👁️Who threatens our privacy and why

Introduction

Privacy is not only under attack from malicious hackers. Various actors — public and private — have both incentives and capabilities to intrude into our personal realm. Understanding who poses the threats, and why they act, helps us design better defenses.

Who Are they?

1. State Actors & Intelligence Agencies

Motivation: national security, law enforcement, surveillance, political control Capabilities: advanced resources, legal authority (or coercion), mass surveillance infrastructure

  • Governments often enact legal frameworks or covert programs to monitor citizens, especially under the pretext of counter-terrorism or crime prevention.

  • Intelligence agencies may compel companies to grant access or create backdoors (e.g. via wiretap laws or interception orders).

  • In some jurisdictions, “exceptional access” regimes are proposed, forcing companies to weaken encryption to facilitate government access.

2. Corporations & Big Tech

Motivation: profit, data monetization, targeted advertising, user profiling Capabilities: vast data collection, analytics, AI, cross-platform tracking

  • Many companies collect behavioral, location, or biometric data—often under opaque or permissive consent regimes.

  • They may repurpose data for new uses (e.g. training AI or aggregating insights) beyond the original collection intention.

  • Aggregating innocuous data streams (via the “mosaic effect”) can infer sensitive attributes (see the Mosaic Effect).

  • AI systems, with their scale and opacity, exacerbate the risk of both misuse and unintentional leakage (see further discussion by an IBM blog).

  • Corporations may also comply with or resist government demands for access—creating tension over privacy vs. regulation.

3. Cybercriminals & Hackers

Motivation: financial gain, extortion, espionage, identity theft Capabilities: malware, ransomware, phishing, lateral movement, supply-chain attacks

  • Phishing or social engineering remains one of the primary vectors for data breach.

  • Vulnerabilities and unpatched systems allow privilege escalation or remote access.

  • Once inside, attackers can exfiltrate personal data, deploy ransomware, or sell sensitive records.

  • Insider threats also play a role: employees, contractors, or partners with privileges may abuse access—either maliciously or inadvertently.

4. Insiders, Organisational Actors & Third Parties

Motivation: negligence, malice, institutional pressure, operational convenience Capabilities: direct access to systems, databases, internal processes

  • Employees or contractors may misuse their privileges, leak data, or collaborate with external actors.

  • Third-party vendors (cloud providers, analytics services) can become weak links: if they are breached or coerced, they expose downstream clients.

  • Data sharing contracts, APIs, and integrations expand the “attack surface” of privacy liability.

The gcEVM's Defensive Posture

  • Separating Public from Private: Clearly separating between pieces of data that can be publicly visible to ones that must be kept secret. This mitigates developer's negligence by forcing them to think about privacy while building the application, rather than an afterthought.

  • Strong Cryptography: Use strong cryptography and end‐to‐end encryption to reduce dependency on trust. The gcEVM is built on the standard, time-tested AES encryption scheme, with a smooth upgrade path to AES-256, ensuring long-term strength and post-quantum resistance.

  • Decentralization: No single entity should be able to gain control over the system or break privacy of data stored in the system. This is done by secret sharing the keys to multiple entities so no single one of them can decrypt data without reaching consensus by the other entities first. The gcEVM is the first-ever chain with posses that capability.

PreviousPrivacy in blockchains and Web3NextUse Cases On-Chain Privacy

Last updated