Ethereum Privacy’s HTTPS Moment: From Defensive Tool to Default Infrastructure

This Ethereum Privacy Stack event was jointly organized by the Privacy & Scaling Explorations (PSE) team, Web3Privacy Now, and core members of the Ethereum Foundation (EF). It is one of the most high-profile vertical events during Devconnect ARG 2025. The event brought together Vitalik Buterin, the founder of Tor, EF core researchers, founders of privacy protocols (Railgun, 0xbow, Aztec, etc.), and leading legal experts. Its core purpose is to re-map the Ethereum privacy ecosystem, bridge technological silos, and set the tone for the privacy roadmap for the next 3-5 years at a turning point where regulatory pressure is increasing and technology is maturing.

Held during Devconnect Buenos Aires 2025, Ethereum Privacy Stack is the most significant privacy-themed gathering in the Ethereum ecosystem this year.

The most notable consensus at this event was the establishment of the concept of "Holistic Privacy": privacy is no longer just a stack of on-chain tools like zero-knowledge proofs (ZK) or mixers, but a complete closed loop running through the network transmission layer (Tor), RPC reading layer, data storage layer, and user interaction front end.

As emphasized by Vitalik Buterin and Tor project founder Roger Dingledine, if the underlying network leaks IP, anonymity at the application layer is meaningless. The community has reached a consensus that Ethereum must follow the "barrel theory," patching the weakest links of metadata leakage to truly become an anti-censorship "world ledger."

Trend Insights: Moving Towards "Default Privacy" and the Battle for User Experience

Participants generally believe that Web3 privacy is undergoing a critical moment similar to Web2's transition from HTTP to HTTPS. Privacy technology should no longer be the preserve of "geeks" or "hackers," nor should it bear the moral burden of "hiding crime." By comparing Railgun, Kohaku wallet, and Web2 historical experience, speakers pointed out that the next key step is to "stigmatize non-private behavior," that is, to make public transparent transfers be seen as abnormal, akin to streaking on the internet.

By 2026, the Ethereum community aims to reduce the cost of private transfers to an acceptable range (such as only twice that of ordinary transfers) and achieve one-click seamless experience, thereby not only serving retail users but also opening the door for traditional financial institutions that cannot participate due to lack of commercial confidentiality protection.

Core Controversy: Compliance Spectrum and the "Civil War" Risk at L1

Although the technical roadmap is gradually becoming clear, ideological tensions remain. The biggest controversy lies in the contest between "compliant privacy" and "permissionless privacy." One side, represented by Privacy Pools, advocates for proactively isolating illegal funds through "dissociation proofs" in exchange for regulatory tolerance and institutional adoption; the other side insists on pure cypherpunk spirit, believing that any form of compliance compromise will ultimately lead to censorship.

In addition, Andy Guzman from PSE warned of a possible upcoming "civil war": whether privacy features should be embedded in the core Ethereum protocol layer (L1). Writing it into L1 can bring unified liquidity and default protection, but may also bring huge regulatory risks and protocol complexity. This choice will determine Ethereum's future political attributes.

The Awakening of Infrastructure: Hardware as the Last Line of Defense Against Censorship

In addition to software-level discussions, this event unusually delved into the physical and network layers. From "running your own node" to "de-trusting trusted execution environments (TEE)," the community realized that if hardware is backdoored, all upper-layer encryption is invalid. Anti-censorship is redefined as public infrastructure similar to "fire escapes": it may seem unnecessary in peacetime, but in times of crisis, it is the only hope for survival. Whether building decentralized VPNs (such as Nym, HOPR) or using ZK-TLS for "guerrilla interoperability," all are attempts to build a system robust even under extreme geopolitical conflict.

Legal and Cultural Self-Rescue

In the face of the plight of Tornado Cash developers, the event was filled with a sense of urgent "self-rescue." Legal experts and developers unanimously called for the establishment of strong legal defense funds and policy lobbying groups. Everyone realized that protecting privacy is not just about writing code, but a battle for narrative power: developers must be transformed from "potential terrorist accomplices" to "defenders of freedom in the digital age." If the industry does not unite to protect open-source contributors, technological progress will stall as no one dares to write code.

The following is a detailed summary of the 16 speeches and panels at this event.

1. Onionizing Ethereum

Speakers: Vitalik Buterin (Ethereum Foundation), Roger Dingledine (Tor Project)

This conversation marked a major conceptual shift in Ethereum's privacy vision. Vitalik pointed out that the Ethereum Foundation is promoting a plan to deeply integrate Tor and Onion Services into the entire Ethereum tech stack. This represents a shift in mindset: from focusing solely on transaction-level privacy (such as ZK proofs) to a more comprehensive "holistic privacy" view. This holistic view covers both write privacy (transaction sending) and read privacy (RPC data reading), aiming to prevent users from leaking IP addresses and access patterns when broadcasting transactions or reading on-chain data.

Roger Dingledine shared the current status of the Tor network as the underlying infrastructure for Bitcoin, noting that about three-quarters of Bitcoin nodes connect via onion addresses. He emphasized that credential anonymity at the application layer is not enough; if the underlying network transmission layer leaks IP addresses, application-layer privacy protection is meaningless. Ethereum's goal this time is to introduce mixnets and onion routing not only at the smart contract layer but also at the P2P network layer, to defend against denial-of-service attacks (DoS) targeting proposers and enhance censorship resistance.

Vitalik further elaborated on the two meanings of "censorship": transaction censorship at the application layer and access censorship at the network layer. He emphasized that Ethereum's goal is to be a globally accessible ledger, so that even under national firewall blockades, users and validators can still access the network via Tor's pluggable transports (such as Snowflake). This technology can disguise traffic as ordinary WebRTC video calls to bypass blockades. This is not only about privacy but also about Ethereum's resilience and geographic decentralization as the "world ledger."

Looking ahead, the two discussed the possibility of having Ethereum validators (stakers) also run Tor relay nodes. Since traffic to specific onion services does not require exit relays, validators can easily run non-exit relays, only contributing bandwidth without legal risk. If realized, this move will greatly enhance Ethereum's underlying censorship resistance and privacy protection in the coming years, achieving a dual improvement in user experience and network resilience.

2. Ethereum is for DefiPunk

Speaker: Hsiao-Wei Wang (Ethereum Foundation)

Hsiao-Wei's talk centered on the Ethereum Foundation's (EF) latest financial policy, introducing the concept of "DefiPunk" to reinject the spirit of Cypherpunk into the DeFi ecosystem. She pointed out that DeFi should not only pursue yield but also possess censorship resistance, open source, and privacy protection. EF's funding allocation should reflect Ethereum's core values, supporting projects that promote Ethereum's long-term health rather than just chasing high APY or adopting centralized shortcuts.

To guide this strategy, she detailed the six core attributes of DefiPunk: Security, Open Source, Financial Self-sufficiency, Trust-minimized, Crypto Tools, and Privacy. Especially for open source, EF prefers to support projects using FLOSS licenses to encourage true transparency and collaboration, rather than commercial source code protection.

In terms of specific standards, DefiPunk emphasizes that protocols must be permissionless, accessible to users from any region; users must have full control over their assets (User Sovereignty), not relying on third-party custody. She also stressed that privacy should not be a luxury in DeFi but a first-class citizen. EF encourages projects to use distributed frontends, independent UIs, or even command-line tools to avoid censorship risks from centralized frontends.

Finally, Hsiao-Wei called on the community and developers to practice these values together. EF's role is not only as a funder but also as a backer of this philosophy. She encouraged users to think like a true "DefiPunk" when choosing DeFi protocols: check codebases, pay attention to governance transparency, and check for immutable smart contracts. This speech challenges the status quo of the DeFi industry, demanding a return to the original intention of decentralized finance—to provide uncensorable financial services for the oppressed and the unbanked.

3. Privacy-Aware Mechanisms for Public Goods Funding

Panelists: Camila Rioja (Plexos), Thomas Humphreys (EF), Tanisha Katara, Beth McCarthy, José Ignacio Trajtenberg

This panel focused on how to balance transparency and privacy in public goods funding. Panelists first shared real-world application cases, such as Xcapit's aid distribution project with UNICEF and Brazil's use of blockchain technology to manage community currencies. In these scenarios involving humanitarian aid and vulnerable groups, privacy is not just about data protection but is a key factor for the safety of beneficiaries.

The core tension discussed was the trade-off between "transparency" and "privacy." For the outcome of fund allocation, transparency is necessary to ensure funds go to the right places and have an impact; but at the participation level, especially in voting and identity verification, privacy is crucial. If voting is completely public, it creates bribery markets and social pressure, distorting governance results. By introducing zero-knowledge proof (ZK) primitives, it is possible to verify voting eligibility and results without revealing specific ballots, thus achieving anti-collusion governance.

Panelists also discussed how technical tools can adapt to the needs of different jurisdictions. For example, in some countries, collecting certain data may be legal, but in others (such as Germany), the same data collection may violate GDPR. Therefore, building global public goods funding tools should not try to meet all compliance requirements but should build flexible, privacy-first infrastructure, allowing local communities to adapt as needed.

Finally, the discussion looked ahead to future technical directions, including privacy-preserving prediction markets and self-sustaining public goods funding mechanisms. Panelists agreed that technology should not only solve efficiency problems but also return to a "human-centered" design philosophy. Through ZK identity proofs and privacy voting tools, it is possible to prevent Sybil attacks while protecting user data, thus building a fairer and safer community governance system.

4. Who pays for privacy? The real cost of building aligned apps

Speaker: Lefteris Karapetsas (Rotki)

Lefteris opened with a sharp industry revelation: "If the product is free, then you are the product."

He pointed out that current internet applications generally exchange free services for a "data tax," with users' data being collected and sold. To break this situation, he proposed the concept of "Aligned Apps," software that truly serves user interests, respects data sovereignty, is local-first, and has no tracking. However, building such apps faces huge engineering challenges and cost pressures.

He used his own Rotki (a local-first portfolio tracking tool) as an example, describing in detail the hidden costs of developing privacy apps. Unlike SaaS products, local apps cannot easily perform A/B testing or collect error logs; developers must package binaries for multiple operating systems, handle local database migrations, and pay expensive code signing certificate fees. This means lower development efficiency and no way to monetize user data, making the business model more difficult.

Lefteris strongly advised developers not to rely on donations or grants for survival, as this is a dead end. He advocated that privacy apps must have a clear business model and charge users directly. This is not only to sustain development but also to educate users: privacy has explicit costs. Through freemium models, enterprise support, or specific paid features (such as advanced data analysis), developers can obtain predictable recurring revenue.

At the end of the talk, he called for a new contract between users and developers. Users should realize that paying is not just for current software features but to support a future that does not monitor or do evil. He encouraged developers to price confidently, not to undersell their labor, and to maintain financial transparency to win community trust. Building "Aligned Apps" is itself a punk act, a rebellion against cloud computing giants' monopoly and data surveillance.

5. Ethereum Privacy Ecosystem mapping

Panelists: Mykola Siusko, Antonio Seveso, cyp, Alavi, Kassandra.eth

This panel attempted to clarify the complex and fragmented Ethereum privacy ecosystem. Panelists agreed that the core of the ecosystem is not just listing all privacy protocols but understanding their relationships. The current privacy ecosystem is mainly divided into several verticals: on-chain privacy (such as stealth addresses, privacy pools), network layer privacy (such as mixnets), and most importantly, the connection layer—user experience (UX). UX is seen as the bridge connecting these fragmented technical components, determining whether privacy technology can truly be adopted by the masses.

The discussion mentioned the subtle relationship between "compliance" and "privacy." Panelists reflected on the limitations of building privacy tools solely to defend against regulation. They believe privacy should not just be defined as a defensive technology (preventing surveillance) but as a collaborative community effort, a tool that unlocks new capabilities for users and the community. Overemphasizing the "defensive" narrative may actually limit product imagination.

On regulation and compliance, panelists expressed strong views: building a global product that fully complies with all jurisdictions is unrealistic, even naive. Rather than trying to build compliance into the protocol layer (which often means leaving backdoors), it's better to build general privacy infrastructure and give users the right to selectively disclose information at the application layer (such as View Keys). This both protects users from total surveillance and retains the ability to prove compliance when necessary.

Finally, panelists emphasized the importance of breaking technical "echo chambers" and called for closer ties with privacy organizations outside crypto (such as Tor, EFF, Signal). The future ecosystem map should not just be a stack of technical layers but should include legal aid, hackathons, education, and advocacy organizations. Making privacy normal, social, and even fun is key to the next stage of ecosystem development.

6. Ethereum Institutional Privacy now

Panelists: Oskar Thorin, Zach Obront, Amzah Moelah, Eugenio Reggianini, Francois

Oskar Thorin first introduced EF's Institutional Privacy Task Force (IPTF) and its mission: to help traditional financial institutions migrate to Ethereum while meeting their privacy needs. The current trend is that institutions are no longer refusing to go on-chain because of regulation, but rather cannot go on-chain due to lack of privacy. Even if only 1% of traditional financial funds enter Ethereum, the impact on the privacy ecosystem would be huge.

In the panel session, guests from ABN Amro (Dutch bank) and Etherealize shared real institutional pain points. Institutions do not want to use the global liquidity of public chains because they cannot accept transaction strategies, positions, or client data being completely public on-chain. Unlike retail users, institutions need not only privacy but also "control": clarity over who can see what data and when. This control needs to be refined to specific business flows, such as bond issuance, loan settlement, or secondary market trading, each with different transparency requirements.

Francois from Polygon Miden introduced how they solve this problem through a hybrid account model (Account + UTXO): users can maintain privacy states locally and only prove transaction validity to the public network when necessary. The discussion also covered the application of zero-knowledge proofs (ZK) in compliance reporting, i.e., using ZK technology to prove an institution's solvency or compliance to regulators without revealing underlying data.

Panelists agreed that the future direction is not to build isolated private chains but to build privacy layers on the Ethereum public chain. By decoupling identity verification (KYC/KYB), policy execution, and compliance reporting, institutions can maintain their business secrets while enjoying Ethereum's security and liquidity. The maturity of this architecture will be a key turning point for large-scale institutional adoption of Ethereum around 2026.

7. Privacy Without Terrorists

Speaker: Ameen Suleimani (0xbow)

Ameen's talk began with a parable about Patagonian lake pollution, vividly metaphorizing the predicament of Tornado Cash: when a few people ("terrorists"/hackers) pollute a public resource (privacy pool), everyone (ordinary users) is punished. He reviewed the history of Tornado Cash, pointing out that developers should not be responsible for users' illegal actions, but also raised a sharp question: when ordinary users use mixers, they are actually providing privacy cover for hackers. Therefore, the community has a responsibility to build a new system that protects legitimate users' privacy without empowering criminals.

This is the core idea of Privacy Pools. Unlike Tornado Cash, Privacy Pools allow users to publicly "dissociate" themselves from illegal funds (such as North Korean hacker funds) through zero-knowledge proofs. When withdrawing, users can prove their funds come from a legitimate deposit set without revealing the specific source. This meets regulatory anti-money laundering requirements while preserving users' on-chain privacy.

Ameen detailed the management mechanism of 0xbow. The system introduces KYT (Know Your Transaction) checks, and deposits require approval. If 0xbow finds a deposit source to be illegal, it can remove it from the compliance set but cannot freeze user funds. He especially emphasized the "Rage Quit" mechanism: even if a user's deposit is later marked as non-compliant or 0xbow decides to cease operations, the smart contract still guarantees users can withdraw their principal at any time. This achieves a "non-custodial but permissioned" privacy model.

Finally, Ameen previewed the roadmap for Privacy Pools V2, planned for release at EthCC (Paris). V2 will support shielded transfers, allowing peer-to-peer payments within the pool without needing to withdraw to a new address as in V1. V2 essentially trades some fungibility for recoverability, aiming to build privacy infrastructure for "good people" and prevent developers from being jailed for writing code.

8. Is censorship resilience truly necessary?

Speaker: Mashbean (Matters.lab)

Mashbean raised a disturbing question: if censorship resistance is so important, why do products centered on it struggle to survive? Drawing on five years of operating Matters.news (a decentralized content publishing platform), he revealed the mismatch between "market demand" and "survival need." While marginalized groups (dissidents, journalists) have a strong moral need for censorship resistance, this market is small and lacks purchasing power. Most ordinary users only care about content quality, not whether the platform is censorship-resistant.

He delved into the "Honeypot Paradox": building a censorship-resistant platform naturally attracts the most sensitive content, concentrating risk. This not only attracts authoritarian government blockades but also massive spam and scam attacks. Ironically, to combat spam, platforms have to introduce some form of moderation, creating tension with the original anti-censorship intent. In fact, massive spam attacks have triggered automatic anti-fraud systems in democratic countries, causing platforms to be mistakenly blocked, forming a new type of "cross-border joint censorship."

Faced with these dilemmas, Mashbean proposed some counterintuitive solutions. First, don't build a single large platform; instead, build modular components (storage, identity, payments) so small communities can reuse this infrastructure, avoiding obvious attack targets. Second, "eat your own dogfood": developers themselves must adopt strong OpSec and privacy payments, as they are also high-risk groups.

The conclusion is that censorship resistance technology should not be seen as an ordinary commercial product but as public infrastructure like "fire escapes" or "seat belts." You don't ask about the market size (TAM) of fire escapes, but in a fire, they are lifesaving. Therefore, the financing model for such projects needs to change, mixing public funds, charitable donations, and community ownership. Their success metric is not revenue but how many people can still speak out and survive under pressure.

9. Guerilla Interoperability

Speaker: Andreas Tsamados (Fileverse)

Andreas's talk was combative, likening today's Web2 internet to a city full of "hostile architecture," where giants control users through walled gardens, DRM, and data lock-in. To fight this "Enshittification," he proposed the concept of "Guerilla Interoperability". This is a user-driven tactical resistance: using technical means to forcibly achieve interoperability without permission from dominant platforms, reclaiming data sovereignty.

He detailed the technical arsenal for this goal, especially ZK-TLS (zero-knowledge transport layer security). This technology allows users to generate encrypted proofs of their interactions with Web2 sites (such as banks, social media), thus bringing Web2 data into the Web3 world in a permissionless way. This means developers can build apps that depend on existing monopoly platforms, leeching and surpassing them without waiting for API access.

Andreas advocated a culture of "revolutionary optimism," refusing to accept the status quo of the internet. He showcased Fileverse's ddocs.new and dsheets.new tools, decentralized alternatives to Google Workspace. They are not only end-to-end encrypted but also support inviting collaborators via ENS, with data stored on IPFS.

The core advice of the talk: don't wait for giants to have a conscience; use programmable accounts, decentralized storage, and ZK technology to forcibly build alternatives. This "right to repair" movement calls on developers to use existing closed system infrastructure to provide users with better privacy and sovereignty options until giants are forced to accept the new normal.

10. Building infrastructural resilience

Panelists: Sebastian Burgel, ml_sudo, Pol Lanski, Kyle Den Hartog

This panel focused on the physical and hardware layers. Panelists pointed out that if our underlying hardware is untrustworthy, upper-layer software privacy is like building on sand. Current chips (such as Intel SGX) often sacrifice security for performance and are vulnerable to side-channel attacks. ml_sudo introduced the Trustless TEE initiative, aiming to build fully open-source hardware chips, with transparent and verifiable design blueprints and manufacturing processes, to adapt to today's increasingly fragmented geopolitical threat models.

Pol Lanski (Dappnode) emphasized the importance of home self-hosting. He believes that although user experience is not good enough now, the goal should still be "everyone runs their own node." This is not only for decentralization but also a form of "civil disobedience." When laws (such as Chat Control) try to monitor all communications, running your own relay nodes and servers is the most effective way to make the law unenforceable.

Sebastian (HOPR) put forward an interesting view: "Nerds protect networks." While we hope ordinary users can participate, in reality, it is the small group of geeks willing to tinker with hardware and run nodes that form the network's defense front. Therefore, the ecosystem should respect and empower this geek culture while also working to lower hardware barriers so more people can participate.

The discussion ended by returning to the "why" question. In an era of rampant AI forgery and hyper-connected networks, only through trustless hardware and infrastructure can we retain "humanity" in the digital world—that is, being sure you're interacting with real people and your data isn't being stolen. This infrastructural resilience is our last line of defense against digital totalitarianism.

11. Kohaku wallet on Ethereum

Speaker: Nicolas Consigny (EF)

Nicolas announced a new project led by the Ethereum Foundation—Kohaku. This is a set of primitives focused on privacy and security, including an SDK and a reference implementation browser extension wallet (based on an Ambire fork). Kohaku's goal is not to become another competing wallet but to provide high-quality open-source components, like a "buffet," for other wallet developers to use, thereby raising the privacy baseline of the entire ecosystem.

Kohaku's core highlight is that it greatly simplifies the threshold for using privacy protocols. It integrates privacy protocols such as Railgun and Privacy Pools, allowing users to switch with one click in the wallet interface and send assets directly to privacy pools without complex setup. In addition, Kohaku introduces a "one account per dApp" connection system to prevent users from accidentally linking the same address to multiple apps, reducing metadata leakage.

In terms of hardware security, Kohaku has achieved several major breakthroughs. The team collaborated with ZKnox to enable direct signing of Railgun ZK transactions on hardware wallets, meeting advanced users' needs for "cold storage + privacy." They also demonstrated a universal hardware application layer, allowing the same privacy signing logic to run on Keystone, Keycard, and even low-cost DIY hardware.

Nicolas's demo showcased EF's pragmatic attitude in privacy: not seeking to change the world overnight, but by building secure, easy-to-use SDKs (such as the OpenLV connection suite), enabling existing wallets to easily integrate Tor network support and privacy transaction features. Kohaku plans to launch a public testnet during EthCC next April, marking a new stage of standardization and modularization for Ethereum application-layer privacy.

12. Private voting in DAOs

Panelists: Joshua Davila, Lasha Antadze, Anthony Leuts, Jordi Pinyana, John Guilding

This discussion delved into the necessity of private voting in DAOs and real-world governance. Anthony (Aragon) bluntly pointed out that lack of privacy leads to false governance: under the pressure of transparent voting, 99% of proposals get 99% approval because no one wants to be the "spoilsport" or face retaliation. Private voting is not only to protect voters but also to get real public opinion and break this toxic "false consensus."

Representatives from Rarimo and Vocdoni shared their experience implementing private voting in high-risk environments (such as under oppressive regimes). In these scenarios, participating in voting itself can lead to imprisonment, so identity privacy is a matter of life and death. Technically, the current challenge is how to combine real-world identities (such as passports, biometrics) with on-chain privacy, preventing Sybil attacks (one person, multiple votes) while ensuring ballots are untraceable.

John (MACI) focused on the importance of anti-collusion. Private voting is not just about anonymity but also about "being unable to prove who you voted for" to prevent vote buying. If voters can generate proof of "I voted for A" for buyers, a bribery market will form. MACI (Minimum Anti-Collusion Infrastructure) is dedicated to solving this problem. He mentioned that the recent Gitcoin privacy round was a successful experiment, proving that related technologies (such as quadratic voting combined with ZK identity) are close to production-ready.

Panelists agreed that 2026 will be a key year for private voting protocols to mature and be integrated into mainstream DAO tools (such as Snapshot, Tally). Although the technology is basically ready, the biggest obstacle is perception: the crypto community is used to "transparency equals justice," even treating bribes as a normal DeFi mechanism. Changing this narrative and making people realize that privacy is the cornerstone of democracy is the next political task.

13. From Tornado Cash to future developers protection

Panelists: Marina Markezic, Fatemeh Fannisadeh, Ayanfeoluwa Olajide, Joan Arús

This was a panel full of urgency and calls to action. Joan Arús shared the background of the Sentinel Alliance: an alliance formed by victims of spyware (such as Pegasus). He recounted how the Aragon and Vocdoni teams were monitored by government spyware for developing censorship-resistant voting technology. This shows that threats have escalated from "prosecuting past crimes" to "preemptive surveillance," targeting the potential uses of open-source code.

Lawyers analyzed the escalation of legal risks in detail. Current anti-terrorism laws are extremely broad, and any attempt to "undermine political or economic structures" can be defined as terrorism. This means that developers of decentralized finance or privacy tools may be labeled as terrorists without knowing it. Fatemeh warned that we cannot rely solely on bureaucratic procedures for justice and must establish proactive defense mechanisms.

Marina (EUCI) brought a glimmer of hope. She shared the latest progress in EU GDPR amendments: after lobbying, regulators are beginning to recognize the special nature of blockchain and may acknowledge privacy-enhancing technologies as a means of achieving GDPR compliance rather than an obstacle. This proves that advocacy is effective.

Finally, the panel issued a strong call: the crypto industry has billions of dollars in capital and must stop spending it only on parties, but invest in legal defense funds and policy lobbying. If a legal framework to protect developers is not established, and if we do not unite against the criminalization of open-source development, the next person to go to jail could be any developer present. This is not just a compliance issue but a battle for freedom and survival.

14. Protocol-level privacy: Lessons from web2

Speaker: Polymutex (Walletbeat)

Polymutex reviewed the history of Web2's transition from HTTP to HTTPS, providing a valuable reference framework for the popularization of Web3 privacy. He pointed out that the early internet, like today's blockchain, had no privacy for surprisingly similar reasons: immature encryption technology, regulatory uncertainty (encryption was once considered munitions), and high performance overhead (handshake latency).

He summarized four key stages of HTTPS popularization: 1. Making privacy possible (standards setting, such as SSL/TLS); 2. Making privacy legal (winning the right to encrypt through litigation); 3. Making privacy cheap (hardware acceleration instruction sets); 4. Making privacy default and normal. The emergence of Let’s Encrypt was a turning point, making certificate acquisition extremely simple and free. The final stage was browsers marking HTTP sites as "insecure," stigmatizing non-private behavior.

Mapping this framework to Web3, we are currently doing well in the "possible" stage (privacy protocol standards); the "cheap" stage is being promoted through ZK hardware acceleration and precompiled contracts; but there are still huge challenges in the "legal" stage (Tornado Cash case) and the "simple" stage (wallet integration). In particular, Web3 currently lacks an "Oh Shit Moment" like the Snowden revelations to awaken the public's privacy awareness.

Polymutex's final conclusion is that we need tools (such as WalletBeat) to monitor wallet privacy behavior (such as RPC leaks) and promote privacy as the default setting. More importantly, the community needs to stigmatize non-private behavior—just as browsers now warn that HTTP is insecure, future wallets should warn users "this is a public transaction, your finances will be monitored." Only by treating lack of privacy as abnormal can privacy truly become widespread.

15. Privacy on Ethereum now: key challenges

Speakers: Alan Scott, Max Hampshire

Alan and Max discussed the real pain points of building privacy protocols on the front lines in a relaxed dialogue. The primary challenge is the narrative problem. Currently, using privacy tools (such as Railgun) is often directly associated with illegal activity: "Why are you hiding? Are you afraid of the police?" This stigmatization deters ordinary users. They emphasized that the narrative must shift from "hiding crime" to "protecting everyday financial security" (just like not wanting everyone to see your Visa bill).

Technical integration friction is another huge obstacle. Alan mentioned that Railgun's SDK has hundreds of thousands of lines of code; for mainstream DeFi protocols like Aave, integrating such a behemoth is not only technically difficult but also risky. This is why DeFi protocols prefer privacy layers to adapt to them, rather than the other way around. In addition, existing wallets (such as forks from Rabby) are often full of analytics trackers, which runs counter to the goals of privacy protocols.

On network layer privacy, Max pointed out that this is a cat-and-mouse game. Deanonymization technologies (such as traffic analysis) and anonymization technologies (such as mixnets) are constantly evolving. Relying solely on application-layer privacy is not enough; if ISPs or RPC nodes can see your IP and access patterns, on-chain privacy is greatly diminished. Therefore, network layer facilities like Nym need to be closely integrated with application-layer protocols.

Finally, the two discussed how to expand the anonymity set. If privacy tools are only used by whales, their privacy effect is limited. The goal must be for ordinary users to use privacy features unconsciously (plug and play), even if only to prevent copy trading or protect alpha. Only when there are enough "good people" and ordinary transactions can the privacy network truly provide protection.

16. Ethereum Privacy Roadmap

Speaker: Andy Guzman (PSE)

Andy Guzman provided a macro summary and outlook for the day's event. He proposed PSE's simplified classification model for the privacy tech stack: Private Reads, Private Writes, and Private Porting. He cited the law of the minimum (barrel theory): the strength of a privacy system depends on its weakest link. If we achieve perfect ZK privacy on-chain but leak IP at the RPC layer, the whole system still fails.

On the roadmap, Andy boldly predicted: by November 2026 (the next Devcon), the problem of private transfers on Ethereum will be completely solved. He noted that more than 35 teams are exploring about 13 different technical paths (from stealth addresses to privacy pools), and this ecosystem diversity ensures that a winning solution will emerge. Future solutions will feature low cost (only twice as expensive as ordinary transfers), low latency, and one-click experience.

He also raised a potential controversy: should privacy remain at the application layer or be embedded in the core protocol layer (L1)? This may trigger a "civil war" in the future. Writing privacy into L1 can bring better liquidity unification and default privacy but may also bring regulatory risks and protocol complexity. He called on the community to discuss this openly.

Finally, on compliance, Andy presented a spectrum from "permissionless privacy (Cypherpunk)" to "compliant privacy (Practical)." He believes that while pure cypherpunk spirit is worth pursuing, responsible solutions like Privacy Pools are also needed for institutional and government adoption. The future of Ethereum privacy should not be singular but a diverse ecosystem accommodating different needs. PSE will continue to fill technical gaps to ensure Ethereum becomes a truly privacy-first network.