Holistic network anonymity for institutions

At Devconnect Buenos Aires 2025, the Ethereum Privacy Stack event crystallized how Ethereum privacy is evolving from isolated tools into an end-to-end network, legal, and UX agenda for the next 3–5 years.

Co-organized by Privacy & Scaling Explorations (PSE), Web3Privacy Now, and core members of the Ethereum Foundation (EF), the forum became one of Devconnect ARG 2025’s most influential vertical gatherings. It convened Vitalik Buterin, a Tor co-founder, leading protocol teams such as Railgun, 0xbow and Aztec, plus top legal and policy experts. Together they mapped technical gaps, regulatory risks, and cultural narratives that will shape Ethereum’s future as a censorship-resistant “world ledger.”

Moreover, the event’s defining theme was “Holistic Privacy.” Speakers stressed that privacy can no longer be reduced to on-chain gadgets like ZK proofs or mixers. Instead, the stack must span the full loop: network transport (e.g., Tor and mixnets), RPC access, data storage, and user-facing front ends. If any layer leaks metadata, the entire system degrades.

As Vitalik Buterin and Roger Dingledine underlined, a network that exposes IP addresses renders application-layer anonymity meaningless. The community rallied around the “wooden-barrel” principle: Ethereum must systematically patch the weakest sources of metadata leakage so it can credibly operate as a global, censorship-resistant ledger.

Default privacy and user experience endgame

Speakers argued that Web3 privacy is reaching an inflection point comparable to the Web2 shift from HTTP to HTTPS. Privacy technology should not remain the realm of “geeks” or “hackers,” nor be stigmatized as a cover for crime. Drawing on Railgun, Kohaku Wallet and Web2 history, several talks proposed a cultural inversion: stigmatize fully public behavior instead. Over time, broadcasting naked financial data on-chain should feel as abnormal as walking unclothed across the internet.

By 2026, the community aims to reduce the cost of private transfers to around 2× a standard transaction while delivering a one-click, nearly invisible flow. That said, the goal extends beyond retail. Improved privacy and UX should unlock participation from TradFi institutions that have stayed away because they cannot risk exposing trading strategies or business-sensitive information.

However, attendees also noted that getting to a mature default privacy ux will require standardization and wallet-level integrations, not just protocol innovation. Wallets and dApps must make protective defaults effortless, while still allowing selective disclosure for audits, tax reporting, and compliance.

Compliance spectrum and the looming L1 privacy debate

Even as the technical roadmap solidifies, ideological fractures are sharpening. The starkest divide is between compliance-preserving privacy and permissionless privacy. One camp, embodied by Privacy Pools, advocates proofs that dissociate user funds from known illicit flows, segregating tainted liquidity to gain regulatory tolerance and institutional adoption. The opposing camp insists that any concession to compliance logic risks creeping censorship and mission drift.

In a keynote warning, Andy Guzman of PSE described a potential “L1 civil war” over whether privacy should be embedded directly into Ethereum’s base layer. Integrating privacy at L1 could deliver unified liquidity and default protections, but might also import heavy regulatory scrutiny and protocol complexity. The decision will strongly influence Ethereum’s political character and its long-term privacy infrastructure roadmap.

Moreover, Guzman forecast that by November 2026, at the next Devcon, private transfers on Ethereum will be effectively “solved” in usability terms. With more than 35 teams pursuing around 13 approaches, he expects convergence on low-cost (≈2× a normal transfer), low-latency, one-click private payments. The remaining strategic question is where in the stack those capabilities should live.

Hardware, nodes, and network layer anonymity

Beyond software, the event placed unusual emphasis on hardware and physical infrastructure as the last line of censorship resistance. Several talks argued that if chips, servers or home routers contain backdoors, higher-layer cryptography becomes a castle built on sand. From running one’s own nodes to trust-minimized Trusted Execution Environments (TEEs), participants reframed censorship resistance as a public utility comparable to a fire escape: often unused, but vital in crisis.

Projects such as Nym and HOPR, plus work on ZK-TLS, aim to deliver robust network layer anonymity even under severe geopolitical stress. These systems combine mixnets, onion routing and cryptographic attestation to obfuscate traffic patterns and resist large-scale surveillance. The message was clear: protecting user privacy requires as much attention to packets and hardware as to smart contracts.

Furthermore, panelists like Sebastian Bürgel and Pol Lanski advocated home self-hosting and “nerd-powered” networks. Encouraging more users to operate nodes, relays, and privacy infrastructure is not just decentralization rhetoric; it is a practical form of civil disobedience against blanket monitoring regimes such as proposed “Chat Control” legislation.

Legal defense, culture, and narrative power

The legal atmosphere was shaped by the ongoing Tornado Cash developers’ ordeal. Lawyers and builders alike described a shift from ex-post prosecutions to proactive surveillance and harassment of open-source contributors, including spyware attacks against teams working on censorship-resistant voting. Modern counter-terror frameworks can stretch to classify privacy and DeFi primitives as tools to “undermine economic or political structures,” sweeping ordinary developers into a dangerous legal blast radius.

Because of this, experts called for durable developer legal defense structures: permanent funds, rapid-response counsel, and professional policy teams. The industry spends billions on conferences and marketing; only a fraction is needed to underwrite credible protection for coders. Without such safeguards, many engineers will simply become too fearful to ship critical infrastructure.

At a cultural level, the community must wrest back the narrative. Speakers urged reframing developers from potential “abettors of terrorism” into defenders of civil liberties in the digital era. Protecting privacy, they argued, is not only a technical endeavor, but also a political and storytelling battle over what kind of internet and financial system society chooses to endorse.

Onionizing Ethereum: Tor integration and censorship resilience

In a cornerstone fireside, Vitalik Buterin and Roger Dingledine outlined a new direction: Onionizing Ethereum. Vitalik revealed that the Ethereum Foundation is advancing plans to deeply integrate Tor and Onion Services across the stack. The objective is to move beyond transaction-layer privacy toward holistic protections that cover both write-side privacy (transaction submission) and read-side privacy (RPC access), sealing off leaks of IP addresses and access patterns.

Dingledine noted that around three quarters of Bitcoin nodes already connect via .onion addresses, making Tor a de facto part of Bitcoin‘s infrastructure. He emphasized that credential-level anonymity is insufficient when the transport layer leaks IP information. For Ethereum, the ambition is to introduce mixnets and onion routing at the peer-to-peer layer to harden the network against DoS attacks on block proposers and to improve censorship resistance.

Moreover, Vitalik distinguished between application-level transaction censorship and network-level access censorship. Ethereum aspires to remain reachable even behind nation-state firewalls by leveraging Tor’s Pluggable Transports like Snowflake, which can disguise traffic as WebRTC video calls. Looking forward, both speakers discussed enabling validators (stakers) to run Tor relay nodes as non-exit relays, contributing bandwidth without exit-node legal exposure. If realized, this architecture would materially strengthen Ethereum’s base-layer resilience over the coming years.

DeFiPunk, public goods, and aligned privacy applications

DeFiPunk and funding aligned protocols

Hsiao-Wei Wang introduced the DeFiPunk concept to guide EF’s funding policy. DeFi, she argued, should not be defined purely by yield. Instead, it must embody censorship resistance, open-source values, and strong privacy guarantees. EF will therefore prioritize capital deployment into projects that strengthen Ethereum’s long-term health rather than protocols that merely chase high APY or rely on centralized shortcuts.

She outlined six DeFiPunk attributes: Security, Open Source, Financial Self-sufficiency, Trust-minimized design, Cryptographic tooling, and Privacy. Furthermore, EF favors Free/Libre and Open Source Software licenses that encourage genuine transparency. Protocols must be permissionless and preserve user sovereignty over assets. Hsiao-Wei urged users to evaluate projects through this lens: auditing code, governance, and contract immutability to ensure they align with DeFi’s original mission of uncensorable finance.

Privacy in public goods funding

A panel featuring Camila Rioja, Thomas Humphreys, Tanisha Katara, Beth McCarthy, and José Ignacio Trajtenberg examined how to balance transparency and privacy in public goods. Real-world pilots such as Xcapit’s work with UNICEF and Brazilian community-currency programs show that, in humanitarian contexts, privacy often becomes a matter of physical safety rather than abstract data protection.

The central tension is clear: transparency is essential for accountability and impact verification, yet excessive openness at the participation layer (voting, identity checks) invites bribery, coercion and social pressure. Introducing zero-knowledge primitives can secure Sybil resistance and correct tallies while hiding individual ballots, enabling anti-collusion governance. Panelists stressed the need for configurable stacks that communities across jurisdictions can adapt to divergent regulatory regimes, including GDPR constraints.

Who pays for privacy-aligned apps?

Lefteris Karapetsas used his Rotki portfolio tracker to highlight the economic friction of aligned applications. Most “free” internet services monetize users via a hidden data tax. In contrast, aligned apps prioritize user interests, local-first design, and minimal tracking, but face higher engineering costs and slower development because they cannot lean on telemetry, A/B testing, or data monetization.

He argued that relying on grants or donations is unsustainable. Instead, privacy-centric apps must charge users directly through freemium tiers, enterprise support or premium features to build recurring revenue. Moreover, pricing models should communicate that paying is part of financing a future without mass surveillance. Transparent financials and honest communication can convert customers into long-term allies in this alternative economic model.

Mapping the Ethereum privacy ecosystem and institutional adoption

Ecosystem mapping and external alliances

A panel with Mykola Siusko, Antonio Seveso, cyp, Alavi, and Kassandra.eth set out to chart Ethereum’s fragmented privacy ecosystem. They identified multiple verticals: on-chain privacy (e.g., stealth addresses, privacy pools compliance tools), network-layer protections like mixnets, and the UX glue that connects everything. UX, they argued, is the decisive factor for mainstream adoption.

Speakers cautioned against designing privacy purely as a defensive reaction to regulators. Instead, they framed it as a shared community capability that unlocks new modes of coordination and agency. A single global, regulator-approved protocol is unrealistic; better to provide robust, general-purpose infrastructure plus selective-disclosure tools like view keys, allowing users or institutions to reveal data only when necessary. The panel also urged deeper collaboration with non-crypto actors such as Tor, the Electronic Frontier Foundation and Signal to normalize privacy as a routine, even enjoyable, part of digital life.

Institutional privacy on Ethereum

Another key session focused on institutional privacy adoption. Oskar Thorin presented the Ethereum Foundation’s Institutional Privacy Task Force, tasked with helping traditional financial institutions move onto Ethereum while satisfying stringent confidentiality requirements. Panelists from ABN AMRO and Etherealize explained that institutions are not primarily blocked by regulation, but by insufficient privacy around trade secrets, positions and client data.

Francois from Polygon Miden described a hybrid account model that lets users maintain private state locally and expose only zero-knowledge proofs to the public chain when necessary. The panel agreed that the future lies not in siloed private chains, but in a privacy layer anchored to Ethereum mainnet. By decoupling identity verification, policy enforcement and reporting, institutions can benefit from Ethereum’s liquidity while selectively disclosing information to regulators. Speakers pointed to 2026 as a plausible tipping point for larger-scale institutional participation.

Privacy Pools, censorship resistance, and guerrilla interoperability

Ameen Soleimani, representing 0xbow, revisited Tornado Cash’s history using an allegory of a polluted Patagonian lake. When a few malicious actors contaminate a shared resource, authorities often punish everyone. He argued that developers should not be held liable for user crimes, yet acknowledged that ordinary users mixing funds alongside hackers inadvertently improve criminal cover. The challenge, therefore, is designing systems that preserve lawful users’ privacy while constraining abuse.

This is the premise of ethereum privacy designs like Privacy Pools: users can generate zero-knowledge proofs that their withdrawals are not associated with blacklisted deposits, satisfying AML expectations without revealing specific sources. Ameen outlined 0xbow’s governance, including KYT screening and the “ragequit” mechanism that guarantees withdrawal of principal even if deposits are later flagged or the operator shuts down. The upcoming Privacy Pools V2, targeting EthCC in Paris, will add shielded in-pool transfers, trading some fungibility for recoverability.

Beyond on-chain mixers, Mashbean from Matters Lab questioned why many censorship-resistance products struggle commercially despite high moral value. Operating the Matters.news platform revealed the Honeypot Paradox: censorship-resistant venues attract sensitive content and attacks, forcing some moderation and creating tension with pure ideals. He recommended shipping modular primitives, not monoliths, and treating censorship resistance as public infrastructure measured by how many people can speak safely, not by revenue alone.

Andreas Tsamados of Fileverse expanded this theme with “Guerrilla Interoperability.” Using tools like ZK-TLS, users can create cryptographic attestations about their interactions with Web2 platforms and import those facts into Web3 without permission from incumbents. Fileverse’s ddocs.new and dsheets.new illustrate how decentralized, encrypted alternatives can compete with Google Workspace. The call to action: use account abstraction, decentralized storage, and ZK proofs to wrest back data sovereignty instead of waiting for regulators or platforms to open up.

Infrastructure resilience, wallets, and private governance

A dedicated panel on infrastructural resilience, featuring Sebastian Bürgel, ml_sudo, Pol Lanski and Kyle Den Hartog, dived deeper into hardware trust. Today’s TEEs like Intel SGX often sacrifice security and remain vulnerable to side-channel attacks. In response, ml_sudo described a “Trustless TEE” initiative for fully open-source chips whose design and toolchains can be audited end-to-end, an essential step in an era of fragmented supply chains.

Lanski reiterated the long-term vision that “everyone runs their own node,” casting home self-hosting as a form of civil resistance. Sebastian summarized the social layer succinctly: “Nerds protect networks.” Empowering tinkerers and lowering hardware barriers will be crucial as AI-generated forgeries and hyper-connected devices increase attack surfaces. Only trust-minimized infrastructure can preserve confidence that users are interacting with real people and that their data has not been silently exfiltrated.

Nicolas Consigny then unveiled Kohaku, an EF-led wallet stack composed of an SDK and a reference browser-extension wallet forked from Ambire. Kohaku aims to raise the ecosystem’s baseline by offering modular privacy and security components that other wallets can adopt. It natively integrates Railgun and Privacy Pools, supports per-dApp account connections to reduce address reuse, and introduces hardware-level signing for ZK transactions via collaboration with ZKnox. A public testnet is planned around EthCC next April, marking a concrete step toward standardized app-layer privacy.

On governance, a panel including Joshua Davila, Lasha Antadze, Anthony Leuts, Jordi Pinyana, and John Guilding (MACI) argued that privacy is essential for honest DAO voting. Fully transparent ballots often produce superficial unanimity because delegates fear backlash. Tools like MACI aim for anti-collusion guarantees by making it cryptographically impossible to prove how one voted, even while maintaining Sybil resistance and supporting mechanisms like quadratic funding. The panel expects 2026 to be a turning point as private voting becomes integrated into mainstream DAO platforms.

Narratives, challenges, and Ethereum’s privacy roadmap

Polymutex of WalletBeat drew lessons from Web2’s journey from HTTP to HTTPS. He outlined four historical phases: making privacy technically possible, making it lawful, making it cheap via hardware acceleration, and finally making it the enforced default. Let’s Encrypt and browser warnings about “Not secure” sites helped stigmatize non-private connections. Mapping this to Web3, he argued that standards and cost curves are improving, but the ecosystem still lacks both a Snowden-scale awakening and wallet tooling that warns users when they are exposing sensitive data.

Alan Scott and Max Hampshire highlighted on-the-ground obstacles. Privacy tools like Railgun still carry a criminal stigma among many users, and integrations are technically heavy for large DeFi protocols whose codebases are already complex. Meanwhile, many wallets are riddled with trackers that undermine user protections. On the network side, a cat-and-mouse contest continues between de-anonymization and anonymization, underscoring that application-level privacy must be coupled tightly with network infrastructure such as Nym to be effective.

Finally, Andy Guzman’s closing roadmap synthesized the day’s main threads into three categories: Private Reads, Private Writes, and Private Porting. He reiterated the Law of the Minimum: a privacy system is only as strong as its weakest layer, whether that is RPC, storage or hardware. Looking toward November 2026, he expects practical private transfers to be largely solved, but warned that hard political questions will persist over L1 integration, compliance positioning, and how pluralistic the ecosystem should be. The overarching vision is an Ethereum that offers robust privacy by default while remaining open, resilient, and globally accessible.

In sum, the Ethereum Privacy Stack event in Buenos Aires sketched a multi-layered trajectory for privacy over the next few years, spanning protocols, hardware, law, and culture. Whether through Tor integration, institutional architecture, legal defense, or everyday UX, the community is steadily converting privacy from a niche add-on into an expected property of the Ethereum experience.