The HTTPS Moment for Ethereum Privacy

3. Privacy-Aware Mechanisms for Public Goods Funding

Guests: Camila Rioja (Plexos), Thomas Humphreys (EF), Tanisha Katara, Beth McCarthy, José Ignacio Trajtenberg

This roundtable discussion focuses on how to balance transparency and privacy in public goods funding.

The panelists began by sharing real-world application examples, such as Xcapit's aid distribution project in partnership with UNICEF, and Brazil's attempt to manage community currency using blockchain technology. In these scenarios involving humanitarian aid and vulnerable groups, privacy is not only about data protection but also a critical factor concerning the safety of recipients. The core tension in the discussion lay in the trade-off between "transparency" and "privacy." Transparency is necessary for the outcome of fund allocation to ensure that funds flow to the right places and have an impact; however, at the participation level, especially in voting and identity verification, privacy is paramount. If voting is completely public, it creates bribery markets and social pressure, leading to distorted governance outcomes. By introducing zero-knowledge proof (ZK) primitives, voting eligibility and results can be verified without revealing specific ballots, thereby achieving anti-collusion governance. The panelists also explored how technological tools can adapt to the needs of different jurisdictions. For example, collecting certain data may be legal in some countries, but in others (such as Germany), the same data collection may violate GDPR. Therefore, building global public goods financing tools should not attempt to meet all compliance requirements, but rather build flexible, privacy-first infrastructure that allows local communities to adapt to their own needs. Finally, the discussion looked ahead to future technological directions, including privacy-preserving prediction markets and self-sustaining public goods financing mechanisms. The panelists agreed that technology should not only address efficiency issues but also return to a "human-centered" design philosophy. Through ZK identity verification and privacy voting tools, user data can be protected while preventing Sybil attacks, thereby establishing a fairer and safer community governance system. 4. Who Pays for Privacy? The Real Cost of Building Aligned Apps Speaker: Lefteris Karapetsas (Rotki) Lefteris opened with a sharp revelation about the current state of the industry: "If the product is free, then you are the product." He pointed out that current internet applications generally exchange free services for data taxes, resulting in the collection and sale of user data. To break this pattern, he proposed the concept of "Aligned Apps," which are software that truly serves the user's interests, respects data sovereignty, prioritizes local access, and is untraceable. However, building such applications faces enormous engineering challenges and cost pressures. Using his own Rotki (a native-first portfolio tracking tool) as an example, he detailed the hidden costs of developing privacy applications. Unlike SaaS products, native applications cannot easily undergo A/B testing or collect error logs. Developers must package binaries for multiple operating systems, handle native database migrations, and pay expensive code signing certificates. This means lower development efficiency and an inability to monetize user data, making business models more difficult. Lefteris strongly advises developers not to rely on donations or grants for survival, as this is a dead end. He argues that privacy applications must have a clear business model, charging users directly. This is not only to sustain development but also to educate users that privacy has explicit costs. Through Freemium models, enterprise support, or specific paid features (such as advanced data analytics), developers can obtain predictable recurring revenue. In closing, he called for a new contractual relationship between users and developers. Users should realize that paying is not just for current software features, but also for supporting a future free from surveillance and malicious intent. He encouraged developers to price confidently, not to undervalue their work, and to maintain financial transparency to earn the community's trust. Building "consistent applications" is itself a form of punk, a rebellion against the monopolies and data surveillance of cloud computing giants.

5. Ethereum Privacy Ecosystem mapping

Guests: Mykola Siusko, Antonio Seveso, cyp, Alavi, Kassandra.eth

This panel attempts to clarify the complex and fragmented Ethereum privacy ecosystem. The guests unanimously agreed that the core of the ecosystem is not just listing all privacy protocols, but understanding the relationships between them. The current privacy ecosystem is mainly divided into several vertical areas: on-chain privacy (such as anonymous addresses, privacy pools), network layer privacy (such as hybrid networks), and the most crucial connection layer—user experience (UX).

UX is seen as the bridge connecting these disparate technological components, determining whether privacy technologies can truly be adopted by the masses. The discussion touched upon the delicate relationship between "compliance" and "privacy." The speakers reflected on the limitations of building privacy tools solely for regulatory defense. They argued that privacy should not be defined merely as a defensive technology (preventing surveillance), but rather as a collaborative community effort, a tool that unlocks new capabilities for users and the community. Overemphasizing the "defense" narrative may limit the product's potential. Regarding regulation and compliance, the speakers expressed strong opinions: building a global product that fully complies with the compliance requirements of all jurisdictions is unrealistic, even naive. Rather than attempting to embed compliance at the protocol level (which often means leaving backdoors), it's better to build a universal privacy infrastructure and empower users with the right to selectively disclose information at the application level (such as View Keys). This protects users from comprehensive surveillance while retaining the ability to demonstrate compliance when necessary. Finally, the guests emphasized the importance of breaking down the technological "echo chamber" and called for closer ties with privacy organizations outside the crypto space (such as Tor, EFF, and Signal). The future ecosystem map should not just be a collection of technology stacks, but should include legal aid, hackathons, education, and advocacy organizations. Normalizing, socializing, and even making privacy fun is key to the next stage of ecosystem development. 6. Ethereum Institutional Privacy Now Guests: Oskar Thorin, Zach Obront, Amzah Moelah, Eugenio Reggianini, Francois Oskar Thorin first introduced EF's Institutional Privacy Task Force (IPTF) and its mission: to help traditional financial institutions migrate to Ethereum while meeting their privacy needs. The current trend is that institutions are no longer refusing to go on-chain due to regulation, but rather due to a lack of privacy. Even if only 1% of traditional financial funds enter Ethereum, the impact on the privacy ecosystem would be enormous. In the panel discussion, guests from ABN Amro and Etherealize shared the real pain points of institutions. Institutions don't necessarily want to avoid using the global liquidity of public blockchains, but they cannot accept that their trading strategies, holdings, or customer data are completely public on-chain. Unlike retail investors, institutions need not only privacy, but also "control": clear who can see what data, when, and how. This control needs to be granular down to specific business flows, such as bond issuance, lending settlements, or secondary market trading, each scenario having different transparency requirements. Francois, a representative from Polygon Miden, explained how they address this issue through a hybrid account model (Account + UTXO): users can maintain their private state locally, only proving the validity of transactions to the public network when necessary. The discussion also touched upon the application of zero-knowledge proofs (ZK) in compliance reporting, namely, using ZK technology to demonstrate an institution's solvency or compliance to regulators without revealing underlying data. The panelists unanimously agreed that the future direction is not to build isolated private blockchains, but rather to construct a privacy layer on the Ethereum public blockchain. By decoupling identity verification (KYC/KYB), policy enforcement, and compliance reporting, institutions can enjoy Ethereum's security and liquidity while maintaining their business secrets. The maturity of this architecture will be a key turning point for large-scale institutional adoption of Ethereum around 2026. 7. Privacy Without Terrorists Speaker: Ameen Suleimani (0xbow) Ameen's presentation began with a parable about the pollution of a Patagonian lake, vividly illustrating Tornado Cash's dilemma: when a few ("terrorists"/hackers) pollute public resources (privacy pools), everyone (ordinary users) is punished. He reviewed Tornado Cash's history, pointing out that developers should not be held responsible for users' illegal activities, but also raised a sharp question: when ordinary users use the mixer, they are actually providing privacy cover for hackers. Therefore, the community has a responsibility to build a new system that protects the privacy of legitimate users without empowering criminals. This is the core concept of "Privacy Pools". Unlike Tornado Cash, Privacy Pools allows users to publicly "dissociate" themselves from illicit funds (such as funds from North Korean hackers) using zero-knowledge proofs. When withdrawing funds, users can prove their funds originate from a legitimate pool of deposits without disclosing the specific source. This satisfies regulatory anti-money laundering requirements while preserving user on-chain privacy. Ameen detailed 0xbow's management mechanism. The system introduces KYT (Know Your Transaction) checks, requiring deposits to be approved. If 0xbow discovers a deposit originating from an illegitimate source, it can remove it from the compliant pool, but cannot freeze user funds. He particularly emphasized the "Rage Quit" mechanism: even if a user's deposit is subsequently flagged as non-compliant, or 0xbow decides to cease operations, the smart contract still guarantees that users can retrieve their principal at any time. This achieves a "non-custodial but permissioned" privacy model. Finally, Ameen previewed the roadmap for Privacy Pools V2, planned for release at EthCC (Paris). V2 will support Shielded Transfers, allowing peer-to-peer payments within the pool, eliminating the need to withdraw funds to a new address as required in V1. V2 essentially trades some fungibility for recoverability, aiming to build a privacy infrastructure for "good guys" and prevent developers from going to jail for writing code. 8. Is censorship resilience truly necessary? Speaker: Mashbean (Matters.lab) Mashbean raised a disturbing question: If censorship resistance is so important, why are products built around it so difficult to survive? Drawing on five years of experience operating Matters.news (a decentralized content publishing platform), he revealed the misalignment between "market demand" and "survival needs." While marginalized groups (dissidents, journalists) have a strong moral need to resist censorship, this market is small and lacks purchasing power. Most ordinary users only care about content quality, not whether the platform is censorship-resistant. He delved into the "Honeypot Paradox": building censorship-resistant platforms naturally attracts the most sensitive content, thus concentrating risk. This not only attracts blocking by authoritarian governments but also massive attacks from spam and fraudulent content. Ironically, to combat spam, platforms have to introduce some form of moderation, creating tension with the original intention of censorship resistance. Furthermore, massive spam attacks have triggered automated anti-fraud systems in democratic countries, leading to wrongful platform shutdowns and forming a new type of "cross-border joint censorship." Faced with these dilemmas, Mashbean proposed some counterintuitive solutions. First, avoid building a single, large platform. Instead, build modular components (storage, identity, payment) that allow small communities to reuse this infrastructure, avoiding creating obvious targets for attacks. Second, developers must "eat their own dogfood," meaning they themselves must adopt strong OpSec (operational security) and privacy-preserving payment methods, as developers are themselves a high-risk group. The conclusion is that censorship-resistant technology should not be viewed as a typical commercial product, but rather as public infrastructure similar to "fire escape routes" or "seat belts." You don't ask how large the market size (TAM) of fire escape routes is, but they are lifesavers in a fire. Therefore, the financing model for such projects needs to change, blending public funds, charitable donations, and community ownership. The success metric is not revenue, but how many people can still have a voice and survive under pressure. 9. Guerilla Interoperability Speaker: Andreas Tsamados (Fileverse) Andreas's presentation was highly combative. He likened the current Web2 internet to a city filled with "hostile architecture," where giants control users through walled gardens, DRM, and data lock-in. To combat this "enshittification," he proposed the concept of "Guerilla Interoperability." This is a user-driven tactical resistance that uses technological means to forcibly achieve interoperability and reclaim data sovereignty without the permission of the dominant platform. He detailed the technological arsenal for achieving this goal, particularly ZK-TLS (Zero-Knowledge Transfer Layer Security). This technology allows users to generate cryptographic proofs of their interactions with Web2 websites (such as banks and social media), thus bringing Web2 data into the Web3 world in a permissionless manner. This means developers can build applications that depend on existing monopolistic platforms, exploit them, and even surpass them without waiting for the platforms' APIs to open. Andreas promotes a culture of "revolutionary optimism," rejecting fatalism about the current state of the internet. He showcased tools like ddocs.new and dsheets.new developed by Fileverse, decentralized alternatives to Google Workspace. They not only offer end-to-end encryption but also support inviting collaborators via ENS, with data stored on IPFS. The core recommendation of the presentation is: don't wait for tech giants to have a change of heart, but instead forcefully build alternatives using programmable accounts, decentralized storage, and ZK technology. This "digital right to repair" movement demands that developers leverage existing closed system infrastructure to provide users with better privacy and sovereign choices until tech giants are forced to accept this new normal. 10. Building infrastructural resilience Guests: Sebastian Burgel, ml_sudo, Pol Lanski, Kyle Den Hartog This panel focused on the physical and hardware layers. The guests pointed out that if our underlying hardware is untrustworthy, then upper-layer software privacy is like building on sand. Current chips (such as Intel SGX) often sacrifice security for performance and are vulnerable to side-channel attacks. ml_sudo introduced the Trustless TEE (Trusted Execution Environment) initiative, aiming to build fully open-source hardware chips, transparent and verifiable from design blueprints to manufacturing processes, to adapt to the increasingly fragmented geopolitical threat model. Pol Lanski (Dappnode) emphasized the importance of self-hosting. He believes that while the current user experience is not good enough, our goal should still be "everyone running their own node." This is not only for decentralization, but also a form of "voting with your feet"—civil disobedience. When laws (such as Chat Control) attempt to monitor all communications, running your own relay nodes and servers is the most effective way to prevent the law from being enforced. Sebastian (HOPR) proposed an interesting concept: "Nerds protect networks." While we hope that ordinary users can also participate, in reality, it is that a small group of geeks willing to tinker with hardware and run nodes that constitute the network's front line of defense. Therefore, the ecosystem should respect and empower this geek culture while also striving to lower the hardware barriers to allow more people to participate. The discussion ultimately returned to the question of "why." In this era of rampant AI forgery and ubiquitous connectivity, only through trustless hardware and infrastructure can we preserve "humanity" in the digital world—that is, the certainty that you are interacting with real people and that your data has not been stolen. This resilience of infrastructure is our last line of defense against digital totalitarianism. 11. Kohaku wallet on Ethereum Speaker: Nicolas Consigny (EF) Nicolas announced a new project led by the Ethereum Foundation—Kohaku. This is a collection of primitives focused on privacy and security, including an SDK and a reference implementation of a browser extension wallet (based on the Ambire fork). Kohaku's goal is not to become another competing wallet, but to raise the privacy benchmark of the entire ecosystem by providing high-quality open-source components, like a "buffet," for other wallet developers to use. Kohaku's core strength lies in its significantly simplified approach to privacy protocols. It integrates privacy protocols such as Railgun and Privacy Pools, allowing users to switch between them with a single click within the wallet interface and send assets directly to privacy pools without complex setup. Furthermore, Kohaku introduces a "one account per dApp" connection system to prevent users from accidentally associating the same address with multiple applications, thus reducing metadata leaks. In terms of hardware security, Kohaku has achieved several major breakthroughs. The team collaborated with ZKnox to enable direct signing of Railgun ZK transactions on the hardware wallet, meeting the needs of advanced users for "cold storage + privacy." They also showcased a universal hardware application layer, enabling the same privacy signature logic to run on Keystone, Keycard, and even low-cost DIY hardware. Nicolas's demonstration showcased EF's pragmatic approach to privacy: not aiming to change the world overnight, but rather building secure and easy-to-use SDKs (such as the OpenLV Connectivity Kit) to allow existing wallets to easily integrate Tor network support and privacy transaction functionality. Kohaku plans to launch its public testnet during EthCC next April, marking a new stage of standardization and modularization for Ethereum application-layer privacy.

---

12. Private Voting in DAOs

Guests: Joshua Davila, Lasha Antadze, Anthony Leuts, Jordi Pinyana, John Guilding

This discussion delves into the necessity of private voting in DAOs and real-world governance. Anthony (Aragon) bluntly points out that the lack of privacy leads to a false sense of governance: under the pressure of transparent voting, 99% of proposals receive 99% approval because no one wants to be a "disappointment" or suffer retaliation. Private voting is not only about protecting voters, but also about obtaining genuine public opinion and breaking this toxic "false consensus."

Representatives from Rarimo and Vocdoni share their experiences implementing private voting in high-risk environments, such as under oppressive regimes.

In these scenarios, participating in voting itself could lead to imprisonment, making identity privacy a matter of life and death. Technically, the current challenge lies in combining real-world identities (such as passports and biometrics) with on-chain privacy, preventing Sybil attacks (multiple votes from one person) while ensuring the untraceability of ballots. John (MACI) emphasized the importance of anti-collusion. Privacy voting is not just about anonymity; it must also ensure "unprovable who you voted for" to prevent bribery. If voters can generate proof of "I voted for A" for vote buyers, a bribery market will form. MACI (Minimum Anti-Collusion Infrastructure) is dedicated to solving this problem. He mentioned that the recent Gitcoin privacy round was a successful experiment, demonstrating that related technologies (such as quadratic voting combined with ZK identity) are nearing production readiness. The panelists unanimously agreed that 2026 will be a pivotal year for privacy voting protocols to mature and be integrated into mainstream DAO tools such as Snapshot and Tally. While the technology is largely ready, the biggest obstacle lies in perception: the crypto community is accustomed to "transparency equals justice," even viewing bribes as a normal DeFi mechanism. Changing this narrative and making people realize that privacy is the cornerstone of democracy is the next political task. 13. From Tornado Cash to future developers protection Panelists: Marina Markezic, Fatemeh Fannisadeh, Ayanfeoluwa Olajide, Joan Arús This was a panel filled with a sense of urgency and a call to action. Joan Arús shared the background of the Sentinel Alliance: an alliance of victims of spyware such as Pegasus. He recounted the experience of the Aragon and Vocdoni teams being monitored by governments using spyware for developing anti-censorship voting technology. This demonstrates that the threat has escalated from "prosecuting past crimes" to "preemptive surveillance," targeting the potential uses of open-source code. Lawyers analyzed the escalating legal risks in detail. Current anti-terrorism laws are extremely broad, and any attempt to "disrupt political or economic structures" can be defined as terrorism. This means that developers of decentralized finance or privacy tools could be unknowingly labeled as terrorists. Fatemeh warned that we cannot rely solely on bureaucratic procedures to seek justice; proactive defense mechanisms must be established. Marina (EUCI) offered a glimmer of hope. She shared the latest developments in the EU's GDPR revision process. Through lobbying, regulators are beginning to recognize the unique nature of blockchain and may recognize privacy-enhancing technologies in the amendments as a means to achieve GDPR compliance, rather than an obstacle. This proves that policy advocacy is effective. Finally, Panel issued a strong appeal: The crypto industry, with billions of dollars in capital, must stop using those funds merely for gatherings and instead invest them in legal defense funds and policy lobbying. If a legal framework to protect developers isn't established, and if we don't unite against the trend of criminalizing open-source development, then the next developer to go to jail could be any one of you. This isn't just a compliance issue; it's a battle for freedom.

14. Protocol-level privacy: Lessons from web2

Speaker: Polymutex (Walletbeat)

Polymutex provides a valuable reference framework for the popularization of Web3 privacy by reviewing the history of Web2's transition from HTTP to HTTPS. He points out that the early Internet was as privacy-less as the blockchain is today, for strikingly similar reasons: immature encryption technology, regulatory uncertainty (encryption was once considered a weapon), and high performance overhead (handshake delay).

14. Protocol-level privacy: Lessons from web2

Speaker: Polymutex (Walletbeat)

Polymutex provides a valuable reference framework for the popularization of Web3 privacy by reviewing the history of Web2's transition from HTTP to HTTPS. He points out that the early Internet was also devoid of privacy, much like the blockchain is today, for strikingly similar reasons: immature encryption technology, regulatory uncertainty (encryption was once considered a weapon), and high performance overhead (handshake delay).

14. Protocol-level privacy: Lessons from web2

15. Privacy on Ethereum now: key challenges

Speakers: Alan Scott, Max Hampshire

Alan and Max discuss the real pain points of building privacy protocols on the front lines in a relaxed conversation. The primary challenge is the **narrative issue**. Currently, using privacy tools (such as Railgun) is often directly associated with illegal activities. "Why are you hiding? Are you afraid of the police?" This stigma deters ordinary users. They emphasize that the narrative must shift from "hiding crime" to "protecting everyday financial security" (like not wanting everyone to see your Visa statement).

Friction in technology integration is another huge obstacle.

Alan mentioned that Railgun's SDK has hundreds of thousands of lines of code. For mainstream DeFi protocols like Aave, integrating such a behemoth is not only technically challenging but also highly risky. This is why DeFi protocols tend to have privacy layers adapt to them, rather than the other way around. Furthermore, existing wallets (such as implementations forked from Rabby) are often riddled with various analytics, which contradicts the goals of privacy protocols. Regarding network layer privacy, Max pointed out that it's a cat-and-mouse game. Deanonymization techniques (such as traffic analysis) and anonymization techniques (such as Mixnets) are constantly evolving. Relying solely on application-layer privacy is insufficient; if ISPs or RPC nodes can see your IP address and access patterns, on-chain privacy is significantly compromised. Therefore, network layer infrastructure like Nym needs to be tightly integrated with application-layer protocols. Finally, the two discussed how to expand the Anonymity Set. If privacy tools are only used by whales, their privacy effect is limited. The goal must be to allow ordinary users to use privacy features unnoticed (plug and play), even if it's just to prevent copy trading or protect alpha. Only when there are enough "good people" and ordinary transactions can a privacy network truly provide protection. 16. Ethereum Privacy Roadmap Speaker: Andy Guzman (PSE) Andy Guzman provided a macro-level summary and outlook for the day's activities. He proposed PSE's simplified classification model of the privacy technology stack: **Private Reads**, **Private Writes**, and **Private Porting**. He used the Law of the Minimum to point out that the strength of a privacy system depends on its weakest link. Even if we achieve perfect ZK privacy on-chain, but leak IPs at the RPC layer, the entire system is still a failure. Regarding roadmap predictions, Andy boldly predicts that by November 2026 (the next Devcon), the problem of private transfers on Ethereum will be completely solved. He points out that more than 35 teams are currently exploring about 13 different technical paths (from stealth addresses to privacy pools), and this rich ecosystem ensures that a winning solution will eventually emerge. Future solutions will have low cost (only twice as expensive as regular transfers), low latency, and a one-click experience. He also raised a potential point of contention: should privacy be retained at the application layer or pushed down to the core protocol layer (L1)? This could potentially trigger a "civil war" in the future. Writing privacy into L1 can bring better liquidity uniformity and default privacy, but it may also bring regulatory risks and protocol complexity. He called for open discussion within the community. Finally, regarding compliance, Andy presented a spectrum from "permissionless privacy (Cypherpunk)" to "practical privacy." He believes that while the pure cypherpunk spirit is worth pursuing, responsible solutions like Privacy Pools are needed for institutional and government adoption. Ethereum's future privacy should not be singular, but rather a diverse ecosystem accommodating different needs. PSE will continue to work to fill technological gaps and ensure Ethereum becomes a truly privacy-first network.