Is It Wrong for DeFi Projects to Track Data?

As if there werent enough misery in the crypto markets at the moment, DeFi enthusiasts are now in an uproar over revelations that Uniswap, the popular decentralized exchange (DEX), tracks public user data.

True, the exchange doesnt track personal, private data like names or IP addresses, but according to newly-uploaded terms and conditions documents, pretty much anything publicly viewable online is aggregated and harvested. And it’s not alone; earlier this week, Metamask, the popular Ethereum wallet, fessed up to tracking users’ IP addresses.

Among the many trivia collected by Uniswap, according to its privacy policy, are public blockchain data, user preferences, mobile and browser metadata, biographic data included in customer surveys (which, confusingly, includes names), and customer service communications, along with information from third-party service providers concerning illicit or other fraudulent activities.

That user data, it says, is gathered in order to improve the user experience of the DEX.

And to whom does it supply this data?

Only service providers, law enforcement, courts (in compliance with a warrant), brokerages, and M&A lawyers, to name a few entities. Basically, anyone and everyone who might be in any way tangentially involved with Uniswap Labs, the legal entity behind the exchange.

The kicker is that its been doing this for years, seemingly! But its only telling the users now.

And oh, how those users are scandalized.

Is decentralization a MYTH? one DeFi degen squealed on Crypto Twitter, where I source all my stories without exception.

Other apocalyptic quotations aboundjust type Uniswap user data TREASON into Twitter search.

To a degree, the FUD is not entirely unjustified.

As a helpful DeFi analyst who goes by Yoda Research explained to me, the revelation reflects the ongoing trend towards centralization in crypto. The privacy policy, Yoda notes, was not determined by the Uniswap DAO and was instead administered unilaterally by, presumably, its core team of devs.

The core ethos of DeFi is fading and often long gone, the researcher mourned. Its an empty facade.

To many in DeFi, Uniswaps T&Cs are an unwelcome introduction into DeFi of data-harvesting, Web2 sensibilities.

The user data in question is tracked via the Uniswap website, whose back end is closed to the public and is administered by a small group of developers working for Uniswap Labs, the company which develops the exchangethat is, the underlying protocol that exists on the blockchain.

This group, which was awarded 40% of the proceeds of Uniswaps original token mint, will, after a four-year vesting period, have increased influence over the governance mechanism of the exchange.

As noted by radical decentralization enthusiast Chris Blec, the Uniswap team, once a squadron of hardline, anti-establishment coders, has been overrun by old-world old guard.

Among its ranks are executives from the NYSE, BlackRock, and data-tracking firm Chainalysis, as well as a former Obama spokesman and a Federal Reserve economist. Not the sorts youd expect to run a cypherpunk trading hub! I remember the heady days of genuinely decentralized platforms like Augur, where absolutely nobody involved in the platform would ever admit any degree of centralized control. (Which, it could be argued, is why those platforms never really took off.)

A funny tweet from way back springs to mind. It was ironic, but nevertheless captured the prevailing spirit of the time: No one runs a crypto firm…we are merely the mortal agents through whose minor works the dream of disaggregated ledger currency manifests on this most unworthy of Prime Material Planes.

Now, these protocols have in-house PR.

There is, maybe, some legal justification. Were now in a brave new world where crypto developers can be detained at the whim of governments, as happened to a developer of the privacy platform Tornado Cash in the Netherlands. Just this week, Dutch authorities ruled that the developer in question should remain behind bars for another three months before his trial begins, labeling him a flight risk.

Uniswap Labs didnt confirm or deny whether the recent arrests in the Defi world spurred its decision to publicize the data policy. However, Dan Finlay, a developer at Metamask, which has a similar data policy, told me that it was motivated by both the EUs general data protection regulations and the hiring of a new data protection officer. But the decision was not driven by any increase in data analysis,” he said.

He acknowledged that the policy exposed a flaw in modern Ethereum norms, but said it was nevertheless a necessary, if less-than-ideal, obligation for large, widely used Ethereum products.

It is unfortunate that it is hard to privately interact with Ethereum today, and basically no user-facing wallets today do anything better than querying a central server, which does become a concern for privacy, he said. Weve always strived to make sure our users have the most options, and they can always configure MetaMask to connect to their own data source, and were working hard to make it possible for users to choose from even more client-side privacy options.

Of course, connecting via ones own data source is notoriously difficultthats why so many users accept the privacy tradeoff made inevitable by flashy, easy-to-use interfaces. The truth is that beyond pure protocols like Bitcoin, any kind of accessible interface through which normal, non-cryptographers can access these platforms is generally run by a human core with some degree of centralized influence.

Maybe updates to the HTML should be put to the vote and ratified by every DAO community member; maybe each minor change should go through GitHub, first. My good friend Yoda believes literally everything should be left to the community but the bare minimum to operate in a jurisdiction zone.” Anything beyond that is financially motivated, they argued.

But if true decentralization requires disintermediating the web design too, and leaving it to a distributed cohort of cypherpunk dilettantes, were going to be in for some truly horrifying 1990s-era aesthetics in DeFi sitecraft. And Im not sure my modem can take it.