a16z: 6 Misconceptions About Blockchain Privacy

Author: David Sverdlov & Aiden Slavin

Compiled by: Deep Tide TechFlow

The emergence of new technologies—from the telegraph and telephone to the internet—has always been accompanied by anxiety over the impending disappearance of privacy. Blockchain technology is no exception, and discussions about blockchain privacy often involve misunderstandings: either it is believed to bring excessive transparency that threatens personal privacy, or it is seen as a breeding ground for crime.

But the real challenge is not choosing between privacy and security, but how to build tools that support both privacy and ensure security—at both the technical and legal levels. From zero-knowledge proof systems to advanced encryption technologies, privacy protection solutions are gradually expanding. Blockchain privacy is far from limited to the financial sector; it also opens doors for applications in many fields such as authentication, gaming, and artificial intelligence, truly benefiting users.

With the formal signing of stablecoin legislation in the United States, the demand for blockchain privacy has become more urgent than ever. Stablecoins present an opportunity for cryptocurrencies to bring a billion people into the fold. However, to encourage users to use cryptocurrencies for everyday purchases—from coffee to medical bills—they must be assured that their on-chain activities are private. Now is not the time for misunderstandings, but rather a time to take action and build solutions.

The debate over privacy has a long history, and its answers are not new: adhering to innovation and rejecting misunderstandings and misinterpretations is the way to shape the future of privacy.

Misunderstanding 1: The Internet is the root cause of modern "privacy issues".

Truth: Long before the internet emerged nearly a century ago, the communication revolution of the late 19th century drove the development of privacy rights in the United States. Entrepreneurs developed many technologies that could transmit information like never before, including the first commercial telegraph, telephone, commercial typewriter, microphone, and other media. The emergence of these technologies dramatically changed the way information was disseminated. Historian and professor Sarah Igo points out that the privacy conflicts in America at the time developed alongside new communication methods, raising many new privacy issues: Could the news media use someone's name, likeness, or photograph for commercial purposes? Could law enforcement eavesdrop on telephone lines to listen to conversations, or use photography and fingerprint technology to establish permanent records or criminal identification registries?

Shortly after these technologies emerged, legal scholars began to address the privacy challenges they posed. In 1890, future U.S. Supreme Court Justice Louis D. Brandeis and lawyer Samuel D. Warren published "The Right to Privacy" in the Harvard Law Review. Subsequently, privacy law gradually developed through legislation, tort law, and constitutional law throughout the 20th century. However, more than a century after Brandeis and Warren published their article, the first widely available commercial internet browser, Mosaic, was launched in 1993, leading to a surge in internet-related privacy issues.

Misunderstanding 2: The Internet can operate normally without privacy.

The truth: The lack of privacy protection in the early days of the internet significantly hindered its broader adoption. Overall, before the advent of the internet, people enjoyed a higher degree of privacy. As Simon Singh mentions in "The Code Book," early pioneer of cryptography Whitfield Diffie pointed out that at the time of the passage of the Bill of Rights, "any two people could have an absolutely private conversation by walking a few meters to the side of the road and confirming that no one was hiding in the bushes—an extent of privacy that no one in today's world can enjoy." Similarly, people could engage in financial transactions using goods or cash, enjoying the privacy and anonymity that are largely absent in most digital transactions today.

The advances in cryptographic research have alleviated concerns about privacy, giving rise to new technologies that facilitate the secure exchange of confidential digital information and ensure data protection. Cryptographers like Diffie predicted that many users would demand basic privacy protection for digital activities, prompting them to seek new solutions that could provide such protection—namely, asymmetric public key encryption technology. The new encryption tools developed by Diffie and other researchers have now become the foundation of e-commerce and data protection. These tools have also paved the way for the exchange of other confidential digital information, with these technologies now being applied in the blockchain field.

The development of HyperText Transfer Protocol Secure (HTTPS) is a typical example of a privacy tool that has driven the prosperity of the internet. In the early days of the internet, users (i.e., clients) communicated with web servers using the HyperText Transfer Protocol (HTTP). This protocol allowed data to be transmitted to web servers, but it had a major flaw: there was no encryption during the data transmission process. Malicious actors could therefore read any sensitive information submitted by users to websites. A few years later, Netscape developed the HTTPS protocol for its browser, which added a layer of encryption protection to secure the transmission of sensitive information. As a result, users could safely send credit card information over the internet and engage in private communications more broadly.

With the help of encryption tools like HTTPS, internet users are more willing to provide personal identification information online, such as name, date of birth, address, and social security number. This increased sense of security has made digital payments the most commonly used payment method in the United States today. At the same time, businesses have also accepted the risks associated with receiving and protecting such information.

The changes in these behaviors and processes have given rise to many new applications, from instant messaging to online banking to e-commerce. Today, internet activities have become an important part of the modern economy, bringing unprecedented communication, entertainment, social networking, and other experiences.

Misunderstanding 3: Transactions on public blockchains are anonymous.

The truth: Public blockchain transactions are transparently recorded on a publicly shared digital ledger, making them "pseudonymous" rather than truly anonymous. This distinction is crucial. The practice of pseudonymity dates back centuries and played a significant role in early American history: Benjamin Franklin published early works under the pen name "Silence Dogood" in the New-England Courant, while Alexander Hamilton, John Jay, and James Madison used "Publius" as the signature for The Federalist Papers (Hamilton employed several pen names in his writings).

Blockchain users conduct transactions through wallet addresses, which consist of a unique alphanumeric string (i.e., keys) generated by a series of algorithms, rather than directly using real names or identity information. Understanding the difference between pseudonymity and anonymity is crucial for recognizing the transparent nature of blockchain: while the alphanumeric characters of a wallet address cannot be immediately linked to specific user identity information, the level of privacy protection for key holders is far lower than people imagine, let alone anonymity. The function of a cryptocurrency address is similar to that of a username, email address, phone number, or bank account. Once a user interacts with others or entities, the other party can associate the pseudonymous wallet address with a specific user, thereby exposing the user's entire on-chain transaction history and potentially revealing their personal identity. For example, if a store accepts cryptocurrency payments from customers, the cashier of that store can see the shopping history of these customers from other places as well as their cryptocurrency holdings (at least the wallet balance on the blockchain network used for that specific transaction, and skilled cryptocurrency users often have multiple wallets and tools). This is similar to making your credit card usage history public.

The Bitcoin white paper initially mentioned this risk, stating that "if the identity of the key owner is revealed, the correlation may expose other transactions belonging to the same owner." Ethereum co-founder Vitalik Buterin has also written about the challenges of "making a large part of life publicly available for anyone to view and analyze," and proposed solutions such as "privacy pools" - using Zero-Knowledge Proofs, users can prove the legitimacy of the source of funds without disclosing the complete transaction history. Because of this, many companies are developing solutions in this field, not only to protect privacy but also hoping to combine privacy with the unique attributes of blockchain to create new application scenarios.

Misunderstanding 4: The privacy of blockchain fosters rampant crime.

The truth: Data from the U.S. government and blockchain analysis firms show that the proportion of illegal financial activities conducted using cryptocurrencies remains lower than that of fiat currencies and other traditional financial methods, with illegal activities accounting for only a small fraction of total blockchain activity (relevant data can be found here, which we will discuss in detail later). This data has remained consistent over the years. In fact, as blockchain technology continues to evolve, the proportion of illegal activities on-chain is showing a downward trend.

It is no secret that illegal activities accounted for a significant proportion of the Bitcoin network in its early stages. As David Carlisle pointed out in reference to researcher Sarah Meickeljohn's observation, "There was a time when the primary Bitcoin address used by 'Silk Road' contained 5% of all existing bitcoins, and that site accounted for one-third of Bitcoin transactions in 2012."

However, thereafter, the cryptocurrency ecosystem successfully introduced effective mechanisms to reduce illegal financial activities, and the overall volume of legitimate activities significantly increased. According to the latest report by TRM Labs, it is estimated that in 2024 and 2023, the illegal transaction volume accounted for less than 1% of the total cryptocurrency transaction volume (based on the dollar value of funds stolen from cryptocurrency hacks, as well as the dollar value flowing to blockchain addresses associated with illegal category entities). Chainalysis and other blockchain analysis companies have also released similar estimated data (including data from earlier years).

Similarly, government reports, especially those from the Biden administration's Treasury Department, have revealed the advantages of cryptocurrencies in terms of illegal financial risks compared to off-chain activities. In fact, the Treasury's recent discussions on cryptocurrencies — including its "2024 National Risk Assessments," "Illicit Finance Risk Assessment on Decentralized Finance," and "Illicit Finance Risk Assessment of Non-Fungible Tokens" — all point out that, based on transaction volume and amount, most money laundering, terrorist financing, and proliferation financing still occur in fiat currency or more traditional financial methods.

In addition, the transparent characteristics of many blockchains (such as those discussed in Misunderstanding Three) make it easier for law enforcement to capture criminals. Since the flow of illegal funds is visible on public blockchain networks, law enforcement agencies can trace the flow of funds to "cash-out points" (i.e., nodes where cryptocurrencies are exchanged for cash) and blockchain wallet addresses associated with wrongdoers. Blockchain tracking technology has played a crucial role in combating illegal markets, including the shutdown of illicit platforms such as Silk Road, Alpha Bay, and BTC-e.

For this reason, many criminals realize the potential risks of using blockchain to transfer illicit funds and choose to continue using more traditional methods. Although enhanced blockchain privacy may make it more challenging for law enforcement agencies to combat on-chain criminal activities in some cases, new cryptographic technologies are continuously evolving, which can both protect privacy and meet law enforcement needs.

Misunderstanding 5: It is impossible to strike a balance between combating illegal finance and protecting user privacy.

The truth: Modern cryptographic technologies can simultaneously meet the privacy needs of users and the information and national security needs of regulatory and law enforcement agencies. These technologies include zero-knowledge proofs, homomorphic encryption, multi-party computation, and differential privacy. Among them, zero-knowledge proof systems may have the greatest potential to achieve this balance. These methods can be applied in multiple areas, both to curb crime and enforce economic sanctions, and to prevent surveillance of citizens as well as the use of blockchain ecosystems for theft or money laundering.

Zero-knowledge proof is a cryptographic technique that allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information beyond the fact that the statement is true. For example, to prove whether someone is a U.S. citizen, using zero-knowledge proof, a person can prove this to others without displaying a driver's license, passport, birth certificate, or other information. Through zero-knowledge proof, this fact can be confirmed while avoiding the disclosure of specific or additional information—such as address, date of birth, or indirect password hints—thus protecting privacy.

Given these characteristics, zero-knowledge proof solutions are one of the best tools to help detect and curb illegal activities while protecting user privacy. Current research indicates that privacy-enhancing products and services can reduce risks in various ways, including:

Deposit screening: Prevent deposits of assets from sanctioned individuals or wallets;

Withdrawal screening: Prevent withdrawals from sanctioned addresses or addresses associated with illegal activities;

Voluntary selective de-anonymization: providing individuals who believe they have been wrongly added to the sanctions list the option to disclose transaction details to a designated or selected party.

Involuntary selective de-anonymization: Involves a gateway entity (such as a non-profit organization or other trusted institution) that shares private keys with the government, where the gateway entity is responsible for evaluating the government's requests for the use of private keys to de-anonymize wallet addresses.

Under the concept of "privacy pools", Vitalik Buterin and other supporters advocate for the use of zero-knowledge proofs, allowing users to prove that their funds do not originate from known illegal channels while not having to disclose the entire transaction graph. If users can provide such proof when converting cryptocurrency to fiat, then exchange nodes (such as exchanges or other centralized intermediaries) can reasonably ensure that these cryptocurrencies are not criminal proceeds, while users can also maintain privacy in on-chain transactions.

Despite critics often questioning the scalability of cryptographic privacy technologies such as zero-knowledge proofs in the past, recent technological advancements have made them more practical for large-scale implementation. By reducing computational overhead, scalability solutions are enhancing the efficiency of zero-knowledge proofs. Cryptographers, engineers, and entrepreneurs continue to improve the scalability and usability of zero-knowledge proofs, making them an effective tool for meeting law enforcement needs while protecting individual privacy.

Misunderstanding Six: Blockchain privacy only applies to financial transactions

Truth: Privacy-preserving blockchain technology can unlock a wide range of financial and non-financial application scenarios. These capabilities highlight how privacy-preserving blockchain technology fundamentally expands the scope of secure and innovative digital interactions, covering various application scenarios. Here are specific examples:

Digital Identity: Privacy-enhanced transactions strengthen digital identity verification features, allowing individuals to selectively and verifiably disclose attributes such as age or citizenship without exposing unnecessary personal data. Meanwhile, in medical applications, digital identity can also help patients protect the confidentiality of sensitive information while accurately conveying relevant test results and other data to doctors.

Games: Encryption technology enables developers to create more engaging gaming experiences, such as unlocking certain hidden items or levels after players complete specific actions. Without privacy tools, blockchain-based virtual worlds will be completely transparent to users, diminishing their sense of immersion; when players are fully aware of everything in the digital world, their motivation to explore will also decrease.

Artificial Intelligence: Privacy-preserving blockchain tools open up new possibilities for artificial intelligence, allowing for encrypted data sharing and model validation methods while not disclosing sensitive information.

Finance: In the financial sector, encryption technology enables decentralized finance (DeFi) applications to offer more diversified services while maintaining privacy and security. The design of new decentralized exchanges can leverage encryption technology to enhance market efficiency and fairness.

Voting: In decentralized autonomous organizations (DAOs), the privacy of on-chain voting is crucial to avoid the negative impacts of supporting unpopular proposals or to prevent groupthink resulting from mimicking the voting behavior of specific individuals.

These are just some obvious application scenarios of privacy protection technology; just like the development of the internet, once privacy protection functions are realized, we expect to see more innovative applications emerge.

The debate about privacy—who controls it, how to protect it, and when to give it up—has existed for at least a century before the digital age. Every new technology has sparked similar panic at its inception: telegrams and telephones, cameras and typewriters have all sparked discussions that have impacted generations of society.

Believing that blockchain will only endanger privacy, or thinking that blockchain is particularly easy to use as an illegal weapon, is a misunderstanding of history and technology. Just as cryptographic techniques and encryption protocols enable secure online communication and commerce, emerging privacy protection technologies such as zero-knowledge proofs and advanced encryption techniques can also provide practical solutions for achieving compliance goals and combating illegal finance while protecting privacy.

The real question is not whether new technologies will reshape privacy, but whether technologists and society can rise to the challenge by implementing new solutions and practices to respond to the changes. Privacy is not lost or compromised, but adapted to the broader pragmatic needs of society. This technological revolution, like previous revolutions, raises the real question of how to achieve this adaptation.

For the complete cited paper, please refer to this link.