Ethereum Privacy’s “HTTPS Moment”: From Defensive Tool to Default Infrastructure
December 1, 2025
Author | Zhixiong Pan
Source:
ChainFeeds ResearchDisclaimer: This is a reprinted article. Readers can refer to the original link for more information. If the author has any concerns about the form of reprint, please contact us and we will make adjustments as requested. This reprint is for information-sharing purposes only; it does not constitute investment advice and does not represent the views or position of WuBlockchain.
The Ethereum Privacy Stack event — co-organized by the Privacy & Scaling Explorations (PSE) team, Web3Privacy Now, and core members of the Ethereum Foundation (EF) — was one of the highest-profile, vertical-focus gatherings at Devconnect ARG 2025. It convened Vitalik Buterin, a Tor co-founder, EF core researchers, founders of leading privacy protocols (Railgun, 0xbow, Aztec, etc.), and top legal experts. Against a backdrop of mounting regulatory pressure and steadily maturing technology, the event’s objective was to re-map the Ethereum privacy landscape, bridge technical silos, and set the agenda for the privacy roadmap over the next 3–5 years.
At Devconnect Buenos Aires 2025, the Ethereum Privacy Stack was the year’s most consequential privacy-focused gathering in the Ethereum ecosystem.
The event’s clearest takeaway was the establishment of “Holistic Privacy.” Privacy is no longer a mere pile-up of on-chain tools such as ZK proofs or mixers; it must be an end-to-end loop spanning the network transport layer (Tor), the RPC access layer, the data-storage layer, and the user-facing front end.
As Vitalik Buterin and Roger Dingledine (Tor) emphasized, if the underlying network leaks IP addresses, application-layer anonymity is meaningless. The community converged on the view that Ethereum must follow the “wooden-barrel” principle (law of the minimum) — patching the weakest points of metadata leakage — so it can truly function as a censorship-resistant “world ledger.”
Trend Insight: Toward “Default Privacy” and a UX Endgame
Attendees generally agreed that Web3 privacy is hitting an inflection point comparable to the Web2 shift from HTTP to HTTPS. Privacy tech should no longer be the preserve of “geeks” or “hackers,” nor burdened with the stigma of “hiding crime.” Drawing on Railgun, Kohaku Wallet, and lessons from Web2, speakers argued that the next step is to stigmatize non-private behavior — to treat fully public transfers as abnormal, akin to walking naked on the internet.
By 2026, the Ethereum community’s target is to bring the cost of private transfers down to an acceptable range (e.g., ~2× a standard transfer) and deliver a one-click, near-invisible experience. The goal is not only to serve retail users, but also to open the door for TradFi institutions that have stayed away due to the lack of protection for business confidentiality.
Core Fault Line: The Compliance Spectrum and a Looming “L1 Civil War”
Although the technical roadmap is coming into focus, ideological tensions persist. The sharpest divide is the contest between compliance-preserving privacy and permissionless privacy. One camp — represented by Privacy Pools — advocates using proofs that dissociate funds from illicit flows to proactively segregate tainted liquidity, trading this for regulatory tolerance and institutional adoption. The other camp cleaves to a purist cypherpunk ethos, arguing that any accommodation to compliance ultimately culminates in censorship.
In addition, Andy Guzman of PSE warned of a potential “civil war”: whether privacy should be embedded at Ethereum’s L1. Baking privacy into the core protocol could deliver unified liquidity and default protections, but it may also import significant regulatory risk and protocol complexity. The decision will shape Ethereum’s future political character.
Infrastructure Awakening: Hardware as the Last Line of Censorship Resistance
Beyond software, the forum unusually drilled into the physical and network layers. From running one’s own nodes to trust-minimized TEEs (Trusted Execution Environments), the community recognized that if hardware carries backdoors, higher-layer cryptography collapses. Censorship resistance was reframed as public infrastructure akin to a fire escape — seemingly unused in peacetime, yet the only lifeline in crisis. Efforts such as decentralized VPNs (Nym, HOPR) and ZK-TLS for “guerrilla interoperability” aim to build systems that remain robust under extreme geopolitical stress.
Legal and Cultural Self-Preservation
In light of the Tornado Cash developers’ ordeal, the event carried a palpable sense of urgency around collective self-preservation. Legal experts and developers alike called for the creation of robust legal defense funds and policy advocacy/lobbying organizations. The message was clear: protecting privacy is not just about writing code — it is also a struggle for control of the narrative. The community must recast developers from “potential abettors of terrorism” into defenders of liberty in the digital age. Without standing together to protect open-source contributors, progress will stall as engineers become too fearful to ship code.
What follows is a detailed, in-depth summary of the event’s 16 talks and panels.
1. Onionizing Ethereum
Speakers: Vitalik Buterin (Ethereum Foundation), Roger Dingledine (Tor Project)
This fireside marked a major conceptual shift in Ethereum’s privacy vision. Vitalik noted that the Ethereum Foundation is advancing a plan to deeply integrate Tor and Onion Services across the Ethereum stack. The mindset moves beyond transaction-layer privacy (e.g., ZK proofs) toward a holistic privacy model that spans both write-side privacy (transaction submission) and read-side privacy (RPC reads). The goal is to prevent leakage of users’ IP addresses and access patterns when they broadcast transactions or fetch on-chain data.
Roger Dingledine outlined the current role of Tor as part of Bitcoin’s underlying infrastructure, noting that roughly three quarters of Bitcoin nodes connect via .onion addresses. He stressed that credential-level anonymity at the application layer is insufficient: if the transport layer leaks IP addresses, application-layer privacy collapses. For Ethereum, the goal is not only improvements at the smart-contract layer, but to introduce mixnets and onion routing at the P2P network layer to defend against DoS attacks aimed at proposers (block proposers) and to strengthen censorship resistance.
Vitalik Buterin further distinguished two senses of “censorship”: application-layer transaction censorship and network-layer access censorship. He emphasized Ethereum’s aspiration to be a globally accessible ledger such that — even under nation-state firewalls — users and validators can connect via Tor’s Pluggable Transports (e.g., Snowflake). These transports can disguise traffic as ordinary WebRTC video-call traffic to evade blocking. This concerns not only privacy but also Ethereum’s resilience and geographic decentralization as a “world ledger.”
Looking ahead, the two discussed enabling Ethereum validators (stakers) to also run Tor relay nodes. Because traffic to specific onion services does not require an exit relay, validators can operate non-exit relays, contributing bandwidth without bearing exit-node legal risk. If realized, this would materially bolster Ethereum’s base-layer anti-censorship posture and privacy, improving both user experience and network robustness over the coming years.
2. Ethereum is for DeFiPunk
Speaker: Hsiao-Wei Wang (Ethereum Foundation)
Hsiao-Wei centered her talk on the Ethereum Foundation’s latest funding policy, introducing the notion of “DeFiPunk” — bringing the Cypherpunk ethos back into DeFi. She argued that DeFi should not be defined solely by yield, but must embody censorship resistance, be open source, and privacy-preserving. Accordingly, EF’s capital deployment will weigh more than financial outcomes: it will reflect Ethereum’s core values and back projects that strengthen the network’s long-term health, rather than protocols that merely chase high APY or rely on centralized shortcuts.
To guide this strategy, she laid out six core DeFiPunk attributes: Security, Open Source, Financial Self-sufficiency, Trust-minimized, Cryptographic Tooling, and Privacy. In particular, on open source, EF favors projects that adopt Free/Libre and Open Source Software (FLOSS) licenses to encourage genuine transparency and collaboration rather than commercial source protection.
On concrete criteria, DeFiPunk stresses that protocols must be permissionless — accessible to users in any jurisdiction — and that users retain full control over their assets (user sovereignty) rather than relying on third-party custodians. She further emphasized that privacy should not be a luxury in DeFi but a first-class citizen. EF encourages projects to mitigate centralized-frontend censorship risks by offering distributed front-ends, standalone UIs, and even command-line tooling (CLI).
Finally, Hsiao-Wei called on the community and developers to practice these values. EF’s role is not only as a funder but as a backstop for this ethos. She urged users to think like true “DeFiPunks” when choosing protocols: review the codebase, examine whether governance is transparent, and check for immutable smart contracts. The talk challenged the industry to return to DeFi’s original purpose: delivering uncensorable financial services to the oppressed and the unbanked.
3. Privacy-Aware Mechanisms for Public Goods Funding
Panelists: Camila Rioja (Plexos), Thomas Humphreys (Ethereum Foundation), Tanisha Katara, Beth McCarthy, José Ignacio Trajtenberg
This roundtable examined how to balance transparency and privacy in public goods funding. Panelists opened with real-world deployments — such as Xcapit’s aid-disbursement program with UNICEF and Brazil’s experiments using blockchains to manage community currencies. In humanitarian and vulnerable-population contexts, privacy is not merely data protection; it can be a matter of personal safety.
The central tension lies in trading off transparency and privacy. Transparency is necessary for outcomes — to verify funds reached the right places and had impact. Yet at the participation layer — especially voting and identity verification — privacy is critical. Fully public ballots invite bribery/vote-buying markets and social pressure, distorting governance. Introducing zero-knowledge (ZK) primitives allows verification of voter eligibility and tallies without revealing individual ballots, enabling anti-collusion governance.
Panelists also discussed adapting tools across jurisdictions. Certain data collection may be lawful in some countries but violate GDPR in others (e.g., Germany). A global public-goods stack should not attempt to satisfy every regulatory regime; rather, it should provide flexible, privacy-first infrastructure that local communities can tailor to their needs.
Looking ahead, the group highlighted privacy-preserving prediction markets and self-sustaining public-goods funding mechanisms. With ZK identity proofs and private voting tooling, communities can achieve Sybil resistance while protecting user data — supporting fairer, safer governance systems.
4. Who Pays for Privacy? The Real Cost of Building Aligned Apps
Speaker: Lefteris Karapetsas (Rotki)
Lefteris opened with a blunt diagnosis of today’s internet: “If the product is free, you are the product.”
He argued that most apps fund “free” services by imposing a data tax — collecting and selling users’ data. To break this pattern, he proposed aligned apps: software that serves users’ interests, respects data sovereignty, is local-first, and tracks nothing. Building such apps, however, carries significant engineering challenges and cost pressures.
Using Rotki — a local-first portfolio tracker he develops — as a case study, he detailed the hidden costs of privacy-preserving software. Unlike SaaS, local apps cannot easily run A/B testing or harvest error telemetry; developers must ship signed binaries for multiple operating systems, manage local database migrations, and pay for expensive code-signing certificates. Development is slower, and without data monetization, the business model is tougher.
Lefteris cautioned developers not to rely on donations or grants — “a dead end,” in his view. Privacy apps need a clear business model and should charge users directly. Beyond sustaining development, paid models educate users that privacy has an explicit cost. Viable paths include freemium, enterprise support, or paid features (e.g., advanced analytics) to build predictable recurring revenue.
He closed by calling for a new contract between users and developers. Users should recognize that paying is not only for features today, but to sustain a future without surveillance or exploitation. Developers should price with confidence, avoid undercharging, and keep finances transparent to earn community trust. Building aligned apps is, in itself, a punk stance — a rebellion against cloud incumbents’ monopolies and data-extraction models.
5. Ethereum Privacy Ecosystem Mapping
Panelists: Mykola Siusko, Antonio Seveso, cyp, Alavi, Kassandra.eth
The panel set out to untangle a complex and fragmented privacy landscape in Ethereum. The goal is not merely to enumerate projects, but to understand how they interrelate. Today’s ecosystem spans several verticals: on-chain privacy (e.g., stealth addresses, Privacy Pools), network-layer privacy (e.g., mixnets), and — crucially — the user-experience (UX) connective tissue. UX was framed as the bridge that binds disparate components and ultimately determines mainstream adoption.
A recurring theme was the uneasy relationship between compliance and privacy. Speakers cautioned against building privacy solely as a defensive response to regulation. Instead, privacy should be seen as a collaborative community capability — a tool that unlocks new forms of coordination and user agency. Over-indexing on a “defensive” narrative risks shrinking a product’s design space.
On regulation, the panel was explicit: a single, globally compliant protocol is unrealistic. Rather than baking compliance into the base protocol — which often implies backdoors — the preferred approach is to deliver general-purpose privacy infrastructure while giving users application-layer selective disclosure (e.g., view keys). This protects against blanket surveillance yet preserves the ability to prove compliance where required.
Finally, the speakers urged the community to break its technical echo chamber and deepen ties with non-crypto privacy actors — Tor, EFF (Electronic Frontier Foundation), Signal, etc. A forward-looking “ecosystem map” should include not only code and protocols, but also legal defense, hackathons, education, and advocacy. Normalizing privacy — making it routine, social, even enjoyable — was identified as the next adoption inflection point.
6. Ethereum Institutional Privacy Now
Panelists: Oskar Thorin, Zach Obront, Amzah Moelah, Eugenio Reggianini, Francois
Oskar Thorin opened by outlining the Ethereum Foundation’s Institutional Privacy Task Force (IPTF) and its mandate: help traditional financial institutions migrate to Ethereum while meeting strict privacy requirements. The emerging pattern is clear — institutions are no longer staying off-chain because of regulation per se, but because privacy is insufficient. Even if just 1% of TradFi capital moved on-chain, the impact on the privacy stack would be profound.
In the panel discussion, representatives from ABN AMRO and Etherealize detailed concrete pain points. Institutions do want public-chain liquidity, but they cannot accept full on-chain transparency of trading strategies, positions, or client information. Unlike retail users, institutions require fine-grained control — explicit entitlements over who can access what data and when. That control must align with business workflows: bond issuance, loan settlement, or secondary trading each demands a different transparency profile.
Francois from Polygon Miden described a hybrid account model (account + UTXO) that lets users maintain private state locally and reveal only zero-knowledge proofs to the public network when needed. The panel also highlighted ZK’s role in regulatory reporting — e.g., proving solvency or compliance with capital/risk rules without exposing raw books.
Consensus across speakers: the future is not siloed private chains, but a privacy layer on Ethereum mainnet. By decoupling identity verification (KYC/KYB), policy enforcement, and compliance reporting, institutions can preserve trade secrets while benefiting from Ethereum’s security and liquidity. As this architecture matures, around 2026 could mark the inflection point for large-scale institutional adoption.
7. Privacy Without Terrorists
Speaker: Ameen Soleimani (0xbow)
Ameen opened with an allegory about a Patagonian lake polluted by a few bad actors — an image for Tornado Cash’s dilemma: when a minority of “terrorists”/hackers contaminate a public resource (a privacy pool), everyone else is punished. He reviewed Tornado Cash’s history, arguing developers should not be liable for users’ crimes, while posing a hard question: when ordinary users mix alongside hackers, they do benefit the latter’s cover. The community, therefore, must design systems that preserve lawful users’ privacy without empowering criminals.
That is the core idea behind Privacy Pools. Unlike Tornado Cash, Privacy Pools let users produce a zero-knowledge proof that dissociates their withdrawal from known-illicit funds (e.g., North-Korean–linked deposits). At withdrawal, a user proves membership in a clean association set — without revealing the specific deposit — satisfying AML expectations while retaining on-chain privacy.
Ameen detailed 0xbow’s governance. The system introduces KYT (Know Your Transaction) screening; deposits are subject to checks. If 0xbow later classifies a source as illicit, it can remove those deposits from compliant sets — but cannot freeze user funds. He emphasized the ragequit mechanism: even if a deposit is subsequently flagged, or 0xbow ceases operations, the smart contracts still guarantee principal withdrawal. The result is a non-custodial yet permissioned privacy model.
Finally, Ameen previewed the Privacy Pools V2 roadmap (targeting EthCC, Paris): V2 will add shielded transfers, enabling in-pool peer-to-peer payments without the V1 requirement to withdraw to a fresh address. In effect, V2 trades some fungibility for recoverability, aiming to build privacy infrastructure for “good actors” and to reduce legal exposure for developers.
8. Is censorship resilience truly necessary?
Speaker: Mashbean (Matters Lab)
Mashbean posed a disquieting question: if censorship-resistance is so vital, why do products built around it struggle to survive? Drawing on five years of operating Matters.news — a decentralized publishing platform — he highlighted a mismatch between moral demand and market demand. While marginalized groups (dissidents, journalists) have a strong normative need for censorship resistance, that market is small and has limited ability to pay. Most mainstream users care about content quality, not whether the platform is censorship-resistant.
He examined the Honeypot Paradox: building a censorship-resistant platform naturally attracts the most sensitive content, concentrating risk. That invites not only blocks from authoritarian regimes but also floods of spam and scam attacks. Ironically, to fight abuse the platform must introduce some form of moderation — creating tension with its original ethos. In practice, large-scale spam attacks have even triggered automated anti-fraud systems in democratic countries, causing mistaken takedowns and a new form of de facto transnational joint censorship.
To navigate this, Mashbean proposed counter-intuitive responses. First, avoid a single monolith; instead, ship modular primitives (storage, identity, payments) that small communities can reuse — reducing the size of any single target. Second, eat your own dog food: developers should practice high-grade OPSEC and privacy-preserving payments themselves, because they are high-risk actors, too.
His conclusion: treat censorship-resistance not as a typical commercial product but as public infrastructure — more like a fire escape or seat belt. You don’t size a fire escape by TAM, yet it is lifesaving in crisis. Funding models should therefore blend public grants, philanthropy, and community ownership; success metrics are not revenue, but how many people can keep speaking and surviving under pressure.
9. Guerrilla Interoperability
Speaker: Andreas Tsamados (Fileverse)
Andreas characterizes today’s Web2 as a city built with hostile architecture — walled gardens, DRM, and data lock-in that corral users and throttle competition. To counter ongoing Enshittification, he advances Guerrilla Interoperability: a user-driven, tactical approach that forces interoperability without incumbent permission, reclaiming data sovereignty through code.
He outlines a practical toolkit, led by ZK-TLS (zkTLS): users generate cryptographic attestations of their interactions with Web2 sites (banks, social platforms) and port those verifiable facts into Web3 — permissionlessly. Developers can then build applications that ride on top of closed platforms, siphoning utility and outcompeting them without waiting for official APIs.
This is paired with a culture of “revolutionary optimism” — refusing to accept the status quo. He showcases Fileverse’s ddocs.new and dsheets.new as decentralized, end-to-end encrypted alternatives to Google Workspace: collaborators are invited via ENS, and data is stored on IPFS.
His core call to action: don’t wait for incumbents to open doors. Use account abstraction (smart accounts), decentralized storage, and ZK proofs to ship superior, privacy-preserving paths today. Framed as a digital right to repair, the movement urges developers to leverage (and subvert) closed infrastructure until incumbents are forced to accept a new, user-first normal.
10. Building Infrastructural Resilience
Speakers: Sebastian Bürgel (HOPR), ml_sudo, Pol Lanski (Dappnode), Kyle Den Hartog
This panel pushed privacy discourse down to the physical and hardware layers: if the substrate is untrustworthy, application-layer privacy is “a castle built on sand.” Today’s TEEs — e.g., Intel SGX — often trade performance for security and remain exposed to side-channel attacks. In response, ml_sudo outlined a “Trustless TEE” initiative: fully open-source chips whose design, toolchain, and manufacturing steps are transparently verifiable, aligned to a world with fragmented supply chains and rising geopolitical risk.
Pol Lanski argued for home self-hosting — the long-term goal is still “everyone runs their own node.” Beyond decentralization, he framed this as civil disobedience: when measures like “Chat Control” attempt blanket surveillance, running one’s relays and servers becomes a practical way to make indiscriminate monitoring unenforceable.
Sebastian (HOPR) offered a blunt heuristic — “Nerds protect networks.” In practice, the first defensive line is the small cohort willing to tinker with hardware and operate nodes. The ecosystem should respect and empower hacker culture while lowering hardware barriers so more users can join.
The discussion closed on the why: in an era of AI-generated forgeries and an everything-connected internet, only trust-minimized hardware and infrastructure preserve human agency — confidence that you’re interacting with real people, and that your data hasn’t been exfiltrated. Such infrastructural resilience is the last line of defense against creeping digital authoritarianism.
11. Kohaku Wallet on Ethereum
Speaker: Nicolas Consigny (Ethereum Foundation)
Nicolas unveiled an Ethereum Foundation–led project, Kohaku — a set of privacy- and security-focused primitives consisting of an SDK plus a reference browser-extension wallet (forked from Ambire). Kohaku is not meant to be “yet another wallet”; it provides high-quality open-source components that other wallet teams can pick and integrate — a buffet of modules to raise the ecosystem’s privacy baseline.
Kohaku’s core contribution is lowering the barrier to privacy. It natively integrates Railgun and Privacy Pools, allowing users to toggle between protocols in-wallet and route assets into shielded pools with one click, without advanced setup. It also introduces a per-dApp account connection model so the same address is not reused across applications, thereby reducing metadata linkage.
On the hardware side, Kohaku ships several breakthroughs. In collaboration with ZKnox, it enables hardware-level signing of Railgun ZK transactions — meeting the “cold storage + privacy” requirement for advanced users. The team also demonstrated a generic hardware application layer so the same privacy-signing logic runs across Keystone, Keycard, and even low-cost DIY devices.
The demo underscored EF’s pragmatic approach: rather than trying to change the world overnight, provide secure, ergonomic SDKs (e.g., the OpenLV connection suite) so existing wallets can plug in Tor support and privacy transactions with minimal friction. Kohaku is slated to open a public testnet around EthCC next April, marking a shift toward standardized, modular app-layer privacy in Ethereum.
12. Private Voting in DAOs
Speakers: Joshua Davila, Lasha Antadze, Anthony Leuts (Aragon), Jordi Pinyana, John Guilding (MACI)
The panel made a clear case that privacy is a prerequisite for truthful governance. As Anthony (Aragon) noted, fully transparent voting produces performative unanimity — “99% of proposals pass with 99% approval” — because delegates fear reputational backlash or retaliation. Private voting protects voters and restores signal fidelity, replacing toxic false consensus with genuine preferences.
Teams from Rarimo and Vocdoni shared deployments in high-risk environments where merely participating in a vote can trigger arrest. In such contexts, identity privacy is existential. The technical frontier is binding real-world identity (passports, biometrics, attestations) to on-chain eligibility without creating traceable ballots: strong Sybil resistance coupled with non-linkability of individual votes.
John (MACI) emphasized anti-collusion as the defining requirement. Privacy alone is insufficient if a voter can later prove how they voted to a briber. MACI (Minimum Anti-Collusion Infrastructure) seeks “unprovability” — cryptographic designs that prevent credible vote-selling proofs — while supporting mechanisms like quadratic voting/funding and ZK-based identity checks. Recent pilots (e.g., Gitcoin’s privacy round) suggest the stack is approaching production readiness.
Looking ahead, the panel expects 2026 to be an inflection point: mature private-voting protocols integrated into mainstream DAO toolchains (Snapshot, Tally, etc.). The largest obstacle is cultural, not technical: a long-standing equation of “full transparency = virtue” in crypto, and a normalization of bribe markets as just another DeFi primitive. Reframing privacy as a democratic cornerstone — not a cover for malfeasance — is the next political task for the ecosystem.
12. Private Voting in DAOs
Speakers: Joshua Davila, Lasha Antadze, Anthony Leuts (Aragon), Jordi Pinyana, John Guilding (MACI)
The panel made a clear case that privacy is a prerequisite for truthful governance. As Anthony (Aragon) noted, fully transparent voting produces performative unanimity — “99% of proposals pass with 99% approval” — because delegates fear reputational backlash or retaliation. Private voting protects voters and restores signal fidelity, replacing toxic false consensus with genuine preferences.
Teams from Rarimo and Vocdoni shared deployments in high-risk environments where merely participating in a vote can trigger arrest. In such contexts, identity privacy is existential. The technical frontier is binding real-world identity (passports, biometrics, attestations) to on-chain eligibility without creating traceable ballots: strong Sybil resistance coupled with non-linkability of individual votes.
John (MACI) emphasized anti-collusion as the defining requirement. Privacy alone is insufficient if a voter can later prove how they voted to a briber. MACI (Minimum Anti-Collusion Infrastructure) seeks “unprovability” — cryptographic designs that prevent credible vote-selling proofs — while supporting mechanisms like quadratic voting/funding and ZK-based identity checks. Recent pilots (e.g., Gitcoin’s privacy round) suggest the stack is approaching production readiness.
Looking ahead, the panel expects 2026 to be an inflection point: mature private-voting protocols integrated into mainstream DAO toolchains (Snapshot, Tally, etc.). The largest obstacle is cultural, not technical: a long-standing equation of “full transparency = virtue” in crypto, and a normalization of bribe markets as just another DeFi primitive. Reframing privacy as a democratic cornerstone — not a cover for malfeasance — is the next political task for the ecosystem.
13. From Tornado Cash to Future Developer Protection
Speakers: Marina Markezic, Fatemeh Fannisadeh, Ayanfeoluwa Olajide, Joan Arús
The panel’s message was stark: the threat model has shifted from ex-post prosecutions to pre-emptive surveillance of open-source builders.
Sentinel Alliance (Joan Arús) described how teams working on censorship-resistant voting (e.g., Aragon, Vocdoni) were targeted with commercial spyware (e.g., Pegasus). The risk now attaches not only to use of tools but to the potential uses of code.
Legal escalation. Counsel warned that modern counter-terror regimes define “terrorist acts” so broadly that developers of privacy/DeFi primitives can be imputed intent to “undermine economic or political structures” — placing ordinary OSS work inside a legal blast radius. Relying on bureaucratic remedies after the fact is insufficient; proactive defense is required.
Policy aperture in the EU. Marina (EUCI) reported incremental progress: GDPR reform discussions are acknowledging privacy-enhancing technologies (PETs) as a path to compliance, not an obstacle — evidence that advocacy works when it is continuous and technically literate.
Call to action. The industry deploys billions on conferences and marketing; a fraction should endow permanent legal-defense funds, rapid-response counsel, and policy shops. Without a protective framework that distinguishes speech (code) from conduct, the next arrest could be “any developer in the room.”
14. Protocol-level Privacy: Lessons from Web2
Speaker: Polymutex (WalletBeat)
Polymutex reviews the migration from HTTP to HTTPS in Web2 to offer a valuable reference framework for popularizing privacy in Web3. He notes that the early internet, like today’s blockchains, had virtually no privacy for strikingly similar reasons: immature cryptography, regulatory uncertainty (encryption once treated as munitions), and significant performance overhead (e.g., handshake latency).
He summarizes four key stages in the spread of HTTPS: (1) making privacy possible (standardization such as SSL/TLS); (2) making privacy lawful (securing the right to use/export encryption through litigation); (3) making privacy cheap (hardware acceleration instruction sets); and (4) making privacy the default and the norm. A turning point was Let’s Encrypt, which made obtaining certificates extremely simple and free. The final stage was browsers labeling HTTP sites as “Not secure,” thereby stigmatizing non-private behavior.
Mapping this framework to Web3, we are doing well at the “possible” stage (privacy-protocol standards), and the “cheap” stage is advancing via ZK hardware acceleration and precompiles; however, major challenges remain at the “lawful” stage (the Tornado Cash case) and the “simple” stage (wallet integration). In particular, Web3 still lacks a Snowden-like “oh-shit moment” to fully awaken mass privacy awareness.
Polymutex concludes that we need tools (such as WalletBeat) to monitor wallets’ privacy behavior (e.g., RPC leakage) and to push privacy as the default setting. More importantly, the community should stigmatize non-private behavior — just as browsers now warn that HTTP is insecure, future wallets should warn: “This is a public transaction; your finances will be monitored.” Only by treating the absence of privacy as abnormal can privacy truly become mainstream.
15. Privacy on Ethereum Now: Key Challenges
Speakers: Alan Scott, Max Hampshire
Alan and Max, in a conversational format, examined the real pain points of building privacy protocols on the front lines. The first challenge is narrative. Today, using privacy tools (e.g., Railgun) is often directly associated with illicit activity — “Why are you hiding? Are you afraid of the police?” This stigma deters ordinary users. They stressed the need to shift the narrative from “hiding crime” to “protecting everyday financial security” (much like not wanting everyone to see your Visa statement).
Integration friction is another major obstacle. Alan noted that Railgun’s SDK runs to hundreds of thousands of lines of code; for mainstream DeFi protocols such as Aave, integrating such a behemoth is not only technically difficult but also risky. This is why DeFi protocols prefer the privacy layer to adapt to them, rather than the reverse. In addition, many existing wallets (including Rabby forks) are rife with analytics/trackers, which runs counter to the goals of privacy protocols.
On network-layer privacy, Max described a cat-and-mouse dynamic. De-anonymization (e.g., traffic analysis) and anonymization (e.g., mixnets) are both evolving. Application-layer privacy alone is insufficient: if an ISP or RPC endpoint can see your IP and access patterns, on-chain privacy is heavily degraded. Hence, network-layer infrastructure such as Nym needs to be tightly coupled with application-layer protocols.
Finally, they discussed how to expand the anonymity set. If only whales use privacy tools, the effect is limited. The goal must be plug-and-play privacy that ordinary users employ without thinking — even if only to avoid copy-trading or to protect alpha. Only when there are enough “good actors” and routine transactions does the privacy network deliver real protection.
16. Ethereum Privacy Roadmap
Speaker: Andy Guzman (PSE)
Andy Guzman closed the day with a macro synthesis and outlook. He proposed a simplified taxonomy for the privacy stack — Private Reads, Private Writes, and Private Porting — and emphasized the Law of the Minimum: a privacy system is only as strong as its weakest layer. Even perfect ZK on-chain privacy fails if the RPC layer leaks IP metadata.
On timelines, Guzman forecast that by November 2026 (next Devcon) private transfers on Ethereum will be effectively “solved.” More than 35 teams are pursuing roughly 13 distinct approaches (from stealth addresses to privacy pools), making convergence on a winning design highly probable. The target profile is low cost (≈2× a standard transfer), low latency, and one-click UX.
He flagged a looming strategic debate: should privacy remain at the application layer, or be embedded in L1? L1 integration could unify liquidity and make privacy the default, but at the price of regulatory exposure and protocol complexity. An open community discussion is needed.
On compliance, he outlined a spectrum from cypherpunk, permissionless privacy to practical, compliance-aware privacy. While the former anchors core values, broader adoption — especially by institutions and governments — will require tools such as Privacy Pools. The end state should be a pluralistic ecosystem that serves diverse needs. PSE will continue to close technical gaps to help Ethereum mature into a privacy-first network.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish
Search
RECENT PRESS RELEASES
Related Post
