[Discussion]; Defund privacy harmful projects

Title: Pre-fix: [Discussion]; Defund privacy harmful projects.

Authors: @MicahZoltu

Created: 2024-12-07

Abstract

Terminate all funding to any project that requires users to disable their VPNs or disconnect from TOR to utilize or participate in the the project/endeavor. Further, require that all newly funded projects commit to making all of their apps/services available to people utilizing VPNs and engaging in other privacy preserving practices like TOR/I2P.

Proposal types

State which proposal type this proposal belongs to.
SEP: Constitutional Proposals
SEP: Governance Proposals
Other SEPs

Proposal details

Purpose and Background

While SafeDAO cannot control the behaviors of everyone, we do have the ability to curb certain behaviors of people and projects who are receiving funding from SafeDAO. Recently in response to Coinbase telling its users to disable VPNs and AdBlockers, @koeppelmann posted x.com implying that the SAFE ecosystem is privacy friendly. Not long after, I found out that in order to claim a recent SAFE{Pass} Airdrop, users must disable their VPN.

Privacy needs to be normalized and we should never be requiring users to disable whatever privacy preserving mechanisms they wish in order to participate in SAFE funded programs or utilize any feature of a SAFE funded application.

Effects and Impact Analysis

The biggest risk of this proposal is that we will have to terminate some programs or end development of some applications if we cannot find people/ways to build/run those apps/programs in a privacy preserving way. I think this is a worthwhile trade, and the positive outcome is that it will force people to focus more on how they can achieve their goals without compromising end-user privacy.

For example, perhaps UIs should have fewer centralized components if no one is willing to take on risk of interacting with private/anonymous individuals. An IPFS hosted static UI (for example) would make it so no one needs to host/run a service.

Alternative Solutions

Continue on the easy path and become more and more privacy hostile over time until we are no better than the legacy systems we are trying to replace.

Implementation

Own implementation possible
Own implementation but with funding (how much % to implementation)
Request for technical support through Safe matter experts:

  • Who is needed?
  • Did you reach out?
  • Is there a roadmap?

Open Questions

What is the best way to enforce this? Encode it in the constitution somehow?

Copyright

Copyright and related rights waived via CC0.

2 Likes

Privacy is a topic that is unfortunately often discussed without enough differentiation. We should differentiate between the following points:

  • Privacy in the context of infrastructure: At infrastructure level, no privacy restrictions are envisaged for Safe and privacy improvements should be actively promoted.
  • Privacy in the context of asset allocation (especially funding initiatives): When it comes to the direct transfer of assets, there is a trade-off between privacy and legal requirements. Crypto asset allocations do not fall outside the legal realm. Besides compliance requirements, no one can have an interest in supporting money laundering or terrorist financing. If privacy-enhancing technologies (such as VPN) means that compliance with legal requirements cannot be guaranteed, a decision must be made based on the respective risk appetite. The use of VPNs does obviously not imply that every user is involved in money laundering or terrorist financing, but rather that it cannot be ruled out with sufficient certainty due to a lack of sophisticated solutions. In this context, the exclusion of VPNs is not a decision against privacy, but a consequence of missing solutions.

The proposal under discussion is too undifferentiated and would only achieve its goal at a high opportunity cost. Instead of discussing how to limit initiatives that could be beneficial for the Safe ecosystem without having a focus on privacy - we should be discussing how we can better support privacy-focused initiatives.

In fact, due to mandatory requirements of some countries, some tokens are explicitly prohibited from being issued or traded.

Then the project owner can just disable the IP of that country.

The birth of blockchain is for decentralization. ETH has been abused, but it has not been banned by the United States or other countries.

This proposal is specifically to address this part, and unrelated to whether or not we should fund pro-privacy projects like GnosisVPN.

The idea here is to force developers and business people to solve the meaningful hard problems rather than taking the user-privacy-hostile easy path. You are correct that these are sometimes hard problems, but they need to be solved and GnosisDAO should use its funding powers to encourage people to actually tackle these hard problems.

This is exactly the problem, as long as there is an easy way out (tell user to disable VPN), people won’t actually go find the necessary solutions. Cutting funding to projects that take the easy path of privacy hostility would force some subset of them to actually go find solutions, and the whole ecosystem benefits by being able to copy those solutions.

The truth is that disabling VPN doesn’t solve many problems.
It’s a result of missing solutions.