Privacy as UX Design

Privacy tools fail because of UX, not cryptography. The underlying ZK and FHE primitives work — but half of Umbra users de-anonymized themselves via address reuse. EthCC[9]‘s privacy track reframed the problem: privacy is a design challenge and an economic opportunity, not a technology gap. (→ EthCC[9] — Conference Overview)

The Design Reframe (Andrii Bondar / zkSync)

Five principles for privacy that users actually adopt:

1. Make privacy invisible — not a toggle, not a mode switch. Default-on or built into the flow.
2. Privacy should feel better — faster, cheaper, or simpler than the public alternative.
3. Appeal to emotion, not understanding — users don’t need to understand ZK; they need to feel safe.
4. Language matters — avoid cryptographic terms. “Private” beats “zero-knowledge.”
5. Let users verify mathematically — proofs replace institutional trust, but only when the UX of verification is frictionless.

Apple model: privacy as aspiration, not paranoia. HTTPS became default via social pressure + browser defaults, not legislation. Private transactions should follow the same path.

Zcash Atlas (cited by Bondar): sub-second finality, proving on phones — the UX milestone that makes privacy feel competitive, not burdensome.

Privacy as Economic Sovereignty (Liz Steininger / Least Authority)

• Surveillance capitalism is imploding: GDPR backlash, mental health lawsuits against platforms, rising regulatory cost.
• New model: “unlikability” — no single party can connect identity + payments + activity.
• Example: Double Blind Armadillo for Freely partitions telecom data so even Freely can’t profile users — reducing liability, cutting customer acquisition cost.
• Profit motive: privacy-respecting design reduces regulatory risk and earns trust premium.

ZK Whistleblowing (Dana Condrea / zkWhistleblower)

Whistleblowers face an impossible choice: anonymous = ignored, credible = retaliated against.

ZK + DKIM email signatures solve it:

• Prove organizational access (specific email domain, internal system) without revealing identity.
• DKIM signature extracted from email headers, wrapped in ZK proof — proves the email came from inside the org.
• Immutability via IPFS — the disclosure cannot be deleted.
• Group attestation: multiple anonymous insiders can corroborate without linking their identities.

This is a killer app for ZK: anonymous credibility without exposure. Applicable beyond whistleblowing to any credentialed claim (e.g., “I’m a licensed doctor recommending X” without revealing identity).

Current limit: works where organizational access has cryptographic proof (DKIM, digital signatures). Doesn’t extend to undocumented abuse.

Confidential Multisigs via FHE (Ernesto García / OpenZeppelin)

FHE (Fully Homomorphic Encryption) enables multisig where:

• Signers submit encrypted approvals.
• Threshold computation happens on ciphertext — no signer sees others’ votes until threshold is reached.
• Result: multisig with hidden signer identities and hidden vote counts.

Reality check: computationally heavy. Requires asynchronous decryption steps that break ERC-4337 account abstraction flow. EIP-7579 (modular smart accounts) is the compatibility path. Still not production-ready at scale.

Sovereign Agents & Surveillance Risk (Pol Lanski / Dappnode)

Cloud-based AI agents = surveillance capitalism at machine speed. AI pulls data across all user activity simultaneously.

The local-first stack (Dappnode Nexus):

• Local LLM inference in confidential compute (TEE) — model runs on device, data never leaves.
• On-chain discovery via ERC-8004 — no central registry can profile which services an agent queries.
• Micropayments via x402 — transacts without exposing transaction graph to any single observer.

“Not your weights, not your brain; not your data, not your agent.” See also: On-Chain Agents.

Oracle Design & Economic Truth (Brenda Loya / Tellor)

Who controls price feeds controls DeFi outcomes. Two failure modes from 2025–2026:

• Binance Aave depeg: thin-liquidity DEX oracle used for a highly liquid asset → artificial price.
• Elixir liquidation cascade: aggregated price influenced by a $21K flash trade.
• Hyperliquid Jelly attack: Hyperliquid overrode its own oracle to prevent a market manipulation attack — revealing the oracle was never truly decentralized.

No one-size-fits-all oracle. Trade-off: decentralized = slower = stale data risk; centralized = fast = manipulation risk. MakerDAO’s 1-hour delay fallback as one model for high-stakes markets.

Privacy Failure Modes (Belma Gutlic)

Normal apps fail if transaction reverts. Privacy apps fail if user accidentally de-anonymizes.

Common privacy de-anonymization paths:

• Address reuse (Umbra: 50% of users did this).
• Dust attacks linking pseudonymous addresses.
• Metadata leakage (timing, amount patterns, gas payment address).

Design requirements:

• Default-safe onboarding — the happy path must be private by default.
• Privacy reviews (not just security reviews) at every product update.
• Continuous monitoring of privacy assumptions (liquidity depth, oracle validity, exchange delisting risk).

Unconditional Privacy as a Distinct Stance (Phil Daian / Flashbots — NoConsensus.wtf 2025)

The existing privacy track (above) focuses on UX and adoption. Phil Daian argues for a more radical framing: privacy must be unconditional (information-theoretic, no assumptions) to be meaningful in a world with state-level adversaries. See Anonymous Broadcast for the full technical argument.

Why Signal and Tor are insufficient for crypto:

• Signal: all metadata (who, when, frequency, group membership) is visible to the centralized Signal Foundation, which is US-regulated.
• Tor: volunteer pool is fragile (legally risky to run); global passive adversaries can deanonymize via traffic analysis.
• “We kill people based off metadata alone” — General Michael Hayden, NSA.

The crypto opportunity: in blockchain systems, information leakage has direct financial value (MEV, arbitrage). The demand for privacy is quantifiable and financially motivated — not niche. This makes crypto an ideal context for funding and deploying serious privacy infrastructure.

DC-nets as the gold standard: Dining Cryptographers networks achieve information-theoretic anonymity with no cryptographic assumptions. Flashbots is building toward this (ZipNet, ADCNets — see Anonymous Broadcast).

“Ethereum go dark”: Phil Daian’s argument that inclusion lists and consensus patches are patches, not solutions. The P2P layer, mempool, and validator communication must all be made private before state-actor censorship becomes a practical threat. See Censorship Resistance in Consensus Protocols.

Methodological stance: start from unconditional privacy (no assumptions), relax only when forced, and justify each relaxation with evidence. This is the opposite of “let’s find the most practical thing and call it private.”

This represents a harder position than the EthCC[9] privacy track’s UX-focused framing — both are legitimate but targeting different threat models and adoption timelines.

ECC2 (Buenos Aires 2025): Privacy Technology Advances

Kohaku Wallet — The “Last Mile” UX Solution (Vitalik Buterin, ECC2)

Kohaku is an SDK (not a consumer product) for aggregating privacy across protocols — designed to give existing wallets privacy-by-default without requiring users to understand the underlying mechanisms.

Architecture:

• Privacy account: Aggregates shielded balances across Privacy Pools, Rail Gun, and other protocols under one interface
• Fresh address per dapp: Every dapp interaction uses a derived fresh address; no address reuse across applications
• Client-side proving: ZK proofs generated locally (<1 second on laptop, 2 seconds on phone) — faster than air-gapped Tornado Cash was
• EIP-7702 integration: Bundled approval + deposit in a single transaction
• Oblivious RPC: TEE + ORA/MPC hybrid prevents RPC queries from leaking wallet identity
• Social recovery options: ZK email, ZK passport, anon Aadhar, ZKGWT (Google Workspace Token) — multiple recovery paths without centralized custody
• Risk-based access control: More signatures required for larger transactions
• Version-controlled UI: On-chain update mechanism prevents compromised frontend attacks (→ Smart Contract Security (2026 State))

The “last mile” framing: Privacy technology has crossed the threshold. The bottleneck is now UX — and Kohaku addresses it by making privacy the invisible default rather than an opt-in feature.

Rail Gun — Public Address Parity (Alan Scott, ECC2)

Rail Gun has achieved feature parity with public addresses for private DeFi — the key milestone that enables institutional-grade private finance.

Key capabilities:

• FROST multisig: Threshold signatures via DKG over Waku (gossip-based coordination) — no centralized coordinator
• Hardware wallet support: Keys are separate from SNARK proof generation (unique to Rail Gun); hardware wallet holds keys, separate proving device generates proofs
• DeFi composability: Automated integration via transaction simulation, not per-protocol code integration. Recipe builder SDK enables any DeFi protocol to be used from a shielded address.
• Internal transfers: Shielded-pool-to-shielded-pool transfers with no on-chain withdrawal

Cost progression: $250 per transaction (2021) → $0.16 (2025) — 3-order-of-magnitude reduction via circuit optimization and ERC-1155 batching.

Why simulation worked where code integration failed: Manual protocol-by-protocol integration required constant maintenance as protocols upgraded. Transaction simulation (replay the transaction, observe state changes) works generically without protocol-specific code.

Fhenix: FHE for Blockchain is Now Practical (Guy Zyskind, ECC2)

FHE (Fully Homomorphic Encryption) has crossed the performance threshold for blockchain use:

• Threshold FHE decryption: Prior bottleneck was “noise flooding” in multi-party decryption. New MPC-based approach eliminates noise flooding entirely.
• Performance: 10ms latency, 10,000 decryptions/second — Visa-scale throughput
• Architecture: FHE co-processor for any EVM chain; encrypted state declared at the smart contract level
• Use cases: Encrypted ERC-20s (balances hidden from all parties except owner), private governance (votes hidden until threshold), private AMMs (order books hidden until execution)

Guy Zyskind (MIT MPC PhD) changed his position from preferring TEEs/MPC to FHE specifically due to this breakthrough. Paper won Best Paper Award at CCS 2024. See ZK Proving Infrastructure for complementary ZK approaches.

Identity Without Templates (Lasha Antadze / Rarimo, ECC2)

Current ZK identity systems (ZK passports, biometric verification) have a fundamental flaw: they require storing a biometric template (the reference measurement against which future scans are compared). This template:

• Must be stored somewhere (GDPR violation regardless of ZK/encryption wrapping)
• Requires a heavy neural network to use (800MB models, not feasible on-device)
• Creates a centralized point of failure

Fuzzy extractors (Rarimo): derive cryptographic keys directly from biometric measurements without storing a template. The key is generated on-demand from the biometric input; it never exists separately. Properties:

• No template stored anywhere
• Keys on-demand only (don’t exist until authentication)
• Supports Bitcoin and Ethereum key derivation simultaneously
• Brainwallet-equivalent security without memorization burden

If this works as described, it eliminates the GDPR problem and makes truly decentralized biometric identity possible.

Composable Privacy in DeFi (Status / Aztec / Rail Gun panel, ECC2)

Privacy pools isolate capital — you can’t earn yield while in a shielded pool. The solutions emerging:

• Status gasless L2: Reputation-based transaction fees (no gas token required → no fee token linkage to identity); enables DeFi from a private account without fee payment deanonymization
• Aztec private state machines: Private smart contracts that can call each other and bridge in/out of public state — enables private yield farming, private lending, private governance
• Rail Gun recipe builder: Compound DeFi interactions (swap → LP → stake) while remaining in a shielded pool

The TVL insight: Larger anonymity sets provide stronger privacy guarantees. Making DeFi composable within shielded pools drives TVL → larger sets → better privacy → more users. The composability problem and the adoption problem are the same problem.

ETHPrague 2026: Privacy Pools v2 and the Honeypot-Doctrine Death

The 2026 cyber apocalypse motivates the pivot (Mike McCabe / Privacy Pools)

McCabe’s framing: 2026 is the cyber apocalypse — major data breaches happening so frequently that the same researcher gets KYC documents leaked in three separate incidents within months. AI red-team kits (now nation-state-developed) have made every centralized database a strategic liability. The conclusion: the honeypot doctrine is dead. The only winning move is data minimization — don’t collect what you can’t defend.

This is the operational frame that drives EU adoption of ZK identity (cited at ETHPrague: EU Digital Identity Wallet shipping Noir circuits) and the next privacy-tool wave.

Privacy Pools v2 capabilities

McCabe’s headline: get on-chain privacy from <0.01% of Ethereum activity (current) to 0.1%+ (1000× growth), then to 0.5–1%. The v2 architecture for that scale:

• ASP gatekeeper preserved — Compliance is the default; “compliant privacy is what every new privacy protocol ships now.”
• Viewing keys — Optional disclosure to tax authorities or other authorized parties without compromising on-chain privacy.
• Feature parity with public addresses — Transfers, requests, multi-sig & Safe compatibility, unified accounts, no fees (replaces v1’s 0.5%), hardware wallet support, stealth addresses, intents compatibility, builder codes.
• Venmo-style private payment requests — Double-blind (recipient doesn’t see sender address even via the relayer pattern).
• Private payroll / DEX / order books — McCabe vibe-coded each demo in days using only the privacy-pools SDK.
• Embed-in-existing-infrastructure thesis — Long-term goal is no privacy-pools-branded frontend; the SDK gets embedded directly in wallets and dapps. The standalone-privacy-app pattern is the failure mode.

Cloaked & Kohaku — wallet-integrated privacy

Kohaku (covered in the ECC2 section above) is the SDK route; Cloaked (founded by an Optimism co-founder) is the production-shipping consumer wallet that already implements what Kohaku is building. The combination: privacy-by-wallet, not privacy-by-standalone-app. Demos at ETHPrague made the case that the bar for normal-user privacy compliance was crossed in 2025.

Frame transactions vs. relayers (post-talk question)

The question whether EIP-8141 frame transactions can replace privacy-protocol relayers: McCabe’s answer — relayers have legitimate use cases (double-blind payment requests where even the recipient must not learn the sender). Frame transactions and relayers will likely coexist. Privacy-Pools v2 designs the constraints on relayers (must adhere to specific rules) rather than trusting relayers wholesale, which is a meaningful trust reduction even when relayers are used.

Privacy by default — the 2030 endgame

Pcaversaccio’s privacy roadmap (cited approvingly): Ethereum must provide privacy unconditionally, without compliance-prove-innocence flow. The 2030+ endgame is privacy by default at L1. Privacy Pools v2 is the bridge: get privacy adoption to meaningful scale (~1%) so the L1 case can be made when straw-map work allows.

Encrypted Computing as the next layer

Encrypted Computing — FHE & Obfuscation — Janmajaya Mall’s Phantom / Machina update — extends privacy beyond transactions into contract state. The post-Privacy-Pools cluster of next-generation privacy tools uses FHE + obfuscation to hide what the contract is doing, not just who is calling it. This is the long-term endgame.

X511 personhood at the HTTP layer (Viki Val)

The complementary primitive: privacy-preserving proof of personhood at HTTP layer. Replaces CAPTCHA (which agents already solve faster than humans) and KYC (which leaks too much). ZK passport / Self / Anon Aadhar generate the proof; X511 returns it as an HTTP response header. The protocol matches x402’s design (HTTP-status-code-driven; SDK takes 15 lines of code). Use cases: fair airdrops, sybil-resistant voting, age-gating, API rate-limiting without identity leakage. → On-Chain Agents

Connections

• On-Chain Agents — Sovereign local agents as the privacy-preserving UX layer
• ZK Proving Infrastructure — ZK enables credibility without identity; FHE enables private computation
• Stablecoins & RWA Convergence — Institutional privacy (separate viewing/spending keys) for compliant RWA access
• Smart Contract Security (2026 State) — Privacy bugs are a class of security failure
• Anonymous Broadcast — Unconditional privacy (DC-nets) as the technical north star
• Censorship Resistance in Consensus Protocols — Full-stack privacy as a prerequisite for censorship resistance against state actors

Open Questions

• Can privacy UX reach “invisible” default status without regulatory pressure (HTTPS model)?
• Does FHE achieve acceptable performance for mainnet confidential multisigs within 2–3 years?
• Will ZK whistleblowing be used for high-stakes disclosures, or remain a niche tool?
• How do you design sovereign agents that remain private even when their outputs are observable on-chain?
• Is the UX-focused framing (EthCC[9]) and the unconditional privacy framing (NoConsensus.wtf) complementary or in tension? Can the same stack serve both consumer UX and adversarial state-level threat models?