The Coinbase Neutrino scandal and its hashtag #DeleteCoinbase has died as quickly as it spread. After three weeks of uplift, Google Trends shows a hashtag returning to zero. But while there may be little left to discuss about Neutrino’s connections to Hacking Team, there remain wider lessons in the episode. It reveals our deep frustrations about privacy and our lack of agency to change a system incapable of our protecting our data.
On February 19, Coinbase announced the acquisition of a blockchain analytics company Neutrino. That made sense. Regulated exchanges need analytics to stay compliant. Buying Neutrino allowed Coinbase to bring these capabilities in-house, reducing reliance on third party vendors. Bringing these capabilities in-house was pro-user privacy. Rather than multiple entities having your data, just one entity has it. But then journalists discovered that some of Neutrino’s leaders had previously worked at Hacking Team, an Italian spyware vendor that created tools for authoritarian regimes to surveil and control dissidents and journalists. Shortly after, Coinbase announced that the Neutrino personnel with Hacking Team affiliations would be “transitioned out” of the company (though there remain questions about what “transitioned out” means).
And with that announcement, #DeleteCoinbase died.
If the worry is that Coinbase will violate privacies, firing some people isn’t enough to address whatever incentives they have to violate our trust.
On the one hand, a quick quelling of the flames is what we should expect (and what Coinbase should deserve). If we take events at face value, Coinbase acquired “bad people,” the community was upset, and then Coinbase announced it would let those “bad people” go, and the community was mollified.
On the other hand, simply letting go of a few people seems superficial. Either something undesirable was going to happen as a result of the acquisition or not. The presence of people who helped authoritarians doesn’t necessarily mean that Coinbase will violate privacies, just as their absence won’t prevent Coinbase from violating privacies. If the worry is that Coinbase will violate privacies, firing some people isn’t enough to address whatever incentives they have to violate our trust. (Note: I am a big fan of Coinbase. They have done more for crypto adoption than almost anybody and I have only seen them act in good faith. But my observations go beyond the actions of an individual company. They are about a system that is naturally incentivized to trade in user data.)
The practical reality is more complicated. By its nature, a regulated exchange has to collect personally identifiable information about users, monitor their activity on their platform, and cross-reference all these data with external data (for example, suspicious behavior on other platforms) to stay compliant and indeed offer a safe and secure service to its users. These requirements help a company like Coinbase offer a service that its users trust, but also make it vulnerable to data breaches, and necessarily has them sharing data with authorities. For instance, Coinbase shares with the IRS a list of users that have traded over a certain amount in a given year, usually $20K.
Get the BREAKERMAG newsletter, a weekly roundup of blockchain business and culture.
For some, even this is unacceptable. They demand systems that are unable to marginalize any of its users (it doesn’t matter if the systems do marginalize users, all that matters is that they can). These crypto-anarchy leaning users probably don’t use Coinbase. Some Coinbase users are probably just fine with the status quo. Most probably aren’t even aware of the data they are generating or how Coinbase and third parties are using it. For others, the status quo is simply unacceptable.
While people are increasingly upset about abuses of online privacy, most of us are unwilling to take action to protect their data. A recent survey from Axios and Surveymonkey found that 59 percent of respondents don’t think companies are protecting their privacy. Yet most respondents are unwilling to pay for a service that does not track them.
So it makes sense that the Neutrino acquisition would cause alarm. Awareness of data sharing practices between exchanges and third parties increases the perceived risk of both a data breach and an extracurricular use of our data. We don’t know exactly why we should be worried, but we’d rather our data not be available for misuse in any case.
We can feel our data being generated everywhere, vulnerable to leaks and hacks. The same data that improves our customer experience, serving up the right shopping recommendations based on past purchases, might be used to marginalize us. That feeling causes frustration. Frustration towards individual companies like Coinbase, yes, but also frustration against a complex system that naturally gravitates towards collecting, linking, and using your personal data (what I’ve called the “Unstoppable Panopticon”).
Supporting an unsubtle hashtag feels good. It offers agency and directness against the frustration of complexity and confusion. But it doesn’t solve the problem. We need systems that cannot be used to marginalize individuals and groups. Hashtags for useful for inciting online movements, but they don’t solve for our deeper frustrations with these systems.