Privacy as UX Design

Privacy tools fail because of UX, not cryptography. The underlying ZK and FHE primitives work — but half of Umbra users de-anonymized themselves via address reuse. EthCC[9]‘s privacy track reframed the problem: privacy is a design challenge and an economic opportunity, not a technology gap. (→ EthCC[9] — Conference Overview)

The Design Reframe (Andrii Bondar / zkSync)

Five principles for privacy that users actually adopt:

1. Make privacy invisible — not a toggle, not a mode switch. Default-on or built into the flow.
2. Privacy should feel better — faster, cheaper, or simpler than the public alternative.
3. Appeal to emotion, not understanding — users don’t need to understand ZK; they need to feel safe.
4. Language matters — avoid cryptographic terms. “Private” beats “zero-knowledge.”
5. Let users verify mathematically — proofs replace institutional trust, but only when the UX of verification is frictionless.

Apple model: privacy as aspiration, not paranoia. HTTPS became default via social pressure + browser defaults, not legislation. Private transactions should follow the same path.

Zcash Atlas (cited by Bondar): sub-second finality, proving on phones — the UX milestone that makes privacy feel competitive, not burdensome.

Privacy as Economic Sovereignty (Liz Steininger / Least Authority)

• Surveillance capitalism is imploding: GDPR backlash, mental health lawsuits against platforms, rising regulatory cost.
• New model: “unlikability” — no single party can connect identity + payments + activity.
• Example: Double Blind Armadillo for Freely partitions telecom data so even Freely can’t profile users — reducing liability, cutting customer acquisition cost.
• Profit motive: privacy-respecting design reduces regulatory risk and earns trust premium.

ZK Whistleblowing (Dana Condrea / zkWhistleblower)

Whistleblowers face an impossible choice: anonymous = ignored, credible = retaliated against.

ZK + DKIM email signatures solve it:

• Prove organizational access (specific email domain, internal system) without revealing identity.
• DKIM signature extracted from email headers, wrapped in ZK proof — proves the email came from inside the org.
• Immutability via IPFS — the disclosure cannot be deleted.
• Group attestation: multiple anonymous insiders can corroborate without linking their identities.

This is a killer app for ZK: anonymous credibility without exposure. Applicable beyond whistleblowing to any credentialed claim (e.g., “I’m a licensed doctor recommending X” without revealing identity).

Current limit: works where organizational access has cryptographic proof (DKIM, digital signatures). Doesn’t extend to undocumented abuse.

Confidential Multisigs via FHE (Ernesto García / OpenZeppelin)

FHE (Fully Homomorphic Encryption) enables multisig where:

• Signers submit encrypted approvals.
• Threshold computation happens on ciphertext — no signer sees others’ votes until threshold is reached.
• Result: multisig with hidden signer identities and hidden vote counts.

Reality check: computationally heavy. Requires asynchronous decryption steps that break ERC-4337 account abstraction flow. EIP-7579 (modular smart accounts) is the compatibility path. Still not production-ready at scale.

Sovereign Agents & Surveillance Risk (Pol Lanski / Dappnode)

Cloud-based AI agents = surveillance capitalism at machine speed. AI pulls data across all user activity simultaneously.

The local-first stack (Dappnode Nexus):

• Local LLM inference in confidential compute (TEE) — model runs on device, data never leaves.
• On-chain discovery via ERC-8004 — no central registry can profile which services an agent queries.
• Micropayments via x402 — transacts without exposing transaction graph to any single observer.

“Not your weights, not your brain; not your data, not your agent.” See also: On-Chain Agents.

Oracle Design & Economic Truth (Brenda Loya / Tellor)

Who controls price feeds controls DeFi outcomes. Two failure modes from 2025–2026:

• Binance Aave depeg: thin-liquidity DEX oracle used for a highly liquid asset → artificial price.
• Elixir liquidation cascade: aggregated price influenced by a $21K flash trade.
• Hyperliquid Jelly attack: Hyperliquid overrode its own oracle to prevent a market manipulation attack — revealing the oracle was never truly decentralized.

No one-size-fits-all oracle. Trade-off: decentralized = slower = stale data risk; centralized = fast = manipulation risk. MakerDAO’s 1-hour delay fallback as one model for high-stakes markets.

Privacy Failure Modes (Belma Gutlic)

Normal apps fail if transaction reverts. Privacy apps fail if user accidentally de-anonymizes.

Common privacy de-anonymization paths:

• Address reuse (Umbra: 50% of users did this).
• Dust attacks linking pseudonymous addresses.
• Metadata leakage (timing, amount patterns, gas payment address).

Design requirements:

• Default-safe onboarding — the happy path must be private by default.
• Privacy reviews (not just security reviews) at every product update.
• Continuous monitoring of privacy assumptions (liquidity depth, oracle validity, exchange delisting risk).

Unconditional Privacy as a Distinct Stance (Phil Daian / Flashbots — NoConsensus.wtf 2025)

The existing privacy track (above) focuses on UX and adoption. Phil Daian argues for a more radical framing: privacy must be unconditional (information-theoretic, no assumptions) to be meaningful in a world with state-level adversaries. See Anonymous Broadcast for the full technical argument.

Why Signal and Tor are insufficient for crypto:

• Signal: all metadata (who, when, frequency, group membership) is visible to the centralized Signal Foundation, which is US-regulated.
• Tor: volunteer pool is fragile (legally risky to run); global passive adversaries can deanonymize via traffic analysis.
• “We kill people based off metadata alone” — General Michael Hayden, NSA.

The crypto opportunity: in blockchain systems, information leakage has direct financial value (MEV, arbitrage). The demand for privacy is quantifiable and financially motivated — not niche. This makes crypto an ideal context for funding and deploying serious privacy infrastructure.

DC-nets as the gold standard: Dining Cryptographers networks achieve information-theoretic anonymity with no cryptographic assumptions. Flashbots is building toward this (ZipNet, ADCNets — see Anonymous Broadcast).

“Ethereum go dark”: Phil Daian’s argument that inclusion lists and consensus patches are patches, not solutions. The P2P layer, mempool, and validator communication must all be made private before state-actor censorship becomes a practical threat. See Censorship Resistance in Consensus Protocols.

Methodological stance: start from unconditional privacy (no assumptions), relax only when forced, and justify each relaxation with evidence. This is the opposite of “let’s find the most practical thing and call it private.”

This represents a harder position than the EthCC[9] privacy track’s UX-focused framing — both are legitimate but targeting different threat models and adoption timelines.

ECC2 (Buenos Aires 2025): Privacy Technology Advances

Kohaku Wallet — The “Last Mile” UX Solution (Vitalik Buterin, ECC2)

Kohaku is an SDK (not a consumer product) for aggregating privacy across protocols — designed to give existing wallets privacy-by-default without requiring users to understand the underlying mechanisms.

Architecture:

• Privacy account: Aggregates shielded balances across Privacy Pools, Rail Gun, and other protocols under one interface
• Fresh address per dapp: Every dapp interaction uses a derived fresh address; no address reuse across applications
• Client-side proving: ZK proofs generated locally (<1 second on laptop, 2 seconds on phone) — faster than air-gapped Tornado Cash was
• EIP-7702 integration: Bundled approval + deposit in a single transaction
• Oblivious RPC: TEE + ORA/MPC hybrid prevents RPC queries from leaking wallet identity
• Social recovery options: ZK email, ZK passport, anon Aadhar, ZKGWT (Google Workspace Token) — multiple recovery paths without centralized custody
• Risk-based access control: More signatures required for larger transactions
• Version-controlled UI: On-chain update mechanism prevents compromised frontend attacks (→ Smart Contract Security (2026 State))

The “last mile” framing: Privacy technology has crossed the threshold. The bottleneck is now UX — and Kohaku addresses it by making privacy the invisible default rather than an opt-in feature.

Rail Gun — Public Address Parity (Alan Scott, ECC2)

Rail Gun has achieved feature parity with public addresses for private DeFi — the key milestone that enables institutional-grade private finance.

Key capabilities:

• FROST multisig: Threshold signatures via DKG over Waku (gossip-based coordination) — no centralized coordinator
• Hardware wallet support: Keys are separate from SNARK proof generation (unique to Rail Gun); hardware wallet holds keys, separate proving device generates proofs
• DeFi composability: Automated integration via transaction simulation, not per-protocol code integration. Recipe builder SDK enables any DeFi protocol to be used from a shielded address.
• Internal transfers: Shielded-pool-to-shielded-pool transfers with no on-chain withdrawal

Cost progression: $250 per transaction (2021) → $0.16 (2025) — 3-order-of-magnitude reduction via circuit optimization and ERC-1155 batching.

Why simulation worked where code integration failed: Manual protocol-by-protocol integration required constant maintenance as protocols upgraded. Transaction simulation (replay the transaction, observe state changes) works generically without protocol-specific code.

Fhenix: FHE for Blockchain is Now Practical (Guy Zyskind, ECC2)

FHE (Fully Homomorphic Encryption) has crossed the performance threshold for blockchain use:

• Threshold FHE decryption: Prior bottleneck was “noise flooding” in multi-party decryption. New MPC-based approach eliminates noise flooding entirely.
• Performance: 10ms latency, 10,000 decryptions/second — Visa-scale throughput
• Architecture: FHE co-processor for any EVM chain; encrypted state declared at the smart contract level
• Use cases: Encrypted ERC-20s (balances hidden from all parties except owner), private governance (votes hidden until threshold), private AMMs (order books hidden until execution)

Guy Zyskind (MIT MPC PhD) changed his position from preferring TEEs/MPC to FHE specifically due to this breakthrough. Paper won Best Paper Award at CCS 2024. See ZK Proving Infrastructure for complementary ZK approaches.

Identity Without Templates (Lasha Antadze / Rarimo, ECC2)

Current ZK identity systems (ZK passports, biometric verification) have a fundamental flaw: they require storing a biometric template (the reference measurement against which future scans are compared). This template:

• Must be stored somewhere (GDPR violation regardless of ZK/encryption wrapping)
• Requires a heavy neural network to use (800MB models, not feasible on-device)
• Creates a centralized point of failure

Fuzzy extractors (Rarimo): derive cryptographic keys directly from biometric measurements without storing a template. The key is generated on-demand from the biometric input; it never exists separately. Properties:

• No template stored anywhere
• Keys on-demand only (don’t exist until authentication)
• Supports Bitcoin and Ethereum key derivation simultaneously
• Brainwallet-equivalent security without memorization burden

If this works as described, it eliminates the GDPR problem and makes truly decentralized biometric identity possible.

Composable Privacy in DeFi (Status / Aztec / Rail Gun panel, ECC2)

Privacy pools isolate capital — you can’t earn yield while in a shielded pool. The solutions emerging:

• Status gasless L2: Reputation-based transaction fees (no gas token required → no fee token linkage to identity); enables DeFi from a private account without fee payment deanonymization
• Aztec private state machines: Private smart contracts that can call each other and bridge in/out of public state — enables private yield farming, private lending, private governance
• Rail Gun recipe builder: Compound DeFi interactions (swap → LP → stake) while remaining in a shielded pool

The TVL insight: Larger anonymity sets provide stronger privacy guarantees. Making DeFi composable within shielded pools drives TVL → larger sets → better privacy → more users. The composability problem and the adoption problem are the same problem.

Connections

• On-Chain Agents — Sovereign local agents as the privacy-preserving UX layer
• ZK Proving Infrastructure — ZK enables credibility without identity; FHE enables private computation
• Stablecoins & RWA Convergence — Institutional privacy (separate viewing/spending keys) for compliant RWA access
• Smart Contract Security (2026 State) — Privacy bugs are a class of security failure
• Anonymous Broadcast — Unconditional privacy (DC-nets) as the technical north star
• Censorship Resistance in Consensus Protocols — Full-stack privacy as a prerequisite for censorship resistance against state actors

Open Questions

• Can privacy UX reach “invisible” default status without regulatory pressure (HTTPS model)?
• Does FHE achieve acceptable performance for mainnet confidential multisigs within 2–3 years?
• Will ZK whistleblowing be used for high-stakes disclosures, or remain a niche tool?
• How do you design sovereign agents that remain private even when their outputs are observable on-chain?
• Is the UX-focused framing (EthCC[9]) and the unconditional privacy framing (NoConsensus.wtf) complementary or in tension? Can the same stack serve both consumer UX and adversarial state-level threat models?