a16z: 6 Misunderstandings About Blockchain Privacy

Source: a16zcrypto; Compiled by AIMan@Golden Finance

From telegrams and telephones to the internet, new technologies always provoke concerns about the impending demise of privacy. Blockchain is no exception, and privacy on the blockchain is often misunderstood as creating dangerous transparency or a haven for criminal activity.

But the real challenge lies not in choosing between privacy and security, but in building tools that can support both simultaneously—whether on a technical or legal level. From zero-knowledge proof systems to advanced encryption techniques, privacy protection solutions are continually expanding. Blockchain privacy is far from limited to the financial sector; it also opens doors for applications that benefit users in areas such as authentication, gaming, artificial intelligence, and more.

With the recent signing and enactment of stablecoin legislation in the United States, the demand for blockchain privacy is more urgent than ever. Stablecoins represent an opportunity for a billion people to participate in cryptocurrency. However, for users to confidently use cryptocurrency to pay for a variety of expenses, from coffee to medical bills, they need to ensure that their on-chain activities are private. Now is not the time to create myths, but to build.

The debate about privacy is not new, and neither is the answer: innovation, rather than myths and misunderstandings, will shape the future of privacy.

Misunderstanding 1: The Internet is the culprit of modern "privacy issues".

Truth: Nearly a century before the internet emerged, the communication revolution of the late 19th century propelled the development of privacy rights in the United States. The technologies developed by entrepreneurs elevated the transmission of information (news, text, images, and other media) to unprecedented heights, including the first commercial telegraph, telephone, commercial typewriter, microphone, and more. Historian and professor Sarah Igo observed that in the America of that time, "privacy conflicts developed alongside new communication modes," raising new privacy issues: Can the news media use the names, images, or photographs of others for commercial purposes? Can law enforcement eavesdrop on phone lines to listen in on conversations or use photography and fingerprint recognition to establish permanent records or registries to identify criminals?

Shortly after these technologies were introduced, legal scholars began to address the privacy challenges they posed. In 1890, future Supreme Court Justice Louis D. Brandeis and lawyer Samuel D. Warren published an article titled "The Right to Privacy" in the Harvard Law Review. Since then, privacy law has steadily developed in the legislative, tort, and constitutional fields throughout the 20th century. More than a century after Brandeis and Warren published their legal commentary article, the first widely used commercial internet browser, Mosaic, was released in 1993, and with it, privacy issues related to the internet began to increase.

Misconception 2: The Internet can operate normally without privacy.

Truth: The early internet lacked privacy protections, which severely hindered its wider adoption. Generally speaking, before the internet emerged, people's privacy was better protected. As Simon Singh noted in "The Code Book," early pioneers in cryptography like Whitfield Diffie pointed out that when the Bill of Rights was approved, "any two people could have a private conversation just by walking a few meters down the road and checking to see if anyone was hiding in the bushes — something that definitely cannot be done in today's world." Similarly, people could engage in financial transactions based on goods or cash, enjoying privacy and anonymity that most of today's digital exchanges do not offer.

Advances in cryptographic research have alleviated people's concerns about privacy and have given rise to new technologies that facilitate the secure exchange of confidential digital information and ensure reliable data protection. Cryptographers like Diffie predicted that many users would demand basic privacy protections for their digital activities, leading them to seek new solutions that could provide such protections—namely, asymmetric public key cryptography. Diffie and others developed new cryptographic tools that have now become the foundation of e-commerce and data protection. These tools have also paved the way for other confidential digital information exchanges, which are now applicable to blockchain.

The development of Hypertext Transfer Protocol Secure (HTTPS) is just one example of a privacy tool that has propelled the flourishing development of the internet. In the early days of internet development, users (i.e., clients) would communicate with web servers using Hypertext Transfer Protocol (HTTP). This web protocol allowed for data transmission to web servers, but it had a significant drawback: it transmitted data without encryption. As a result, malicious actors could read any sensitive information submitted by users to websites. A few years later, Netscape developed HTTPS for its browser, adding a layer of encryption to protect sensitive information. Consequently, users could send credit card information over the internet and engage in private communications more broadly.

With encryption tools like HTTPS, internet users are more willing to provide personal identification information—name, birth date, address, and social security number—through online portals. This has made digital payments the most commonly used payment method in the United States today. Businesses also bear the risks associated with receiving and protecting such information.

The changes in these behaviors and processes have spawned numerous new applications, from instant messaging to online banking, and to e-commerce. Internet activities have become an important part of today's economy, bringing unprecedented communication, entertainment, social networking, and other experiences.

Misunderstanding 3: Transactions on public chains are anonymous

Truth: Transactions on public blockchains are transparently recorded in an open and shared digital ledger, making transactions pseudonymous rather than anonymous—this is an important distinction. Pseudonymity, a practice with a history of hundreds of years, played a significant role even in early America: Benjamin Franklin published his early works in the New-England Courant under the pseudonym "Silence Dogood," while Alexander Hamilton, John Jay, and James Madison used "Publius" to signify their contributions to The Federalist Papers (Hamilton used multiple pseudonyms in his writings).

Blockchain users transact through wallet addresses associated with a series of algorithmically generated unique alphanumeric characters (i.e., keys), rather than using their real names or identities. Distinguishing between pseudonymity and anonymity is crucial for understanding the transparency of blockchain: while the alphanumeric characters of a wallet address cannot be immediately linked to a specific user's identity information, the level of privacy protection for key holders is far lower than people imagine, let alone true anonymity. The function of a crypto address is similar to that of a username, email address, phone number, or bank account number. Once a user interacts with another person or entity, the counterparty can associate the pseudonymous wallet address with a specific user, thereby exposing the user's entire on-chain transaction history and potentially revealing their personal identity. For example, if a store allows customers to pay with cryptocurrency, the cashier can see the shopping history of those customers at other stores as well as their cryptocurrency holdings (at least concerning the wallet used for that transaction on the blockchain network, since experienced cryptocurrency users may have multiple wallets and tools). This is akin to publicly sharing your credit card usage history.

The original Bitcoin white paper discussed this risk, noting that "if the identity of the key owner is leaked, the association may reveal other transactions of the same owner." Ethereum co-founder Vitalik Buterin has also written about the challenges of "making a significant portion of the information in your life public for anyone to view and analyze," and proposed solutions such as "privacy pools"—zero-knowledge proofs that allow users to prove the legitimacy of funds and their sources without revealing the complete transaction history. Therefore, some companies are also researching solutions in this field, not only to protect privacy but also to develop new applications that combine privacy with other unique attributes of blockchain.

Misunderstanding Four: Blockchain Privacy Leads to Rampant Crime

Truth: Data from the U.S. government and blockchain analytics companies show that the proportion of cryptocurrency used for illegal financing remains lower than that of fiat currencies and other traditional sources, with illegal activities accounting for only a small fraction of all activities on the blockchain. This data has remained consistent over the years. In fact, as blockchain technology continues to evolve, the incidence of illegal activities on-chain has decreased.

It is well known that in the early days of the Bitcoin network, illegal activities accounted for a large portion of its overall activity. As David Carlisle noted by quoting researcher Sarah Meickeljohn: "The main Bitcoin addresses used by Silk Road once accounted for 5% of the total Bitcoin supply at that time, and the site accounted for one third of the total Bitcoin transactions in 2012."

However, since then, the crypto ecosystem has successfully integrated effective mechanisms to curb illegal financing, and the total volume of legitimate activities has also increased. A recent report by TRM Labs estimates that in 2024 and 2023, the volume of illegal transactions accounted for less than 1% of the total crypto transaction volume (based on the dollar value of funds stolen in cryptocurrency hacks, as well as the dollar value of transfers to blockchain addresses associated with illegal category entities). Chainalysis and other blockchain analytics firms have also released similar estimates (including data from previous years).

Similarly, government reports, especially those from the Biden administration's Treasury Department, also reveal that the risk of illegal financing through cryptocurrencies is lower compared to off-chain activities. In fact, the recent discussions by the U.S. Treasury regarding cryptocurrencies— including its "2024 National Risk Assessment," "Decentralized Finance Illegal Financing Risk Assessment," and "Non-Fungible Token Illegal Financing Risk Assessment"—all acknowledge that, in terms of transaction volume and value, most money laundering, terrorism financing, and proliferation financing occurs using fiat currency or more traditional methods.

In addition, the transparent characteristics of many blockchains (such as those discussed in Misconception 3) make it easier for law enforcement to catch criminals. Since the flow of illicit funds is clearly visible on public blockchain networks, law enforcement can trace the flow of funds to "cash-out points" (i.e., cryptocurrency withdrawal points) and blockchain wallet addresses associated with wrongdoers. Blockchain tracking technology has played an important role in combating illegal markets (including Silk Road, Alpha Bay, and BTC-e).

It is precisely for these reasons that many criminals realize the potential risks of using blockchain to transfer illegal funds, and therefore adhere to more traditional methods. Although in some cases, enhanced blockchain privacy may make it more challenging for law enforcement to monitor on-chain criminal activities, new cryptographic technologies are being developed that can both protect privacy and meet the needs of law enforcement.

Misconception Five: You can choose between combating illegal financing and protecting user privacy, but you cannot do both.

Truth: Modern cryptographic techniques can coordinate the privacy needs of users with the information and national security demands of regulators and law enforcement. These technologies include zero-knowledge proofs, homomorphic encryption, multi-party computation, and differential privacy. Zero-knowledge proof systems may be the most likely to help achieve this balance. These methods can be applied in various ways to curb crime and enforce economic sanctions while preventing surveillance of American citizens or the theft or laundering of funds through the blockchain ecosystem.

Zero-knowledge proof is a cryptographic process that allows one party (the prover) to convince another party (the verifier) that a statement is true without revealing any other information besides the fact that the statement is true. For example, to prove whether someone is a U.S. citizen. Using zero-knowledge proof, a person can prove the truth of that statement to others without disclosing their driver's license, passport, birth certificate, or any other information. Zero-knowledge proof allows for the confirmation of the truthfulness of the statement without exposing specific or additional information that could compromise privacy (whether it be an address, date of birth, or indirect password hint).

Given these characteristics, zero-knowledge proof solutions are one of the best tools to help detect and prevent illegal activities while protecting user privacy. Current research shows that privacy-enhancing products and services can reduce risks in various ways, including:

1. Deposit screening to prevent assets from sanctioned individuals or wallets from being deposited;
2. Withdrawal screening to prevent withdrawals from sanctioned addresses or addresses associated with illegal activities;
3. Voluntary selective de-anonymization, which provides an option for those who believe they have been mistakenly placed on a sanctions list to de-anonymize their transaction details and provide them to selected or designated parties;
4. Involuntary selective de-anonymization involves a keyholder entity (such as a non-profit organization or other trusted organization) sharing private keys with the government, where the keyholder entity assesses the government's request to use the private keys to de-anonymize wallet addresses.

With the concept of "privacy pools," Vitalik and others advocate for the use of zero-knowledge proofs so that users can prove their funds do not come from known illegal sources—without having to disclose their entire transaction history. If users can provide such proof when converting cryptocurrencies into fiat, then withdrawal points (i.e., exchanges or other centralized intermediaries) will have reasonable assurance that these cryptocurrencies do not originate from criminal proceeds, while users can also protect the privacy of their on-chain transactions.

Despite critics' longstanding concerns about the scalability of cryptographic privacy technologies like zero-knowledge proofs, recent advancements have made them more suitable for large-scale implementation. By reducing computational overhead, scalable solutions are enhancing the efficiency of zero-knowledge proofs. Cryptographers, engineers, and entrepreneurs are continually improving the scalability and usability of zero-knowledge proofs, making them an effective tool to meet law enforcement needs while protecting individual privacy.

Misunderstanding 6: Blockchain privacy only applies to financial transactions

Truth: Privacy-preserving blockchains can unlock various financial and non-financial use cases. These features highlight how privacy-preserving blockchain technology fundamentally expands the scope of secure and innovative digital interactions across use cases. Examples include:

• Digital Identity: Privacy-oriented transactions enhance digital identity verification, allowing individuals to selectively (and verifiably) disclose attributes such as age or citizenship without exposing unnecessary personal data. Similarly, digital identity can help patients improve the confidentiality of sensitive information while finely transmitting relevant test results and other information to doctors.
• Games: Cryptographic technology allows developers to hide certain content in the digital world (such as special items or hidden levels) until players unlock them on their own, creating a more exciting gaming experience. Without privacy tools, blockchain-based virtual worlds would be transparent to users, thereby weakening their sense of immersion; players who know the digital world inside out would lack the motivation to explore.
• Artificial Intelligence: Privacy-preserving blockchain tools also open up new possibilities for artificial intelligence, allowing for encrypted data sharing and model verification methods without disclosing sensitive information.
• Finance: In the financial sector, encryption technology enables decentralized financial applications to provide a wider range of services while ensuring privacy and security. Innovative designs of decentralized exchanges can leverage encryption technology to enhance market efficiency and fairness.
• Voting: In DAOs, there is a strong desire for private on-chain voting to avoid the consequences that may arise from supporting unpopular measures or the potential groupthink that might occur from mimicking the voting behavior of specific individuals.

These are just some obvious applications; like the internet, once privacy protection features are added, we expect to see many novel applications.

Conclusion

The debate about privacy—who controls privacy, how to protect it, and when it is stripped away—has existed for at least a century before the digital age arrived. Each new technology has sparked similar panics at the time: telegraphs and telephones, cameras and typewriters, all igniting discussions that have affected generations of society.

Believing that blockchain will only jeopardize privacy, or thinking that blockchain is particularly easy to be used as an illegal weapon, is a misunderstanding of history and technology. Just as encryption and cryptographic protocols enable secure online communication and commerce, emerging privacy protection technologies such as zero-knowledge proofs and advanced encryption techniques can provide practical ways to protect privacy while achieving compliance goals and combating illegal financing.

The real question is not whether new innovations will reshape privacy, but whether technologists and society can address the challenges by implementing new solutions and practices. Privacy will not be lost or compromised; it will continuously adapt to meet the broader and more pragmatic needs of society. As with previous technological revolutions, the question is how to realize this.