Open in app

Sign in

Write

Sign in

How Much Do Decentralized Exchanges Care About Your Privacy? Let’s Dig In

SWB
5 min readMay 9, 2022

The internet is a magical world! We spend most of our time getting new information, shopping, managing our finances, and doing more online. Accordingly, many companies and governments have prioritized the privacy and security of our personal information and declared it a fundamental right, especially in recent years.*¹

As a Security Specialist, I think it’s time to seek an answer to the following question: Do decentralized exchanges (DeXs) respect our most fundamental right? But, first, let me tell you a story from the Witcher series, which I am a fan of, before answering this question.

Our main character, Geralt, goes to Stregobor, known as the master of illusion.

Stregobor: ‘’Choosing is the lesser evil! “(choosing, the less bad between two evils, choosing the better evil)” and asks him to make a choice about Renfri’s*² life. Geralt, who had to choose between evil and more evil, answers as follows;

Geralt: ‘’Evil is Evil. Lesser, greater, middling… Makes no difference. The degree is arbitary. The definition’s blurred. If I’m to choose between one evil and another… I’d rather not choose at all.’’

Just like the moral of the story, Decentralized Exchanges often have to choose between bad or worse. However, many of them prefer the worst one contrary to our expectations. Some top-rated decentralized exchanges monitor your user activities and habits in particular ways, disregarding your privacy (as discretely as possible).

Don’t worry. I looked into these decentralized exchanges and sorted them out for you.

UniSwap

UniSwap is the first thing that everyone thinks of when DeX comes up.
Recently, many users figured out from a discussion on Twitter that UniSwap works with TRM Labs. The debate started with this tweet below.

TRM Labs is a blockchain analysis firm that works with agencies of the American Government. Their duty is to look into the transactions on the blockchain to provide data to the U.S. Internal Revenue Service (IRS) and similar agencies concerning crypto-related crimes, etc.

The main purpose of UniSwap working with TRM Labs is to identify the risks of the wallets that operate on the blockchain. Although it may seem like a very innocent effort, at the end of the day, unfortunately, they process your data! 😈 UniSwap, on the other hand, claimed this action to protect you and also to comply with regulations.

⚠️ We know very well that all central exchanges already do that. So, we can say that the line between centralized and decentralized exchanges is becoming thinner.

However, UniSwap already uses Google Analytics for user statistics.*³ So, which data they collect and how they collect it matters as much as what they collect it for. And what Google does with this data is another issue of concern. 😈

As a recently published news article suggests, the Austrian Data Regulators announced that using Google Analytics is not in compliance with the GDPR.*⁴

dYdX

We have a very similar story to UniSwap here. dYdX also declared, “We do this to prevent illegal activities!”

If you go through dYdX’s privacy policy, you can easily see what data they collect. There is always an effort to match your identity with your wallet address. Rather than explaining at length what data is collected here, I am sharing the relevant screenshot below. I leave it to you to comment on it. (I especially recommend you take a look at the “Online Identifiers section”):

The excuses are always the same. As Google, Facebook, Microsoft, and Amazon once said, they only receive and process data to improve their products and protect you from illegal activities. They even spend billions of dollars on this (!) Because you are precious to them (?)

1inch

1inch, where a volume of $100 billion*⁵ invested in a year, is also watching you. I looked through the privacy policy to find out the details, and I can’t say I liked what I saw. 😪

Let’s put together a scene of facts here:

Examples of collected data:

  • E-mail, name and surname, and any personal data of you
  • IP address, MAC address, log files, Domain Server, Traffic Patterns, location information, device and browser information you use, your screen resolution and operating system language, etc.
  • Also your wallet address, all your transactions until that day in addition to all your activities on 1inch.

What does 1inch have to say about this?

Same old story, they just want to protect you and improve their product… 😏

Proof of breach of confidentiality by themselves:

1inch announced on April 20, 2020, that they had caught a hacker using the data in their system! *⁶

A medium article published by 1inch on this issue goes:

If a user doesn’t want to be tracked — no problem, they can use the private mode in their browser or even use Tor network to hide their IP address.

They say that if you don’t want to be tracked, you can use TOR, or they will use tracking tools on you. The one that collects more data than others is the honest one. How admirable is that! 👏🏻 Congrats to 1inch…

This should make people ask themselves, “Am I jumping out of the frying pan into the fire?”

Finally, let’s see what you can do to prevent decentralized exchanges from violating your privacy, your most fundamental right.

5 Ways to Protect Your Privacy:

  1. Before using a service, search its privacy policy and perspective on your privacy.
  2. Set up and use your VPN server. Choose the most suitable solution like TOR and similar ones to combine it. VPN alone also is not a good solution.
  3. Create an anonymous internet identity for yourself which is not related to you.
  4. Search for privacy-focused services like Nym and use them whenever possible.
  5. Keep in mind! You are always going to be tracked by the technology companies. DYOR!

Last but not least;
A note from SWB; being precautious is always better, not to be sad later.

Sources and Explanations

*¹: The United Nations officially makes the following definition in the Universal Declaration of Human Rights under the International Covenant on Civil and Political Rights. PRIVACY AND HUMAN RIGHTS — An International Survey of Privacy Laws and Practice
*²: Renfri is the daughter of Prince Fredefalk of Creyden, and it is believed that she is cursed.
*³: The page can be easily seen in the source code or by intercepting the requests with a proxy such as Burp Suite.
*⁴: Europe’s Move Against Google Analytics Is Just the Beginning
*⁵: Decentralized exchange aggregator 1inch grabs $175 million in the token sale.
*⁶: 1inch did the best to help to recover $25M stolen from the dForce ecosystem
Main Source: Are decentralized exchanges tracking your trades?

This article was originally published in the Turkish language on 21 January 2022.

Decentralized Exchange
Cryptocurrency Exchange
Privacy Policy
Blockchain
Securitywithblockchain

--

--

SWB

Written by SWB

11 Followers

Some Kind of Security Guy | Defender of Digital Privacy & Security 🫡 | #Cybersecurity | #Blockchain Security | Safeguarding the Decentralized Web 🌐

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams