Monero team is working on a functionality under their Kovri project that would enable users to mask their IP addresses and locations. This increases the privacy nature of platform significantly.

Privacy: Legal and Political Impact

Privacy has been a very touchy subject over the years. With the outrage that came with Snowden’s explosive leak, to the farcical development of Wikileaks, many people are divided as on the importance of privacy.

The most common response that I get in Singapore is:

“If I have done nothing wrong, why should I be worried about the government watching me?”

Or “I cannot stand how invasive the government is.”

These statements are often times arbitrary and open to interpretation. This segment dives briefly into how privacy legislations are shaping up in our current Web2 world.

Privacy laws date back to the 17th and 18th century in certain European countries whereby these laws protect the right for letters in transit to not be opened by government and private institutions. This secrecy of correspondence and even the sanctity of private property can even be extended to the right to use cryptographic encryption.

However, due to the sudden resurgence of cryptographic technologies, most countries are still in discussions in regards to their local legislations. That is why some countries are not extending the right to cryptographic encryption to their citizens.

The implementation of GDPR in 2016 has also shaken things up because of the shear amount of data that technology companies have been dredging up from years of operation. GDPR is meant to safeguard privacy by empowering users to make their own decisions about who can process their data and for what purpose.

On the other hand, countries like South Korea and Japan have completely banned privacy tokens and Germany has expressed concerns about criminal activity and the increased use in Monero.

Recent FATF regulations passed in 2019 require all Virtual Asset Service Providers (VASPs) to conduct KYC on all transaction parties. With mounting regulations and the contradictory nature between GDPR and KYC, AML regulations, it is going to be extremely difficult to balance public and private interests.

Blockchain networks stand in the middle of this controversial topic. What’s important for you as the reader is to know that blockchain networks have the power to liberate (promote privacy) or the power to be extreme surveillance machines (absolutely no privacy at all). This all depends heavily of the privacy techniques used to mask transactions.

Till next week!