Last blog post we covered “crypto” a.k.a. “web3” a.k.a. “Web 3.0” πŸ˜‡ β€” in the context of threat actors perhaps using Filecoin or Arweave to store your content without your permission.

At the moment I work at a cryptocurrency exchange and think this is all cool technology. However, the larger “crypto” space seems quite polarizing within our infosec world. People either love it or hate it.

Bring the topic up at your next hacker dinner party to your own peril.

This post will touch on some things I think are worth highlighting. Subjective. And we might as well start (again) with a touch of β€”

File storage

IPFS, Filecoin, and Arweave enable file hosting no one can tamper with. I name-dropped them in ascending order of feasibility for hosting files forever.

That’s Arweave’s mission, though you should note their designs put an asterisk on “forever” and that asterisk says “200 years!” in a mouse voice.

Work in “Media & Entertainment” ?? Read my piracy-tinted post on this tech then start soap-boxing your co-workers. They might think you’re smart.

A downside of these particular projects is that it’s tough to keep what you store private. In that threat model, your attacker(s because no computer person is that healthy, so their kid has to get involved now) has 200 years(!!) maybe.

The venerable Jameson Lopp’s Ensuring Your Second Life with Bitcoin goes through some of the mental gymnastics to secure one’s stuff (self?) over such a long timespan.


This is being tackled by Akash Network.

There’s a rumour going around the Internet that "Randy loves Google!! \*smooching sounds\* 😚" because of all my reCAPTCHA-related marketing I’ve done with them, and disclosed before, thank you very much.

I want to tell you that rumour isn’t true. The major cloud computing overlords, including Google, aren’t the kinds of places I feel comfortable spouting real talk on. Maybe you can empathize?

Akash strives to allow anonymous, permissionless hosting. It aims to solve isolated parts of that problem so you can get back to start speaking truth to power.

Anonymous payments

What if your cryptocurrency of choice isn’t Monero, with its inherently private transactions, or Litecoin, with its possibly private transactions once you try out some relatively immature functionality?

If you’re transacting on Ethereum, you might see the heavy bias towards Tornado Cash usage on Rekt News bandit stories and want to use it yourself. We might generally call things like Tornado “mixer protocols.”

However, big money can almost certainly be tracked by Chainalysis in and out of there by inference. Is there an appreciable amount of “normal” volumes going through the mixer each day? Is it appreciable enough to hide you, the modern-day John Dillinger knocking off smart contracts?

That would keep me up at night. I would sleep much better if zero-knowledge proofs were the basis for me hiding money, again in cases where it wasn’t already hidden at a lower-level for whichever digital asset is applicable.

Enter Railgun, which aims to help keep you private on Ethereum, BSC, Matic and Solana. If anonymous payments are of interest to you, but I (likely) did a very poor job explaining differences between Railgun and those mixer protocols, see this explainer from them.

Even with a break in the chain of custody, certain user behaviors can make it very obvious whose funds are going to a particular destination if they are sending a very recognizable token quantity. If 4.191272114 ETH enters a mixer and 4.191272114 ETH leaves it, the connection between the transactions will be very clear. … RAILGUN is not a Mixer and does not add tokens from different sources together, instead making transactions fully invisible through zk-SNARKs cryptography. RAILGUN works by β€œshielding” a user’s tokens within its Privacy System, so that every transaction appears on the blockchain as being sent from the RAILGUN contract address. With relayers, the gas fees also have no connection with the user, assuring privacy. Your trustless, immutable transactions within the system are completely invisible to outside observers β€” not just mixed.

Whew. πŸ‘»

Content creation

Centralized platforms for content creators to reach audiences en masse tend towards Stanford Prison Experiment monopolizing network effects. What they detract revenue-wise from creators seems outrageous, though that might make for a more general discussion that could include “gig economy” things like Uber.

Web 3 feels poised to disrupt legacy social networks eventually.

I’m pretty sure this would not be DeSo, but less sure this would not be Rally. I do not have such concrete pointers on this, versus the earlier subsections.


Proponents of “crypto” a.k.a. “web3” a.k.a. “Web 3.0” look at its (debatable) potential to usher in a more transparent, fairer, better world. These were several use cases I deemed worthy of highlighting.

They each have tangible progress, unlike brainstorm idea lists that would just tickle James Altucher.

But, it’s still 2022, with a weird mix of feeling “early” + potential “crypto winter.”

Are you tired of my parentheses or small font yet today …

Why highlight anything here? You can’t help thinking the designs are at least novel. As hackers we like quirky stuff. Even if it all implodes.

What does 2023 hold for any of these projects β€” infinity or beyond?! We’ll check back later.

For now, happy hacking βœŒπŸ’ΎπŸ˜‰

Randy Gingeleski - GitHub - - LinkedIn