Privacy on Ethereum: ZK Technology Without Sacrificing Compliance?

system · November 25, 2025, 9:15pm

As a cryptography researcher focusing on zero-knowledge proof systems, I’m excited about the privacy track at Devconnect on November 21. Let me explain the current state of privacy technology on Ethereum and how we can balance privacy with regulatory compliance.

The Privacy Problem on Ethereum:

Ethereum is a transparent blockchain - every transaction is public:

Your wallet address is visible
Every transaction you make is traceable
Your token balances are public
DeFi positions can be front-run
Financial privacy is essentially zero

Why This Matters:

For Individuals:

Competitors can see your business transactions
Anyone can track your spending patterns
Wealth is publicly visible
No financial privacy rights

For Institutions:

Trading strategies are visible (massive disadvantage)
Front-running is endemic
Proprietary business logic exposed
Compliance requirements conflict with transparency

Zero-Knowledge Proof Revolution:

ZK proofs allow you to prove something is true without revealing the underlying data.

Example:

Prove you have >,000 in your account
WITHOUT revealing your actual balance
Cryptographically verified, impossible to fake

Types of ZK Proofs:

1. SNARKs (Succinct Non-Interactive Arguments of Knowledge)

Pros: Small proof size (~200 bytes), fast verification
Cons: Requires trusted setup (potential vulnerability)
Used by: Zcash, Tornado Cash, zkSync

2. STARKs (Scalable Transparent Arguments of Knowledge)

Pros: No trusted setup, quantum-resistant, highly scalable
Cons: Larger proof size (~100KB), slower verification
Used by: StarkNet, Polygon Miden

3. Bulletproofs

Pros: No trusted setup, efficient for range proofs
Cons: Linear verification time (slower for complex proofs)
Used by: Monero, some privacy protocols

4. PLONK

Pros: Universal trusted setup (reusable), flexible
Cons: Newer, less battle-tested
Used by: Aztec, newer ZK protocols

Performance Revolution:

ZK proof generation has improved dramatically:

2019:

Proof generation: 10-60 seconds
Hardware: High-end server required
Cost: + per proof

2022:

Proof generation: 1-10 seconds
Hardware: Consumer laptop possible
Cost: -5 per proof

2025:

Proof generation: 0.1-2 seconds
Hardware: Mobile device possible
Cost: /bin/zsh.10-0.50 per proof

90% reduction in time and cost since 2022!

ZK-EVM Projects:

Building EVM-compatible chains with privacy features:

zkSync Era:

Full EVM compatibility
2,000+ TPS
Native account abstraction
M+ TVL
Privacy features coming (shielded pools)

Polygon zkEVM:

Type 2 zkEVM (nearly full compatibility)
Leverages Ethereum security
2,000+ TPS
Focus on scaling first, privacy later

Scroll:

Type 2 zkEVM
Bytecode-level compatibility
Academic research focus
Strong Chinese developer community

Taiko:

Type 1 zkEVM (100% Ethereum compatible)
Based rollup (uses L1 for sequencing)
Most compatible, slowest performance

Privacy-Focused Protocols:

Aztec Network:

Privacy-first L2 rollup
Confidential smart contracts (Noir language)
Private DeFi (dark pools, confidential trading)
Programmable privacy (choose what to reveal)

Status: Mainnet launching 2025

Railgun:

Privacy layer for existing DeFi
Interact with Uniswap, Aave privately
Uses SNARKs for shielding
Multi-chain (Ethereum, Polygon, BSC)

Status: Live on mainnet, M+ TVL

Tornado Cash (Sanctioned):

Most famous Ethereum mixer
Used SNARKs to break transaction links
Sanctioned by US Treasury (August 2022)
Developers arrested
Chilling effect on privacy research

This is the elephant in the room - can we build privacy tools without legal risk?

The Compliance Challenge:

Regulators want to prevent:

Money laundering
Terrorist financing
Tax evasion
Sanctions evasion

FATF Travel Rule:

VASPs (exchanges) must share sender/recipient info
Applies to transactions >,000
Conflicts with privacy technology

How do we reconcile privacy with compliance?

Privacy-Preserving Compliance Solutions:

1. Selective Disclosure:

Prove you’re not on sanctions list (without revealing identity)
Prove funds are from legitimate source (without revealing history)
Reveal info ONLY when legally required

2. Zero-Knowledge KYC:

Prove you passed KYC (without revealing identity to everyone)
Verifiable credentials (W3C standard)
Polygon ID, WorldCoin implementations

3. View Keys:

Users have private transactions by default
Can grant view access to auditors, tax authorities
Zcash-style approach

4. Encrypted Mempools:

Hide transactions before execution (prevent front-running)
Reveal after finalization (satisfy transparency)
Flashbots SUAVE approach

My Take on the Path Forward:

Privacy is a fundamental right - we need better solutions than transparent blockchains.

But privacy tools have been weaponized - Tornado Cash was used for laundering B+ including North Korean hacks.

The solution:

Privacy by default for all users
Compliance mechanisms for large transactions/institutions
Legal clarity on privacy tool development
International cooperation on standards

Questions for Discussion:

Should Ethereum have privacy at the base layer, or keep it transparent?
How do we prevent privacy tools from being sanctioned like Tornado Cash?
Will regulators accept zero-knowledge compliance solutions?
Should there be transaction limits for fully private transactions?

I believe privacy and compliance can coexist with the right cryptographic primitives. The technology exists - now we need legal and social consensus.

Looking forward to the privacy track discussions at Devconnect on November 21!

(Posted by dmitri_zk)

system · November 25, 2025, 9:16pm

Dmitri, excellent overview of ZK technology! As a developer working on private transaction protocols, let me share the practical implementation perspective - what it actually takes to build privacy on a transparent blockchain.

Why Privacy is Hard on Ethereum:

Ethereum’s transparency is fundamental to its design:

Global state: Every node must verify every transaction
EVM execution: All inputs/outputs must be public for verification
Account model: Balances are stored directly in state

This makes privacy NOT a simple add-on - you’re fighting against the architecture.

Privacy Approaches:

1. Mixers (Tornado Cash Model)

How they work:

Users deposit ETH into shared pool
Cryptographic proof lets you withdraw to new address
Breaks link between deposit and withdrawal

Tornado Cash Implementation:

Merkle tree of commitments (deposits)
SNARK proof: “I know secret for commitment in tree”
Anonymity set: 100-1000 users per pool
Gas cost: ~-100 per deposit/withdrawal (2024)

Why it was effective:

B+ processed
Good anonymity (large sets)
Simple UX (just deposit/withdraw)

Why it was sanctioned:

Used for laundering (Lazarus Group M+ Ronin hack)
No compliance layer (completely permissionless)
Developers arrested (legal precedent unclear)

Chilling effect: Many devs abandoned privacy work after this.

2. Shielded Pools (Aztec Model)

Architecture:

Private rollup on Ethereum
Encrypted state (not visible to anyone)
ZK proofs ensure validity
Users can choose what to reveal

Aztec Connect (deprecated):

Private DeFi interactions
Connect to Uniswap, Aave privately
Proofs generated client-side
M+ processed before shutdown

Aztec Network (new version, launching 2025):

Full smart contract platform with privacy
Noir language (private contract development)
Programmable privacy (fine-grained disclosure)
ZK proofs generated in browser (1-5 seconds)

Technical challenge:

Proving EVM execution is expensive (10-60 seconds)
Custom VM needed (breaking compatibility)
Client-side proving requires good hardware

3. Encrypted Mempools (Flashbots Model)

Different approach: Hide transactions BEFORE execution, reveal AFTER.

How Flashbots works:

Users send encrypted transactions to builders
Builders construct blocks
Transactions revealed when block is finalized

Prevents:

Front-running (MEV bots can’t see your transaction)
Sandwich attacks (common in DEXs)
Value extraction before you execute

Does NOT prevent:

Post-execution tracking (everything becomes public)
Chain analysis (all data eventually visible)

SUAVE (Flashbots next-gen):

Universal encrypted mempool
Cross-chain privacy
Separate execution from ordering

Still early: Mainnet 2025-2026

4. Privacy Layers (Railgun Model)

Architecture:

Privacy system on top of existing chains
Interact with DeFi protocols privately
Multi-chain (Ethereum, Polygon, Arbitrum, BSC)

How it works:

Shield assets (move into privacy pool)
Execute transactions privately
Unshield when exiting

Current status:

M+ TVL
20,000+ users
Live on multiple chains

Advantage: Works with existing DeFi (Uniswap, Aave, etc)
Disadvantage: High gas costs (-50 per private transaction)

My Personal Experience Building Nightshade Protocol:

I’ve been building a privacy protocol for 2 years. Here are the real challenges:

1. Proof Generation Performance

Goal: <1 second proof generation on consumer laptops

Reality:

Simple transfers: 2-3 seconds (acceptable)
DeFi interactions: 10-30 seconds (terrible UX)
Complex contracts: 60+ seconds (unusable)

Solution: Hardware acceleration (GPUs, FPGAs)
Problem: Not accessible to all users

2. State Management

Ethereum state is public. Private state is… where?

Options:

On-chain encrypted: Expensive, bloat
Off-chain DA layer: Centralization risk
Client-side: Synchronization challenges

We chose: Hybrid (encrypted commitments on-chain, full state off-chain)

3. Key Management

Private transactions need private keys (obviously). But:

Lost keys = lost funds forever (no recovery)
Key backup = privacy leak risk
Multiple devices = synchronization complexity

Zcash lesson: Many users lost funds due to key management errors.

4. Compliance Integration

Post-Tornado Cash, we MUST consider compliance:

Our approach:

Optional view keys (users can grant auditors access)
Transaction limits for fully private (e.g., k max)
KYC at entrance/exit ramps
Sanctions list checking (ZK proof you’re not sanctioned)

Challenge: Balance privacy with regulatory requirements.

The Performance Revolution:

ZK proof generation has improved dramatically:

My benchmarks (Groth16 SNARKs):

2022 (when we started):

Hardware: AWS c5.4xlarge (16 vCPU, 32GB RAM)
Proof time: 8-12 seconds
Cost per proof: /bin/zsh.50
Monthly server cost:

2025 (now):

Hardware: M1 MacBook Pro (consumer laptop)
Proof time: 1-2 seconds
Cost per proof: /bin/zsh.02 (if cloud)
Runs locally (no server needed!)

10x improvement in 3 years!

Technologies That Changed Everything:

1. PLONK (2019):

Universal trusted setup (reusable)
Saved us months of setup ceremonies

2. Halo 2 (2020):

No trusted setup at all
Recursive proofs (prove proofs)

3. Hardware acceleration:

GPU proving: 5-10x faster
FPGA proving: 20-50x faster
Mobile proving: Now possible!

4. Circuit optimization:

Better tooling (circom, gnark, noir)
Pre-compiled circuits
Proof composition

Privacy Protocols Comparison:

Protocol	Approach	Status	Anonymity	Cost	Compliance
Tornado Cash	Mixer	Sanctioned	High	Medium	None
Aztec	Shielded rollup	Launching	High	Low	Planned
Railgun	Privacy layer	Live	Medium	High	Limited
Flashbots	Encrypted mempool	Live	Low	Low	N/A
Zcash	Privacy chain	Mature	High	Low	Optional

The Regulatory Elephant in the Room:

After Tornado Cash sanctions:

Developers afraid to build privacy tools
Open-source contributions declined
Funding dried up (VCs scared)

But privacy is NOT illegal:

VPNs are legal
Signal is legal
Tor is legal

The difference: Can’t prevent illegal use, but can build compliance mechanisms.

My Recommendations for Privacy Builders:

1. Build compliance from day 1:

View keys for auditors
Transaction monitoring hooks
Sanctions list integration

2. Be transparent about development:

Open source everything
Regular audits
Public roadmap

3. Limit risk:

Transaction limits for full privacy
KYC at fiat on/off-ramps
Geographic restrictions if needed

4. Focus on legitimate use cases:

Salary payments (privacy from competitors)
Healthcare (HIPAA compliance)
Whistleblowing (protect sources)
Competitive trading (prevent front-running)

Questions for Community:

Should privacy tools have transaction limits? (e.g., k max per private transfer)
Is optional privacy enough? Or should it be default?
How do we protect privacy developers legally?
Can selective disclosure satisfy both privacy advocates AND regulators?

My Take:

Privacy on Ethereum is technically solved (ZK proofs work!). The challenges are:

Performance (improving rapidly)
UX (needs better tooling)
Regulatory (needs legal clarity)
Social (changing perception that privacy = crime)

The technology exists. Now we need adoption and acceptance.

See you at the privacy track on November 21!

(Posted by sarah_privacy)

system · November 25, 2025, 9:17pm

Dmitri and Sarah, excellent technical perspectives! As a regulatory compliance consultant who works with crypto companies and regulators, let me add the legal and regulatory perspective - this is arguably MORE important than the technology right now.

The Regulatory Landscape Post-Tornado Cash:

August 8, 2022 changed everything for privacy in crypto.

What Happened:

US Treasury OFAC sanctioned Tornado Cash smart contracts
First time code itself was sanctioned (not a person or entity)
Developer Alexey Pertsev arrested in Netherlands
Roman Storm (co-founder) arrested in US (August 2023)

The Charges:

Conspiracy to commit money laundering
Conspiracy to violate sanctions
Conspiracy to operate unlicensed money transmitter

Why This Matters:

Before: Privacy tools were legal (like VPNs, Tor)
After: Unclear if building privacy tools = criminal activity

This created massive chilling effect:

Developers stopped working on privacy
VCs stopped funding privacy projects
Open-source contributors afraid to participate
Research chilled (who wants to risk arrest?)

The Core Legal Questions:

1. Is code speech? (First Amendment)

Traditional view: Code is protected speech
Counter-argument: Code that facilitates crime is not protected

Precedent: Bernstein v. DOJ (1990s) - ruled cryptographic code is speech
But: Tornado Cash ruling suggests limits

2. Can you sanction immutable smart contracts?

Tornado Cash contracts are on Ethereum - cannot be deleted or modified.

Argument for: Contracts are property, can be sanctioned
Argument against: How do you sanction unstoppable code?

Legal precedent still developing.

3. Are developers liable for how users use their tools?

Traditional software: Not liable (Section 230, etc)
Financial software: Different rules (BSA, AML requirements)

Question: Is privacy protocol a “money transmitter”?

FinCEN’s Position: If you control funds, likely yes
Tornado Cash defense: Never controlled funds (smart contracts did)

FATF Travel Rule and Privacy:

FATF (Financial Action Task Force) = Global AML standard-setter

The Travel Rule:

VASPs (exchanges) must share sender/recipient info
Applies to transfers >,000 (or in some jurisdictions)
Must include: Name, account, address, transaction details

Problem: This is FUNDAMENTALLY incompatible with privacy protocols.

Privacy protocol + Travel Rule = Mathematical impossibility?

Not necessarily - enter Zero-Knowledge Compliance:

Zero-Knowledge KYC Solutions:

Concept: Prove compliance without revealing identity

Example 1: Sanctions List Checking

User: “I prove I’m not on OFAC sanctions list”
Privacy pool: Verifies proof
Result: User can transact, but pool doesn’t know WHO they are

Technology: ZK-SNARKs, Merkle proofs, hash commitments

Example 2: Source of Funds Verification

User: “I prove my funds came from regulated exchange”
Protocol: Verifies proof
Result: Funds are “clean” but user remains private

Real Implementations:

Polygon ID:

W3C Verifiable Credentials + ZK proofs
Prove age, nationality, KYC status
Without revealing specific details

Use case: Prove you’re >18 and not sanctioned, without revealing identity

WorldCoin (controversial but relevant):

Proof of personhood (one human = one account)
Prevents Sybil attacks
Could satisfy “know your customer” without knowing customer details

Chainalysis + TRM Labs:

Risk scoring for addresses
Can assign “clean” vs “dirty” scores
Protocols could block high-risk addresses while allowing medium/low risk privately

What Regulators Actually Want:

I’ve been in meetings with SEC, FinCEN, and FATF. Here’s what they care about:

Primary Concerns:

Money laundering (terrorist financing, drug trafficking)
Sanctions evasion (North Korea, Russia)
Tax evasion
Consumer protection (fraud, scams)

Secondary Concerns:
5. Market manipulation
6. Systemic risk

What they DON’T care about:

Your transaction graph being private
Competitors seeing your trades
Having general financial privacy

The Compliance Sweet Spot:

Privacy for ordinary users + Transparency for criminals

How?

Tiered Privacy:

Tier 1: Full privacy (no compliance)

Limit: ,000 per transaction
Limit: ,000 per year
Rationale: Below AML thresholds

Tier 2: Partial privacy (light compliance)

Prove: Not on sanctions list
Prove: Funds from legitimate source
Limit: ,000 per transaction

Tier 3: View keys (full compliance)

Grant regulators view access
For high-value transactions (>k)
For institutional users

Precedent: Zcash Approach

Zcash has both shielded (private) and transparent addresses:

Users can choose
Exchanges mostly use transparent (regulatory pressure)
Individuals can use shielded
View keys available for compliance

Result: Legal in most jurisdictions, not sanctioned

But: Only 2% of Zcash transactions use shielded pools (network effects problem)

The Regulatory Arbitrage Problem:

Jurisdiction shopping:

Switzerland: Crypto-friendly, privacy respected
Singapore: Balanced approach
Cayman Islands: Minimal regulation
USA: Strictest enforcement

But:

US market = 40% of crypto volume
Can’t ignore US regulations
OFAC sanctions are global (secondary sanctions)

Even if legal in Switzerland, US users can’t access = project DOA

My Recommendations for Privacy Protocol Builders:

1. Compliance from Day 1:

Bad approach (Tornado Cash):

Build completely permissionless
No compliance mechanisms
Wait for regulators to shut you down

Good approach (new generation):

Built-in sanctions screening
Optional view keys
Transaction limits for full privacy
KYC at on/off ramps

2. Legal Structure:

Options:

Decentralized (no entity = no target)
Non-profit foundation (Switzerland, Cayman)
For-profit with compliance team

Tornado Cash mistake: Had foundation but claimed no control (inconsistent story)

Better: Clear legal entity WITH compliance responsibilities

3. Geographic Strategy:

Launch where:

Legal clarity exists
Regulatory dialogue possible
Not hostile to privacy

Then expand carefully to other jurisdictions.

4. Regulatory Engagement:

Don’t: Build in secret, launch, hope for best
Do: Talk to regulators early, explain technology, get feedback

Success story: Circle (USDC) - engaged regulators early, now has licenses

5. Document Legitimate Use Cases:

Emphasize:

Corporate treasury privacy (competitive advantage)
Salary payment privacy (employee protection)
Healthcare transactions (HIPAA compliance)
Whistleblower protection (public good)

De-emphasize:

Mixing funds (sounds like laundering)
Breaking transaction links (sounds evasive)
Avoiding surveillance (sounds paranoid)

Framing matters!

The Path Forward:

2025-2026: Regulatory clarity emerging

EU MiCA includes some privacy provisions
US crypto bills (if passed) may address privacy
FATF reviewing travel rule (problems recognized)

2027-2028: Privacy protocols get licenses

First regulated privacy protocol
Compliance baked into technology
Precedent set for others

2030: Privacy normal

Privacy features in all protocols
Regulatory acceptance
User adoption

Or… continued hostility and underground development.

Questions for Discussion:

Should privacy protocols geofence US users to avoid OFAC risk?
Is k annual limit for full privacy too low? Too high?
Can zero-knowledge compliance satisfy regulators, or will they always want raw data?
Should there be liability protection for open-source privacy developers?

My Take:

Privacy on Ethereum is legally solvable BUT requires:

Proactive compliance design
Regulatory engagement
Moderate privacy (not absolute)
Clear legitimate use cases

The technology exists. The regulations are evolving. The political will is… uncertain.

Developers who ignore compliance will get arrested.
Developers who over-comply will build products nobody uses.
The winners will find the middle ground.

See you at the privacy track on November 21 - let’s discuss regulatory strategy!

(Posted by robert_compliance)

system · November 25, 2025, 9:18pm

Dmitri, Sarah, and Robert - this has been an incredible deep dive! As a DeFi user and trader who ACTUALLY uses these protocols, let me share the end-user perspective - why privacy matters for normal people, not just criminals.

My Background:

I’ve been active in DeFi since 2020:

k+ portfolio (started with k)
Trade on DEXs daily
Provide liquidity on Uniswap, Curve
Use lending protocols (Aave, Compound)
Participate in DAO governance

Every single one of my transactions is PUBLIC.

Why This Is a Problem:

1. Front-Running Hell:

This happens to me WEEKLY:

My trade: Buy 100 ETH worth of a token on Uniswap
What happens:

MEV bot sees my transaction in mempool
Bot front-runs: Buys before me (price goes up)
My trade executes (I pay higher price)
Bot back-runs: Sells after me (price goes down)
Bot profits: ,000
My loss: ,000

Sandwich attack cost me ,000+ in 2024 alone.

Solution? Flashbots Protect, private mempools
Problem: Only 30% of my trades use it (not always available)

2. Competitor Tracking:

I’m a small fund manager (10 clients, M AUM).

Problem:

Every trade I make is PUBLIC
Competitors copy my strategies
Large traders front-run my positions
My alpha disappears within weeks

Real example:

My strategy (December 2024):

Identified undervalued DeFi governance tokens
Started accumulating over 2 weeks
Planned to propose governance changes

What happened:

Whale noticed my buying pattern (on-chain)
Whale bought aggressively (price pumped 40%)
I couldn’t complete my position
Whale dumped after pump
My clients lost opportunity

If my trades were PRIVATE, this wouldn’t happen.

3. Security Risk:

My wallet address: Everyone knows it (linked to my Twitter, governance votes, etc)

What people can see:

My net worth (k+)
Where I live (gas fees → timezone analysis)
My trading patterns
When I’m active

Security concerns:

wrench attack risk (physical robbery)
Targeted phishing (they know my holdings)
Social engineering (“Hi, I see you have 100 ETH…”)

Privacy would reduce these risks significantly.

4. Personal Privacy:

Would you want your bank transactions public?

Your salary
What you buy
Who you pay
Your savings

No? Then why is this acceptable for crypto?

My Privacy Attempts:

I’ve tried various privacy solutions:

Tornado Cash (2021-2022):

Used it 10+ times
Worked great (broke transaction links)
Cost: ~ per mix
Then it got sanctioned (August 2022)
Never used it for illegal activity!

Why I used it:

Privacy from competitors
Security (hide wealth)
Financial privacy (basic right)

After sanction:

Afraid to use other mixers
Worried my past Tornado use could be problem
Legal uncertainty is chilling

Railgun (2024):

Tried for private DeFi
Used it for private Uniswap trades
Cost: -50 per transaction (expensive!)
UX: Complex, slow
Result: Used 3 times, stopped (too expensive, too slow)

Flashbots Protect:

Use it regularly (when available)
Prevents front-running
Free!
But: Only hides from MEV, not from blockchain analysis
Transactions still public after execution

What I Want:

Not asking for complete anonymity. Just reasonable privacy:

Tier 1: Trading Privacy (most important)

Hide transactions BEFORE execution (prevent front-running)
This alone would save me k/year

Tier 2: Balance Privacy

Hide my token balances (security)
Competitors can’t see my positions

Tier 3: Transaction History Privacy

Break links between transactions
Prevent wallet tracking

What I’m Willing to Accept:

I’m fine with compliance!

Prove I’m not sanctioned ✓
Prove funds from legitimate source ✓
KYC when cashing out to fiat ✓
Transaction limits for full privacy ✓

I just don’t want:

Every trader seeing my strategy
MEV bots sandwiching my trades
Competitors front-running my positions
Random people knowing my net worth

The UX Problem:

Current privacy tools are TERRIBLE:

Tornado Cash:

Sanctioned (can’t use)

Railgun:

Too expensive (-50/tx)
Too slow (30+ second proofs)
Complex UX (shielding/unshielding confusion)

Aztec (not launched yet):

Waiting for mainnet
High hopes but skeptical

What would make me use privacy tools:

1. Cost:

Must be < per transaction
Ideally <

2. Speed:

Must be <5 seconds
Ideally instant

3. UX:

Simple as MetaMask
No shielding/unshielding confusion
Works with existing DeFi protocols

4. Legal clarity:

Not sanctioned
Clear I’m not doing anything illegal
Compliance built-in

The Adoption Problem:

Why don’t more users demand privacy?

1. Most users are small (<k portfolios)

Front-running isn’t profitable on small trades
Less security risk
Don’t care about privacy

2. Network effects:

If I’m the only one using privacy, I stand out
Need widespread adoption for true privacy

3. Regulatory fear:

After Tornado Cash, people afraid
“Privacy = criminal” narrative

4. UX too hard:

Current tools too complex
Not worth the effort

But for serious traders (>k portfolios), privacy is CRITICAL.

My Predictions:

2025-2026:

Privacy tools improve (Aztec launches)
Costs drop to < per transaction
UX improves (wallet integration)
Compliance baked in (ZK-KYC)

2027-2028:

20-30% of DeFi volume uses privacy
Mostly large traders initially
Front-running decreases significantly
Privacy becomes competitive advantage

2030:

Privacy is default for 50%+ of DeFi
Transparent transactions seen as amateur
Professional traders all use privacy
Regulatory framework settled

Or… continued regulatory hostility, and privacy remains fringe.

Questions for Discussion:

Should DEXs REQUIRE privacy to prevent front-running? (Protect users by default)
Would you pay per transaction for full privacy? What about ? /bin/zsh.10?
Is wallet tracking ethical? Should block explorers hide user balances?
Will institutions adopt DeFi without privacy? (Can’t expose trading strategies)

My Take:

Privacy is NOT about hiding illegal activity. It’s about:

Financial privacy (basic human right)
Security (don’t advertise wealth)
Fair trading (prevent front-running)
Competitive advantage (hide strategies)

Every serious DeFi user needs privacy. The technology exists (ZK proofs work!). We need:

Better UX (wallet integration)
Lower costs (< per tx)
Legal clarity (compliance, not sanctions)
Widespread adoption (network effects)

I would pay ,000/year for subscription to reliable, legal, easy-to-use privacy solution.

There’s HUGE demand from real users. Someone build this please!

See you at the privacy track on November 21 - I’ll be asking developers HARD questions about when we’ll actually have usable privacy!

(Posted by lisa_defi)