Breaking Down Nillion: The Latest ‘Privacy’ Project For Blind Surveillance

Recently X algos pushed Nillion to the forefront of my timeline and as someone who cares deeply about privacy I did some due diligence. In this article I will explain everything Nillion is about.

Is it a blockchain? Is it an L2? What is it?

Nillion is a network of nodes that store and perform operations on encrypted data. It is not a blockchain because there are no blocks produced, and no permanent record of the operations performed. Nillion is the brainchild of Miguel de Vega, who apparently has come up with an enhanced version of multi-party computation (a technique to perform certain operations on encrypted data) that allows things that weren’t possible before. A couple of US based VCs flew to Bruxelles to see him in person to understand the tech. Their minds were blown apart by what they heard so they did a seed round at $180M valuation and 2 subsequent ones at $400M each. In other words, this tech is currently valued by its investors as worth $400M.

What does it do?

On their website Nillion prides itself as being world’s first blind computer because of its network’s purported ability to perform operations on encryption data. These computations are done on behalf of 3rd parties that decide to use Nillion. These can be web2 entities like Youtube & Binance or web3 dapps like Opensea and Uniswap. The gist is that when a surveillance L1 user (eg: Ethereum) decides to use a web2 or web3 service provider by going through Nillion then the service provider will be able to serve the user without knowing user’s data. This is thanks to the multiparty computation technique that Miguel de Vega has developed. So here are some examples to help you understand:

1. age/KYC verification: let’s say there is an age limit to watch a video on Youtube, if you have put your age onchain then you can access the video directly by showing your age as recorded onchain or you can go through Nillion where Nillion has your age in encrypted form in its database and can verify whether it is above X or not.
2. blind auction: you’re participating in an auction on Opensea, but you don’t want to show your hand to avoid manipulation. If the auction is done through Nillion then Nillion would be able to compare the bids in encrypted format and pick the current highest bid without revealing the actual amount (helping avoid manipulation).

So basically what Nillion does is to allow dapps and websites to filter onchain surveillance data without actually seeing the data. Your data will always be onchain. For anyone who has the resources to look into your wallet activity, your net worth, nationality, age, occupation etc will be easily deductible from there. However, when you interact with certain service providers, such as a CEX like Binance, Nillion makes it possible for you to complete certain processes without having to actually handle Binance your naked information. So instead of Binance receiving a photo of your ID, Nillion gets a photo of your ID, encrypts it, and sends Binance an encrypted version of your ID where Binance can perform operations such as:

• Is age shown in ID more or less than X
• Is Nationality a jurisdiction in our sanctioned list
• Is name in any of these blacklists

and so on. In other words, Nillion is not about censorship resistance, or user privacy. It is about blind censorship and blind surveillance. Centralized service providers can still censor users, they simply won’t know who they are censoring and why. They will only know that the user doesn’t meet certain criteria so their money has been frozen or their application rejected or their profile deleted.

Why is this a fraud?

Because Nillion has nothing to do with privacy, the entire premise of Nillion is that the user has no privacy in the first place so Nillion can acquire the data, encrypt it and store it in their database. Tech like Nillion makes censorship worse because a CEX will no longer even know why a user is being rejected or why their money is being frozen. They will only know that by Nillion’s operations some criteria weren’t met, this will add a layer of deniability to discrimination based on one’s religion, political beliefs or nationality. In other words, your money will get frozen because you’re a civilian from Gaza but the official explanation will be that it could be any of a long list of reasons so please, don’t assume the worst. We cannot reveal the exact reason because of user privacy. A very twisted vision of privacy, isn’t it?

More fraud

When joining Nillion a user has to input their information which is then encrypted. Based on the research I’ve done so far it’s not possible to determine how secure this encryption process is because the code is closed source. In other words, all the data inputs could be saved somewhere in Nillion’s servers in plain text. Nillion’s smart contracts as well could have backdoors unbeknownst to devs because Nillion’s Virtual Machine is a compiler so the code (in Nada) is always precompiled. In other words, in the case of a blind auction app, depending on what’s at stake, someone with powerful friends high up might actually be able to see the real amounts of the bids.

Conclusion

Without privacy governments can enact laws to control our speech or our access to vital services based on our beliefs, religion, race etc. This is because if all this information is public then laws can be made to discriminate certain groups and the enforcement of said laws will be possible thanks to the availability of such information resulting from lack of privacy. A privacy fraud project like Nillion makes such discrimination even easier to enforce. This is why Nillion should be called out for what it is, a blind surveillance tech. A real privacy tech works on the premise that nothing is known about the user and that no user information should become deductible by user’s usage of the tech. In other words, there should be no footprint whatsoever. To this day, Dero is the only such privacy tech.